Last active
November 20, 2018 23:28
-
-
Save ranganathanm/802e39a68c50ef0b6fbc500e181d48a0 to your computer and use it in GitHub Desktop.
OpenStack: Configuring Octavia
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Octavia is the new(ish) loadbalancer for OpenStack. I recently set up the "simplest possible but not simpler" | |
octavia with a little help from my friends at sSackOverflow and other places. | |
I had a few hiccups along the way. In particular, I was confused about the openstack documentation | |
(it has some obsolete stuff in it). You will find a sample of this file in the git octavia distribution on github. | |
You will need to customize it. Here's my octavia configuration (maybe it can help others): | |
[DEFAULT] | |
host=controller01 | |
auth_strategy = keystone | |
debug = True | |
transport_url = rabbit://openstack:rabbit@controller01// | |
my_ip = 10.0.31.10 | |
publish_errors=True | |
[api_settings] | |
bind_host = 0.0.0.0 | |
bind_port = 9876 | |
auth_strategy = keystone | |
api_v1_enabled = False | |
api_v2_enabled = True | |
[database] | |
# This line MUST be changed to actually run the plugin. | |
# Example: | |
# connection = mysql+pymysql://root:pass@127.0.0.1:3306/octavia | |
# Replace 127.0.0.1 above with the IP address of the database used by the | |
# main octavia server. (Leave it as is if the database runs on this host.) | |
# connection = mysql+pymysql:// | |
connection = mysql+pymysql://octavia:octavia@controller01/octavia | |
# NOTE: In deployment the [database] section and its connection attribute may | |
# be set in the corresponding core plugin '.ini' file. However, it is suggested | |
# to put the [database] section and its connection attribute in this | |
# configuration file. | |
[health_manager] | |
bind_ip = 0.0.0.0 | |
bind_port = 5555 | |
controller_ip_port_list = 10.0.31.10:5555 | |
event_streamer_driver = noop_event_streamer | |
heartbeat_key = insecure | |
[keystone_authtoken] | |
www_authenticate_uri = http://controller01:5000 | |
auth_url = http://controller01:5000 | |
memcached_servers = controller01:11211 | |
auth_type = password | |
project_domain_name = default | |
user_domain_name = default | |
project_name = service | |
username = octavia | |
password = octavia | |
[certificates] | |
# Copy these from the octavia distro - do a git pull to get it. | |
ca_certificate = /etc/octavia/certs/ca_01.pem | |
ca_private_key = /etc/octavia/certs/private/cakey.pem | |
ca_private_key_passphrase = foobar | |
[anchor] | |
[networking] | |
[haproxy_amphora] | |
connection_max_retries = 1300 | |
connection_retry_interval = 5 | |
bind_host = 0.0.0.0 | |
bind_port = 9443 | |
server_ca = /etc/octavia/certs/ca_01.pem | |
client_cert = /etc/octavia/certs/client.pem | |
rest_request_conn_timeout = 10 | |
rest_request_read_timeout = 120 | |
[controller_worker] | |
amp_image_id = 4be853f4-2ef5-40fd-9072-01d2856a9778 | |
amp_flavor_id = e061b040-48e4-49d3-8103-f0331cabe302 | |
amp_ssh_key_name = lb-keypair | |
amp_boot_network_list = eb3d3bae-8a4f-425b-ba86-65e012fc604d | |
amp_secgroup_list = mysecgroup | |
mphora_driver = amphora_haproxy_rest_driver | |
compute_driver = compute_nova_driver | |
network_driver = allowed_address_pairs_driver | |
loadbalancer_topology = SINGLE | |
[task_flow] | |
# engine = serial | |
# max_workers = 5 | |
# | |
# This setting prevents the controller worker from reverting taskflow flows. | |
# This will leave resources in an inconsistent state and should only be used | |
# for debugging purposes. | |
# disable_revert = False | |
[oslo_messaging] | |
topic = octavia_prov | |
event_stream_transport_url = rabbit://openstack:rabbit@controller01// | |
[house_keeping] | |
[amphora_agent] | |
# agent_server_ca = /etc/octavia/certs/client_ca.pem | |
# agent_server_cert = /etc/octavia/certs/server.pem | |
# Defaults for agent_server_network_dir when not specified here are: | |
# Ubuntu: /etc/netns/amphora-haproxy/network/interfaces.d/ | |
# Centos/fedora/rhel: /etc/netns/amphora-haproxy/sysconfig/network-scripts/ | |
# | |
# agent_server_network_dir = | |
# agent_server_network_file = | |
# agent_request_read_timeout = 120 | |
[keepalived_vrrp] | |
# Amphora Role/Priority advertisement interval in seconds | |
# vrrp_advert_int = 1 | |
# Service health check interval and success/fail count | |
# vrrp_check_interval = 5 | |
# vrpp_fail_count = 2 | |
# vrrp_success_count = 2 | |
# Amphora MASTER gratuitous ARP refresh settings | |
# vrrp_garp_refresh_interval = 5 | |
# vrrp_garp_refresh_count = 2 | |
[service_auth] | |
# memcached_servers = | |
memcached_servers = controller01:11211 | |
# cafile = /opt/stack/data/ca-bundle.pem | |
project_domain_name = Default | |
# project_name = admin | |
user_domain_name = Default | |
password = openstack | |
username = admin | |
auth_type = password | |
project_name = admin | |
auth_url = http://controller01:5000 | |
[nova] | |
url= http://controller01:8774/v2.1 | |
auth_url = http://controller01:5000 | |
project_domain_name = default | |
user_domain_name = default | |
region_name = RegionOne | |
project_name = service | |
username = nova | |
password = nova | |
[glance] | |
[neutron] | |
endpoint = http://controller01:9696 | |
region_name = RegionOne | |
username = neutron | |
password = neutron | |
[quotas] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment