Small excursion to the undocumented OpenStack LBaaSv2 world and HAProxy

Some people, including me, like to play with new stuff. And recently I set my mind to explore LBaaSv2 with the HAProxy namespace driver under RDO the RedHat Open Source distribution for OpenStack.

Here is what I did to get the Neutron LBaasV2 agent including the HAProxy driver working.

The configuration

  • Install necessary packages
yum upgrade
yum -y install openstack-neutron-lbaas haproxy

 

  • Enabling the LoadBalancerPluginv2 inside the /etc/neutron/neutron.conf
crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins router,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
  • Enabling the HAProxy namespace driver inside the/etc/neutron/neutron_lbaas.conf file
crudini --set /etc/neutron/neutron_lbaas.conf service_providers service_provider LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
  • Configure OVS as interface drive inside the /etc/neutron/lbaas_agent.ini file

Interestingly RedHat did not pre configure the interface driver to OVS, knowing that it comes by default with OVS enabled as Neutron plugin.

crudini --set /etc/neutron/lbaas_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
  • Add necessary database tables to the neutron database
neutron-db-manage --service lbaas --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head
  • Restart services
service neutron-server restart
service neutron-lbaasv2-agent restart

Testing & Creating a neutron load balancer

If all goes well, you will end up with loaded a Loadbalancerv2 agent

# source ~/keystonerc_admin ; neutron agent-list --fields agent_type --fields alive
+----------------------+-------+
| agent_type           | alive |
+----------------------+-------+
| Open vSwitch agent   | :-)   |
| Metadata agent       | :-)   |
| DHCP agent           | :-)   |
| Loadbalancerv2 agent | :-)   |
| L3 agent             | :-)   |
+----------------------+-------+

Now let’s create a load balancer since the existing privet (sub)network

 

neutron lbaas-loadbalancer-create private_subnet
 
Created a new loadbalancer:
+---------------------+----------------------+
| Field               | Value                |
+---------------------+----------------------+
| admin_state_up      | True                 |
| description         |                      |
| id                  | **id omitted**       |
| listeners           |                      |
| name                |                      |
| operating_status    | ONLINE               |
| provider            | haproxy              |
| provisioning_status | ACTIVE               |
| tenant_id           | **id omitted**       |
| vip_address         | 10.0.0.3             |
| vip_port_id         | **id omitted**       |
| vip_subnet_id       | **id omitted**       |
+---------------------+----------------------+

I did not assign a name to the load balancer, so all subsequent commands will reference the ID c92fb015-c766-4a26-a9f2-39f03aad20e8.

neutron lbaas-listener-create --loadbalancer <lb id> --protocol HTTP --protocol-port 80
Created a new listener:
+---------------------------+----------------+
| Field                     | Value          |
+---------------------------+----------------+
| admin_state_up            | True           |
| connection_limit          | -1             |
| default_pool_id           |                |
| default_tls_container_ref |                |
| description               |                |
| id                        | **id omitted** |
| loadbalancers             |                |
| name                      |                |
| protocol                  |                |
| protocol_port             |                |
| sni_container_refs        |                |
| tenant_id                 | **id omitted** |
+---------------------------+----------------+

It’s alive

neutron lbaas-loadbalancer-show <lb id>
+---------------------+---------------------+
| Field               | Value               |
+---------------------+---------------------+
| admin_state_up      | True                |
| description         |                     |
| id                  | **id omitted**      |
| listeners           |                     |
| name                |                     |
| operating_status    | ONLINE              |
| provider            | haproxy             |
| provisioning_status | ACTIVE              |
| tenant_id           | abc                 |
| vip_address         | 10.0.0.3            |
| vip_port_id         | ID                  |
| vip_subnet_id       | **id omitted**      |
+---------------------+---------------------+

Let’s just have a look inside the qlbaas namespace and see if the haproxy process is actually running

# ip netns |grep lbaas
qlbaas-c92fb015-c766-4a26-a9f2-39f03aad20e8
 
# ip netns exec qlbaas-c92fb015-c766-4a26-a9f2-39f03aad20e8 netstat -ntlp
 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 10.0.0.3:80             0.0.0.0:*               LISTEN      14017/haproxy

 

For those who are curious how the haproxy has been configured, just look at the The haproxy configuration is stored at the /var/lib/neutron/lbaas/v2/c92fb015-c766-4a26-a9f2-39f03aad20e8/haproxy.conf file, where c92fb015-c766-4a26-a9f2-39f03aad20e8 resembles the load balancer ID