Manual Instalation Octavia OpenStack Queens

I am using packstack to build the openstack environment and install Octavia manual with this step. Im using Centos 7.5 and OpenStack Queens. Lets follow the step :

Create Octavia Token

You must first create the Octavia token to communicate with OpenStack. The example is in /root/octaviarc

unset OS_SERVICE_TOKEN
export OS_USERNAME=octavia
export OS_PASSWORD='octavia'
export OS_AUTH_URL=http://KEYSTONE_IP:5000/v3
export PS1='[\u@\h \W(octavia_admin)]\$ '    
export OS_PROJECT_NAME=services
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3

Create Octavia User & Service (using admin user)

the project is services, in another hand can be the only service

openstack user create octavia --domain default --password octavia
openstack role add --user octavia --project services admin
openstack service create --name octavia --description "OpenStack Octavia" load-balancer
openstack endpoint create --region RegionOne octavia public http://Octavia_IP:9876
openstack endpoint create --region RegionOne octavia internal http://Octavia_IP:9876
openstack endpoint create --region RegionOne octavia admin http://Octavia_IP:9876

Create Amphora Security Group (Using Octavia user)

you need to create a Security group for Amphora. It is needed by OpenStack itself to access the Amphora VM.

openstack security group create lb-mgmt-sec-grp
openstack security group rule create --protocol icmp lb-mgmt-sec-grp
openstack security group rule create --protocol tcp --dst-port 22 lb-mgmt-sec-grp
openstack security group rule create --protocol tcp --dst-port 9443 lb-mgmt-sec-grp
openstack security group rule create --protocol tcp --dst-port 5555 lb-mgmt-sec-grp
openstack security group rule create --protocol tcp --dst-port 80 lb-mgmt-sec-grp

Create Amphora Images

yum -y install qemu curl kpartx git jq python-pip
pip install argparse Babel>=1.3 dib-utils PyYAML diskimage-builder
cd /tmp
git clone https://github.com/openstack/octavia.git
git clone https://git.openstack.org/openstack/diskimage-builder.git
cd octavia/diskimage-create
./diskimage-create.sh -i centos -s 3

Add Images into OpenStack (Using Octavia user)

openstack image create amphora-x64-haproxy --public --container-format bare --disk-format qcow2 --file amphora-x64-haproxy.qcow2
openstack image set amphora-x64-haproxy --tag amphora

Create Amphora Flavor (Using Octavia user)

openstack flavor create --id 200 --vcpus 2 --ram 1024 --disk 10 "m1.amphora" --public

Create Amphora Certificate

source /tmp/octavia/bin/create_certificates.sh /etc/octavia/certs /tmp/octavia/etc/certificates/openssl.cnf
chmod -R 755 /etc/octavia/certs

Install Octavia

yum -y install python-octavia.noarch
yum -y install openstack-octavia-common.noarch
yum -y install openstack-octavia-diskimage-create.noarch
yum -y install openstack-octavia-housekeeping.noarch
yum -y install openstack-octavia-api.noarch
yum -y install openstack-octavia-health-manager.noarch
yum -y install openstack-octavia-worker.noarch
yum -y install openstack-octavia-amphora-agent.noarch
yum -y install openstack-octavia-ui.noarch
yum -y install python2-octaviaclient.noarch
systemctl restart httpd memcached

Create Database Octavia

mysql -u root -p
CREATE DATABASE octavia;
CREATE USER 'octavia' IDENTIFIED BY 'Password123';
GRANT ALL PRIVILEGES ON octavia.* TO 'octavia' ;
flush PRIVILEGES;
exit

Create Management Network Amphora (Using Octavia user)

this network is required by OpenStack to send configuration into Amphora VM. Create a neutron port and add the port into the bridge.

The subnet is created with a default gateway and DNS, so you must remove the gateway and DNS when using dhclient or create subnet without gateway and DNS.

OCTAVIA_MGMT_SUBNET=172.16.0.0/12
OCTAVIA_MGMT_SUBNET_START=172.16.0.100
OCTAVIA_MGMT_SUBNET_END=172.16.31.254
CONTROLLER_HOSTNAME=zu-controller

OCTAVIA_AMP_NETWORK_ID=$(neutron net-create lb-mgmt-net | awk '/ id / {print $4}')
neutron subnet-create --name lb-mgmt-subnet --allocation-pool start=$OCTAVIA_MGMT_SUBNET_START,end=$OCTAVIA_MGMT_SUBNET_END lb-mgmt-net $OCTAVIA_MGMT_SUBNET

neutron port-create --name octavia-health-manager-listen-port --binding:host_id=$CONTROLLER_HOSTNAME lb-mgmt-net
MGMT_PORT_ID=$(neutron port-show octavia-health-manager-listen-port | awk '/ id / {print $4}')
MGMT_PORT_MAC=$(neutron port-show octavia-health-manager-listen-port | awk '/ mac_address / {print $4}')
echo $MGMT_PORT_ID
echo $MGMT_PORT_MAC

sudo ovs-vsctl -- --may-exist add-port br-int o-hm0 -- set Interface o-hm0 type=internal -- set Interface o-hm0 external-ids:iface-status=active -- set Interface o-hm0 external-ids:attached-mac=$MGMT_PORT_MAC -- set Interface o-hm0 external-ids:iface-id=$MGMT_PORT_ID
sudo ip link set dev o-hm0 address $MGMT_PORT_MAC
sudo dhclient -v o-hm0

Add Octavia Configuration (/etc/octavia/octavia.conf)

adjust the configuration with your environment.

[DEFAULT]
transport_url=rabbit://RABBIT_DB_USER:RABBIT_DB_PASSWORD@127.0.0.1:5672/

[api_settings]
bind_host = 0.0.0.0
bind_port = 9876

[database]
connection = mysql+pymysql://OCTAVIA_DB_USER:OCTAVIA_DB_PASSWORD@127.0.0.1/octavia

[health_manager]
event_streamer_driver = noop_event_streamer
heartbeat_key = insecure
controller_ip_port_list = 127.0.0.1:5555
bind_ip = 127.0.0.1
bind_port = 5555

[keystone_authtoken]
www_authenticate_uri = http://KEYSTONE_IP:5000/v3
auth_url = http://KEYSTONE_IP:35357/v3
username = OCTAVIA_USER
password = OCTAVIA_PASSWORD
project_name = services
project_domain_name = Default
user_domain_name = Default
auth_type = password

[certificates]
ca_certificate = /etc/octavia/certs/ca_01.pem
ca_private_key = /etc/octavia/certs/private/cakey.pem
ca_private_key_passphrase = foobar

[anchor]
[networking]

[haproxy_amphora]
bind_host = 0.0.0.0
bind_port = 9443
client_cert = /etc/octavia/certs/client.pem
server_ca = /etc/octavia/certs/ca_01.pem
base_path = /var/lib/octavia
base_cert_dir = /var/lib/octavia/certs
connection_max_retries = 1500
connection_retry_interval = 1
rest_request_conn_timeout = 10
rest_request_read_timeout = 120

[controller_worker]
amp_image_tag = amphora
amp_secgroup_list = SECURITY_GROUP_ID
amp_boot_network_list = NETWORK_ID
amp_flavor_id = 200
network_driver = allowed_address_pairs_driver
compute_driver = compute_nova_driver
amphora_driver = amphora_haproxy_rest_driver
loadbalancer_topology = SINGLE

[task_flow]

[oslo_messaging]
rpc_thread_pool_size = 2
topic = octavia_prov
event_stream_transport_url = rabbit://RABBIT_DB_USER:RABBIT_DB_PASSWORD@127.0.0.1:5672/

[house_keeping]
[amphora_agent]
[keepalived_vrrp]

[service_auth]
project_domain_name = Default
project_name = services
user_domain_name = Default
password = OCTAVIA_USER
username = OCTAVIA_PASSWORD
auth_type = password
auth_url = http://KEYSTONE_IP:35357/v3

[nova]
[glance]
[neutron]
[quotas]

Populate Database

octavia-db-manage upgrade head

Enable and Activate Octavia

systemctl start octavia-api.service octavia-health-manager.service octavia-housekeeping.service octavia-worker.service
systemctl enable octavia-api.service octavia-health-manager.service octavia-housekeeping.service octavia-worker.service
systemctl status octavia-api.service octavia-health-manager.service octavia-housekeeping.service octavia-worker.service

 

 

Comments are closed.