blob: 156c47161deadb2c436a095a396ed448befd27c4 [file] [log] [blame]
=======
Octavia
=======
Octavia is an open source, operator-scale load balancing solution designed to
work with OpenStack. It accomplishes its delivery of load balancing services
by managing a fleet of virtual machines, known as amphorae, which it spins up
on demand.
Octavia is designed to plug in to Neutron LBaaS in the same way that any
proprietary vendor solution would: through a Neutron LBaaS version 2 driver
interface. Octavia plans to supplant Neutron LBaaS as the load balancing
solution for OpenStack. At that time, third-party vendor drivers that presently
plug in to Neutron LBaaS will plug in to Octavia instead. For end-users,
this transition should be relatively seamless, because Octavia supports
the Neutron LBaaS v2 API and it has a similar CLI interface.
Sample pillars
==============
Octavia API service pillar:
.. code-block:: yaml
octavia:
api:
enabled: true
version: ocata
bind:
address: 127.0.0.1
port: 9876
database:
engine: mysql
host: 127.0.0.1
port: 3306
name: octavia
user: octavia
password: password
identity:
engine: keystone
region: RegionOne
host: 127.0.0.1
port: 35357
user: octavia
password: password
tenant: service
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: password
virtual_host: '/openstack'
Octavia manager service pillar:
.. code-block:: yaml
octavia:
manager:
enabled: true
version: ocata
database:
engine: mysql
host: 127.0.0.1
port: 3306
name: octavia
user: octavia
password: password
identity:
engine: keystone
region: RegionOne
host: 127.0.0.1
port: 35357
user: octavia
password: password
tenant: service
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: password
virtual_host: '/openstack'
certificates:
ca_private_key: '/etc/octavia/certs/private/cakey.pem'
ca_certificate: '/etc/octavia/certs/ca_01.pem'
controller_worker:
amp_flavor_id: '967972bb-ab54-4679-9f53-bf81d5e28154'
amp_image_tag: amphora
amp_ssh_key_name: octavia_ssh_key
loadbalancer_topology: 'SINGLE'
haproxy_amphora:
client_cert: '/etc/octavia/certs/client.pem'
client_cert_key: '/etc/octavia/certs/client.key'
client_cert_all: '/etc/octavia/certs/client_all.pem'
server_ca: '/etc/octavia/certs/ca_01.pem'
health_manager:
bind_ip: 192.168.0.12
heartbeat_key: 'insecure'
house_keeping:
spare_amphora_pool_size: 0
ssh:
private_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtjnPDJsQToHBtoqIo15mdSYpfi8z6DFMi8Gbo0KCN33OUn5u
OctbdtjUfeuhvI6px1SCnvyWi09Ft8eWwq+KwLCGKbUxLvqKltuJ7K3LIrGXkt+m
qZN4O9XKeVKfZH+mQWkkxRWgX2r8RKNV3GkdNtd74VjhP+R6XSKJQ1Z8b7eHM10v
6IjTY/jPczjK+eyCeEj4qbSnV8eKlqLhhquuSQRmUO2DRSjLVdpdf2BB4/BdWFsD
YOmX7mb8kpEr9vQ+c1JKMXDwD6ehzyU8kE+1kVm5zOeEy4HdYIMpvUfN49P1anRV
2ISQ1ZE+r22IAMKl0tekrGH0e/1NP1DF5rINMwIDAQABAoIBAQCkP/cgpaRNHyg8
ISKIHs67SWqdEm73G3ijgB+JSKmW2w7dzJgN//6xYUAnP/zIuM7PnJ0gMQyBBTMS
NBTv5spqZLKJZYivj6Tb1Ya8jupKm0jEWlMfBo2ZYVrfgFmrfGOfEebSvmuPlh9M
vuzlftmWVSSUOkjODmM9D6QpzgrbpktBuA/WpX+6esMTwJpOcQ5xZWEnHXnVzuTc
SncodVweE4gz6F1qorbqIJz8UAUQ5T0OZTdHzIS1IbamACHWaxQfixAO2s4+BoUK
ANGGZWkfneCxx7lthvY8DiKn7M5cSRnqFyDToGqaLezdkMNlGC7v3U11FF5blSEW
fL1o/HwBAoGBAOavhTr8eqezTchqZvarorFIq7HFWk/l0vguIotu6/wlh1V/KdF+
aLLHgPgJ5j+RrCMvTBoKqMeeHfVGrS2udEy8L1mK6b3meG+tMxU05OA55abmhYn7
7vF0q8XJmYIHIXmuCgF90R8Piscb0eaMlmHW9unKTKo8EOs5j+D8+AMJAoGBAMo4
8WW+D3XiD7fsymsfXalf7VpAt/H834QTbNZJweUWhg11eLutyahyyfjjHV200nNZ
cnU09DWKpBbLg7d1pyT69CNLXpNnxuWCt8oiUjhWCUpNqVm2nDJbUdlRFTzYb2fS
ZC4r0oQaPD5kMLSipjcwzMWe0PniySxNvKXKInFbAoGBAKxW2qD7uKKKuQSOQUft
aAksMmEIAHWKTDdvOA2VG6XvX5DHBLXmy08s7rPfqW06ZjCPCDq4Velzvgvc9koX
d/lP6cvqlL9za+x6p5wjPQ4rEt/CfmdcmOE4eY+1EgLrUt314LHGjjG3ScWAiirE
QyDrGOIGaYoQf89L3KqIMr0JAoGARYAklw8nSSCUvmXHe+Gf0yKA9M/haG28dCwo
780RsqZ3FBEXmYk1EYvCFqQX56jJ25MWX2n/tJcdpifz8Q2ikHcfiTHSI187YI34
lKQPFgWb08m1NnwoWrY//yx63BqWz1vjymqNQ5GwutC8XJi5/6Xp+tGGiRuEgJGH
EIPUKpkCgYAjBIVMkpNiLCREZ6b+qjrPV96ed3iTUt7TqP7yGlFI/OkORFS38xqC
hBP6Fk8iNWuOWQD+ohM/vMMnvIhk5jwlcwn+kF0ra04gi5KBFWSh/ddWMJxUtPC1
2htvlEc6zQAR6QfqXHmwhg1hP81JcpqpicQzCMhkzLoR1DC6stXdLg==
-----END RSA PRIVATE KEY-----
user: octavia
group: octavia
Octavia policy rules:
.. code-block:: yaml
octavia:
api:
policy:
context_is_admin: 'role:admin or role:load-balancer_admin'
admin_or_owner: 'is_admin:True or project_id:%(project_id)s'
load-balancer:read: 'rule:admin_or_owner'
load-balancer:read-global: 'is_admin:True'
load-balancer:write: 'rule:admin_or_owner'
load-balancer:read-quota: 'rule:admin_or_owner'
load-balancer:read-quota-global: 'is_admin:True'
load-balancer:write-quota: 'is_admin:True'
Change files/directories permissions for octavia service:
=======================================
In order to change file permissions the following should be set:
'files' - block to set permissions for files.
- full path to file
- user ( default value is 'root' ) this parameter is optional.
- group ( default value is 'octavia' ) this parameter is optional
- mode ( default value is '0640' ) this parameter is optional
'directories' - block to set permissions for directories.
- full path to directory
- user ( default value is 'root' ) this parameter is optional
- group ( default value is 'octavia' ) this parameter is optional
- mode ( default value is '0750' ) this parameter is optional
.. code-block:: yaml
octavia:
files:
/etc/octavia/octavia.conf:
user: 'root'
group: 'octavia'
mode: '0750'
directories:
/etc/octavia:
user: 'root'
group: 'octavia'
mode: '0750'
Upgrades
========
Each openstack formula provide set of phases (logical bloks) that will help to
build flexible upgrade orchestration logic for particular components. The list
of phases might and theirs descriptions are listed in table below:
+-------------------------------+------------------------------------------------------+
| State | Description |
+===============================+======================================================+
| <app>.upgrade.service_running | Ensure that all services for particular application |
| | are enabled for autostart and running |
+-------------------------------+------------------------------------------------------+
| <app>.upgrade.service_stopped | Ensure that all services for particular application |
| | disabled for autostart and dead |
+-------------------------------+------------------------------------------------------+
| <app>.upgrade.pkg_latest | Ensure that packages used by particular application |
| | are installed to latest available version. |
| | This will not upgrade data plane packages like qemu |
| | and openvswitch as usually minimal required version |
| | in openstack services is really old. The data plane |
| | packages should be upgraded separately by `apt-get |
| | upgrade` or `apt-get dist-upgrade` |
| | Applying this state will not autostart service. |
+-------------------------------+------------------------------------------------------+
| <app>.upgrade.render_config | Ensure configuration is rendered actual version. +
+-------------------------------+------------------------------------------------------+
| <app>.upgrade.pre | We assume this state is applied on all nodes in the |
| | cloud before running upgrade. |
| | Only non destructive actions will be applied during |
| | this phase. Perform service built in service check |
| | like (keystone-manage doctor and nova-status upgrade)|
+-------------------------------+------------------------------------------------------+
| <app>.upgrade.upgrade.pre | Mostly applicable for data plane nodes. During this |
| | phase resources will be gracefully removed from |
| | current node if it is allowed. Services for upgraded |
| | application will be set to admin disabled state to |
| | make sure node will not participate in resources |
| | scheduling. For example on gtw nodes this will set |
| | all agents to admin disable state and will move all |
| | routers to other agents. |
+-------------------------------+------------------------------------------------------+
| <app>.upgrade.upgrade | This state will basically upgrade application on |
| | particular target. Stop services, render |
| | configuration, install new packages, run offline |
| | dbsync (for ctl), start services. Data plane should |
| | not be affected, only OpenStack python services. |
+-------------------------------+------------------------------------------------------+
| <app>.upgrade.upgrade.post | Add services back to scheduling. |
+-------------------------------+------------------------------------------------------+
| <app>.upgrade.post | This phase should be launched only when upgrade of |
| | the cloud is completed. |
+-------------------------------+------------------------------------------------------+
| <app>.upgrade.verify | Here we will do basic health checks (API CRUD |
| | operations, verify do not have dead network |
| | agents/compute services) |
+-------------------------------+------------------------------------------------------+
More information
================
Octavia developer documentation:
https://docs.openstack.org/developer/octavia
Release notes:
https://docs.openstack.org/releasenotes/octavia