Elena Ezhova | a3a4323 | 2017-06-02 17:53:00 +0400 | [diff] [blame] | 1 | ======= |
| 2 | Octavia |
| 3 | ======= |
| 4 | |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 5 | Octavia is an open source, operator-scale load balancing solution designed to |
| 6 | work with OpenStack. It accomplishes its delivery of load balancing services |
| 7 | by managing a fleet of virtual machines, known as amphorae, which it spins up |
| 8 | on demand. |
| 9 | |
| 10 | Octavia is designed to “plug in” to Neutron LBaaS in the same way that any |
| 11 | proprietary vendor solution would: through a Neutron LBaaS version 2 driver |
| 12 | interface. Octavia plans to supplant Neutron LBaaS as the load balancing |
| 13 | solution for OpenStack. At that time, third-party vendor drivers that presently |
| 14 | “plug in” to Neutron LBaaS will plug in to Octavia instead. For end-users, |
| 15 | this transition should be relatively seamless, because Octavia supports |
| 16 | the Neutron LBaaS v2 API and it has a similar CLI interface. |
| 17 | |
Elena Ezhova | a3a4323 | 2017-06-02 17:53:00 +0400 | [diff] [blame] | 18 | |
| 19 | Sample pillars |
| 20 | ============== |
| 21 | |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 22 | Octavia API service pillar: |
| 23 | |
Elena Ezhova | a3a4323 | 2017-06-02 17:53:00 +0400 | [diff] [blame] | 24 | .. code-block:: yaml |
| 25 | |
| 26 | octavia: |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 27 | api: |
Elena Ezhova | a3a4323 | 2017-06-02 17:53:00 +0400 | [diff] [blame] | 28 | enabled: true |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 29 | version: ocata |
| 30 | bind: |
| 31 | address: 127.0.0.1 |
| 32 | port: 9876 |
| 33 | database: |
| 34 | engine: mysql |
| 35 | host: 127.0.0.1 |
| 36 | port: 3306 |
| 37 | name: octavia |
| 38 | user: octavia |
| 39 | password: password |
| 40 | identity: |
| 41 | engine: keystone |
| 42 | region: RegionOne |
| 43 | host: 127.0.0.1 |
| 44 | port: 35357 |
| 45 | user: octavia |
| 46 | password: password |
| 47 | tenant: service |
| 48 | message_queue: |
| 49 | engine: rabbitmq |
| 50 | host: 127.0.0.1 |
| 51 | port: 5672 |
| 52 | user: openstack |
| 53 | password: password |
| 54 | virtual_host: '/openstack' |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 55 | |
| 56 | |
| 57 | Octavia manager service pillar: |
| 58 | |
| 59 | .. code-block:: yaml |
| 60 | |
| 61 | octavia: |
| 62 | manager: |
| 63 | enabled: true |
| 64 | version: ocata |
| 65 | database: |
| 66 | engine: mysql |
| 67 | host: 127.0.0.1 |
| 68 | port: 3306 |
| 69 | name: octavia |
| 70 | user: octavia |
| 71 | password: password |
| 72 | identity: |
| 73 | engine: keystone |
| 74 | region: RegionOne |
| 75 | host: 127.0.0.1 |
| 76 | port: 35357 |
| 77 | user: octavia |
| 78 | password: password |
| 79 | tenant: service |
| 80 | message_queue: |
| 81 | engine: rabbitmq |
| 82 | host: 127.0.0.1 |
| 83 | port: 5672 |
| 84 | user: openstack |
| 85 | password: password |
| 86 | virtual_host: '/openstack' |
| 87 | certificates: |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 88 | ca_private_key: '/etc/octavia/certs/private/cakey.pem' |
| 89 | ca_certificate: '/etc/octavia/certs/ca_01.pem' |
| 90 | controller_worker: |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 91 | amp_flavor_id: '967972bb-ab54-4679-9f53-bf81d5e28154' |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 92 | amp_image_tag: amphora |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 93 | amp_ssh_key_name: octavia_ssh_key |
| 94 | loadbalancer_topology: 'SINGLE' |
| 95 | haproxy_amphora: |
| 96 | client_cert: '/etc/octavia/certs/client.pem' |
Elena Ezhova | 9e97de7 | 2017-07-18 16:12:55 +0400 | [diff] [blame] | 97 | client_cert_key: '/etc/octavia/certs/client.key' |
| 98 | client_cert_all: '/etc/octavia/certs/client_all.pem' |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 99 | server_ca: '/etc/octavia/certs/ca_01.pem' |
| 100 | health_manager: |
| 101 | bind_ip: 192.168.0.12 |
| 102 | heartbeat_key: 'insecure' |
| 103 | house_keeping: |
| 104 | spare_amphora_pool_size: 0 |
Elena Ezhova | 8345de0 | 2017-08-02 17:46:52 +0400 | [diff] [blame] | 105 | ssh: |
| 106 | private_key: | |
| 107 | -----BEGIN RSA PRIVATE KEY----- |
| 108 | MIIEpAIBAAKCAQEAtjnPDJsQToHBtoqIo15mdSYpfi8z6DFMi8Gbo0KCN33OUn5u |
| 109 | OctbdtjUfeuhvI6px1SCnvyWi09Ft8eWwq+KwLCGKbUxLvqKltuJ7K3LIrGXkt+m |
| 110 | qZN4O9XKeVKfZH+mQWkkxRWgX2r8RKNV3GkdNtd74VjhP+R6XSKJQ1Z8b7eHM10v |
| 111 | 6IjTY/jPczjK+eyCeEj4qbSnV8eKlqLhhquuSQRmUO2DRSjLVdpdf2BB4/BdWFsD |
| 112 | YOmX7mb8kpEr9vQ+c1JKMXDwD6ehzyU8kE+1kVm5zOeEy4HdYIMpvUfN49P1anRV |
| 113 | 2ISQ1ZE+r22IAMKl0tekrGH0e/1NP1DF5rINMwIDAQABAoIBAQCkP/cgpaRNHyg8 |
| 114 | ISKIHs67SWqdEm73G3ijgB+JSKmW2w7dzJgN//6xYUAnP/zIuM7PnJ0gMQyBBTMS |
| 115 | NBTv5spqZLKJZYivj6Tb1Ya8jupKm0jEWlMfBo2ZYVrfgFmrfGOfEebSvmuPlh9M |
| 116 | vuzlftmWVSSUOkjODmM9D6QpzgrbpktBuA/WpX+6esMTwJpOcQ5xZWEnHXnVzuTc |
| 117 | SncodVweE4gz6F1qorbqIJz8UAUQ5T0OZTdHzIS1IbamACHWaxQfixAO2s4+BoUK |
| 118 | ANGGZWkfneCxx7lthvY8DiKn7M5cSRnqFyDToGqaLezdkMNlGC7v3U11FF5blSEW |
| 119 | fL1o/HwBAoGBAOavhTr8eqezTchqZvarorFIq7HFWk/l0vguIotu6/wlh1V/KdF+ |
| 120 | aLLHgPgJ5j+RrCMvTBoKqMeeHfVGrS2udEy8L1mK6b3meG+tMxU05OA55abmhYn7 |
| 121 | 7vF0q8XJmYIHIXmuCgF90R8Piscb0eaMlmHW9unKTKo8EOs5j+D8+AMJAoGBAMo4 |
| 122 | 8WW+D3XiD7fsymsfXalf7VpAt/H834QTbNZJweUWhg11eLutyahyyfjjHV200nNZ |
| 123 | cnU09DWKpBbLg7d1pyT69CNLXpNnxuWCt8oiUjhWCUpNqVm2nDJbUdlRFTzYb2fS |
| 124 | ZC4r0oQaPD5kMLSipjcwzMWe0PniySxNvKXKInFbAoGBAKxW2qD7uKKKuQSOQUft |
| 125 | aAksMmEIAHWKTDdvOA2VG6XvX5DHBLXmy08s7rPfqW06ZjCPCDq4Velzvgvc9koX |
| 126 | d/lP6cvqlL9za+x6p5wjPQ4rEt/CfmdcmOE4eY+1EgLrUt314LHGjjG3ScWAiirE |
| 127 | QyDrGOIGaYoQf89L3KqIMr0JAoGARYAklw8nSSCUvmXHe+Gf0yKA9M/haG28dCwo |
| 128 | 780RsqZ3FBEXmYk1EYvCFqQX56jJ25MWX2n/tJcdpifz8Q2ikHcfiTHSI187YI34 |
| 129 | lKQPFgWb08m1NnwoWrY//yx63BqWz1vjymqNQ5GwutC8XJi5/6Xp+tGGiRuEgJGH |
| 130 | EIPUKpkCgYAjBIVMkpNiLCREZ6b+qjrPV96ed3iTUt7TqP7yGlFI/OkORFS38xqC |
| 131 | hBP6Fk8iNWuOWQD+ohM/vMMnvIhk5jwlcwn+kF0ra04gi5KBFWSh/ddWMJxUtPC1 |
| 132 | 2htvlEc6zQAR6QfqXHmwhg1hP81JcpqpicQzCMhkzLoR1DC6stXdLg== |
| 133 | -----END RSA PRIVATE KEY----- |
| 134 | user: octavia |
| 135 | group: octavia |
Elena Ezhova | 26bab1f | 2017-06-15 16:34:59 +0400 | [diff] [blame] | 136 | |
Dzmitry Stremkouski | 468d78f | 2019-11-15 22:58:38 +0100 | [diff] [blame] | 137 | Octavia policy rules: |
| 138 | |
| 139 | .. code-block:: yaml |
| 140 | |
| 141 | octavia: |
| 142 | api: |
| 143 | policy: |
| 144 | context_is_admin: 'role:admin or role:load-balancer_admin' |
| 145 | admin_or_owner: 'is_admin:True or project_id:%(project_id)s' |
| 146 | load-balancer:read: 'rule:admin_or_owner' |
| 147 | load-balancer:read-global: 'is_admin:True' |
| 148 | load-balancer:write: 'rule:admin_or_owner' |
| 149 | load-balancer:read-quota: 'rule:admin_or_owner' |
| 150 | load-balancer:read-quota-global: 'is_admin:True' |
| 151 | load-balancer:write-quota: 'is_admin:True' |
Elena Ezhova | a3a4323 | 2017-06-02 17:53:00 +0400 | [diff] [blame] | 152 | |
Oleg Bondarev | e46deb1 | 2018-09-18 17:54:52 +0400 | [diff] [blame] | 153 | Upgrades |
| 154 | ======== |
| 155 | Each openstack formula provide set of phases (logical bloks) that will help to |
| 156 | build flexible upgrade orchestration logic for particular components. The list |
| 157 | of phases might and theirs descriptions are listed in table below: |
| 158 | +-------------------------------+------------------------------------------------------+ |
| 159 | | State | Description | |
| 160 | +===============================+======================================================+ |
| 161 | | <app>.upgrade.service_running | Ensure that all services for particular application | |
| 162 | | | are enabled for autostart and running | |
| 163 | +-------------------------------+------------------------------------------------------+ |
| 164 | | <app>.upgrade.service_stopped | Ensure that all services for particular application | |
| 165 | | | disabled for autostart and dead | |
| 166 | +-------------------------------+------------------------------------------------------+ |
| 167 | | <app>.upgrade.pkg_latest | Ensure that packages used by particular application | |
| 168 | | | are installed to latest available version. | |
| 169 | | | This will not upgrade data plane packages like qemu | |
| 170 | | | and openvswitch as usually minimal required version | |
| 171 | | | in openstack services is really old. The data plane | |
| 172 | | | packages should be upgraded separately by `apt-get | |
| 173 | | | upgrade` or `apt-get dist-upgrade` | |
| 174 | | | Applying this state will not autostart service. | |
| 175 | +-------------------------------+------------------------------------------------------+ |
| 176 | | <app>.upgrade.render_config | Ensure configuration is rendered actual version. + |
| 177 | +-------------------------------+------------------------------------------------------+ |
| 178 | | <app>.upgrade.pre | We assume this state is applied on all nodes in the | |
| 179 | | | cloud before running upgrade. | |
| 180 | | | Only non destructive actions will be applied during | |
| 181 | | | this phase. Perform service built in service check | |
| 182 | | | like (keystone-manage doctor and nova-status upgrade)| |
| 183 | +-------------------------------+------------------------------------------------------+ |
| 184 | | <app>.upgrade.upgrade.pre | Mostly applicable for data plane nodes. During this | |
| 185 | | | phase resources will be gracefully removed from | |
| 186 | | | current node if it is allowed. Services for upgraded | |
| 187 | | | application will be set to admin disabled state to | |
| 188 | | | make sure node will not participate in resources | |
| 189 | | | scheduling. For example on gtw nodes this will set | |
| 190 | | | all agents to admin disable state and will move all | |
| 191 | | | routers to other agents. | |
| 192 | +-------------------------------+------------------------------------------------------+ |
| 193 | | <app>.upgrade.upgrade | This state will basically upgrade application on | |
| 194 | | | particular target. Stop services, render | |
| 195 | | | configuration, install new packages, run offline | |
| 196 | | | dbsync (for ctl), start services. Data plane should | |
| 197 | | | not be affected, only OpenStack python services. | |
| 198 | +-------------------------------+------------------------------------------------------+ |
| 199 | | <app>.upgrade.upgrade.post | Add services back to scheduling. | |
| 200 | +-------------------------------+------------------------------------------------------+ |
| 201 | | <app>.upgrade.post | This phase should be launched only when upgrade of | |
| 202 | | | the cloud is completed. | |
| 203 | +-------------------------------+------------------------------------------------------+ |
| 204 | | <app>.upgrade.verify | Here we will do basic health checks (API CRUD | |
| 205 | | | operations, verify do not have dead network | |
| 206 | | | agents/compute services) | |
| 207 | +-------------------------------+------------------------------------------------------+ |
| 208 | |
Elena Ezhova | a3a4323 | 2017-06-02 17:53:00 +0400 | [diff] [blame] | 209 | |
| 210 | More information |
| 211 | ================ |
| 212 | |
| 213 | Octavia developer documentation: |
| 214 | |
| 215 | https://docs.openstack.org/developer/octavia |
| 216 | |
| 217 | Release notes: |
| 218 | |
| 219 | https://docs.openstack.org/releasenotes/octavia |