blob: 649b9a218bccbcd6a074c76efd850a5f35752181 [file] [log] [blame]
Elena Ezhovaa3a43232017-06-02 17:53:00 +04001=======
2Octavia
3=======
4
Elena Ezhova26bab1f2017-06-15 16:34:59 +04005Octavia is an open source, operator-scale load balancing solution designed to
6work with OpenStack. It accomplishes its delivery of load balancing services
7by managing a fleet of virtual machines, known as amphorae, which it spins up
8on demand.
9
10Octavia is designed to plug in to Neutron LBaaS in the same way that any
11proprietary vendor solution would: through a Neutron LBaaS version 2 driver
12interface. Octavia plans to supplant Neutron LBaaS as the load balancing
13solution for OpenStack. At that time, third-party vendor drivers that presently
14plug in to Neutron LBaaS will plug in to Octavia instead. For end-users,
15this transition should be relatively seamless, because Octavia supports
16the Neutron LBaaS v2 API and it has a similar CLI interface.
17
Elena Ezhovaa3a43232017-06-02 17:53:00 +040018
19Sample pillars
20==============
21
Elena Ezhova26bab1f2017-06-15 16:34:59 +040022Octavia API service pillar:
23
Elena Ezhovaa3a43232017-06-02 17:53:00 +040024.. code-block:: yaml
25
26 octavia:
Elena Ezhova26bab1f2017-06-15 16:34:59 +040027 api:
Elena Ezhovaa3a43232017-06-02 17:53:00 +040028 enabled: true
Elena Ezhova26bab1f2017-06-15 16:34:59 +040029 version: ocata
30 bind:
31 address: 127.0.0.1
32 port: 9876
33 database:
34 engine: mysql
35 host: 127.0.0.1
36 port: 3306
37 name: octavia
38 user: octavia
39 password: password
40 identity:
41 engine: keystone
42 region: RegionOne
43 host: 127.0.0.1
44 port: 35357
45 user: octavia
46 password: password
47 tenant: service
48 message_queue:
49 engine: rabbitmq
50 host: 127.0.0.1
51 port: 5672
52 user: openstack
53 password: password
54 virtual_host: '/openstack'
Elena Ezhova26bab1f2017-06-15 16:34:59 +040055
56
57Octavia manager service pillar:
58
59.. code-block:: yaml
60
61 octavia:
62 manager:
63 enabled: true
64 version: ocata
65 database:
66 engine: mysql
67 host: 127.0.0.1
68 port: 3306
69 name: octavia
70 user: octavia
71 password: password
72 identity:
73 engine: keystone
74 region: RegionOne
75 host: 127.0.0.1
76 port: 35357
77 user: octavia
78 password: password
79 tenant: service
80 message_queue:
81 engine: rabbitmq
82 host: 127.0.0.1
83 port: 5672
84 user: openstack
85 password: password
86 virtual_host: '/openstack'
87 certificates:
Elena Ezhova26bab1f2017-06-15 16:34:59 +040088 ca_private_key: '/etc/octavia/certs/private/cakey.pem'
89 ca_certificate: '/etc/octavia/certs/ca_01.pem'
90 controller_worker:
Elena Ezhova26bab1f2017-06-15 16:34:59 +040091 amp_flavor_id: '967972bb-ab54-4679-9f53-bf81d5e28154'
Elena Ezhova26bab1f2017-06-15 16:34:59 +040092 amp_image_tag: amphora
Elena Ezhova26bab1f2017-06-15 16:34:59 +040093 amp_ssh_key_name: octavia_ssh_key
94 loadbalancer_topology: 'SINGLE'
95 haproxy_amphora:
96 client_cert: '/etc/octavia/certs/client.pem'
Elena Ezhova9e97de72017-07-18 16:12:55 +040097 client_cert_key: '/etc/octavia/certs/client.key'
98 client_cert_all: '/etc/octavia/certs/client_all.pem'
Elena Ezhova26bab1f2017-06-15 16:34:59 +040099 server_ca: '/etc/octavia/certs/ca_01.pem'
100 health_manager:
101 bind_ip: 192.168.0.12
102 heartbeat_key: 'insecure'
103 house_keeping:
104 spare_amphora_pool_size: 0
Elena Ezhova8345de02017-08-02 17:46:52 +0400105 ssh:
106 private_key: |
107 -----BEGIN RSA PRIVATE KEY-----
108 MIIEpAIBAAKCAQEAtjnPDJsQToHBtoqIo15mdSYpfi8z6DFMi8Gbo0KCN33OUn5u
109 OctbdtjUfeuhvI6px1SCnvyWi09Ft8eWwq+KwLCGKbUxLvqKltuJ7K3LIrGXkt+m
110 qZN4O9XKeVKfZH+mQWkkxRWgX2r8RKNV3GkdNtd74VjhP+R6XSKJQ1Z8b7eHM10v
111 6IjTY/jPczjK+eyCeEj4qbSnV8eKlqLhhquuSQRmUO2DRSjLVdpdf2BB4/BdWFsD
112 YOmX7mb8kpEr9vQ+c1JKMXDwD6ehzyU8kE+1kVm5zOeEy4HdYIMpvUfN49P1anRV
113 2ISQ1ZE+r22IAMKl0tekrGH0e/1NP1DF5rINMwIDAQABAoIBAQCkP/cgpaRNHyg8
114 ISKIHs67SWqdEm73G3ijgB+JSKmW2w7dzJgN//6xYUAnP/zIuM7PnJ0gMQyBBTMS
115 NBTv5spqZLKJZYivj6Tb1Ya8jupKm0jEWlMfBo2ZYVrfgFmrfGOfEebSvmuPlh9M
116 vuzlftmWVSSUOkjODmM9D6QpzgrbpktBuA/WpX+6esMTwJpOcQ5xZWEnHXnVzuTc
117 SncodVweE4gz6F1qorbqIJz8UAUQ5T0OZTdHzIS1IbamACHWaxQfixAO2s4+BoUK
118 ANGGZWkfneCxx7lthvY8DiKn7M5cSRnqFyDToGqaLezdkMNlGC7v3U11FF5blSEW
119 fL1o/HwBAoGBAOavhTr8eqezTchqZvarorFIq7HFWk/l0vguIotu6/wlh1V/KdF+
120 aLLHgPgJ5j+RrCMvTBoKqMeeHfVGrS2udEy8L1mK6b3meG+tMxU05OA55abmhYn7
121 7vF0q8XJmYIHIXmuCgF90R8Piscb0eaMlmHW9unKTKo8EOs5j+D8+AMJAoGBAMo4
122 8WW+D3XiD7fsymsfXalf7VpAt/H834QTbNZJweUWhg11eLutyahyyfjjHV200nNZ
123 cnU09DWKpBbLg7d1pyT69CNLXpNnxuWCt8oiUjhWCUpNqVm2nDJbUdlRFTzYb2fS
124 ZC4r0oQaPD5kMLSipjcwzMWe0PniySxNvKXKInFbAoGBAKxW2qD7uKKKuQSOQUft
125 aAksMmEIAHWKTDdvOA2VG6XvX5DHBLXmy08s7rPfqW06ZjCPCDq4Velzvgvc9koX
126 d/lP6cvqlL9za+x6p5wjPQ4rEt/CfmdcmOE4eY+1EgLrUt314LHGjjG3ScWAiirE
127 QyDrGOIGaYoQf89L3KqIMr0JAoGARYAklw8nSSCUvmXHe+Gf0yKA9M/haG28dCwo
128 780RsqZ3FBEXmYk1EYvCFqQX56jJ25MWX2n/tJcdpifz8Q2ikHcfiTHSI187YI34
129 lKQPFgWb08m1NnwoWrY//yx63BqWz1vjymqNQ5GwutC8XJi5/6Xp+tGGiRuEgJGH
130 EIPUKpkCgYAjBIVMkpNiLCREZ6b+qjrPV96ed3iTUt7TqP7yGlFI/OkORFS38xqC
131 hBP6Fk8iNWuOWQD+ohM/vMMnvIhk5jwlcwn+kF0ra04gi5KBFWSh/ddWMJxUtPC1
132 2htvlEc6zQAR6QfqXHmwhg1hP81JcpqpicQzCMhkzLoR1DC6stXdLg==
133 -----END RSA PRIVATE KEY-----
134 user: octavia
135 group: octavia
Elena Ezhova26bab1f2017-06-15 16:34:59 +0400136
Dzmitry Stremkouskic0703b92019-11-15 22:58:38 +0100137Octavia policy rules:
138
139.. code-block:: yaml
140
141 octavia:
142 api:
143 policy:
144 context_is_admin: 'role:admin or role:load-balancer_admin'
145 admin_or_owner: 'is_admin:True or project_id:%(project_id)s'
146 load-balancer:read: 'rule:admin_or_owner'
147 load-balancer:read-global: 'is_admin:True'
148 load-balancer:write: 'rule:admin_or_owner'
149 load-balancer:read-quota: 'rule:admin_or_owner'
150 load-balancer:read-quota-global: 'is_admin:True'
151 load-balancer:write-quota: 'is_admin:True'
Elena Ezhovaa3a43232017-06-02 17:53:00 +0400152
Oleg Bondareve46deb12018-09-18 17:54:52 +0400153Upgrades
154========
155 Each openstack formula provide set of phases (logical bloks) that will help to
156build flexible upgrade orchestration logic for particular components. The list
157of phases might and theirs descriptions are listed in table below:
158 +-------------------------------+------------------------------------------------------+
159| State | Description |
160+===============================+======================================================+
161| <app>.upgrade.service_running | Ensure that all services for particular application |
162| | are enabled for autostart and running |
163+-------------------------------+------------------------------------------------------+
164| <app>.upgrade.service_stopped | Ensure that all services for particular application |
165| | disabled for autostart and dead |
166+-------------------------------+------------------------------------------------------+
167| <app>.upgrade.pkg_latest | Ensure that packages used by particular application |
168| | are installed to latest available version. |
169| | This will not upgrade data plane packages like qemu |
170| | and openvswitch as usually minimal required version |
171| | in openstack services is really old. The data plane |
172| | packages should be upgraded separately by `apt-get |
173| | upgrade` or `apt-get dist-upgrade` |
174| | Applying this state will not autostart service. |
175+-------------------------------+------------------------------------------------------+
176| <app>.upgrade.render_config | Ensure configuration is rendered actual version. +
177+-------------------------------+------------------------------------------------------+
178| <app>.upgrade.pre | We assume this state is applied on all nodes in the |
179| | cloud before running upgrade. |
180| | Only non destructive actions will be applied during |
181| | this phase. Perform service built in service check |
182| | like (keystone-manage doctor and nova-status upgrade)|
183+-------------------------------+------------------------------------------------------+
184| <app>.upgrade.upgrade.pre | Mostly applicable for data plane nodes. During this |
185| | phase resources will be gracefully removed from |
186| | current node if it is allowed. Services for upgraded |
187| | application will be set to admin disabled state to |
188| | make sure node will not participate in resources |
189| | scheduling. For example on gtw nodes this will set |
190| | all agents to admin disable state and will move all |
191| | routers to other agents. |
192+-------------------------------+------------------------------------------------------+
193| <app>.upgrade.upgrade | This state will basically upgrade application on |
194| | particular target. Stop services, render |
195| | configuration, install new packages, run offline |
196| | dbsync (for ctl), start services. Data plane should |
197| | not be affected, only OpenStack python services. |
198+-------------------------------+------------------------------------------------------+
199| <app>.upgrade.upgrade.post | Add services back to scheduling. |
200+-------------------------------+------------------------------------------------------+
201| <app>.upgrade.post | This phase should be launched only when upgrade of |
202| | the cloud is completed. |
203+-------------------------------+------------------------------------------------------+
204| <app>.upgrade.verify | Here we will do basic health checks (API CRUD |
205| | operations, verify do not have dead network |
206| | agents/compute services) |
207+-------------------------------+------------------------------------------------------+
208
Elena Ezhovaa3a43232017-06-02 17:53:00 +0400209
210More information
211================
212
213Octavia developer documentation:
214
215 https://docs.openstack.org/developer/octavia
216
217Release notes:
218
219 https://docs.openstack.org/releasenotes/octavia