Jump to content

Portal:Cloud VPS/Admin/Octavia

From Wikitech

Octavia is the OpenStack Load Balancer as a Service project. It provides APIs for creating and managing load balancers, pools, and health checks.

Our implementation was designed following the installation documentation for Ubuntu.

Core concepts

The WMCS implementation of Octavia uses HAProxy running on a special-purpose VM. In Octavia terminology this VM containing the service is called an amphora.

Amphorae are all kept in the 'octavia' project and managed by an octavia service user with admin rights in the octavia project. Software running in the amphora communicate with core octavia services on cloudcontrols for configuration and to update octavia about the health of each balancer.

Typically a user is unaware of this VM implementation, and is presented instead with a 'loadbalancer' abstraction that is associated with one or more listeners and pools. Each pool may, in turn, be associated with back-end IPs and health check rules.

Networking

In order to manage the amphorae, they are attached to a special neutron-defined network which routes directly to the cloudcontrols. In eqiad1 this network is called 'octavia-lb-mgmt-net'. Octavia services ssh directly to amphorae via the management network, and the amphorae send periodic health messages via UDP on port 5555.

Each loadbalancer is also attached to a 'VIP subnet' from which a VIP is selected. This VIP is the front-end IP address used for whatever traffic the loadbalancer is balancing.

Amphorae access

Octavia is configured to install an ssh key in each amphora VM: 

amp_ssh_key_name = amphorakey

The public key comes from the nova keypair database; the private key is stored in private puppet and installed on each cloudcontrol as /etc/octavia/certs/id_rsa. This key can be used to ssh into an amphora from a cloudcontrol using the management IP. 

andrew@cloudcontrol1011:~$ sudo wmcs-openstack server list -c Name -c Networks --project octavia
+----------------------------------------------+-----------------------------------------------------------------------------------------------+
| Name                                         | Networks                                                                                      |
+----------------------------------------------+-----------------------------------------------------------------------------------------------+
| amphora-b78a77df-0cf9-472f-a438-1121d10e9978 | VXLAN/IPv6-dualstack=172.16.18.85; octavia-lb-mgmt-net=172.16.24.166, 2a02:ec80:a000:100::313 |
+----------------------------------------------+-----------------------------------------------------------------------------------------------+

andrew@cloudcontrol1011:~$ sudo ssh -i /etc/octavia/certs/id_rsa ubuntu@172.16.24.166
Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-139-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro
Last login: Thu Jun  5 22:11:57 2025 from 172.20.1.25
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@amphora-b78a77df-0cf9-472f-a438-1121d10e9978:~$
Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Portal:Cloud_VPS/Admin/Octavia&oldid=2309371"