Skip to content
Snippets Groups Projects
Select Git revision
  • deployment default
1 result
Blame Permalink
octavia.rst 11.16 KiB

Octavia

Octavia provides load balancing as a service. This guide covers configuration of Octavia for the Amphora driver. See the :octavia-doc:`Octavia documentation <>` for full details. The :octavia-doc:`installation guide <install/install-ubuntu.html>` is a useful reference.

Enabling Octavia

Enable the octavia service in globals.yml:

enable_octavia: "yes"

Certificates

Octavia requires various TLS certificates for operation. Since the Victoria release, Kolla Ansible supports generating these certificates automatically.

Option 1: Automatically generating Certificates

Kolla Ansible provides default values for the certificate issuer and owner fields. You can customize this via globals.yml, for example:

octavia_certs_country: US
octavia_certs_state: Oregon
octavia_certs_organization: OpenStack
octavia_certs_organizational_unit: Octavia

Generate octavia certificates:

kolla-ansible octavia-certificates

The certificates and keys will be generated under /etc/kolla/config/octavia.

Option 2: Manually generating certificates

Follow the :octavia-doc:`octavia documentation <admin/guides/certificates.html>` to generate certificates for Amphorae. These should be copied to the Kolla Ansible configuration as follows:

cp client_ca/certs/ca.cert.pem /etc/kolla/config/octavia/client_ca.cert.pem
cp server_ca/certs/ca.cert.pem /etc/kolla/config/octavia/server_ca.cert.pem
cp server_ca/private/ca.key.pem /etc/kolla/config/octavia/server_ca.key.pem
cp client_ca/private/client.cert-and-key.pem /etc/kolla/config/octavia/client.cert-and-key.pem

The following option should be set in passwords.yml, matching the password used to encrypt the CA key:

octavia_ca_password: <CA key password>

Networking

Octavia worker and health manager nodes must have access to the Octavia management network for communication with Amphorae.

If using a VLAN for the Octavia management network, enable Neutron provider networks:

enable_neutron_provider_networks: yes

Configure the name of the network interface on the controllers used to access the Octavia management network. If using a VLAN provider network, ensure that the traffic is also bridged to Open vSwitch on the controllers.

octavia_network_interface: <network interface on controllers>

This interface should have an IP address on the Octavia management subnet.

Registering OpenStack resources

Since the Victoria release, there are two ways to configure Octavia.

  1. Kolla Ansible automatically registers resources for Octavia during deployment
  2. Operator registers resources for Octavia after it is deployed

The first option is simpler, and is recommended for new users. The second option provides more flexibility, at the cost of complexity for the operator.

Option 1: Automatic resource registration (default, recommended)

For automatic resource registration, Kolla Ansible will register the following resources:

  • Nova flavor
  • Nova SSH keypair
  • Neutron network and subnet
  • Neutron security groups

The configuration for these resources may be customised before deployment.

Customize Amphora flavor

The default amphora flavor is named amphora with 1 VCPUs, 1GB RAM and 5GB disk. you can customize this flavor by changing octavia_amphora_flavor in globals.yml

See the os_nova_flavor Ansible module for details. Supported parameters are:

  • disk
  • ephemeral (optional)
  • extra_specs (optional)
  • flavorid (optional)
  • is_public (optional)
  • name
  • ram
  • swap (optional)
  • vcpus

The following defaults are used:

octavia_amp_flavor:
  name: "amphora"
  is_public: no
  vcpus: 1
  ram: 1024
  disk: 5

Customise network and subnet

Configure octavia management network and subnet in globals.yml. This must be a network that is :ref:`accessible from the controllers <octavia-network>`. Typically a VLAN provider network is used.