Bug 1019780 - Packstack does not install/configure LBaaS
Packstack does not install/configure LBaaS
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack (Show other bugs)
4.0
Unspecified Unspecified
unspecified Severity high
: rc
: 4.0
Assigned To: Ryan O'Hara
Nir Magnezi
network
: OtherQA, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-16 07:47 EDT by Rami Vaknin
Modified: 2016-04-26 11:59 EDT (History)
15 users (show)

See Also:
Fixed In Version: openstack-packstack-2013.2.1-0.14.dev919.el6ost
Doc Type: Enhancement
Doc Text:
Packstack will now (optionally) install and configure OpenStack Networking LBaaS agent and plugin. To deploy the LBaaS agent and plugin, use the --neutron-lbaas-hosts option (or CONFIG_NEUTRON_LBAAS_HOSTS parameter in the PackStack answer file) to list the hosts on which the LBaaS agent should be deployed. The LBaaS plugin will be configured and the agent will be configured and enabled on each host listed in the parameter.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-19 19:28:36 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rami Vaknin 2013-10-16 07:47:14 EDT
Version
=======
rhos 4.0 on rhel 6.5, puddle 2013-10-15.1
python-neutron-2013.2-0.12.rc1.el6ost.noarch
openstack-neutron-openvswitch-2013.2-0.12.rc1.el6ost.noarch
python-neutronclient-2.2.6-1.el6ost.noarch
openstack-neutron-2013.2-0.12.rc1.el6ost.noarch

Description
===========

By default the load balancer should use the haproxy service, however this package is not automatically installed by packstack.
In addition, there are some other missing configurations, for instance:

* In /etc/neutron/neutron.conf
service_plugins = neutron.services.loadbalancer.plugin.LoadBalancerPlugin
service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
Comment 2 Rami Vaknin 2013-10-16 08:18:37 EDT
Note that I'm not sure that the service_provider should be configured, but the service_plugins should.

In addition, the following should be considered to be configured in /etc/neutron/lbaas_agent.ini:
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver

Regarding the following, I'm not sure but I found them configured in a coleague env as following:
ovs_use_veth = True
user_group = haproxy
Comment 3 Ryan O'Hara 2013-11-05 13:34:39 EST
Packstack will also need to install haproxy and enable the lbaas agent.
Comment 4 Alvaro Lopez Ortega 2013-11-06 12:45:28 EST
Terry, we would need your input here. Could you please give us a hand to estimate how much work this would require?
Comment 5 Ofer Blaut 2013-11-07 00:37:31 EST
Hi Rami

please add your input as well

Thanks

Ofer
Comment 6 Rami Vaknin 2013-11-07 02:25:38 EST
Here are the changes I do on the network node to make it work:

i. Currently I disable selinux as a workaround to rhbz#1020052 (LBaaS with haproxy causes various selinux violations)

ii. Installing haproxy: sudo yum install -y http://download.devel.redhat.com/brewroot/packages/haproxy/1.4.24/2.el6/x86_64/haproxy-1.4.24-2.el6.x86_64.rpm

iii. Start lbaas agent and persist it: service neutron-lbaas-agent start ; chkconfig neutron-lbaas-agent on

iv.Changing the following configuration:

* /etc/neutron/neutron.conf, "service_providers" section:
service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

* /etc/neutron/neutron.conf, "DEFAULT" section:
service_plugins += neutron.services.loadbalancer.plugin.LoadBalancerPlugin (append to former value if exists, comma seperated)

* /etc/neutron/lbaas_agent.ini, "DEFAULT" section:
device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
user_group = haproxy

v. Restart neutron services for the configuration files change to take effect
Comment 7 Terry Wilson 2013-11-07 18:09:23 EST
Adding rohara as a cc since I haven't really looked at lbaas yet.
Comment 8 Ryan O'Hara 2013-11-07 18:27:57 EST
I recommend having a simple yes/no variable added to packstack that if off by default. Perhaps CONFIG_NEUTRON_LBAAS_AGENT or something similar. If this is 'y', install haproxy, make the appropriate changes to neutron.conf and lbaas_agent.ini, then enable/start the lbaas-agent. Right now we will only support haproxy as the lbaas driver, so this should be sufficient. I am not sure the the neutron puppet modules need modification for any of this to work.
Comment 9 Ryan O'Hara 2013-11-07 18:30:24 EST
It appears that lbaas support was added the puppet-neutron module and has all the appropriate parameters to configure as Rami described in comment #6.
Comment 10 Ryan O'Hara 2013-11-11 13:21:45 EST
This is mostly complete. Just need to test. Patch forthcoming.
Comment 11 Ryan O'Hara 2013-11-12 13:40:13 EST
Patch submitted for review upstream.

https://review.openstack.org/56079
Comment 12 Lon Hohberger 2013-11-12 14:01:27 EST
https://bugzilla.redhat.com/show_bug.cgi?id=1020052#c7

Two SELinux booleans will need to be set as well.
Comment 13 Ryan O'Hara 2013-11-12 16:01:35 EST
As noted in the upstream review, adding LBaaS support to packstack requires a newer version of the neutron puppet module. Specifically, we need the ability to set the service_plugins in neutron.conf.
Comment 15 Ryan O'Hara 2013-11-13 14:50:43 EST
(In reply to Ryan O'Hara from comment #13)
> As noted in the upstream review, adding LBaaS support to packstack requires
> a newer version of the neutron puppet module. Specifically, we need the
> ability to set the service_plugins in neutron.conf.

Or we could set the service_plugin in /usr/share/neutron/neutron-dist.conf.
Comment 17 Ryan O'Hara 2013-12-05 12:52:20 EST
I've updated the neutron puppet module to the latest stable/havana branch. This includes ability to configure service_plugins from puppet, which should make LBaaS deployment for both packstack and Foreman much easier. I'm reworking my original packstack patch to use the updated module.
Comment 18 Ryan O'Hara 2013-12-05 18:59:52 EST
https://review.openstack.org/56079

Patch set 7 uses service_plugins param to set LBaaS service plugin correctly. This requires updated neutron puppet module which was merged earlier today.

Moving to POST.
Comment 19 Scott Lewis 2013-12-09 10:33:42 EST
Adding OtherQA for bugs in MODIFIED
Comment 22 Rami Vaknin 2013-12-10 22:44:17 EST
Tested on rhos 4.0 running on rhel 6.5 with 2013-12-09.2 puddle, openstack-packstack-2013.2.1-0.14.dev919.el6ost.

I've test the new CONFIG_NEUTRON_LBAAS_HOSTS packstack option, it works well and I'm able create all lbaas objects and operate then successfully.

2 concerns, could you please advice?

i. When using packstack for lbaas configuration, I would expect the horizon's vpnaas gui to be enabled by default ("'enable_lb': False" in /etc/openstack-dashboard/local_settings should be change to "'enable_lb': True")

ii. Could you please point out which rhn channel should contain the haproxy rpm, I'm currently using yum repos instead of rhn and couldn't find this package and I had to manually download it, otherwise packstack fails with:

ERROR : Error appeared during Puppet run: 10.35.160.29_neutron.pp
Package haproxy has not been found in enabled Yum repos.
Comment 23 Jakub Libosvar 2013-12-11 06:05:37 EST
(In reply to Rami Vaknin from comment #22)
> ii. Could you please point out which rhn channel should contain the haproxy
> rpm, I'm currently using yum repos instead of rhn and couldn't find this
> package and I had to manually download it, otherwise packstack fails with:

I asked Perry yesterday on IRC:
"RHEL LB channel provides it"
"and that channel is included in the RHEL OSP SKU"
Comment 24 Ryan O'Hara 2013-12-11 09:17:18 EST
(In reply to Rami Vaknin from comment #22)
> Tested on rhos 4.0 running on rhel 6.5 with 2013-12-09.2 puddle,
> openstack-packstack-2013.2.1-0.14.dev919.el6ost.
> 
> I've test the new CONFIG_NEUTRON_LBAAS_HOSTS packstack option, it works well
> and I'm able create all lbaas objects and operate then successfully.
> 
> 2 concerns, could you please advice?
> 
> i. When using packstack for lbaas configuration, I would expect the
> horizon's vpnaas gui to be enabled by default ("'enable_lb': False" in
> /etc/openstack-dashboard/local_settings should be change to "'enable_lb':
> True")

I'm assuming you meant lbaas and not vpnaas. I suggest you talk to to Horizon developers about this.

> ii. Could you please point out which rhn channel should contain the haproxy
> rpm, I'm currently using yum repos instead of rhn and couldn't find this
> package and I had to manually download it, otherwise packstack fails with:

As mentioned in comments #23, you need the RHEL LB channel.

> ERROR : Error appeared during Puppet run: 10.35.160.29_neutron.pp
> Package haproxy has not been found in enabled Yum repos.
Comment 26 Rami Vaknin 2013-12-12 06:34:45 EST
(In reply to Ryan O'Hara from comment #24)
> (In reply to Rami Vaknin from comment #22)
> > Tested on rhos 4.0 running on rhel 6.5 with 2013-12-09.2 puddle,
> > openstack-packstack-2013.2.1-0.14.dev919.el6ost.
> > 
> > I've test the new CONFIG_NEUTRON_LBAAS_HOSTS packstack option, it works well
> > and I'm able create all lbaas objects and operate then successfully.
> > 
> > 2 concerns, could you please advice?
> > 
> > i. When using packstack for lbaas configuration, I would expect the
> > horizon's vpnaas gui to be enabled by default ("'enable_lb': False" in
> > /etc/openstack-dashboard/local_settings should be change to "'enable_lb':
> > True")
> 
> I'm assuming you meant lbaas and not vpnaas. I suggest you talk to to
> Horizon developers about this.

Done, so I filed the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1040937

> 
> > ii. Could you please point out which rhn channel should contain the haproxy
> > rpm, I'm currently using yum repos instead of rhn and couldn't find this
> > package and I had to manually download it, otherwise packstack fails with:
> 
> As mentioned in comments #23, you need the RHEL LB channel.

Thanks, moving this bug to Verified.

> 
> > ERROR : Error appeared during Puppet run: 10.35.160.29_neutron.pp
> > Package haproxy has not been found in enabled Yum repos.
Comment 28 errata-xmlrpc 2013-12-19 19:28:36 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html

Note You need to log in before you can comment on or make changes to this bug.