Version ======= rhos 4.0 on rhel 6.5, puddle 2013-10-15.1 python-neutron-2013.2-0.12.rc1.el6ost.noarch openstack-neutron-openvswitch-2013.2-0.12.rc1.el6ost.noarch python-neutronclient-2.2.6-1.el6ost.noarch openstack-neutron-2013.2-0.12.rc1.el6ost.noarch Description =========== By default the load balancer should use the haproxy service, however this package is not automatically installed by packstack. In addition, there are some other missing configurations, for instance: * In /etc/neutron/neutron.conf service_plugins = neutron.services.loadbalancer.plugin.LoadBalancerPlugin service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
Note that I'm not sure that the service_provider should be configured, but the service_plugins should. In addition, the following should be considered to be configured in /etc/neutron/lbaas_agent.ini: interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver Regarding the following, I'm not sure but I found them configured in a coleague env as following: ovs_use_veth = True user_group = haproxy
Packstack will also need to install haproxy and enable the lbaas agent.
Terry, we would need your input here. Could you please give us a hand to estimate how much work this would require?
Hi Rami please add your input as well Thanks Ofer
Here are the changes I do on the network node to make it work: i. Currently I disable selinux as a workaround to rhbz#1020052 (LBaaS with haproxy causes various selinux violations) ii. Installing haproxy: sudo yum install -y http://download.devel.redhat.com/brewroot/packages/haproxy/1.4.24/2.el6/x86_64/haproxy-1.4.24-2.el6.x86_64.rpm iii. Start lbaas agent and persist it: service neutron-lbaas-agent start ; chkconfig neutron-lbaas-agent on iv.Changing the following configuration: * /etc/neutron/neutron.conf, "service_providers" section: service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default * /etc/neutron/neutron.conf, "DEFAULT" section: service_plugins += neutron.services.loadbalancer.plugin.LoadBalancerPlugin (append to former value if exists, comma seperated) * /etc/neutron/lbaas_agent.ini, "DEFAULT" section: device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver user_group = haproxy v. Restart neutron services for the configuration files change to take effect
Adding rohara as a cc since I haven't really looked at lbaas yet.
I recommend having a simple yes/no variable added to packstack that if off by default. Perhaps CONFIG_NEUTRON_LBAAS_AGENT or something similar. If this is 'y', install haproxy, make the appropriate changes to neutron.conf and lbaas_agent.ini, then enable/start the lbaas-agent. Right now we will only support haproxy as the lbaas driver, so this should be sufficient. I am not sure the the neutron puppet modules need modification for any of this to work.
It appears that lbaas support was added the puppet-neutron module and has all the appropriate parameters to configure as Rami described in comment #6.
This is mostly complete. Just need to test. Patch forthcoming.
Patch submitted for review upstream. https://review.openstack.org/56079
https://bugzilla.redhat.com/show_bug.cgi?id=1020052#c7 Two SELinux booleans will need to be set as well.
As noted in the upstream review, adding LBaaS support to packstack requires a newer version of the neutron puppet module. Specifically, we need the ability to set the service_plugins in neutron.conf.
(In reply to Ryan O'Hara from comment #13) > As noted in the upstream review, adding LBaaS support to packstack requires > a newer version of the neutron puppet module. Specifically, we need the > ability to set the service_plugins in neutron.conf. Or we could set the service_plugin in /usr/share/neutron/neutron-dist.conf.
I've updated the neutron puppet module to the latest stable/havana branch. This includes ability to configure service_plugins from puppet, which should make LBaaS deployment for both packstack and Foreman much easier. I'm reworking my original packstack patch to use the updated module.
https://review.openstack.org/56079 Patch set 7 uses service_plugins param to set LBaaS service plugin correctly. This requires updated neutron puppet module which was merged earlier today. Moving to POST.
Adding OtherQA for bugs in MODIFIED
Tested on rhos 4.0 running on rhel 6.5 with 2013-12-09.2 puddle, openstack-packstack-2013.2.1-0.14.dev919.el6ost. I've test the new CONFIG_NEUTRON_LBAAS_HOSTS packstack option, it works well and I'm able create all lbaas objects and operate then successfully. 2 concerns, could you please advice? i. When using packstack for lbaas configuration, I would expect the horizon's vpnaas gui to be enabled by default ("'enable_lb': False" in /etc/openstack-dashboard/local_settings should be change to "'enable_lb': True") ii. Could you please point out which rhn channel should contain the haproxy rpm, I'm currently using yum repos instead of rhn and couldn't find this package and I had to manually download it, otherwise packstack fails with: ERROR : Error appeared during Puppet run: 10.35.160.29_neutron.pp Package haproxy has not been found in enabled Yum repos.
(In reply to Rami Vaknin from comment #22) > ii. Could you please point out which rhn channel should contain the haproxy > rpm, I'm currently using yum repos instead of rhn and couldn't find this > package and I had to manually download it, otherwise packstack fails with: I asked Perry yesterday on IRC: "RHEL LB channel provides it" "and that channel is included in the RHEL OSP SKU"
(In reply to Rami Vaknin from comment #22) > Tested on rhos 4.0 running on rhel 6.5 with 2013-12-09.2 puddle, > openstack-packstack-2013.2.1-0.14.dev919.el6ost. > > I've test the new CONFIG_NEUTRON_LBAAS_HOSTS packstack option, it works well > and I'm able create all lbaas objects and operate then successfully. > > 2 concerns, could you please advice? > > i. When using packstack for lbaas configuration, I would expect the > horizon's vpnaas gui to be enabled by default ("'enable_lb': False" in > /etc/openstack-dashboard/local_settings should be change to "'enable_lb': > True") I'm assuming you meant lbaas and not vpnaas. I suggest you talk to to Horizon developers about this. > ii. Could you please point out which rhn channel should contain the haproxy > rpm, I'm currently using yum repos instead of rhn and couldn't find this > package and I had to manually download it, otherwise packstack fails with: As mentioned in comments #23, you need the RHEL LB channel. > ERROR : Error appeared during Puppet run: 10.35.160.29_neutron.pp > Package haproxy has not been found in enabled Yum repos.
(In reply to Ryan O'Hara from comment #24) > (In reply to Rami Vaknin from comment #22) > > Tested on rhos 4.0 running on rhel 6.5 with 2013-12-09.2 puddle, > > openstack-packstack-2013.2.1-0.14.dev919.el6ost. > > > > I've test the new CONFIG_NEUTRON_LBAAS_HOSTS packstack option, it works well > > and I'm able create all lbaas objects and operate then successfully. > > > > 2 concerns, could you please advice? > > > > i. When using packstack for lbaas configuration, I would expect the > > horizon's vpnaas gui to be enabled by default ("'enable_lb': False" in > > /etc/openstack-dashboard/local_settings should be change to "'enable_lb': > > True") > > I'm assuming you meant lbaas and not vpnaas. I suggest you talk to to > Horizon developers about this. Done, so I filed the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=1040937 > > > ii. Could you please point out which rhn channel should contain the haproxy > > rpm, I'm currently using yum repos instead of rhn and couldn't find this > > package and I had to manually download it, otherwise packstack fails with: > > As mentioned in comments #23, you need the RHEL LB channel. Thanks, moving this bug to Verified. > > > ERROR : Error appeared during Puppet run: 10.35.160.29_neutron.pp > > Package haproxy has not been found in enabled Yum repos.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1859.html