Re: [Openstack-operators] Octavia on ocata centos 7

2018-05-10 Thread Ignazio Cassano 
Many thanks for your help.
Ignazio

Il Gio 10 Mag 2018 21:05 iain MacDonnell  ha
scritto:

>
>
> On 05/10/2018 10:45 AM, Ignazio Cassano wrote:
> > I am moving from lbaas v2 based on haproxy driver to octavia on centos 7
> > ocata.
> [snip]
> > On the octavia server all services are active, amphora images are
> > installed, but when I try to create a load balancer:
> >
> > nuutron lbaas-loadbalancer-create --name lb1 private-subnet
> >
> > it tries to connect to 127.0.0.1:5000
>
> Google found:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1434904 =>
> https://bugzilla.redhat.com/show_bug.cgi?id=1433728
>
> Seems that you may be missing the service_auth section from
> neutron_lbaas.conf or/and octavia.conf ?
>
> I've been through the frustration of trying to get Octavia working. The
> docs are bit iffy, and it's ... "still maturing" (from my observation).
>
> I think I did have it working with neutron_lbaasv2 at one point. My
> neutron_lbaas.conf included:
>
> [service_auth]
> auth_url = http://mykeystonehost:35357/v3
> admin_user = neutron
> admin_tenant_name = service
> admin_password = n0ttell1nU
> admin_user_domain = default
> admin_project_domain = default
> region = myregion
>
> and octavia.conf:
>
> [service_auth]
> memcached_servers = mymemcachedhost:11211
> auth_url = http://mykeystonehost:35357
> auth_type = password
> project_domain_name = default
> project_name = service
> user_domain_name = default
> username = octavia
> password = n0ttell1nU
>
>
> Not sure how correct those are, but IIRC it did basically work.
>
> I've since moved to pure Octavia on Queens, where there is no
> neutron_lbaas.
>
> GL!
>
>  ~iain
>
>
>
>
> ___
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Octavia on ocata centos 7

2018-05-10 Thread iain MacDonnell 



On 05/10/2018 10:45 AM, Ignazio Cassano wrote:
I am moving from lbaas v2 based on haproxy driver to octavia on centos 7 
ocata.

[snip]
On the octavia server all services are active, amphora images are 
installed, but when I try to create a load balancer:


nuutron lbaas-loadbalancer-create --name lb1 private-subnet

it tries to connect to 127.0.0.1:5000 


Google found:

https://bugzilla.redhat.com/show_bug.cgi?id=1434904 => 
https://bugzilla.redhat.com/show_bug.cgi?id=1433728


Seems that you may be missing the service_auth section from 
neutron_lbaas.conf or/and octavia.conf ?


I've been through the frustration of trying to get Octavia working. The 
docs are bit iffy, and it's ... "still maturing" (from my observation).


I think I did have it working with neutron_lbaasv2 at one point. My 
neutron_lbaas.conf included:


[service_auth]
auth_url = http://mykeystonehost:35357/v3
admin_user = neutron
admin_tenant_name = service
admin_password = n0ttell1nU
admin_user_domain = default
admin_project_domain = default
region = myregion

and octavia.conf:

[service_auth]
memcached_servers = mymemcachedhost:11211
auth_url = http://mykeystonehost:35357
auth_type = password
project_domain_name = default
project_name = service
user_domain_name = default
username = octavia
password = n0ttell1nU


Not sure how correct those are, but IIRC it did basically work.

I've since moved to pure Octavia on Queens, where there is no neutron_lbaas.

GL!

~iain




___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

[Openstack-operators] Octavia on ocata centos 7

2018-05-10 Thread Ignazio Cassano 
Hi everyone,
I am moving from lbaas v2 based on haproxy driver to octavia on centos 7
ocata.

I installed a new host with octavia following the documentation.
I removed all old load balancers, stopped lbaas agent and configured
neutron following this link:

https://docs.openstack.org/octavia/queens/contributor/guides/dev-quick-start.html


On the octavia server all services are active, amphora images are
installed, but when I try to create a load balancer:

nuutron lbaas-loadbalancer-create --name lb1 private-subnet

it tries to connect to 127.0.0.1:5000

Either on octavia.conf or neutron.conf the section for keystone is
correctly configured

to reach controller address.

The old lbaas v2 based on haproxy driver worked fine before changing
configuration but

is was not possible protect lbaas adresses with security groups (this
is a very old problem) because security groups are applyed only to vm
ports.

Since Octavia load balancer is based on vm deirved from amphora image,
I'd like to use it to improve my security.

Any suggestion for my octavia configuration or alternatives to improve
security on lbaas ?

Thanks and Regards

Ignazio
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators