<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Hi all, <br></div><div><br></div><div>Thank you,</div><div>So the amphora will use a provider network. but how we can access this load balancer externally? via IP assign into amphora (provider network IP)? <br></div><div><br></div><div>Another question, I am facing a problem with a keypair. I am generating a keypair with `create_certificates.sh`</div><div style="margin-left:40px">source /tmp/octavia/bin/create_certificates.sh /etc/octavia/certs /tmp/octavia/etc/certificates/openssl.cnf<br></div><div><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><span><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span><br></span></span></span></div><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span>but when creating the load balancer service, I got this error from /var/log/octavia/worker.log</span></span></span></div></span><div style="margin-left:40px"><span><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span>ERROR oslo_messaging.rpc.server CertificateGenerationException: Could not sign the certificate request: Failed to load CA Private Key /etc/octavia/certs/private/cakey.pem.</span></span></span></div></span></div><span><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span><br></span></span></span></div><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span>I am using this configuration under octavia.conf</span></span></span></div></span><div style="margin-left:40px"><span><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span>[certificates]</span></span></span></div></span><br><span><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span>ca_certificate = /etc/octavia/certs/ca_01.pem</span></span></span></div></span><br><span><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span>ca_private_key = /etc/octavia/certs/private/cakey.pem</span></span></span></div></span><br><span><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span>ca_private_key_passphrase = foobar</span></span></span></div></span></div><div style="margin-left:40px"><br><span><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span></span></span></span></div></span></div>Anyone know this issue?</div><div>I am following Mr. Lingxian Kong blog in <a href="https://lingxiankong.github.io/2016-06-07-octavia-deployment-prerequisites.html">https://lingxiankong.github.io/2016-06-07-octavia-deployment-prerequisites.html</a></div><div><br></div><div dir="ltr"><span><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span></span></span></span></div></span><span><div><span style="font-family:arial,helvetica,sans-serif"><span lang="en"><span>Best Regards,<br></span></span></span></div><span lang="en"><span><span style="font-family:arial,helvetica,sans-serif">Zufar Dhiyaulhaq</span></span></span></span></div></div></div><br></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Dec 5, 2018 at 4:35 AM Lingxian Kong <<a href="mailto:anlin.kong@gmail.com">anlin.kong@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif">On Wed, Dec 5, 2018 at 6:27 AM Gaël THEROND <<a href="mailto:gael.therond@gmail.com" target="_blank">gael.therond@gmail.com</a>> wrote:</span><br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="auto">You can do it with any routed network that you’ll load as a provider network too.</div></div><div dir="auto"><br></div><div dir="auto">Way more simpler, no need for ovs manipulation, just get your network team to give you a vlan both available from computer node and controller plan. It can be a network subnet and vlan completely unknown from you controller as long as you get an intermediary equipment that route your traffic or that you add the proper route on your controllers.</div></blockquote><div><br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Yeah, that's also how we did for our Octavia service in production thanks to our ops team.</div><div><div dir="ltr" class="m_-4286869201105688273gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br><font face="trebuchet ms, sans-serif">Cheers,<br></font></div></div></div></div></div></div></div></div><div><span style="font-family:"trebuchet ms",sans-serif">Lingxian Kong</span> </div></div></div>
</blockquote></div>