Open Stack

On 1/21/21 3:31 PM, CHANU ROMAIN wrote:
> Hello,
> 
> I try to install Octavia and i'm facing an issue with octavia-health-
> manager-listen-port interface.
> 
> I use Openstack Ussuri on Ubuntu 18.04 with linuxbridge plugin I
> followed this procedure:
> https://docs.openstack.org/octavia/latest/install/install-ubuntu.html#install-and-configure-components
> 
> When I try to create my loadbalancer I got this error:
> 
> WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not
> connect to instance. Retrying.: requests.exceptions.ConnectionError:
> HTTPSConnectionPool(host='10.244.3.243', port=9443): Max retries
> exceeded with url: // (Caused by
> NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object
> at 0x7fe1ec077080>: Failed to establish a new connection: [Errno 113]
> No route to host',))
> 
> From my interface "o-hm0" I cannot ping 10.244.3.243 but if I try to
> ping from DHCP namespace it works fine.
> 
> I think the problem is my "octavia-health-manager-listen-port" port
> appears "DOWN" when I list every ports.
> 
> I figured out than Neutron didnt update iptables rules, probably
> because the interface is DOWN but if I add these rules:
> 
> iptables -A neutron-linuxbri-FORWARD -m physdev --physdev-out o-bhm0 --
> physdev-is-bridged -m comment --comment "Accept all packets when port
> is trusted." -j ACCEPT
> iptables -A neutron-linuxbri-FORWARD -m physdev --physdev-in o-bhm0 --
> physdev-is-bridged -m comment --comment "Accept all packets when port
> is trusted." -j ACCEPT
> 
> Amphora is able to communication with health manager port then the
> loadbalancer becomes UP but now I got this WARNING:
> 2021-01-21 15:27:21.230 2999834 WARNING
> octavia.amphorae.drivers.health.heartbeat_udp [-] Health Manager
> experienced an exception processing a heartbeat message from
> ('10.244.3.243', 30684). Ignoring this packet. Exception: 'NoneType'
> object has no attribute 'encode'
> 
> I guess it's all about the port being stuck in DOWN state.  Do you have
> any input how to configure this port?
> 
> Best regards,
> Romain

Hi Romain,

Did you understand correctly that the servers containing your Octavia
services must have connectivity to your load balancer management
network? Also, did you configure correctly the security group of your
load balancers?

To setup Octavia in my CI, I use this script:
https://salsa.debian.org/openstack-team/debian/openstack-cluster-installer/-/blob/debian/victoria/utils/usr/bin/oci-octavia-amphora-secgroups-sshkey-lbrole-and-network

Specifically, look where it's setting-up the lb-mgmt-sec-grp and
lb-health-mgr-sec-grp security groups.

Maybe this will help?

Cheers,

Thomas Goirand (zigo)