Installing LBaaS Driver for Contrail
Overview
Avi Vantage manages load balancing capacity for a virtual service by dynamically scaling it out or in on additional or fewer Service Engines (SEs). By default, the primary SE for the virtual service co-ordinates distribution of traffic flow amongst the secondary SEs, including itself. On an OpenStack with Contrail environment, Avi Vantage can take advantage of Contrail’s Equal-cost multi-path routing (ECMP) support and manage the orchestration of ECMP routes as part of virtual service placement.
This article details the installation of the Avi LBaaS driver in an OpenStack + Contrail environment.
Note: The following instructions are applicable for Contrail release 3.x.
Installing LBaaS v2 pip
Install the Avi LBaaS v2 driver pip package using $ pip install avi_lbaasv2-18.2b20190501-py2-none-any.whl.
Adding the Avi LBaaS Driver in Contrail
There are two ways to add the Avi LBaaS driver.
- Method 1: Add the Avi driver to the existing list of LBaaS drivers. In this case the Avi driver will not be default LBaaS driver.
- Method 2: Add the Avi driver as the default LBaaS driver.
Adding Avi Driver to the List of LBaaS Drivers
If you use this option to install the Avi LBaaS driver, ensure you use the provide option while creating the load balancing object.
/opt/contrail/utils/service_appliance_set.py --api_server_ip localhost --api_server_port 8082 --oper add --admin_user admin --admin_password avi123 --admin_tenant_name admin --name avi_adc --driver "avi_lbaasv2.avi_ocdriver.OpencontrailAviLoadbalancerDriver" --properties '{"address": "10.10.25.201", "user": "admin", "password": "avi123", "cloud": "oc"}'
Adding the Avi Driver as the Default Driver
To install Avi driver as the default driver,
- Delete the existing opencontrail service appliance set
/opt/contrail/utils/service_appliance_set.py --api_server_ip localhost --api_server_port 8082 --oper del --admin_user admin --admin_password avi123 --admin_tenant_name admin --name opencontrail - Add the current service appliance set.
/opt/contrail/utils/service_appliance_set.py --api_server_ip localhost --api_server_port 8082 --oper add --admin_user admin --admin_password avi123 --admin_tenant_name admin --name opencontrail --driver "avi_lbaasv2.avi_ocdriver .OpencontrailAviLoadbalancerDriver" --properties '{"address": "10.10.25.201", "user": "admin", "password": "avi123", "cloud": "oc"}'For example, check the existing service appliance sets
GET http://10.140.6.164:8082/service-appliance-sets { "service-appliance-sets": [ { "href": "http://10.140.6.164:8082/service-appliance-set/75cf5d87-a86d-49f1-b1cf-b84141e1f403", "fq_name": [ "default-global-system-config", "opencontrail" ], "uuid": "75cf5d87-a86d-49f1-b1cf-b84141e1f403" } ] } GET http://10.140.6.164:8082/service-appliance-set/75cf5d87-a86d-49f1-b1cf-b84141e1f403 { "service-appliance-set": { "display_name": "opencontrail", "uuid": "75cf5d87-a86d-49f1-b1cf-b84141e1f403", "service_appliance_driver": "svc_monitor.services.loadbalancer.drivers.ha_proxy.driver.OpencontrailLoadbalancerDriver", "parent_uuid": "2288609b-9d92-4f4e-acb8-a2d404294eba", "parent_href": "http://10.140.6.164:8082/global-system-config/2288609b-9d92-4f4e-acb8-a2d404294eba", "parent_type": "global-system-config", "perms2": { "owner": "cloud-admin", "owner_access": 7, "global_access": 0, "share": [] }, "href": "http://10.140.6.164:8082/service-appliance-set/75cf5d87-a86d-49f1-b1cf-b84141e1f403", "id_perms": { "enable": true, "uuid": { "uuid_mslong": 8489106659844377073, "uuid_lslong": 12812662055310062595 }, "created": "2018-04-13T07:59:32.823116", "description": null, "creator": null, "user_visible": true, "last_modified": "2018-04-13T07:59:32.823116", "permissions": { "owner": "admin", "owner_access": 7, "other_access": 7, "group": "KeystoneAdmin", "group_access": 7 } }, "fq_name": [ "default-global-system-config", "opencontrail" ], "name": "opencontrail" } }
Test Creating Load Balancers
If you are using Avi driver as a non-default driver, specify the provider name while creating load balancer object.
neutron lbaas-loadbalancer-create --name lb p1 --provider avi_adc
If the Avi driver is not the default driver,
neutron lbaas-loadbalancer-create --name lb p1neutron lbaas-listener-create --loadbalancer lb --protocol HTTP --protocol-port 80 --name lbneutron lbaas-pool-create --listener lb --name lb --lb-algorithm ROUND_ROBIN --protocol HTTPneutron lbaas-member-create --subnet p1 --address 192.168.10.20 --protocol-port 80 lb --name lb
Enable Debugging
Update the file as shown below:
/etc/contrail/contrail-svc-monitor.conf file; log_level=SYS_NOTICE.
Then restart the service monitor.
service contrail-svc-monitor restart
Check if the Avi driver shows in the service appliance in Contrail.
GET http://10.140.6.164:8082/service-appliance-sets
{
"service-appliance-sets": [
{
"href": "http://10.140.6.164:8082/service-appliance-set/75cf5d87-a86d-49f1-b1cf-b84141e1f403",
"fq_name": [
"default-global-system-config",
"opencontrail"
],
"uuid": "75cf5d87-a86d-49f1-b1cf-b84141e1f403"
},
{
"href": "http://10.140.6.164:8082/service-appliance-set/406a5d8e-ad1d-4e7b-9f95-7c3981a182b5",
"fq_name": [
"default-global-system-config",
"avi_adc"
],
"uuid": "406a5d8e-ad1d-4e7b-9f95-7c3981a182b5"
}
]
}
GET http://10.140.6.164:8082/service-appliance-set/406a5d8e-ad1d-4e7b-9f95-7c3981a182b5
{
"service-appliance-set": {
"display_name": "avi_adc",
"uuid": "406a5d8e-ad1d-4e7b-9f95-7c3981a182b5",
"service_appliance_driver": "avi_lbaasv2.avi_ocdriver.OpencontrailAviLoadbalancerDriver",
"parent_uuid": "2288609b-9d92-4f4e-acb8-a2d404294eba",
"parent_href": "http://10.140.6.164:8082/global-system-config/2288609b-9d92-4f4e-acb8-a2d404294eba",
"parent_type": "global-system-config",
"perms2": {
"owner": "cloud-admin",
"owner_access": 7,
"global_access": 0,
"share": []
},
"service_appliance_set_properties": {
"key_value_pair": [
{
"key": "password",
"value": "avi123"
},
{
"key": "user",
"value": "admin"
},
{
"key": "cloud",
"value": "Default-Cloud"
},
{
"key": "address",
"value": "10.10.22.3"
}
]
},
"loadbalancer_back_refs": [
{
"to": [
"default-domain",
"admin",
"test-faf0a526-7318-42a9-834a-93cf5b2e56ad"
],
"href": "http://10.140.6.164:8082/loadbalancer/221bc0fe-0f80-4183-8ca0-d134bfcaa7f3",
"attr": null,
"uuid": "221bc0fe-0f80-4183-8ca0-d134bfcaa7f3"
}
],
"href": "http://10.140.6.164:8082/service-appliance-set/406a5d8e-ad1d-4e7b-9f95-7c3981a182b5",
"id_perms": {
"enable": true,
"uuid": {
"uuid_mslong": 4641625233329835643,
"uuid_lslong": 11499233809990255285
},
"created": "2018-12-03T05:24:59.253222",
"description": null,
"creator": null,
"user_visible": true,
"last_modified": "2018-12-03T05:24:59.253222",
"permissions": {
"owner": "admin",
"owner_access": 7,
"other_access": 7,
"group": "KeystoneAdmin",
"group_access": 7
}
},
"fq_name": [
"default-global-system-config",
"avi_adc"
],
"name": "avi_adc"
}
}
Log files to check.
/var/log/contrail/contrail-svc-monitor.log
Create a neutron load balancer using avi_adc as provider and checking it in Avi Vantage.
root@contrail22:~# neutron lbaas-loadbalancer-create --name test --provider avi_adc 18ce86f9-9c66-481e-870d-196bb6ac2819
Created a new loadbalancer:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| id | 221bc0fe-0f80-4183-8ca0-d134bfcaa7f3 |
| listeners | |
| name | test |
| operating_status | ONLINE |
| provisioning_status | ACTIVE |
| tenant_id | cdc4fe48cc3e4ebc906c0969145fe7ab |
| vip_address | 10.10.30.7 |
| vip_port_id | 0ad885ae-dea2-407e-a980-b3d1d9b62ff0 |
| vip_subnet_id | 18ce86f9-9c66-481e-870d-196bb6ac2819 |
+---------------------+--------------------------------------+
root@contrail22:~#
root@contrail22:~# neutron lbaas-loadbalancer-delete 2844ff6a-957a-49df-884a-6e2acf683bab
Deleted loadbalancer: 2844ff6a-957a-49df-884a-6e2acf683bab
root@contrail22:~#
root@contrail22:~# neutron lbaas-loadbalancer-list
+--------------------------------------+------+-------------+---------------------+
| id | name | vip_address | provisioning_status |
+--------------------------------------+------+-------------+---------------------+
| 221bc0fe-0f80-4183-8ca0-d134bfcaa7f3 | test | 10.10.30.7 | ACTIVE |
+--------------------------------------+------+-------------+---------------------+
root@contrail22:~#
root@contrail22:~#
root@contrail22:~# neutron lbaas-listener-create --loadbalancer test --protocol HTTP --protocol-port 80 --name test-listener
Created a new listener:
+----------------+------------------------------------------------+
| Field | Value |
+----------------+------------------------------------------------+
| admin_state_up | True |
| description | |
| id | c3fb1e7a-310c-4fe4-9e5e-f0321d15e132 |
| loadbalancers | {"id": "221bc0fe-0f80-4183-8ca0-d134bfcaa7f3"} |
| name | test-listener |
| protocol | HTTP |
| protocol_port | 80 |
| tenant_id | cdc4fe48cc3e4ebc906c0969145fe7ab |
+----------------+------------------------------------------------+
[admin:anant-controller]: > show virtualservice
+--------------------+----------------+-------------+----------+---------------+---------------+
| Name | IP Address | IP6 Address | Services | Cloud | Oper State |
+--------------------+----------------+-------------+----------+---------------+---------------+
| test | 10.10.30.4 | - | 80 | Default-Cloud | OPER_UP |
| Heat-VS-IPv6 | - | 700::100 | 80 | Default-Cloud | OPER_UP |
| Heat-VS-IPv4 | 192.168.60.100 | - | 80 | Default-Cloud | OPER_UP |
| Heat-VS-IPv4v6 | 192.168.70.100 | 600::100 | 80 | Default-Cloud | OPER_UP |
| test:test-listener | 10.10.30.7 | - | 80 | Default-Cloud | OPER_INACTIVE |
+--------------------+----------------+-------------+----------+---------------+---------------+
Avi Controller Cloud Configuration
-
If OpenStack endpoints are private IPs and Contrail provides a public/front-end IP to those endpoints, then use iptables to DNAT.
# on AviController only - perform iptable nat to reach the private IPs. $ iptables -t nat -I OUTPUT --dest 172.16.11.50 -j DNAT --to-dest 10.10.10.100 -
During cloud configuration, select the Integration with Contrail checkbox and provide the endpoint URL of the Contrail VNC
api-server. The Keystone credentials from the OpenStack configuration will be used to authenticate with theapi-serverservice.
Sample Configuration
: > show cloud jcos
+---------------------------+--------------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------------+
| uuid | cloud-104bb7e6-a9d2-4b34-a4c5-d94be659bb91 |
| name | jcos |
| vtype | CLOUD_OPENSTACK |
| openstack_configuration | |
| username | admin |
| admin_tenant | demo |
| keystone_host | 172.16.11.50 |
| mgmt_network_name | mgmtnw |
| privilege | WRITE_ACCESS |
| use_keystone_auth | True |
| region | RegionOne |
| hypervisor | KVM |
| tenant_se | True |
| import_keystone_tenants | True |
| anti_affinity | True |
| port_security | False |
| security_groups | True |
| allowed_address_pairs | True |
| free_floatingips | True |
| img_format | OS_IMG_FMT_AUTO |
| use_admin_url | True |
| use_internal_endpoints | False |
| config_drive | True |
| insecure | True |
| intf_sec_ips | False |
| external_networks | False |
| neutron_rbac | True |
| nuage_port | 8443 |
| contrail_endpoint | http://10.10.10.100:8082 |
| apic_mode | False |
| dhcp_enabled | True |
| mtu | 1500 bytes |
| prefer_static_routes | False |
| enable_vip_static_routes | False |
| license_type | LIC_CORES |
| tenant_ref | admin |
+---------------------------+--------------------------------------------+