LbaaS v2 support
Add support for LBAASv2 in OpenContrail.
Currently OpenContrail supports LBAASv1 Openstack APIs. This blueprint is to add support for LBAASv2 Openstack APIs in OpenContrail which are available starting Liberty release of Openstack.
Summary
-------------
In LBAASv1 virtual-ip was tied to the port as well. This prevented the users from listening only
multiple ports for the same virtual-ip. Users would have had to create multiple load balancers
to achieve the same.
LBAASv2 handles this by decoupling the virtual ip address from the port. The object model has
the following resource:
- Loadbalancer (holds the virtual ip address)
- Listeners (one or many listeners with different ports, protocols etc)
- Pools
- Members
- Health monitors
In addition support for multiple certificates per listener has been added in conjunction with barbican
as the secure storage for certificates.
Controller changes
-------
Controller now aggregates the configuration based on the provider. If haproxy is the provider then
the controller generates the configuration for haproxy and hence eliminates the need to send all
the loadbalancer resources down to the vrouter-agent. Only the generated config is sent to the
vrouter-agent as part of the service-instance.
Agent
---------
Agent receives the config information in the service-instance object from ifmap-server and writes
all the config in a file /var/lib/
netns script.
For Example if the loadbalancer uuid is 84901e8e-
agent would create the conf file /var/lib/
Netns
--------
Netns finds the loadbalancer type from <loadbalancer-
For Example if the loadbalacer type is haproxy and loadbalancer uuid is 84901e8e-
SSL with Barbican
-------
Barbican Server and Client are used for loadbalaning https traffic.
SSL certificate and private-key are stored in barbican server. Container will be created in barbican server using the certificate and private-key.
netns script gets the certificate and private-key from the specified container from barbican server through barbican client and stores in a pem file and updates the loadbalacer conf. loadbalnacer uses the pem file for the SSL handshake.
CLI to store certificate and private-key in barbican
-------
- barbican secret store --payload-
- barbican secret store --payload-
CLI to store certificate and private-key in container in barbican
-------
barbican container create --name=
Example LB creation
-------
- neutron net-create private-net
- neutron subnet-create --name private-subnet private-net 30.30.30.0/24
- neutron lbaas-loadbalan
- neutron lbaas-listener-
- neutron lbaas-pool-create --name pool1 --protocol HTTP --listener listener1 --lb-algorithm ROUND_ROBIN
- neutron lbaas-member-create --subnet private-subnet --address 30.30.30.10 --protocol-port 80 mypool
- neutron lbaas-member-create --subnet private-subnet --address 30.30.30.11 --protocol-port 80 mypool
Blueprint information
- Status:
- Complete
- Approver:
- Ashish Ranjan
- Priority:
- Medium
- Drafter:
- Ashish Ranjan
- Direction:
- Needs approval
- Assignee:
- Rudra Rugge
- Definition:
- Approved
- Series goal:
- Accepted for r3.1
- Implementation:
- Implemented
- Milestone target:
- r3.1.0.0-fcs
- Started by
- Rudra Rugge
- Completed by
- Ashish Ranjan