You can configure LBaaS using the command line interface on the active controller node.

LBaaS listeners can use HTTP, TCP, or terminated HTTPS. Terminated HTTPS listeners terminate TLS for incoming connections, and the TLS certificates and keys for these listeners are stored in Barbican. If you want to create terminated HTTPS listeners, contact your cloud administrator to determine whether you must configure the ACL to grant the barbican user access to the secrets for your project.

Prerequisites

  • Create a public subnet and router on your network. For an NSX Data Center for vSphere deployment, the router type must be exclusive.
    Note: You can create the load balancer on a tenant subnet, but you must assign it a floating IP address.
  • Configure at least one client and at least two server instances.

Procedure

  1. Log in to the OpenStack Management Server as viouser.
  2. Log in to the controller node as viouser.
  3. Load the credentials file for your user account.
    source user-credentials.rc
  4. If you want to create terminated HTTPS listeners and need to configure the ACL, grant the barbican user access to your certificates, keys, and TLS containers.
    openstack acl user add -u barbican-uuid object-name

    Run this command one time for each certificate, key, and container in your project.

    You can run the openstack user list command to find the UUID of the barbican user. You can run the openstack secret list command to find certificate, key, and container names.

  5. Create a load balancer.
    neutron lbaas-loadbalancer-create --name lb-name lb-subnet-id

    Only members of the specified subnet can be added to the LBaaS pool.

  6. Create a listener for the new load balancer.
    neutron lbaas-listener-create --loadbalancer lb-name --protocol {HTTP | TCP | TERMINATED_HTTPS} --protocol-port port-num --name listener-name [--default-tls-container=tls-container-uuid]

    If you specify TERMINATED_HTTPS as the protocol, you must also provide the ID of the TLS container.

  7. Create an LBaaS pool.
    neutron lbaas-pool-create --lb-algorithm lb-method --listener listener-name --protocol {TCP | HTTP} --name pool-name

    The --lb-algorithm parameter accepts the following values.

    Argument Description
    LEAST_CONNECTIONS

    New client requests are sent to the server with the fewest connections.

    ROUND_ROBIN

    Each server is used in turn according to the weight assigned to it.

    SOURCE_IP

    All connections that originate from the same source IP address are handled by the same member of the pool.

  8. Add at least two server instances to the LBaaS pool that you created.
    neutron lbaas-member-create --subnet lb-subnet-id --address server1-ip --protocol-port 80 pool-name
    neutron lbaas-member-create --subnet lb-subnet-id --address server2-ip --protocol-port 80 pool-name
  9. Set up the health monitor.
    neutron lbaas-healthmonitor-create --delay delay-seconds --type {HTTP | TCP | PING} --max-retries number --timeout timeout-seconds --pool pool-name
    Parameter Description
    --delay

    Enter the time in seconds between sending probes to members.

    --type

    Specify HTTP, TCP, or PING.

    --max-retries

    Enter the number of connection failures allowed before changing the member status to INACTIVE.

    --timeout

    Enter the time in seconds that a monitor will wait for a connection to be established before it times out.

    The timeout value must be less than the delay value.

    --pool

    Specify the LBaaS pool that you created.

  10. If you created the load balancer on a tenant subnet, associate a floating IP address with the load balancer.
  11. (Optional) Send test requests to validate your LBaaS configuration.
    1. Log in to the OpenStack Management Server as viouser.
    2. Create a test index.html file.
    3. In the same directory, start a web server.
      sudo python -m SimpleHTTPServer 80
    4. Log in to the client instance.
    5. Run the wget command and view whether your requests are being correctly load-balanced across the servers in the pool.
      • For load balancing without TLS, run the following command:
        wget -O - http://mgmt-server-ip
      • For load balancing with TLS, run the following command:
        wget -O - https://mgmt-server-ip