kolla ansible has support for octavia however there are no docs for how to use it at all.
looking at the upstream octaiva docs i was eventually able to determin how to get octavia to work but kolla ansible does not deploy the service in a working state.
we shoudl either mark it as tech preview/experimental or add docmentation describing how to deploy correctly.
before deployment you need to create a cert athority
in /etc/kolla/config/octaivia
following this process https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
then you need to rename the generated certs and copy them to the name kolla expects
cp certs/server_ca/private/ca.key.pem /etc/kolla/config/octavia/server_ca.key.pem
cp certs/server_ca/certs/ca.cert.pem /etc/kolla/config/octavia/server_ca.cert.pem
cp certs/client_ca/private/client.cert-and-key.pem /etc/kolla/config/octavia/client.cert-and-key.pem
cp certs/client_ca/certs/ca.cert.pem /etc/kolla/config/octavia/client_ca.cert.pem
this is error prone and tedious and should be automated.
addtionally a prodier netwrok needs to be created for octavia to spawn the loadblancer vms
this netwrok uuid need to be set in the octaiva config e.g. /etc/kolla/config/octavia.conf
a default flavor should also be set
amp_boot_network_list = a5555da0-3118-4b11-b68b-2cbfb4a3324f
amp_image_tag = amphora
amp_secgroup_list =
amp_flavor_id = 100
amp_ssh_key_name = octavia_ssh_key
some steps that are required post deployment are as follows
- create a the octavia_ssh_key in the octavia user
- create an ampohora image https://docs.openstack.org/octavia/latest/admin/amphora-image-build.html (this require you to git clone ocativa and then use disk image builder to build the imag ethen upload it to glance with an amphora tag.)
- add the ocativa user to the admin project. (this should not be required but we have a bug in our config generation) the octavia user should only be a member of the service project bu we currently
configure the service_auth project to {{ openstack_auth.project_name }}
https://github.com/openstack/kolla-ansible/blob/a44bba845fef741594b532a7f0f90651a5ef0b6c/ansible/roles/octavia/templates/octavia.conf.j2#L36
it should be set to service so either you can fix that with a template override or you can add the octavia user to admin porject as an admin. if you dont you will get a error when create a loadblancer
(openstack) loadbalancer create --vip-network-id 92ac19a4-4241-40fc-8baf-1d9f4c3e0838
The request you have made requires authentication. (HTTP 401) (Request-ID: req-8e2f5af7-a3df-40a1-a76e-ac075a6bc8c1) (HTTP 500) (Request-ID: req-1bcad1c2-af18-454a-85fc-3c3c772f66b7)
I recently helped someone through this process, let me know if you need any info Dincer. I was thinking we could build the docs up iteratively, first starting with a checklist, then adding full instructions. Ideally we would link to Octavia docs rather than reproduce them where possible e.g. for cert generation.