I tried things on a fresh devstack and it successfully reloaded : stack@Octavia:~/devstack$ neutron lbaas-loadbalancer-create private-subnet Created a new loadbalancer: +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | admin_state_up | True | | description | | | id | 0a806ca4-224d-4a77-a83f-604d0789b604 | | listeners | | | name | | | operating_status | OFFLINE | | provider | octavia | | provisioning_status | PENDING_CREATE | | tenant_id | 80f55e09b76e4b91903bc9b466c33970 | | vip_address | 10.0.0.6 | | vip_port_id | 9236a715-6720-46d9-8a16-c1a76e51fff1 | | vip_subnet_id | f6668e1c-7a16-4e84-af86-3e7b697895ec | +---------------------+--------------------------------------+ stack@Octavia:~/devstack$ nova list +--------------------------------------+----------------------------------------------+--------+------------+-------------+---------------------------------------------------------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+----------------------------------------------+--------+------------+-------------+---------------------------------------------------------------------------------+ | 2e3c9ad9-cd97-4c83-a2db-45b89f1693c1 | amphora-095403de-fcf6-42dd-8942-368c4cd60f42 | ACTIVE | - | Running | lb-mgmt-net=192.168.0.5; private=fd1d:3c05:fb0d:0:f816:3eff:fe15:9a72, 10.0.0.7 | +--------------------------------------+----------------------------------------------+--------+------------+-------------+---------------------------------------------------------------------------------+ stack@Octavia:~/devstack$ curl -k -v --cert /etc/octavia/certs/client.pem https://192.168.0.5:9443/0.5/info * Hostname was NOT found in DNS cache * Trying 192.168.0.5... * Connected to 192.168.0.5 (192.168.0.5) port 9443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS handshake, CERT verify (15): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-GCM-SHA384 * Server certificate: * subject: CN=095403de-fcf6-42dd-8942-368c4cd60f42 * start date: 2016-02-17 21:34:57 GMT * expire date: 2018-02-16 21:34:57 GMT * issuer: C=US; ST=Denial; L=Springfield; O=Dis; CN=www.example.com * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. > GET /0.5/info HTTP/1.1 > User-Agent: curl/7.35.0 > Host: 192.168.0.5:9443 > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 200 OK < Content-Type: application/json < Content-Length: 150 < Server: Werkzeug/0.11.4 Python/2.7.6 < Date: Wed, 17 Feb 2016 21:36:33 GMT < { "api_version": "0.5", "haproxy_version": "1.5.14-1ubuntu0.15.10.1~ubuntu14.04.1", "hostname": "amphora-095403de-fcf6-42dd-8942-368c4cd60f42" * Closing connection 0 * SSLv3, TLS alert, Client hello (1): stack@Octavia:~/devstack$ curl -k -v -XPUT --cert /etc/octavia/certs/client.pem --data-binary @/etc/octavia/certs/client.pem https://192.168.0.4:9443/0.5/certificate * Hostname was NOT found in DNS cache * Trying 192.168.0.4... ^C stack@Octavia:~/devstack$ curl -k -v -XPUT --cert /etc/octavia/certs/client.pem --data-binary @/etc/octavia/certs/client.pem https://192.168.0.5:9443/0.5/certificate * Hostname was NOT found in DNS cache * Trying 192.168.0.5... * Connected to 192.168.0.5 (192.168.0.5) port 9443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS handshake, CERT verify (15): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-GCM-SHA384 * Server certificate: * subject: CN=095403de-fcf6-42dd-8942-368c4cd60f42 * start date: 2016-02-17 21:34:57 GMT * expire date: 2018-02-16 21:34:57 GMT * issuer: C=US; ST=Denial; L=Springfield; O=Dis; CN=www.example.com * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. > PUT /0.5/certificate HTTP/1.1 > User-Agent: curl/7.35.0 > Host: 192.168.0.5:9443 > Accept: */* > Content-Length: 6105 > Content-Type: application/x-www-form-urlencoded > Expect: 100-continue > < HTTP/1.1 100 Continue * HTTP 1.0, assume close after body < HTTP/1.0 202 ACCEPTED < Content-Type: application/json < Content-Length: 21 * Server Werkzeug/0.11.4 Python/2.7.6 is not blacklisted < Server: Werkzeug/0.11.4 Python/2.7.6 < Date: Wed, 17 Feb 2016 21:38:07 GMT < { "message": "OK" * Closing connection 0 * SSLv3, TLS alert, Client hello (1): }stackOctavia:~/devstack$ curl -k -v --cert /etc/octavia/certs/client.pem https://192.168.0.5:9443/0.5/info* Hostname was NOT found in DNS cache * Trying 192.168.0.5... * Connected to 192.168.0.5 (192.168.0.5) port 9443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS handshake, CERT verify (15): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-GCM-SHA384 * Server certificate: * subject: C=US; ST=Denial; O=Dis; CN=www.example.com * start date: 2016-02-17 20:29:54 GMT * expire date: 2017-02-16 20:29:54 GMT * issuer: C=US; ST=Denial; L=Springfield; O=Dis; CN=www.example.com * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. > GET /0.5/info HTTP/1.1 > User-Agent: curl/7.35.0 > Host: 192.168.0.5:9443 > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 200 OK < Content-Type: application/json < Content-Length: 150 < Server: Werkzeug/0.11.4 Python/2.7.6 < Date: Wed, 17 Feb 2016 21:38:15 GMT < { "api_version": "0.5", "haproxy_version": "1.5.14-1ubuntu0.15.10.1~ubuntu14.04.1", "hostname": "amphora-095403de-fcf6-42dd-8942-368c4cd60f42" * Closing connection 0 * SSLv3, TLS alert, Client hello (1): stack@Octavia:~/devstack$ ssh -i /etc/octavia/.ssh/octavia_ssh_key ubuntu@192.168.0.5 The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established. ECDSA key fingerprint is b4:42:ba:39:81:ba:4a:d7:b5:e3:b3:5e:97:f7:6b:96. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.5' (ECDSA) to the list of known hosts. Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-77-generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Wed Feb 17 21:35:10 UTC 2016 System load: 0.0 Memory usage: 7% Processes: 54 Usage of /: 72.7% of 1.81GB Swap usage: 0% Users logged in: 0 Graph this data and manage this system at: https://landscape.canonical.com/ Get cloud support with Ubuntu Advantage Cloud Guest: http://www.ubuntu.com/business/services/cloud 0 packages can be updated. 0 updates are security updates. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. ubuntu@amphora-095403de-fcf6-42dd-8942-368c4cd60f42:~$ sudo cat /var/log/ alternatives.log dmesg os-apply-config.log apt/ dmesg.0 os-collect-config.log auth.log dpkg.log pollinate.log boot.log fsck/ syslog btmp kern.log udev cloud-init-output.log kernel.log unattended-upgrades/ cloud-init.log landscape/ upstart/ dist-upgrade/ lastlog wtmp ubuntu@amphora-095403de-fcf6-42dd-8942-368c4cd60f42:~$ sudo cat /var/log/upstart/amphora-agent.log 2016-02-17 21:35:13.632 180 INFO octavia.common.config [-] Logging enabled! 2016-02-17 21:35:13.645 180 WARNING oslo_reports.guru_meditation_report [-] Guru mediation now registers SIGUSR1 and SIGUSR2 by default for backward compatibility. SIGUSR1 will no longer be registered in a future release, so please use SIGUSR2 to generate reports. 2016-02-17 21:35:13.702 446 INFO octavia.amphorae.backends.health_daemon.health_daemon [-] Health Manager Sender starting. 2016-02-17 21:35:13.734 180 INFO werkzeug [-] * Running on https://0.0.0.0:9443/ (Press CTRL+C to quit) 2016-02-17 21:35:13.738 180 INFO werkzeug [-] * Restarting with stat 2016-02-17 21:35:15.389 448 INFO octavia.common.config [-] Logging enabled! 2016-02-17 21:35:15.389 448 WARNING oslo_reports.guru_meditation_report [-] Guru mediation now registers SIGUSR1 and SIGUSR2 by default for backward compatibility. SIGUSR1 will no longer be registered in a future release, so please use SIGUSR2 to generate reports. 2016-02-17 21:35:21.934 448 INFO werkzeug [-] 192.168.0.3 - - [17/Feb/2016 21:35:21] "POST /0.5/plug/vip/10.0.0.6 HTTP/1.1" 202 - 2016-02-17 21:36:33.867 448 INFO werkzeug [-] 192.168.0.3 - - [17/Feb/2016 21:36:33] "GET /0.5/info HTTP/1.1" 200 - 2016-02-17 21:38:07.755 448 INFO werkzeug [-] 192.168.0.3 - - [17/Feb/2016 21:38:07] "PUT /0.5/certificate HTTP/1.1" 202 - 2016-02-17 21:38:08.746 448 INFO werkzeug [-] * Detected change in '/etc/octavia/certs/server.pem', reloading 2016-02-17 21:38:08.805 180 INFO werkzeug [-] * Restarting with stat 2016-02-17 21:38:09.201 1421 INFO octavia.common.config [-] Logging enabled! 2016-02-17 21:38:09.201 1421 WARNING oslo_reports.guru_meditation_report [-] Guru mediation now registers SIGUSR1 and SIGUSR2 by default for backward compatibility. SIGUSR1 will no longer be registered in a future release, so please use SIGUSR2 to generate reports. 2016-02-17 21:38:15.194 1421 INFO werkzeug [-] 192.168.0.3 - - [17/Feb/2016 21:38:15] "GET /0.5/info HTTP/1.1" 200 -