Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 9. Creating secure HTTP load balancers

You can create various types of load balancers to manage secure HTTP (HTTPS) network traffic.

9.1. About non-terminated HTTPS load balancers
Link kopieren

A non-terminated HTTPS load balancer acts effectively like a generic TCP load balancer: the load balancer forwards the raw TCP traffic from the web client to the back-end servers where the HTTPS connection is terminated with the web clients. While non-terminated HTTPS load balancers do not support advanced load balancer features like Layer 7 functionality, they do lower load balancer resource utilization by managing the certificates and keys themselves.

9.2. Creating a non-terminated HTTPS load balancer
Link kopieren

If your application requires HTTPS traffic to terminate on the back-end member servers, typically called HTTPS pass through, you can use the HTTPS protocol for your load balancer listeners.

Prerequisites

  • A private subnet that contains back-end servers that host HTTPS applications that are configured with a TLS-encrypted web application on TCP port 443.
  • The back-end servers are configured with a health check at the URL path /.
  • A shared external (public) subnet that you can reach from the internet.

Procedure

  1. Source your credentials file.

    Example

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  2. Create a load balancer (lb1) on a public subnet (public_subnet):

    Note

    Values inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site.

    Example

    $ openstack loadbalancer create --name lb1 --vip-subnet-id public_subnet
    Copy to Clipboard Toggle word wrap

  3. Monitor the state of the load balancer.

    Example

    $ openstack loadbalancer show lb1
    Copy to Clipboard Toggle word wrap

  4. Before going to the next step, ensure that the provisioning_status is ACTIVE.

  5. Create a listener (listener1) on a port (443).

    Example

    $ openstack loadbalancer listener create --name listener1 --protocol HTTPS --protocol-port 443 lb1
    Copy to Clipboard Toggle word wrap

  6. Create the listener default pool (pool1).

    Example

    $ openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTPS
    Copy to Clipboard Toggle word wrap

  7. Create a health monitor on the pool (pool1) that connects to the back-end servers and tests the path (/).

    Example

    $ openstack loadbalancer healthmonitor create --delay 15 --max-retries 4 --timeout 10 --type TLS-HELLO --url-path / pool1
    Copy to Clipboard Toggle word wrap

  8. Add load balancer members (192.0.2.10 and 192.0.2.11) on the private subnet (private_subnet) to the default pool.

    Example

    $ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.10 --protocol-port 443 pool1
$ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.11 --protocol-port 443 pool1
    Copy to Clipboard Toggle word wrap

Verification

  1. View and verify the load balancer (lb1) settings.

    Example

    $ openstack loadbalancer show lb1
    Copy to Clipboard Toggle word wrap

    Sample output

    +---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| created_at          | 2022-01-15T11:11:09                  |
| description         |                                      |
| flavor              |                                      |
| id                  | 788fe121-3dec-4e1b-8360-4020642238b0 |
| listeners           | 09f28053-fde8-4c78-88b9-0f191d84120e |
| name                | lb1                                  |
| operating_status    | ONLINE                               |
| pools               | 627842b3-eed8-4f5f-9f4a-01a738e64d6a |
| project_id          | dda678ca5b1241e7ad7bf7eb211a2fd7     |
| provider            | amphora                              |
| provisioning_status | ACTIVE                               |
| updated_at          | 2022-01-15T11:12:42                  |
| vip_address         | 198.51.100.11                        |
| vip_network_id      | 9bca13be-f18d-49a5-a83d-9d487827fd16 |
| vip_port_id         | 69a85edd-5b1c-458f-96f2-b4552b15b8e6 |
| vip_qos_policy_id   | None                                 |
| vip_subnet_id       | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 |
+---------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

  2. When a health monitor is present and functioning properly, you can check the status of each member.

    A working member (b85c807e-4d7c-4cbd-b725-5e8afddf80d2) has an ONLINE value for its operating_status.

    Example

    $ openstack loadbalancer member show pool1 b85c807e-4d7c-4cbd-b725-5e8afddf80d2
    Copy to Clipboard Toggle word wrap

    Sample output

    +---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| address             | 192.0.2.10                           |
| admin_state_up      | True                                 |
| created_at          | 2022-01-15T11:11:09                  |
| id                  | b85c807e-4d7c-4cbd-b725-5e8afddf80d2 |
| name                |                                      |
| operating_status    | ONLINE                               |
| project_id          | dda678ca5b1241e7ad7bf7eb211a2fd7     |
| protocol_port       | 443                                  |
| provisioning_status | ACTIVE                               |
| subnet_id           | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 |
| updated_at          | 2022-01-15T11:12:42                  |
| weight              | 1                                    |
| monitor_port        | None                                 |
| monitor_address     | None                                 |
| backup              | False                                |
+---------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

9.3. About TLS-terminated HTTPS load balancers
Link kopieren

When a TLS-terminated HTTPS load balancer is implemented, web clients communicate with the load balancer over Transport Layer Security (TLS) protocols. The load balancer terminates the TLS session and forwards the decrypted requests to the back-end servers. When you terminate the TLS session on the load balancer, you offload the CPU-intensive encryption operations to the load balancer, and allow the load balancer to use advanced features such as Layer 7 inspection.

9.4. Creating a TLS-terminated HTTPS load balancer
Link kopieren

When you use TLS-terminated HTTPS load balancers, you offload the CPU-intensive encryption operations to the load balancer, and allow the load balancer to use advanced features such as Layer 7 inspection. It is a best practice to also create a health monitor to ensure that your back-end members remain available.

Prerequisites

  • A private subnet that contains back-end servers that host non-secure HTTP applications on TCP port 80.
  • The back-end servers are configured with a health check at the URL path /.
  • A shared external (public) subnet that you can reach from the internet.

  • TLS public-key cryptography is configured with the following characteristics:

    • A TLS certificate, key, and intermediate certificate chain is obtained from an external certificate authority (CA) for the DNS name that is assigned to the load balancer VIP address, for example, www.example.com.
    • The certificate, key, and intermediate certificate chain reside in separate files in the current directory.
    • The key and certificate are PEM-encoded.
    • The key is not encrypted with a passphrase.
    • The intermediate certificate chain contains multiple certificates that are PEM-encoded and concatenated together.
  • You must configure the Load-balancing service (octavia) to use the Key Manager service (barbican). For more information, see the Manage Secrets with OpenStack Key Manager guide.

Procedure

  1. Combine the key (server.key), certificate (server.crt), and intermediate certificate chain (ca-chain.crt) into a single PKCS12 file (server.p12).

    Note

    Values inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site.

    Example

    $ openssl pkcs12 -export -inkey server.key -in server.crt -certfile ca-chain.crt -passout pass: -out server.p12
    Copy to Clipboard Toggle word wrap

    Note

    The following procedure does not work if you password protect the PKCS12 file.

  2. Source your credentials file.

    Example

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  3. Use the Key Manager service to create a secret resource (tls_secret1) for the PKCS12 file.

    Example

    $ openstack secret store --name='tls_secret1' -t 'application/octet-stream' -e 'base64' --payload="$(base64 < server.p12)"
    Copy to Clipboard Toggle word wrap

  4. Create a load balancer (lb1) on the public subnet (public_subnet).

    Example

    $ openstack loadbalancer create --name lb1 --vip-subnet-id public_subnet
    Copy to Clipboard Toggle word wrap

  5. Monitor the state of the load balancer.

    Example

    $ openstack loadbalancer show lb1
    Copy to Clipboard Toggle word wrap

  6. Before going to the next step, ensure that the provisioning_status is ACTIVE.

  7. Create a TERMINATED_HTTPS listener (listener1), and reference the secret resource as the default TLS container for the listener.

    Example

    $ openstack loadbalancer listener create --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(openstack secret list | awk '/ tls_secret1 / {print $2}') lb1
    Copy to Clipboard Toggle word wrap

  8. Create a pool (pool1) and make it the default pool for the listener.

    Example

    $ openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP
    Copy to Clipboard Toggle word wrap

  9. Create a health monitor on the pool (pool1) that connects to the back-end servers and tests the path (/).

    Example

    $ openstack loadbalancer healthmonitor create --delay 15 --max-retries 4 --timeout 10 --type HTTP --url-path / pool1
    Copy to Clipboard Toggle word wrap

  10. Add the non-secure HTTP back-end servers (192.0.2.10 and 192.0.2.11) on the private subnet (private_subnet) to the pool.

    Example

    $ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.10 --protocol-port 80 pool1
$ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.11 --protocol-port 80 pool1
    Copy to Clipboard Toggle word wrap

Verification

  1. View and verify the load balancer (lb1) settings.

    Example

    $ openstack loadbalancer show lb1
    Copy to Clipboard Toggle word wrap

    Sample output

    +---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| created_at          | 2022-01-15T11:11:09                  |
| description         |                                      |
| flavor              |                                      |
| id                  | 788fe121-3dec-4e1b-8360-4020642238b0 |
| listeners           | 09f28053-fde8-4c78-88b9-0f191d84120e |
| name                | lb1                                  |
| operating_status    | ONLINE                               |
| pools               | 627842b3-eed8-4f5f-9f4a-01a738e64d6a |
| project_id          | dda678ca5b1241e7ad7bf7eb211a2fd7     |
| provider            | amphora                              |
| provisioning_status | ACTIVE                               |
| updated_at          | 2022-01-15T11:12:42                  |
| vip_address         | 198.51.100.11                        |
| vip_network_id      | 9bca13be-f18d-49a5-a83d-9d487827fd16 |
| vip_port_id         | 69a85edd-5b1c-458f-96f2-b4552b15b8e6 |
| vip_qos_policy_id   | None                                 |
| vip_subnet_id       | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 |
+---------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

  2. When a health monitor is present and functioning properly, you can check the status of each member.

    A working member (b85c807e-4d7c-4cbd-b725-5e8afddf80d2) has an ONLINE value for its operating_status.

    Example

    $ openstack loadbalancer member show pool1 b85c807e-4d7c-4cbd-b725-5e8afddf80d2
    Copy to Clipboard Toggle word wrap

    Sample output

    +---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| address             | 192.0.2.10                           |
| admin_state_up      | True                                 |
| created_at          | 2022-01-15T11:11:09                  |
| id                  | b85c807e-4d7c-4cbd-b725-5e8afddf80d2 |
| name                |                                      |
| operating_status    | ONLINE                               |
| project_id          | dda678ca5b1241e7ad7bf7eb211a2fd7     |
| protocol_port       | 80                                   |
| provisioning_status | ACTIVE                               |
| subnet_id           | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 |
| updated_at          | 2022-01-15T11:12:42                  |
| weight              | 1                                    |
| monitor_port        | None                                 |
| monitor_address     | None                                 |
| backup              | False                                |
+---------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

9.5. Creating a TLS-terminated HTTPS load balancer with SNI
Link kopieren

For TLS-terminated HTTPS load balancers that employ Server Name Indication (SNI) technology, a single listener can contain multiple TLS certificates and enable the load balancer to know which certificate to present when it uses a shared IP. It is a best practice to also create a health monitor to ensure that your back-end members remain available.

Prerequisites

  • A private subnet that contains back-end servers that host non-secure HTTP applications on TCP port 80.
  • The back-end servers are configured with a health check at the URL path /.
  • A shared external (public) subnet that you can reach from the internet.

  • TLS public-key cryptography is configured with the following characteristics:

    • Multiple TLS certificates, keys, and intermediate certificate chains have been obtained from an external certificate authority (CA) for the DNS names assigned to the load balancer VIP address, for example, www.example.com and www2.example.com.
    • The keys and certificates are PEM-encoded.
    • The keys are not encrypted with passphrases.
  • You must configure the Load-balancing service (octavia) to use the Key Manager service (barbican). For more information, see the Manage Secrets with OpenStack Key Manager guide.

Procedure

  1. For each of the TLS certificates in the SNI list, combine the key (server.key), certificate (server.crt), and intermediate certificate chain (ca-chain.crt) into a single PKCS12 file (server.p12).

    In this example, you create two PKCS12 files (server.p12 and server2.p12) one for each certificate (www.example.com and www2.example.com).

    Note

    Values inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site. 

    $ openssl pkcs12 -export -inkey server.key -in server.crt -certfile ca-chain.crt -passout pass: -out server.p12

$ openssl pkcs12 -export -inkey server2.key -in server2.crt -certfile ca-chain2.crt -passout pass: -out server2.p12
    Copy to Clipboard Toggle word wrap

  2. Source your credentials file.

    Example

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  3. Use the Key Manager service to create secret resources (tls_secret1 and tls_secret2) for the PKCS12 file. 

    $ openstack secret store --name='tls_secret1' -t 'application/octet-stream' -e 'base64' --payload="$(base64 < server.p12)"
$ openstack secret store --name='tls_secret2' -t 'application/octet-stream' -e 'base64' --payload="$(base64 < server2.p12)"
    Copy to Clipboard Toggle word wrap

  4. Create a load balancer (lb1) on the public subnet (public_subnet). 

    $ openstack loadbalancer create --name lb1 --vip-subnet-id public_subnet
    Copy to Clipboard Toggle word wrap

  5. Monitor the state of the load balancer.

    Example

    $ openstack loadbalancer show lb1
    Copy to Clipboard Toggle word wrap

  6. Before going to the next step, ensure that the provisioning_status is ACTIVE.

  7. Create a TERMINATED_HTTPS listener (listener1), and use SNI to reference both the secret resources.

    (Reference tls_secret1 as the default TLS container for the listener.) 

    $ openstack loadbalancer listener create --protocol-port 443 \
--protocol TERMINATED_HTTPS --name listener1 \
--default-tls-container=$(openstack secret list | awk '/ tls_secret1 / {print $2}') \
--sni-container-refs $(openstack secret list | awk '/ tls_secret1 / {print $2}') \
$(openstack secret list | awk '/ tls_secret2 / {print $2}') -- lb1
    Copy to Clipboard Toggle word wrap

  8. Create a pool (pool1) and make it the default pool for the listener. 

    $ openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP
    Copy to Clipboard Toggle word wrap

  9. Create a health monitor on the pool (pool1) that connects to the back-end servers and tests the path (/).

    Example

    $ openstack loadbalancer healthmonitor create --delay 15 --max-retries 4 --timeout 10 --type HTTP --url-path / pool1
    Copy to Clipboard Toggle word wrap

  10. Add the non-secure HTTP back-end servers (192.0.2.10 and 192.0.2.11) on the private subnet (private_subnet) to the pool. 

    $ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.10 --protocol-port 80 pool1
$ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.11 --protocol-port 80 pool1
    Copy to Clipboard Toggle word wrap

Verification

  1. View and verify the load balancer (lb1) settings.

    Example

    $ openstack loadbalancer show lb1
    Copy to Clipboard Toggle word wrap

    Sample output

    +---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| created_at          | 2022-01-15T11:11:09                  |
| description         |                                      |
| flavor              |                                      |
| id                  | 788fe121-3dec-4e1b-8360-4020642238b0 |
| listeners           | 09f28053-fde8-4c78-88b9-0f191d84120e |
| name                | lb1                                  |
| operating_status    | ONLINE                               |
| pools               | 627842b3-eed8-4f5f-9f4a-01a738e64d6a |
| project_id          | dda678ca5b1241e7ad7bf7eb211a2fd7     |
| provider            | amphora                              |
| provisioning_status | ACTIVE                               |
| updated_at          | 2022-01-15T11:12:42                  |
| vip_address         | 198.51.100.11                        |
| vip_network_id      | 9bca13be-f18d-49a5-a83d-9d487827fd16 |
| vip_port_id         | 69a85edd-5b1c-458f-96f2-b4552b15b8e6 |
| vip_qos_policy_id   | None                                 |
| vip_subnet_id       | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 |
+---------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

  2. When a health monitor is present and functioning properly, you can check the status of each member.

    A working member (b85c807e-4d7c-4cbd-b725-5e8afddf80d2) has an ONLINE value for its operating_status.

    Example

    $ openstack loadbalancer member show pool1 b85c807e-4d7c-4cbd-b725-5e8afddf80d2
    Copy to Clipboard Toggle word wrap

    Sample output

    +---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| address             | 192.0.2.10                           |
| admin_state_up      | True                                 |
| created_at          | 2022-01-15T11:11:09                  |
| id                  | b85c807e-4d7c-4cbd-b725-5e8afddf80d2 |
| name                |                                      |
| operating_status    | ONLINE                               |
| project_id          | dda678ca5b1241e7ad7bf7eb211a2fd7     |
| protocol_port       | 80                                   |
| provisioning_status | ACTIVE                               |
| subnet_id           | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 |
| updated_at          | 2022-01-15T11:12:42                  |
| weight              | 1                                    |
| monitor_port        | None                                 |
| monitor_address     | None                                 |
| backup              | False                                |
+---------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

You can configure a non-secure listener and a TLS-terminated HTTPS listener on the same load balancer and the same IP address when you want to respond to web clients with the exact same content, regardless if the client is connected with a secure or non-secure HTTP protocol. It is a best practice to also create a health monitor to ensure that your back-end members remain available.

Prerequisites

  • A private subnet that contains back-end servers that host non-secure HTTP applications on TCP port 80.
  • The back-end servers are configured with a health check at the URL path /.
  • A shared external (public) subnet that you can reach from the internet.

  • TLS public-key cryptography is configured with the following characteristics:

    • A TLS certificate, key, and optional intermediate certificate chain have been obtained from an external certificate authority (CA) for the DNS name assigned to the load balancer VIP address (for example, www.example.com).
    • The certificate, key, and intermediate certificate chain reside in separate files in the current directory.
    • The key and certificate are PEM-encoded.
    • The key is not encrypted with a passphrase.
    • The intermediate certificate chain contains multiple certificates that are PEM-encoded and concatenated together.
  • You have configured the Load-balancing service (octavia) to use the Key Manager service (barbican). For more information, see the Manage Secrets with OpenStack Key Manager guide.
  • The non-secure HTTP listener is configured with the same pool as the HTTPS TLS-terminated load balancer.

Procedure

  1. Combine the key (server.key), certificate (server.crt), and intermediate certificate chain (ca-chain.crt) into a single PKCS12 file (server.p12).

    Note

    Values inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site. 

    $ openssl pkcs12 -export -inkey server.key -in server.crt -certfile ca-chain.crt -passout pass: -out server.p12
    Copy to Clipboard Toggle word wrap

  2. Source your credentials file.

    Example

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  3. Use the Key Manager service to create a secret resource (tls_secret1) for the PKCS12 file. 

    $ openstack secret store --name='tls_secret1' -t 'application/octet-stream' -e 'base64' --payload="$(base64 < server.p12)"
    Copy to Clipboard Toggle word wrap

  4. Create a load balancer (lb1) on the public subnet (public_subnet). 

    $ openstack loadbalancer create --name lb1 --vip-subnet-id public_subnet
    Copy to Clipboard Toggle word wrap

  5. Monitor the state of the load balancer.

    Example

    $ openstack loadbalancer show lb1
    Copy to Clipboard Toggle word wrap

  6. Before going to the next step, ensure that the provisioning_status is ACTIVE.

  7. Create a TERMINATED_HTTPS listener (listener1), and reference the secret resource as the default TLS container for the listener. 

    $ openstack loadbalancer listener create --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(openstack secret list | awk '/ tls_secret1 / {print $2}') lb1
    Copy to Clipboard Toggle word wrap

  8. Create a pool (pool1) and make it the default pool for the listener. 

    $ openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP
    Copy to Clipboard Toggle word wrap

  9. Create a health monitor on the pool (pool1) that connects to the back-end servers and tests the path (/):

    Example

    $ openstack loadbalancer healthmonitor create --delay 15 --max-retries 4 --timeout 10 --type HTTP --url-path / pool1
    Copy to Clipboard Toggle word wrap

  10. Add the non-secure HTTP back-end servers (192.0.2.10 and 192.0.2.11) on the private subnet (private_subnet) to the pool. 

    $ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.10 --protocol-port 80 pool1
$ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.11 --protocol-port 80 pool1
    Copy to Clipboard Toggle word wrap

  11. Create a non-secure, HTTP listener (listener2), and make its default pool, the same as the secure listener. 

    $ openstack loadbalancer listener create --protocol-port 80 --protocol HTTP --name listener2 --default-pool pool1 lb1
    Copy to Clipboard Toggle word wrap

Verification

  1. View and verify the load balancer (lb1) settings.

    Example

    $ openstack loadbalancer show lb1
    Copy to Clipboard Toggle word wrap

    Sample output

    +---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| created_at          | 2022-01-15T11:11:09                  |
| description         |                                      |
| flavor              |                                      |
| id                  | 788fe121-3dec-4e1b-8360-4020642238b0 |
| listeners           | 09f28053-fde8-4c78-88b9-0f191d84120e |
| name                | lb1                                  |
| operating_status    | ONLINE                               |
| pools               | 627842b3-eed8-4f5f-9f4a-01a738e64d6a |
| project_id          | dda678ca5b1241e7ad7bf7eb211a2fd7     |
| provider            | amphora                              |
| provisioning_status | ACTIVE                               |
| updated_at          | 2022-01-15T11:12:42                  |
| vip_address         | 198.51.100.11                        |
| vip_network_id      | 9bca13be-f18d-49a5-a83d-9d487827fd16 |
| vip_port_id         | 69a85edd-5b1c-458f-96f2-b4552b15b8e6 |
| vip_qos_policy_id   | None                                 |
| vip_subnet_id       | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 |
+---------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

  2. When a health monitor is present and functioning properly, you can check the status of each member.

    A working member (b85c807e-4d7c-4cbd-b725-5e8afddf80d2) has an ONLINE value for its operating_status.

    Example

    $ openstack loadbalancer member show pool1 b85c807e-4d7c-4cbd-b725-5e8afddf80d2
    Copy to Clipboard Toggle word wrap

    Sample output

    +---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| address             | 192.0.2.10                           |
| admin_state_up      | True                                 |
| created_at          | 2022-01-15T11:11:09                  |
| id                  | b85c807e-4d7c-4cbd-b725-5e8afddf80d2 |
| name                |                                      |
| operating_status    | ONLINE                               |
| project_id          | dda678ca5b1241e7ad7bf7eb211a2fd7     |
| protocol_port       | 80                                   |
| provisioning_status | ACTIVE                               |
| subnet_id           | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 |
| updated_at          | 2022-01-15T11:12:42                  |
| weight              | 1                                    |
| monitor_port        | None                                 |
| monitor_address     | None                                 |
| backup              | False                                |
+---------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat