Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 13. Troubleshooting and maintaining the Load-balancing service

Basic troubleshooting and maintenance for the Load-balancing service (octavia) starts with being familiar with the OpenStack client commands for showing status and migrating instances, and knowing how to access logs. If you need to troubleshoot more in depth, you can SSH into one or more Load-balancing service instances (amphorae).

13.1. Verifying the load balancer
Copiar o link

You can troubleshoot the Load-balancing service (octavia) and its various components by viewing the output of the load balancer show and list commands.

Procedure

  1. Source your credentials file.

    Example

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  2. Verify the load balancer (lb1) settings.

    Note

    Values inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site.

    Example

    $ openstack loadbalancer show lb1
    Copy to Clipboard Toggle word wrap

    Sample output

    +---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| created_at          | 2022-02-17T15:59:18                  |
| description         |                                      |
| flavor_id           | None                                 |
| id                  | 265d0b71-c073-40f4-9718-8a182c6d53ca |
| listeners           | 5aaa67da-350d-4125-9022-238e0f7b7f6f |
| name                | lb1                                  |
| operating_status    | ONLINE                               |
| pools               | 48f6664c-b192-4763-846a-da568354da4a |
| project_id          | 52376c9c5c2e434283266ae7cacd3a9c     |
| provider            | amphora                              |
| provisioning_status | ACTIVE                               |
| updated_at          | 2022-02-17T16:01:21                  |
| vip_address         | 192.0.2.177                          |
| vip_network_id      | afeaf55e-7128-4dff-80e2-98f8d1f2f44c |
| vip_port_id         | 94a12275-1505-4cdc-80c9-4432767a980f |
| vip_qos_policy_id   | None                                 |
| vip_subnet_id       | 06ffa90e-2b86-4fe3-9731-c7839b0be6de |
+---------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

  3. Using the loadbalancer ID (265d0b71-c073-40f4-9718-8a182c6d53ca) from the previous step, obtain the ID of the amphora associated with the load balancer (lb1).

    Example

    $ openstack loadbalancer amphora list | grep 265d0b71-c073-40f4-9718-8a182c6d53ca
    Copy to Clipboard Toggle word wrap

    Sample output

    | 1afabefd-ba09-49e1-8c39-41770aa25070 | 265d0b71-c073-40f4-9718-8a182c6d53ca | ALLOCATED | STANDALONE | 198.51.100.7  | 192.0.2.177   |
    Copy to Clipboard Toggle word wrap

  4. Using the amphora ID (1afabefd-ba09-49e1-8c39-41770aa25070) from the previous step, view amphora information.

    Example

    $ openstack loadbalancer amphora show 1afabefd-ba09-49e1-8c39-41770aa25070
    Copy to Clipboard Toggle word wrap

    Sample output

    +-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 1afabefd-ba09-49e1-8c39-41770aa25070 |
| loadbalancer_id | 265d0b71-c073-40f4-9718-8a182c6d53ca |
| compute_id      | ba9fc1c4-8aee-47ad-b47f-98f12ea7b200 |
| lb_network_ip   | 198.51.100.7                         |
| vrrp_ip         | 192.0.2.36                           |
| ha_ip           | 192.0.2.177                          |
| vrrp_port_id    | 07dcd894-487a-48dc-b0ec-7324fe5d2082 |
| ha_port_id      | 94a12275-1505-4cdc-80c9-4432767a980f |
| cert_expiration | 2022-03-19T15:59:23                  |
| cert_busy       | False                                |
| role            | STANDALONE                           |
| status          | ALLOCATED                            |
| vrrp_interface  | None                                 |
| vrrp_id         | 1                                    |
| vrrp_priority   | None                                 |
| cached_zone     | nova                                 |
| created_at      | 2022-02-17T15:59:22                  |
| updated_at      | 2022-02-17T16:00:50                  |
| image_id        | 53001253-5005-4891-bb61-8784ae85e962 |
| compute_flavor  | 65                                   |
+-----------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

  5. View the listener (listener1) details.

    Example

    $ openstack loadbalancer listener show listener1
    Copy to Clipboard Toggle word wrap

    Sample output

    +-----------------------------+--------------------------------------+
| Field                       | Value                                |
+-----------------------------+--------------------------------------+
| admin_state_up              | True                                 |
| connection_limit            | -1                                   |
| created_at                  | 2022-02-17T16:00:59                  |
| default_pool_id             | 48f6664c-b192-4763-846a-da568354da4a |
| default_tls_container_ref   | None                                 |
| description                 |                                      |
| id                          | 5aaa67da-350d-4125-9022-238e0f7b7f6f |
| insert_headers              | None                                 |
| l7policies                  |                                      |
| loadbalancers               | 265d0b71-c073-40f4-9718-8a182c6d53ca |
| name                        | listener1                            |
| operating_status            | ONLINE                               |
| project_id                  | 52376c9c5c2e434283266ae7cacd3a9c     |
| protocol                    | HTTP                                 |
| protocol_port               | 80                                   |
| provisioning_status         | ACTIVE                               |
| sni_container_refs          | []                                   |
| timeout_client_data         | 50000                                |
| timeout_member_connect      | 5000                                 |
| timeout_member_data         | 50000                                |
| timeout_tcp_inspect         | 0                                    |
| updated_at                  | 2022-02-17T16:01:21                  |
| client_ca_tls_container_ref | None                                 |
| client_authentication       | NONE                                 |
| client_crl_container_ref    | None                                 |
| allowed_cidrs               | None                                 |
+-----------------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

  6. View the pool (pool1) and load-balancer members.

    Example

    $ openstack loadbalancer pool show pool1
    Copy to Clipboard Toggle word wrap

    Sample output

    +----------------------+--------------------------------------+
| Field                | Value                                |
+----------------------+--------------------------------------+
| admin_state_up       | True                                 |
| created_at           | 2022-02-17T16:01:08                  |
| description          |                                      |
| healthmonitor_id     | 4b24180f-74c7-47d2-b0a2-4783ada9a4f0 |
| id                   | 48f6664c-b192-4763-846a-da568354da4a |
| lb_algorithm         | ROUND_ROBIN                          |
| listeners            | 5aaa67da-350d-4125-9022-238e0f7b7f6f |
| loadbalancers        | 265d0b71-c073-40f4-9718-8a182c6d53ca |
| members              | b92694bd-3407-461a-92f2-90fb2c4aedd1 |
|                      | 4ccdd1cf-736d-4b31-b67c-81d5f49e528d |
| name                 | pool1                                |
| operating_status     | ONLINE                               |
| project_id           | 52376c9c5c2e434283266ae7cacd3a9c     |
| protocol             | HTTP                                 |
| provisioning_status  | ACTIVE                               |
| session_persistence  | None                                 |
| updated_at           | 2022-02-17T16:01:21                  |
| tls_container_ref    | None                                 |
| ca_tls_container_ref | None                                 |
| crl_container_ref    | None                                 |
| tls_enabled          | False                                |
+----------------------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

  7. Verify HTTPS traffic flows across a load balancer whose listener is configured for HTTPS or TERMINATED_HTTPS protocols by connecting to the VIP address (192.0.2.177) of the load balancer.

    Tip

    Obtain the load-balancer VIP address by using the command, openstack loadbalancer show <load_balancer_name>.

    Note

    Security groups implemented for the load balancer VIP only allow data traffic for the required protocols and ports. For this reason you cannot ping load balancer VIPs, because ICMP traffic is blocked.

    Example

    $ curl -v https://192.0.2.177 --insecure
    Copy to Clipboard Toggle word wrap

    Sample output

    * About to connect() to 192.0.2.177 port 443 (#0)
*   Trying 192.0.2.177...
* Connected to 192.0.2.177 (192.0.2.177) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* 	subject: CN=www.example.com,O=Dis,L=Springfield,ST=Denial,C=US
* 	start date: Jan 15 09:21:45 2021 GMT
* 	expire date: Jan 15 09:21:45 2021 GMT
* 	common name: www.example.com
* 	issuer: CN=www.example.com,O=Dis,L=Springfield,ST=Denial,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.0.2.177
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Length: 30
<
* Connection #0 to host 192.0.2.177 left intact
    Copy to Clipboard Toggle word wrap

13.2. Load-balancing service instance administrative logs
Copiar o link

The administrative log offloading feature of the Load-balancing service instance (amphora) covers all of the system logging inside the amphora except for the tenant flow logs. You can send tenant flow logs to the same syslog receiver where the administrative logs are sent. You can send tenant flow logs to the same syslog receiver that processes the administrative logs, but you must configure the tenant flow logs separately.

The amphora sends all administrative log messages by using the native log format for the application sending the message. The amphorae log to the Red Hat OpenStack Platform (RHOSP) Controller node in the same location as the other RHOSP logs (/var/log/containers/octavia/).

13.3. Migrating a specific Load-balancing service instance
Copiar o link

In some cases you must migrate a Load-balancing service instance (amphora). For example, if the host is being shut down for maintenance

Procedure

  1. Source your credentials file.

    Example

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  2. Locate the ID of the amphora that you want to migrate. You need to provide the ID in a later step. 

    $ openstack loadbalancer amphora list
    Copy to Clipboard Toggle word wrap

  3. To prevent the Compute scheduler service from scheduling any new amphorae to the Compute node being evacuated, disable the Compute node (compute-host-1).

    Note

    Values inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site.

    Example

    $ openstack compute service set compute-host-1 nova-compute --disable
    Copy to Clipboard Toggle word wrap

  4. Fail over the amphora by using the amphora ID (ea17210a-1076-48ff-8a1f-ced49ccb5e53) that you obtained.

    Example

    $ openstack loadbalancer amphora failover ea17210a-1076-48ff-8a1f-ced49ccb5e53
    Copy to Clipboard Toggle word wrap

13.4. Using SSH to connect to load-balancing instances
Copiar o link

Use SSH to log in to Load-balancing service instances (amphorae) when troubleshooting service problems.

It can be helpful to use Secure Shell (SSH) to log into running Load-balancing service instances (amphorae) when troubleshooting service problems.

Prerequisites

  • You must have the Load-balancing service (octavia) SSH private key.

Procedure

  1. On the director node, start ssh-agent and add your user identity key to the agent: 

    $ eval $(ssh-agent -s)
$ ssh-add
    Copy to Clipboard Toggle word wrap

  2. Source your credentials file.

    Example

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  3. Determine the IP address on the load-balancing management network (lb_network_ip) for the amphora that you want to connect to: 

    $ openstack loadbalancer amphora list
    Copy to Clipboard Toggle word wrap

  4. Use SSH to connect to the amphora: 

    $ ssh -A -t heat-admin@<controller_node_IP_address> ssh cloud-user@<lb_network_ip>
    Copy to Clipboard Toggle word wrap

  5. When you are finished, close your connection to the amphora and stop the SSH agent: 

    $ exit
    Copy to Clipboard Toggle word wrap

13.5. Showing listener statistics
Copiar o link

Using the OpenStack Client, you can obtain statistics about the listener for a particular Red Hat OpenStack Platform (RHOSP) loadbalancer:

  • current active connections (active_connections).
  • total bytes received (bytes_in).
  • total bytes sent (bytes_out).
  • total requests that were unable to be fulfilled (request_errors).
  • total connections handled (total_connections).

Procedure

  1. Source your credentials file.

    Example

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  2. View the stats for the listener (listener1).

    Note

    Values inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site.

    Example

    $ openstack loadbalancer listener stats show listener1
    Copy to Clipboard Toggle word wrap

    Tip

    If you do not know the name of the listener, enter the command loadbalancer listener list.

    Sample output

    +--------------------+-------+
| Field              | Value |
+--------------------+-------+
| active_connections | 0     |
| bytes_in           | 0     |
| bytes_out          | 0     |
| request_errors     | 0     |
| total_connections  | 0     |
+--------------------+-------+
    Copy to Clipboard Toggle word wrap

13.6. Interpreting listener request errors
Copiar o link

You can obtain statistics about the listener for a particular Red Hat OpenStack Platform (RHOSP) loadbalancer. For more information, see Section 13.5, “Showing listener statistics”.

One of the statistics tracked by the RHOSP loadbalancer, request_errors, is only counting errors that occurred in the request from the end user connecting to the load balancer. The request_errors variable is not measuring errors reported by the member server.

For example, if a tenant connects through the RHOSP Load-balancing service (octavia) to a web server that returns an HTTP status code of 400 (Bad Request), this error is not collected by the Load-balancing service. Loadbalancers do not inspect the content of data traffic. In this example, the loadbalancer interprets this flow as successful because it transported information between the user and the web server correctly.

The following conditions can cause the request_errors variable to increment:

  • early termination from the client, before the request has been sent.
  • read error from the client.
  • client timeout.
  • client closed the connection.
  • various bad requests from the client.
Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat