 Okay good afternoon it's lunch so I you know it's just after lunch so I have to wake up people to make sure that they are paying attention. Okay myself Neela Shah and this is Mark van der Wim. We are both going to talk about the heat support that was added for load balancer as a service version 2. This was added in Mitaka. Introduction. I work at IBM and this is my third summit here. Mark van der Wim will work at IBM for quite a while. Many different things we're working on. The heat in the albass was kind of cool. I've been to many of the summits so I've been involved. I'm also a contributor on various projects. I think I hit 29 for the number of projects I touched in Mitaka so that was kind of cool. Okay the things we are going to cover today basically first we'll give you a little bit background about load balancer as a service that has been around in Newton Newton gosh neutron and Newton neutron and then we'll talk about the heat support that was added in Mitaka. We'll then cover a little bit about the horizon dashboard support for albass version 2 because it's just a quick way of getting your load balancer created and then we'll go into the desktop and how to go about getting the support into your desktop because it's not there by default. Then we'll talk about the heat templates and then we'll cover a bit of considerations especially if you have load balancer version 1 or if you're considering using load balancer then what are the things that you should think about and then we'll wrap it up with any questions that you guys have. Okay load balancing. We need it in various aspects of life but we'll today focus on why it's needed on the data center. We don't want to overwhelm our systems so load balancing becomes extremely important. So a little bit of the background so load balancer as a service version 1 has been around in Newton but there's been some major big problems with the design it has a little bit of a fixed design it's hard to make changes in the sense adding significant new features because the architecture doesn't allow for pluggability. It does have scaling limitations as well so that's another issue. So in liberty it was deprecated so I know there are a lot of people out there that are using LBAS V1 but it is deprecated starting liberty. This LBAS V1 code is part of the neutron code base. There's no separate project that you need so it's just all integrated into the neutron. So starting in the kilo release there was an experimental version 2 of LBAS that was introduced. It was marked experimental and then moving forward to liberty it was marked stable so it was ready for production. This has a completely redesigned approach it has a more pluggable architecture so there are different drivers that can be plugged into this architecture and it is a separate project so if you are looking for the code in neutron then it's not there. It's in the project called neutron-LBAS so that's the project where the LBAS V2 code resides. So the heat resources basically are mapping what is done for LBAS V2 and if you're familiar with V1 you'll notice that the structure is completely different than what you're used to in V1. So at the very top level there is a load balancer so in V1 there used to be a VIP but in V2 there is the load balancer on top. You can have a list of listeners associated with that load balancer and then each listener can have a pool or more and then each pool has a list of pool members. There's also a health monitor that's associated with the pool. So this is kind of the high-level structure of the heat resources and then we'll go into details of each of these resources and talk about how it's implemented in heat. Right so the the resources in heat are laid out like Neal was saying this was a little bit of a challenge at first because there already are LBAS resources in the heat for V1 so now we have a head-on-head collision in the namespace so we said we have to address that we have to make it perfectly clear that V1 and V2 are black and white completely different. They're not compatible they're not interchangeable they're not fluggable separate so keep that in mind draw a line between them. So the first resource out there that was in the namespace so it was they already had OS Newton so now they now we added the LBAS at the end of that one and that solved the namespace issue so there's no overlap or reuse that's really important to know the template version is of course the the mataka release version of the templates so if you have the you're gonna play with mataka you can you can play with these heat resources. The other thing that was missing or lacking that we added that was I think it's a very nice thing to have it cleans up your templates is constraints hopefully everybody knows what a constraint is basically it's the idea that if you have something in your template instead of identifying it as a string or an identifier no no no no this is not identifier this is an LBAS load balancer ID so it knows that ID if you try to pass that around to something that has an LBAS constraint and it's not a load balancer ID it'll kick it out so it's a way to you know value check or integrity check your templates so there's constraints for almost every resource that that applies to so I'm gonna walk through the resources here now these are brand new resources right so you will see a load balancer for the old or the old some of these names refers to some of the old ones but these are all new resources in heat so the first one of course like like Nina mentioned is the high-level load balancer right a completely new object this is basically the the high-level piece right that's gonna direct your traffic right it has a virtual IP that can be assigned either initially or later on and it can also be updated it also has a template constraint so that's your high-level piece that's where everything else is gonna fall off of that all right so when you build your load balancer the first thing you have to build or you want to go after is your load balancer the next thing is what ports are you gonna listen for this load balancer so you have listeners listeners is basically just a port listening out there with some type of protocol you notice also some of the protocols here have changed a little bit they've added the HTTPS and the terminated HTTP so you can have an SSL endpoints in there as well and of course this one also has a constraint and you'll see the constraints in my template example later on so the next one they which is very similar to V1 is pool everybody likes to be in the pool it's a great day for being a pool I think so a pool is this group of servers the key to some of the keys and note here is that the it's it defines by a subnet of the pool right so you're gonna send traffic to this pool of servers it also has a balance right so you have a pool of servers how are you gonna pick which one in the pool is going to get the traffic there's a bunch of algorithms you can pick from and these will grow over time but right now that the basic ones are there obviously around Robin the least number connections and of course base it on the source where it came from and this one also has a constraint within the pool you have members right so there's servers in the pool and the server is opaque it doesn't represent a Nova server it doesn't represent a particular type of server it's anything that you can point at that has an IP and port right so if you have an IP address on a port you can edit the pool so if you created servers that are outside of OpenStack or out somewhere and you want to try this out and you just want to point to those servers I don't want to create new instances for the you can point right to them and try it okay so it's key to keep in mind is that you can use Nova servers but you don't have to and last but not least is our health monitor so when you have a pool of servers somebody has to keep the tabs on the health of that thing is it up are the servers up are they down are they available so when you send traffic it doesn't go to a dead server right so somebody's keep track of that a very flexible resource is that is the health monitor it's going to have the the pieces related to it again the protocol what what what is considered healthy for this server look at it from a TCP IP point of view is the TCP IP endpoint up HTTP again you can pick your protocol which can be different than the protocol for the for the load balancer itself and the listener you can also configure the type of requests and and methods that come into it so what do you consider for the health do I do a just a simple rest to get call or do I do want to do I want to do an update call or a delete what's what's your what's your really notion of health and then of course the last thing is it has a lot of configuration to it to say well like I said how do you consider health is it every five minutes I want to bang on my server is make sure they're up or I want to do it every 10 seconds I really want my servers to respond and if they're not responding and you know sub-second times I want to know about it right away I'll let Neela cover the dashboard okay so as I said we did add support for creating the load balancer itself in the horizon dashboard now remember these are not creating the heat resources we are creating the load balancer object itself and we want to show this to you because it's just a quick way of getting your load balancer in place so the things I want to point out here is under project under network there is a load balancer left navigation entry now this is again in a separate project so if you're installing desktop make sure you get that plug-in and install it if you're on the music you know it's going to tell you it's going to give you a list of load balancers here and you know if you wanted to create a new one there's a easy way of just creating a load balancer when you get to the load balancer screen basically you'll see that there are all these resources that we just talked about that you can specify on the UI the good thing about this is basically any field that is marked with an asterisk is the required field so it just gives you a quick way if you wanted to quickly create something so for the load balancer itself all you need to specify is a subnet you could change the name description if you wanted and then next we create a listener and for the listener you basically need to specify the protocol you know whether it's HTTP TCP and then give it a point for for the pool basically you have to provide the method so the method is basically the algorithm that mark talked about there's three of them there's round robin there's least connection and so I see so you could there's a drop down you could just select one of that and then the pool members so this is where you can specify whether you want to use an existing no instance or you want to specify an external member that let you specify an IP address so if you had no instances then they will show up here and then you could just select and they would get added to this list otherwise you could do an external member and that will allow you to add an external the next thing the last thing we provide is the health monitor so we basically fill in the required field and and that's it you create a load balancer so just a quick way of getting your load balancers created okay so you're gonna get back to your offices here on Monday you're gonna say I really want to play with this because she said it's deprecated I'm in trouble it's going away and yes it's L1 is you know v1 is going away guys so if you haven't started looking at v2 all right put it on your to-do list so how to play with it with that stack right hopefully most of you guys are familiar with that stack was set up a few times or something similar to it it has a pluggable way to add drivers the original v1 was included with with with neutron and so if you want to use v2 you're gonna have to do something a little bit special it's fairly straightforward it's a plug-in and of course the project we mentioned is neutron Lbass there's your there's your project and you pull it in you have to enable this service explicitly the default for v1 is Q-Lbass and v2 they added the v1 or the the version at the end of it so make sure you put that in there that will get it that'll enable the service you're ready to go the next thing is to consider with DevStack if you're running on a Mac or something like this and you're running with VirtualBox or something like that something that does not natively easily support nested virtualization you will want to switch to use the the namespace service provider or the legacy driver instead of the default of Octavia so by default you'll get Octavia and Octavia is a it uses virtualization to support Lbass so if you have nested virtualization on a machine that doesn't support it it's gonna take a long time to create a load balancer we're talking 10 minutes you use the legacy one okay you're talking about 10 seconds so keep that in mind if you're using VMware or something that supports the the nested virtualization go ahead and just use the default and don't even worry about this line okay if you have questions with that let me know the next thing is if you want to play with the HTTPS support the SSL support it uses Barbican for the certificate enablements and to store your certificates and to have M4 use those and last but not least of course you'll want to turn on the dashboard because then you don't have to use any command lines you can just click on the dashboard on in Horizon like Neela just showed you and you can play with it right with the GUI the GUI is a separate of course separate project and separate plug-in that you will plug in here from the Neutron dashboard website so with this all here you bring up your DevStack and now you have v2 running you can choose two certificates if you want to set those up as well as now you can go right to the dashboard and say create create a nova instance to me to be to be one of my endpoints in my pool create a pool of one and go ahead and build your load balancer and then start shooting traffic at and see what happens so this way you can explore pretty easily right in DevStack without too much of a hassle just remember this piece here if you think wow why is my load balancer failing or timing out it takes it's be probably because you installed Octavia on a system that doesn't support nested virtualization and that's going to perform rather lousy for you all right so just remember that the namespace provider here works just fine it's like I said the whole point of the LBAS v2 is to allow this flexibility I can switch drivers with one line of code boom I'm using a different LBAS driver same API same horizon same everything else so no some of the heat pieces here that we worked on to go along with the heat resources are some examples that are going on out there so the first example that we that we slid in here is an actual full test so this is an auto scaling test you can go take a look at and see how it works obviously it's specific for a gate test right a Jenkins or the infra gate test so it runs inside the gate and it runs a heat auto scaling group to bring up a certain amount of servers and then it goes ahead and creates some simple web servers within there starts the servers and then it builds up a load balancer upon that then it based on salameter information it scales up and scales down your number of pools and your servers and watches the load balancer automatically scale up and scale down along with your servers that's the cool thing about the heat resources they will scale in proportion to your your auto scaling group so your scaling group gets 10 new servers those 10 new servers automatically get added to your load balancing pool and now you're ready to go with 10 servers scale down the same way so that's kind of slick all that is all pinned together the other example that we put together is much more of a I just want to play with this once I don't understand this whole scaling thing I don't really care right now I just show me what this new stuff is how to use it and make it as simple as possible just to try so I decided to create this one here it's very simplistic it's probably overly simplistic but it shows you how to create a complete load balancer and I'm gonna go ahead and show that to you real quick here oh I got ship ship screens there we go I'll just start it by one at the bottom then go to the top here so this is an all-in-one template so all you have to do is look at one file guys and you can try to understand the concepts here for lbsv2 and heat and resource templates so that's kind of small isn't it sorry about that I'll make that one bigger real quick but basically the idea is this this comes in with all your information all those inputs I talked about that you have to supply come in here your basic template parameters that come in and when you go down to the bottom the basic resources are fairly simplistic here so we have a group this is a basic neutron security group to build the VMs and then I like I said this is not the right way to do it in heat but it's for a very simple one-line example I put two servers right in line so the server a or server one server two right right there and and a little then I throw right into the pool right away so then you can see down here like there's the other pool member then I create the other other resources which are really straightforward you see that that's really it right there that's the entire thing guys to bring the whole thing up so that's your heat read so there's a listener that will go against the load balancer in the pool it points to its points to its protocol and then you have the load balancer itself yet and then you have a flow 9p to attach to the pool so you have your your your external external entry point and the end of this template it kind of lets you shows you what the what the port is that you're going to go after your load balancer with so a very simple one-page example to get that going hopefully that helps some folks out it helped me out writing it just to make sure we you know get the get the stuff right there all right so now we talk about considerations a little bit as Neil mentioned there are some you know major differences between v1 and v2 the cool thing about v2 is that it is a growing community the Octavia group of course is the is the I'll talk about that in a second here is the de facto implementation of this right and they're a good bunch of guys they're doing a lot of hard work to make all your dreams come true for load balancing but of course we need options in in in open stack and there's a bunch of other drivers that are already there they're done they're in there right they're in the code they're in that new project the neutron L best project so lots of different options here and flexibility is the key here with plugins with Octavia some of the cool things that been working on that they just just kind of put out besides the basic load balancer that we kind of know and love I have a pool I can send IP traffic to different pools is now they're adding L7 L7 is context-based routing so when a request comes in and it's HTTP slash something something API let's say you can say I want all those API requests to go to this pool and I want all the requests that go to customer service to go to this pool so you can dynamically control which direction that these requests go to and have it load balance at same time pool sharing is basically tied into the the policies and rules you define from L7 to go into which pool you guys to create a pool out there it's not even a solution with a load balancer but because it's tied to a rule it will send the traffic to that to that pool for you the other cool thing that they've been working on and they know they heard it loud and clear you have to have better ha and they've started on that so they have active standby of course that means active affinity right so you put two of these instances of the of the load balancer piece on two different nodes and have your active standby one will automatically switch over when a failure occurs certificate rotation is talking more about the internal certificates used to communicate between the load balancer objects themselves and in order to be compliant with some government regulations you need to be able to rotate your certificates upon expiration so that's they added that in there and something that's coming along that's not quite there yet that's just about here is they when the patches are out there it's okay you saw the tree of resources right now load balancer a listener a pool a member a health monitor who's going to clean all this up so they're creating a cascade delete that says kill my load balancer and it will trickle down through that now that's an API obviously right now that's done automatically for you if you use the heat resources right that's the whole point of using here guys is he cleans up after itself and of course the other one that people have been asking for that wow I'd like to be able to have one API that says just create me a create me a load balancer and it creates all the other objects for you so that that one's just about to go in as well so they're trying to make this as easy and consumable as possible in the future they're looking at for hopefully in Newton or beyond active active for h.a. it's really cool as well as the the container support for amp for amp for is like I mentioned this Octavia uses virtualization to hold its load balancer engine if you will part of it and part of that engine is called amp for they want to move that right now runs in a runs in a VM they run a containerized that lots of good stuff happening there and the last thing to note is the open-stack CLI which I hope everybody's moving away from the native the old legacy the Keystone Nova and you know the CLI's and moving to the new open-stack command line the command line support is in progress it's got a little ways to go but it's in progress so that's good news too that maybe by end of Newton you'll have the the brand-new CLI there as well so the take away from this is that yeah there's a lot of activity going on here if there's something you need from load balancing that you've always shot your you know always had to do a workaround for v1 or had to put something else in for v1 now's the time to get your request into the Octavia team or one of these other teams to get your stuff done for v2 it's their anthem most active peak right that's when you get your changes in okay let's talk a little bit about some things that you should know about so from a heat resource perspective as we mentioned there is a load balancer and there's all these other resources that go under it so if you look at purely from a neutron standpoint how these resources are handled if you let's say you're creating a listener to a load balancer and then you're trying to so it's basically the flow goes you have a load balancer and you're trying to create a listener the listener gets created but the load balancer goes in a pending update status and you can't do anything more to that as far as changing its structure so you couldn't add another listener while that processing is still going meaning while it's still in the pending update status and you know heat is a little different because he's trying to do things in parallel to optimize them so the way he has implemented this is basically we try to add the resources or make the changes that you've requested and it's gonna throw us an exception if it's in a pending update status and then we are going to give it some wait time and then try again so it's just a way to you know continue making progress without just aborting everything some other considerations we'll talk about here is migration and coexistence so as I mentioned earlier I know there's a lot of people that are using LBAS we want to date but you do need to move to V2 and we'll talk a little bit more about that as well as you're thinking of moving to V2 obviously the first thing that comes to your mind is migrating right because you don't want to just disrupt so I mean really if there is no good story right now that is recommended for this approach it's all manual you manually migrate your neutron objects because as we talked up front the whole structure the resources are completely different between V1 and V2 the APIs have been completely redesigned so it's just something you want to consider as you're planning your move to V2 and coexistence again you know if you're trying to move it might be better for you to have one node that's running V1 and another node that's running V2 rather than trying to co-mingle them and have them co-exist so LBAS V1 it's going going going going gone so I mean we cannot emphasize enough that you need to get off V1 there is nothing new happening in V1 and then nothing new that will come in V1 there's no new features that will come in V1 moving forward it's been already deprecated since a while so we do want everyone to get off V1 and so you want to basically get to V2 make sure you plan ahead and plan well because there are some catchers that you'll have to work through as you move from V1 to V2 but it is a move for the better because it has a more flexible design more options like Mark said you know there's a lot of drivers to pick from and there's a lot more features coming so just keep in mind as you plan your stuff you know Mark talked about the L7 support that Octavia has added I just want to call attention to the fact that there isn't L7 support in heat today what's been done in Mitaka is it's the base LBAS V2 support the L7 support should be coming in a future time so I think that's all we had and we will take questions and if you have a question then please walk up to one of those mics so that everyone can hear your question so thank you for the presentation when you say me great to which OpenStack version is supported with V2 so I mean I think we need to migrate OpenStack that the whole thing right I don't think it works with ice house thinking like that right so could you explain a little bit more and specifically in Neutron what is the impact part right sure so like I said it in the in in Neutron itself right it was it was it was born in in kilo and and the API was opened up in Liberty 4 so if you have Liberty you can start playing with it at the Neutron level right at the API level if you want to play with with heat resources and have a little more structured fun with it you need Mitaka okay so that's why I put up that dead slack slide so you got no excuse you can pop a Mitaka Dev stack on on your Dev machine play with it so that's kind of where we're at right now and just to add to that the dashboard support we saw was also added in Mitaka so heat and horizon support was added in Mitaka I had a question about listeners can you have more than one yeah yeah definitely so listeners are one of those resources you can have you can have more than one in the normal case for that would be something like I'm listening on HTTP which is port 80 I'm listening to HTTPS port 443 right so you'd have two listeners same loan balancer and then the cool thing about that once you have that that notion of things like that you can direct the traffic with the new L7 support which is kind of cool so when you think about the possibilities and the L7 support is really simple guys it's elegant in terms of that you can do anything you want with it now if you have total control of where you're going to route your request to so you can create pools of servers and say you know hey you know these guys really need more attention and those guys are however you want to set it up you're in full control of that so the rules and policies for L7 I you can take a look at their blueprint and their specs it's really straightforward but it's basically regular expressions of that yeah how rich is that how can we go deeper and look at the health of the service right so so the health monitor right now like you like you saw the health monitor is pretty much an object that's going to go out there and you know and ping that IP port with whatever flavor you want to ping it with right it could be an HTTP request TCP request and sometimes some flavor that request you have different options there you also have options of how often it requests and how much time it it should reply in so that's kind of your configurations for the health monitor right now are you looking for something deeper than that okay it does you do have the ability to put the request type on there you can get of this and and and if the get of server list is successful then you're gonna be so so you can go down to the request level I just don't know if you can do anything about interrogating the data that comes back yeah you can do the do the very basic receive string that says yep so the basic stuff is there I'm not sure if it goes any deeper with with with more than just you can get your return codes and receive string and you can specify what type of request for HTTPS support and SSL of load is Barbican certificate supported from heat templates yes yep you Barbican has resources in heat that you can create the resources in there I'm not I'm not familiar with it as much I just know they're in there so I'm not sure if it has full Barbican support or just some basic certificate types but but it does have support in there for heat you can combine that with the load balancer resources in here yeah definitely yep when planning and preparing for an OpusDec upgrade which upgrade junior to kilo kilo liberty liberty to Mitaka is the one where we should consider moving existing v2 users to the mature v that's our existing v1 users to the mature v2 infrastructure so as I mentioned earlier the stabilization of version 2 was done in liberty so at the very least your destination should be liberty but if you if you are trying to use any of the heat support then you want to move to Mitaka post liberty so that we can move our clients they're using the v2 or are we gonna have the need to move through liberty in Mitaka so that we can maintain the same features that start clients if v1 is being deprecated in liberty so v1 exists today but like I said there is minimal work going on in fact they're going to start minus 2 on patches that anyone puts out for v1 now so you'll start seeing that too yeah features will be there they won't be removed but they just won't be enhanced in Mitaka but they the team is still deciding what to do in Newton so they might delete the tree I think that that discussion is still ongoing but it is for sure that there will not be any new work or even support they will not fix bugs in v1 either so it is very important that you all think about moving to v2 if you're already on v1 and just a side note to that besides thinking about it give your feedback for migration and the other considerations so these the teams Octavia and Neutron Elbeth hear that loud and clear that they need to have some focus on that to help you guys out but if everybody you know works together a little bit we can figure this thing out it's not going to be a somebody gonna throw the switch and it's gonna work for you so definitely get in the community if you're if you're worried about migration considerations because we gotta everybody's got to pull together in this one and better yet share if you write script then feel free to share with the community so if I want to combine load balancing and auto scaling at some point I need to either add new instances automatically or they drop out how how does that work the current example that I have there shows how to do it with the auto scaling group from heat which is plugged into salameters watching the resource utilization of your servers so it's a very simplistic cases oh my server is up at 80% go ahead and spawn off three more and expand my pool by three something like that and all my servers idling so go ahead and kick three out of there so it's basically just done on the on the salameter metrics today to grow your pool how does that work with like the health check and you know adding the new IP addresses to that pool I'm trying to yeah that's all part of the heat resource so the heat resources with auto scaling will take that will take care of that for you so as you have pool members and your pool members are part of that auto scaling group that goes up and down they automatically get added to the to the pool members so that's the cool thing about using the heat resources there's no command line or doing something else to add it to the pool the heat resources know that hey I added a new member it automatically becomes part of the load balancer exactly it becomes part of the whole the whole picture yep that's the whole flexibility of the new the new v2 architecture anything else like I said I'm gonna really encourage you guys to get on v2 as well as feedback about about the migration considerations because it's gonna be a call it a bump in the road it's up you guys forgot how big that bumps gonna be the good news is that the support's coming along for what we need now the question is we got to put the glue code there to get there for the migration so thank you so here's some references oh thanks for coming thank you