Document clustering / HA sync functionality

[jputrino]

OpenStack Release

Liberty

Description

Per discussion on slack, we need to add the following to the cluster documentation.

"_for your active/standby pair, you can configure the agent with the single floating IP address (icontrol_hostname paramter in the f5-openstack-agent.ini file) and then configure auto-sync for the device group. Be aware that the agent does NOT initiate a config sync, so you must enable auto-sync if you define only a single floating IP for the icontrolhostname parameter. ... Just remember to enable auto-sync for your device group if you choose to define only one BIG-IP and the floating IP address."

For scalen three-device cluster: When agent is configured to manage all three devices in a manual sync sync-failover group:

• the change is successfully applied to all three devices
• this causes them to be out of sync.
• the status of the lbaas object created (in this case, loadbalancer) to be ERROR.
• You can manually sync device to group to bring them back into sync but the error persists in neutron.

When agent is configured to manage all three devices in an auto-sync sync-failover group:

• the loadbalancer object is not created on any of the devices.

[jputrino]

-- if you choose to only tell the agent about one device and use autosync, you must set the agent to standalone mode; otherwise, it will look for more than one iControl endpoint and will fail when it only finds one -- if you configure the agent to use pair or scalen mode and your BIG-IPs are already using autosync, creation of objects will fail. Example: if you create a new loadbalancer, it will succeed on one device and fail on the other(s); creation of all subsequent objects will fail on the other device(s). -- if you configure the agent to use pair or scalen mode and your BIG-IPs are NOT already using autosync, you can manually sync the group to a device to resolve the 'changes pending' status. It shouldn't matter which device you use to sync the group to, since they have all been configured with the same objects. -- you may be able to use autosync successfully after completing the initial loadbalancer configuration, but this has not been tested.

[alonsocamaro]

About the following configuration option

only tell the agent about one device and use autosync

how will the agent find the management of the other device once the one in the config file fails?

[jputrino]

It wouldn't be able to, which is why we don't recommend setting things up that way. This issue is meant to clarify just that it can be done.

-- Jodie Putrino

On Aug 10, 2016, at 7:45 AM, alonsocamaro notifications@github.com<mailto:notifications@github.com> wrote:

About the following configuration option

only tell the agent about one device and use autosync

how will the agent find the management of the other device once the one in the config file fails?

You are receiving this because you were assigned. Reply to this email directly, view it on GitHubhttps://github.com/F5Networks/f5-openstack-lbaasv2-driver/issues/198#issuecomment-238870698, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ALlMsY7iAgJzAwSVgvN1BJkixS1Ok_01ks5qedW-gaJpZM4Ja9wa.

[jputrino]

Clarification: the agent won't be able to find the other device automatically. You'd need to manually add its iControl endpoint to the agent config file.

-- Jodie Putrino

On Aug 10, 2016, at 7:45 AM, alonsocamaro notifications@github.com<mailto:notifications@github.com> wrote:

About the following configuration option

only tell the agent about one device and use autosync

how will the agent find the management of the other device once the one in the config file fails?

You are receiving this because you were assigned. Reply to this email directly, view it on GitHubhttps://github.com/F5Networks/f5-openstack-lbaasv2-driver/issues/198#issuecomment-238870698, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ALlMsY7iAgJzAwSVgvN1BJkixS1Ok_01ks5qedW-gaJpZM4Ja9wa.

[alonsocamaro]

Thanks Jodie! I wonder if you could clarify the following too:

1 - Could you please clarify if the current version of the lbaasv2 driver only supports a single VE or a single device-group?

2 - Reading f5-openstack-agent.ini I found confusing "external device type" and "guest devices"...

I'm guessing that external device is a device not hosted in any nova-compute node. and a guest device when it is. Is this right?

This would make sense but then find I cannot indicate what are the IPs of my HA-pair of VEs... since

icontrol_hostname is valid for external device type only.

Your comments are very much appreciated

Thanks

[jputrino]

@alonsocamaro The lbaasv2 agent/driver currently support only one environment, which can consist of a standalone device or a device group (hardware or VE, or a combination of the two).

I believe the 'external device type' doesn't actually mean anything in lbaasv2; we have a ticket open to edit and update the .ini file in the agent repo, but it hasn't been given a great deal of priority due to other more pressing development needs. Your VE can be internal (deployed within your openstack cloud) or external. If you set the f5_ha_type to pair, then enter the IPs for both of your VEs, the agent should successfully be able to find and communicate with them.

If your VEs are internal to your OpenStack cloud, you'll need to uncomment the l3_binding_driver line in the 'L3 Segmentation Mode Settings' section of the config file.

[alonsocamaro]

That makes sense. Many thanks Jodie! :-)

[jputrino]

You're welcome!

[mattgreene]

@jputrino @richbrowne Did this documentation content get added in as part of the "Agent Redundancy" feature? Can we close this issue?

[jputrino]

@mattgreene -- I think the documentation could use some clarification, since we don't have any mention of the agent expecting a certain number of endpoints based on which HA option you choose. The bit about uncommenting the l3_binding_driver line is definitely documented.