End-user / Cloud / Load Balancers¶
From this page you can manage load balancers.
In order to be able to manage load balancers from Fleio the admin user needs to have
creator roles on user projects.
For new projects Fleio can add these roles automatically if they are selected in
Default role names dropdown on
OpenStack settings - Defaults tab.
For existing projects you will have to set these roles manually - see Upgrading OpenStack to 2023.1 Antelope for an example of how to accomplish this.
Create new load balancer¶
Creating a load balancer may take some time so you will have to wait a while until the load balancer becomes active.
To create a new load balancer you will have to fill up the following forms with details:
Load balancer details¶
This form will allow you to configure load balancer details.
The following properties can be set for a new load balancer:
Name - load balancer name
Description - load balancer description
IP address - virtual IP address for load balancer
Availability zone - the availability zone for load balancer
Flavor - the load balancer flavor
Subnet (required) - subnet used to allocate virtual IP for load balancer
Admin state up - check this to enable load balancer after create
This form will allow you to configure the listener that will be created for a new load balancer.
The following properties can be set for the listener:
Name - listener name
Description - listener description
Protocol (required) - listener protocol, see below for details
Port (required) - the port to listen on
Client data timeout, TCP timeout, Member connect timeout, Member data timeout - various timeout in milliseconds - use 0 for infinite
Connection limit - number of concurrent connections - use -1 for infinite
Currently we support the following listener protocols in Fleio: TCP, HTTP, HTTPS, TERMINATED_HTTPS and UPD.
TERMINATED_HTTPS protocol will require user to store at least one valid TLS certificate in
barbican and allow
admin user to access it.
Certificates should be stored in
PKCS#12 format in
barbican. In order to convert a certificate to
format you can use the following command:
openssl pkcs12 -export -inkey cert.key -in cert.crt -passout pass: -out cert.p12
Once the certificate is exported to
PKCS#12 format it can be added to
barbican secret store using the following
openstack secret store --name='tls_secret' -t 'application/octet-stream' -e 'base64' --payload="$(base64 < cert.p12)"
and then add ACL for
openstack secret list # copy ``Secret href`` of the secret you want to allow ``admin`` user to access openstack acl user add --user admin <secret href> # use ``Secret href`` from above
If user cannot store secrets in barbican he will need to be granted
creator role. Use the following command to
grant a user creator role:
openstack role add --user <api user name> --project <user project id> creator
This form will allow you to configure the pool that will be created for a new load balancer.
The following properties can be set for the pool:
Name - poll name
Description - pool description
Algorithm (required) - algorithm used by the pool to balance connection between pool members
This form will allow you to define pool members. The load balancer will balance connection between member defined here.
There are two types of pool members:
external - specified by IP Address & port
instance - an instance from user project can be selected and used as a pool member
This form will allow you to configure the health monitor that will be created for a new load balancer.
The following properties can be set for the health monitor:
Name - poll name
Type - type of check to be used to determine if a pool member is down
Max retries down - the number of retries until a pool member if considered down if the check fails
Delay - number of seconds to wait between checks
Max retries - the number of successful checks before a pool member is considered online
Timeout - number of seconds after which a health check times out