Application Delivery Management

Configure LBaaS V2 using command line

LBaaS V2 supports SSL offload with certificates managed by Barbican, certificate bundles (includes intermediary Certification Authorities), SNI support along with the regular load balancing features. LBaaS V2 supports only command line interface to execute configuration tasks. LBaaS V2 API implementations are performed through Neutron LBaaS commands.

Note

Upload certificate and key to Barbican service when you require SSL offloading feature. Perform steps 1, 2, and 3 if SSL offloading is supported, else continue from step 4 to create a load balancer, a listener, a pool and a member.

  1. Upload certificate to Barbican service using the following command:

    barbican secret store –payload-content-type <content_type> –name <certificate_name> –payload<certificate_location>

    Example: barbican secret store –payload-content-type=’text/plain’ –name=’hp_server_certificate’ –payload=” hp_server/tmp/server_certificate”

    localized image

  2. Upload key to Barbican service using the following command:

    barbican secret store –payload-content-type <content_type> –name <key_name> –payload<key_location>

    Example: barbican secret store – payload-content-type=’text/plain’ –name=’shp_server_key’ –payload=”hp-server/tmp/server_key”

    localized image

    Note

    When you execute these two Barbican commands to load the certificate and the key, the Secret href fields provide a location or url. This is where the certificate and the key are stored on the system where OpenStack is installed. Copy these links and provide these links as parameters when you create the container on Barbican service in step 3.

  3. Create a container in Barbican service to store the certificate and the key using the following command:

    In the command, replace <certificate_url> with the url that you obtained from the Secret href field when you uploaded the certificate. Similarly, replace <key_url> with the url that you obtained from the Secret href field when you uploaded the key.

    barbican secret container create –name<container_name> –type<container_type> –secret<certificate_url> –secret<key_url>

    Example: barbican secret container create –name=’hp_container’ –type=’certificate’ –secret=”certificate=http://localhost:9311/v1/secrets/e36a4a82-87e4-4873-9efe-55108875ef58 --secret="private\_key=http://localhost:9311/v1/secrets/1b9e1a93-2aeb-4101-8002-e52acab987b0

    localized image

    Copy the container href value. You have to provide the link to the container when creating the listener in step 6.

  4. Set the environment variables in OpenStack. The variables enable the OpenStack client commands to communicate with the OpenStack services.

    Example:

    export OS_PASSWORD-hp

    export OS_AUTH_URL=http://10.106.43.15:35357/v2.0/

    export OS_USERNAME=hp_user

    export OS_TENANT_NAME=hp

    export OS_IDENTITY_API_VERSION=2.0

    export BARBICAN_ENDPOINT=”http://10.106.43.15:9311/

    localized image

    Note

    Set these variables for every SSH session before running other commands. For more information about OpenStack environment variables, see OpenStack environment variables.

  5. Create a load balancer using the following command:

    neutron lbaas-loadbalancer-create –name <loadbalancer-name>  <subnet-name> –provider <netscaler>

    Example: neutron lbaas-loadbalancer-create –name hp-lb-test hp-sub1 –provider netscaler

    localized image

    The status changes from PENDING_CREATE to ACTIVE after the load balancer is successfully created.

    localized image

  6. Create a listener using the following commmand:

    neutron lbaas-listener-create –loadbalancer <loadbalancer-name> –name <listener-name> –protocol <protocol_type> –protocol-port <port_number> –default-tls-container-id<container_url>

    Example: neutron lbaas-listener-create –name hp-lb-test-list  –loadbalancer hp-lb-test –protocol TERMINATED_HTTPS –protocol-port 443 –default-tls-container-id http://10.106.43.15:9311/v1/containers/d688676f-c256-4a0d-b84d-a310419dc0aa

    Note

    If you are creating a listener without SSL offload support, execute the following command without providing locations to the container:

    neutron lbaas-listener-create –loadbalancer <loadbalancer-name> –name <listener-name> –protocol <protocol_type> –protocol-port <port_number>

    localized image

  7. Create a pool using the following command:

    neutron lbaas-pool-create –lb-algorithm <algorithm_type> –listener <listener-name> –protocol <protocol_type> –name <pool-name>

    Example: neutron lbaas-pool-create –lb-algorithm LEAST_CONNECTIONS –listener demolistener –protocol http –name demopool

    localized image

  8. Create a member using the following command:

    neutron lbaas-member-create  –subnet <subnet-name> –address <ip-address of the web server> –protocol-port <port_number>  <pool-name>

    Example: neutron lbaas-member-create –subnet hp-sub1 –address 15.0.0.15 –protocol-port 80 hp-lb-test-pool

    localized image

Monitoring OpenStack Applications in Citrix ADM

Your tenants can log on to Citrix Application Delivery Management (ADM) using their OpenStack credentials to monitor VIPs and pools created from OpenStack from any browser. The URL should be in the following format:

http://\<mas\_ip\>/\<admin\_ui\>/mas/ent/html/cc\_tenant\_main.html

Where, <mas-ip-address>, is the Citrix ADM IP address that is registered with the OpenStack.

Note

  • OpenStack VIPs correspond to virtual servers in Citrix ADM.

  • OpenStack Pools correspond to service groups in Citrix ADM.

  • OpenStack Pool members correspond to service group members in Citrix ADM.

Configure LBaaS V2 using command line