Search code examples

Openstack Octavia Error: WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance

I'm final student who research and implement Openstack Victoria. When I configure Project: Octavia - Loadbalancer on multi-node - CentOS8, I have a issue. Seem like octavia.amphorae.drivers.haproxy.rest_api_driver couldn't connect to Amphora instance and port 9443 didn't run on my Network Node aka Octavia-API. In controller node, the amphora instance still running nornally. I follow to configure my lab. This is my cfg file below, pls help me to figure out. Regards!

I created lb_net in type vxlan and lb-secgroup, when i use command to create lb it still pending-create:

[root@controller ~(keystone)]# openstack loadbalancer --name lb01 --vip-subnet-id subnet1
[root@controller ~(keystone)]# openstack loadbalancer list
| id                                   | name | project_id                       | vip_address   | provisioning_status | operating_status | provider |
| 96c355b4-cc6e-4e7f-b393-8139602ae0e6 | lb01 | 16b44a414c0e4884a819f0de4e86fa28 |  | ERROR               | OFFLINE          | amphora  |
| 10eaed08-9512-4362-b60e-f07351136909 | lb02 | 16b44a414c0e4884a819f0de4e86fa28 |  | ERROR               | OFFLINE          | amphora  |
| 3543f208-2b6b-4c41-99d6-13d7056d9966 | lb03 | 16b44a414c0e4884a819f0de4e86fa28 |  | ERROR               | OFFLINE          | amphora  |
| e6349a0c-c146-4d1e-abd9-39320ef482f0 | lb04 | 16b44a414c0e4884a819f0de4e86fa28 |  | ERROR               | OFFLINE          | amphora  |
| 5f116527-d089-41ce-9491-b8f0fca32f79 | lb05 | 16b44a414c0e4884a819f0de4e86fa28 | | PENDING_CREATE      | OFFLINE          | amphora  |

amphora running

 [root@controller ~]# openstack server list --all
    | ID                                   | Name                                         | Status  | Networks                             | Image   | Flavor   |
    | 83e113e6-061e-4e41-8ef0-d6c42f80a35c | amphora-611f3678-fb15-428a-88ac-8d34ab6f61e1 | ACTIVE  | lb-mgmt-net=             | Amphora | amphora  |
    | 7770c395-a24c-49ee-aed1-b483fa0dea08 | CentOS_8                                     | SHUTOFF | int_net=, | CentOS8 | m1.small |

my octavia-worker log:

2021-05-07 01:34:52.401 41977 INFO octavia.controller.queue.v1.consumer [-] Starting consumer...
2021-05-07 01:34:52.416 41980 INFO octavia.controller.queue.v2.consumer [-] Starting V2 consumer...
2021-05-07 01:35:05.409 41977 INFO octavia.controller.queue.v1.endpoints [-] Creating load balancer '5f116527-d089-41ce-9491-b8f0fca32f79'...
2021-05-07 01:35:06.662 41977 INFO [-] Port 7a0025b4-5ce6-4664-a451-caef1aac1ce3 already exists. Nothing to be done.
2021-05-07 01:35:07.416 41977 INFO octavia.controller.worker.v1.tasks.database_tasks [-] Created Amphora in DB with id 611f3678-fb15-428a-88ac-8d34ab6f61e1
2021-05-07 01:35:07.580 41977 INFO octavia.certificates.generator.local [-] Signing a certificate request using OpenSSL locally.
2021-05-07 01:35:07.581 41977 INFO octavia.certificates.generator.local [-] Using CA Certificate from config.
2021-05-07 01:35:07.581 41977 INFO octavia.certificates.generator.local [-] Using CA Private Key from config.
2021-05-07 01:35:07.581 41977 INFO octavia.certificates.generator.local [-] Using CA Private Key Passphrase from config.
2021-05-07 01:35:55.495 41977 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='', port=9443): Max retries exceeded with url: // (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f1e74584f28>, 'Connection to timed out. (connect timeout=10.0)'))
2021-05-07 01:36:10.516 41977 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='', port=9443): Max retries exceeded with url: // (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f1e74584ef0>, 'Connection to timed out. (connect timeout=10.0)'))
2021-05-07 01:36:25.531 41977 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='', port=9443): Max retries exceeded with url: // (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f1e745913c8>, 'Connection to timed out. (connect timeout=10.0)'))
2021-05-07 01:36:40.539 41977 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='', port=9443): Max retries exceeded with url: // (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f1e74591358>, 'Connection to timed out. (connect timeout=10.0)'))
2021-05-07 01:36:55.555 41977 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='', port=9443): Max retries exceeded with url: // (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f1e745916a0>, 'Connection to timed out. (connect timeout=10.0)'))

And I check port 9443, it didn't run

[root@controller ~]# netstat -ntlp | grep ":11211"
tcp        0      0 *               LISTEN      1048/memcached      
tcp6       0      0 :::11211                :::*                    LISTEN      1048/memcached      
[root@controller ~]# netstat -ntlp | grep ":9696"
tcp        0      0  *               LISTEN      1066/server.log     
[root@controller ~]# netstat -ntlp | grep ":9443"
[root@controller ~]# 


transport_url = rabbit://openstack:password@

bind_host =
bind_port = 9876
auth_strategy = keystone
api_base_uri =

connection = mysql+pymysql://octavia:password@

bind_ip =
bind_port = 5555

www_authenticate_uri =
auth_url =
memcached_servers =
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = octavia
password = servicepassword

ca_private_key = /etc/octavia/certs/private/server_ca.key.pem
ca_certificate = /etc/octavia/certs/server_ca.cert.pem
server_certs_key_passphrase = insecure-key-do-not-use-this-key
ca_private_key_passphrase = not-secure-passphrase

bind_host =
bind_port = 9443
server_ca = /etc/octavia/certs/server_ca-chain.cert.pem
client_cert = /etc/octavia/certs/private/client.cert-and-key.pem

client_ca = /etc/octavia/certs/client_ca.cert.pem
amp_image_tag = Amphora
# specify [flavor] ID for Amphora instance
amp_flavor_id = 100
# specify security group ID Amphora instance
amp_secgroup_list = b02c2f59-9fff-4428-accc-2bd9a7a337e5
# specify network ID to boot Amphora instance 
amp_boot_network_list = e05c8fe4-9a6d-4192-b9b5-7d7a2ba11df8
network_driver = allowed_address_pairs_driver
compute_driver = compute_nova_driver
amphora_driver = amphora_haproxy_rest_driver

topic = octavia_prov

auth_url =
memcached_servers =
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = octavia
password = servicepassword

I login user root on amphora-instance and check port 9443, it running well.

root@amphora-f36ed983-6d14-46a6-b686-8942379f2580:netstat -lntp | grep ":9443"
    tcp      0       0  controller-ip:9443*     LISTEN     697/gunicorn: maste

And try netstat -plane | grep :"9443" on controller node (I don't know what command mean, I see it on other group)

[root@controller ~(keystone)]# netstat -plane | grep ":9443"
tcp        0      1       SYN_SENT    966        108134     2773/octavia-worker

In my octavia.cfg, I didn't use health_manager service so I set bind_host = . In other hand, I ignore to create OCTAVIA_MGMT_PORT_IP (step 7-8) at octavia-configure-docs. Did I wrong with it ?.


  • Okay, my problem is fixed. The Octavia-api node can't connect to amphorae-instance because they do not match the same network type (node - LAN and amphorae - VXLAN). So, I create a bridge interface at a node to convert vxlan for lan can connect (You can read here at step 7: create a network).

    Best regard!