Ask Your Question

Octavia - instance is not reachable via the lb-mgmt-net

asked 2019-01-16 14:54:54 -0500

esxzawq gravatar image

updated 2019-01-18 13:56:21 -0500

hi all

I have configured octavia , when I run the following command :

openstack loadbalancer create --project admin --vip-subnet-id provider --name test1

I see two errors in the worker.log file :

1- The amphora is unavailable. Reason: [SSL: BAD_SIGNATURE] bad signature (_ssl.c:579)

2- the compute driver failed to fully boot the instance inside the timeout interval or the instance is not reachable via the lb-mgmt-net

what should be the lb-mgmt-net !

shoud I put it's ID for the amp_boot_network_list's value , in octavia.conf!

should it's subnet be in the range of the provider network or could be optional ... !!!

I have attached all of my three networks ( provider : - selfservice: and

lb-mgmt-net: to the routern


for TLS I have created a folder somehwere named x and at the end copied the proper files's to the /etc/octavia/certs


/var/lib/octavia/certs : what should this folder have ?!!

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2019-01-23 09:31:43 -0500

johnsom gravatar image

Hi there,

From a configuration perspective, yes, the lb-mgmt-net ID goes into the amp_boot_netowrk_list configuration setting in the octavia.conf.

As for the TLS configuration, there is a guide that covers the only required configuration for this:

The /var/lib/octavia/certs folder is inside the amphora instances and is fully managed by the controller processes. There is no manual configuration required there.

edit flag offensive delete link more


Thanks micheal.

In this link I have explained what is my configuration.

Please take a look to find out where is my problem

esxzawq gravatar imageesxzawq ( 2019-01-24 10:00:53 -0500 )edit

Yes, I have commented there. The network message is likely due to the SSL error since I is not able to successfully connect to the instance due to the SSL issue.

johnsom gravatar imagejohnsom ( 2019-04-03 19:49:56 -0500 )edit

answered 2019-03-13 21:44:24 -0500

wby1089 gravatar image

It is depends on your network environment.

If you have only one controller which has octavia-health-manager, the controller should reach to lb-mgmt-net.

Here is easy way to check connectivity: - create an instance in lb-mgmt-net (cirros would be ok) - ping to the instance from the controller - ssh to the instance from the controller

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2019-01-16 14:54:54 -0500

Seen: 480 times

Last updated: Mar 13 '19