How to disable failover fuction of amphora in Octavia?

I have two Openstack pod with Octavia. One is for development, so loadbalancer_topology is SINGLE, another is for production, so loadbalancer_topology is ACTIVE_STANDBY.

While maintenance window, health cheking would be failed and Octavia would try to failover amphra. But if there are some problems in Openstack Infra(eg. AMQP down, all compute nodes down), all amphora instance would be removed and provisioning_status of loadbalancer would be ERROR.

I think ACTIVE_STANDBY topology provides high-availbility already and deleting existing amphora can lead unexpectable situations. So I would like to stop removing amphora automatically by health_manager.

How can I disable automatic failover fuction of amphora? Is it can be done by setting "heartbeat_timeout=604800" ?

Yes, that setting would cause the health manager to not failover any instance for up to 604800 seconds.

We don't use AMQP for the health monitoring, so that should not impact this, but having the compute nodes down will certainly cause Octavia to attempt to repair the load balancer amphora on those nodes.

With the active/standby load balancers you should "fail safe" if it is unable to rebuild the failed amphora. This state will have the Load Balancer in provisioning status ERROR, but one of the two amphora instances will still be up and handling traffic. In the case of the node being down, it will resume operation once the compute node is brought back up (aside from TLS offloading as the secure content will likely be gone).

I have put in an RFE to make a more clear setting for this:!/s...


Thanks for your answer.

If the RFE is approved, it would be very helpful for production enviroment.

