Ask Your Question

Aubin's profile - activity

2019-08-21 10:08:07 -0500 received badge  Famous Question (source)
2019-08-21 10:08:07 -0500 received badge  Notable Question (source)
2019-08-21 10:08:07 -0500 received badge  Popular Question (source)
2019-07-03 09:25:25 -0500 asked a question Octavia Health-check IP and Security group

Hello Community !
First, let me thank you for all the things you're doing for openstack, it's an amazing projet !

So let's begin,
I'm trying to add a security group on instances who are load balanced with octavia, the whole stack is launched with an heat template.
When I create the rules (in the template), I'm able to get the IP dynamically from the LB and insert it into the security group, but when the stack is ready, the load balancer tell me that the instance is not working. After investigating (I deleted the S.G. and did a tcp dump on the instance) I discovered that the health check (TCP) is coming from an other IP than the LB Private IP (all those requests are in HTTP)

So; First question: Why this choice of implementation for Openstack ? Second question: how can I get this special IP in a heat template to add it into the security group and not let my instance open to the whole word.

Many thanks !