Install the VM image
Install HAProxy Enterprise as a virtual machine in OpenStack
In this guide, you’ll learn how to install HAProxy Enterprise in OpenStack. This tutorial demonstrates the procedure using DevStack; DevStack is the official way to install OpenStack onto a single server.
Set up your OpenStack environment Jump to heading
Create an OpenStack environment for installing HAProxy Enterprise:
-
Create a Linux virtual server on which to install OpenStack. The DevStack Quick Start recommends using Ubuntu 22.04 (Jammy).
Sizing recommendation
The Linux server onto which you’ll install OpenStack should provide enough CPU, memory, and hard drive resources to support running virtual machines. For example, the HAProxy Enterprise virtual machine we’ll create in OpenStack will have 2 CPUs, 4 GB RAM, and a 40 GB hard drive. So, the server hosting OpenStack should have at least twice that much.
-
Follow the DevStack Quick Start to install the hypervisor software onto your Linux server.
-
Part of the installation is to define the file
local.conf:local.confini[[local|localrc]]ADMIN_PASSWORD=secretDATABASE_PASSWORD=$ADMIN_PASSWORDRABBIT_PASSWORD=$ADMIN_PASSWORDSERVICE_PASSWORD=$ADMIN_PASSWORDPUBLIC_INTERFACE=loHOST_IP=0.0.0.0local.confini[[local|localrc]]ADMIN_PASSWORD=secretDATABASE_PASSWORD=$ADMIN_PASSWORDRABBIT_PASSWORD=$ADMIN_PASSWORDSERVICE_PASSWORD=$ADMIN_PASSWORDPUBLIC_INTERFACE=loHOST_IP=0.0.0.0Be sure to:
- Set the network interface to use for assigning floating IP addresses, which you’ll use to access virtual machines. We do that by setting the
PUBLIC_INTERFACEfield to the loopback interface,lo, to access VMs from the host. As described in the DevStack Networking guide, you can set a different interface to make guest virtual machines accessible on your network, such aseth0. - Set the IP address on which to serve the OpenStack user interface. We accept traffic on all bound IP addresses by setting
HOST_IPto0.0.0.0.
- Set the network interface to use for assigning floating IP addresses, which you’ll use to access virtual machines. We do that by setting the
The final step of installing DevStack is to call
./stack.sh, which will start the OpenStack services and make the CLI commandopenstackavailable. -
Deploy an HAProxy Enterprise VM Jump to heading
In this tutorial, we’ll deploy HAProxy Enterprise by invoking openstack commands from the Linux console. But you could instead perform similar steps through the OpenStack user interface, which listens at port 80.
-
Connect to your OpenStack server.
-
To download the HAProxy Enterprise virtual machine image (
.qcow2) that you want to install, go the URL below. Replace<HAPROXY ENTERPRISE KEY>with your HAProxy Enterprise license key to access the repository.texthttps://www.haproxy.com/download/hapee/key/<HAPROXY ENTERPRISE KEY>-openstacktexthttps://www.haproxy.com/download/hapee/key/<HAPROXY ENTERPRISE KEY>-openstackYou can use the command
wget <URL of file to download>to download a file. -
To upload the
.qcow2virtual machine image to OpenStack, callopenstack image create. Replace<image name>with the name of the file you downloaded:nixopenstack image create \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Default \--disk-format qcow2 \--container-format bare \--public \--file ./<image name>.qcow2 \haproxy-enterprisenixopenstack image create \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Default \--disk-format qcow2 \--container-format bare \--public \--file ./<image name>.qcow2 \haproxy-enterprise -
To create a security group, which acts as a firewall for the virtual machine you’ll create, call
openstack security group create.nixopenstack security group create \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Default \--description "Load balancer security group" \load-balancer-sgnixopenstack security group create \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Default \--description "Load balancer security group" \load-balancer-sg -
Call
openstack security group rule createto add rules to the security group to allow traffic to reach the virtual machine. For example, here we add rules that allow SSH (port 22), HTTP (port 80), and ICMP traffic:nixopenstack security group rule create \--os-auth-url "http://localhost/identity" \--os-project-name admin \--os-project-domain-name default \--os-user-domain-name default \--os-auth-type=v3password \--os-username admin \--os-password secret \--protocol tcp \--dst-port 22 \load-balancer-sgopenstack security group rule create \--os-auth-url "http://localhost/identity" \--os-project-name admin \--os-project-domain-name default \--os-user-domain-name default \--os-auth-type=v3password \--os-username admin \--os-password secret \--protocol tcp \--dst-port 80 \load-balancer-sgopenstack security group rule create \--os-auth-url "http://localhost/identity" \--os-project-name admin \--os-project-domain-name default \--os-user-domain-name default \--os-auth-type=v3password \--os-username admin \--os-password secret \--protocol icmp \--dst-port 0 \load-balancer-sgnixopenstack security group rule create \--os-auth-url "http://localhost/identity" \--os-project-name admin \--os-project-domain-name default \--os-user-domain-name default \--os-auth-type=v3password \--os-username admin \--os-password secret \--protocol tcp \--dst-port 22 \load-balancer-sgopenstack security group rule create \--os-auth-url "http://localhost/identity" \--os-project-name admin \--os-project-domain-name default \--os-user-domain-name default \--os-auth-type=v3password \--os-username admin \--os-password secret \--protocol tcp \--dst-port 80 \load-balancer-sgopenstack security group rule create \--os-auth-url "http://localhost/identity" \--os-project-name admin \--os-project-domain-name default \--os-user-domain-name default \--os-auth-type=v3password \--os-username admin \--os-password secret \--protocol icmp \--dst-port 0 \load-balancer-sg -
Create an SSH key pair that will allow you to connect to the HAProxy Enterprise virtual machine. For example, here we create one for a user named
fusionby callingssh-keygen. The files are saved to your home directory’s.sshdirectory.nixssh-keygen -t ed25519 -m PEM -C "fusion@example.com"chmod 600 ~/.ssh/id_ed25519nixssh-keygen -t ed25519 -m PEM -C "fusion@example.com"chmod 600 ~/.ssh/id_ed25519 -
Create a file named
cloud-init.yamlthat defines users to add to the virtual machine. For example, here we create a user namedfusionand setssh_authorized_keysto the public key we just created, which is saved to~/.ssh/id_ed25519.pub:cloud-init.yamlyaml#cloud-configusers:- name: fusiongecos: Fusionprimary_group: fusiongroups: wheel,users,sudosudo: ALL=(ALL) NOPASSWD:ALLshell: /bin/bashlock_passwd: falseplain_text_passwd: mypasswordssh_authorized_keys:- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbr3mjpystKU/4GQrh6AKggqM20vg9JZaxFJQQYU3m4 fusion@example.comcloud-init.yamlyaml#cloud-configusers:- name: fusiongecos: Fusionprimary_group: fusiongroups: wheel,users,sudosudo: ALL=(ALL) NOPASSWD:ALLshell: /bin/bashlock_passwd: falseplain_text_passwd: mypasswordssh_authorized_keys:- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbr3mjpystKU/4GQrh6AKggqM20vg9JZaxFJQQYU3m4 fusion@example.com -
You can list available virtual machine flavors, which define an instance’s compute, memory, and storage capacity, by calling
openstack flavor list.nixopenstack flavor list \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name defaultnixopenstack flavor list \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name defaultoutputtext+----+-----------+-------+------+-----------+-------+-----------+| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |+----+-----------+-------+------+-----------+-------+-----------+| 1 | m1.tiny | 512 | 1 | 0 | 1 | True || 2 | m1.small | 2048 | 20 | 0 | 1 | True || 3 | m1.medium | 4096 | 40 | 0 | 2 | True || 4 | m1.large | 8192 | 80 | 0 | 4 | True || 42 | m1.nano | 192 | 1 | 0 | 1 | True || 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True || 84 | m1.micro | 256 | 1 | 0 | 1 | True || c1 | cirros256 | 256 | 1 | 0 | 1 | True || d1 | ds512M | 512 | 5 | 0 | 1 | True || d2 | ds1G | 1024 | 10 | 0 | 1 | True || d3 | ds2G | 2048 | 10 | 0 | 2 | True || d4 | ds4G | 4096 | 20 | 0 | 4 | True |+----+-----------+-------+------+-----------+-------+-----------+outputtext+----+-----------+-------+------+-----------+-------+-----------+| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |+----+-----------+-------+------+-----------+-------+-----------+| 1 | m1.tiny | 512 | 1 | 0 | 1 | True || 2 | m1.small | 2048 | 20 | 0 | 1 | True || 3 | m1.medium | 4096 | 40 | 0 | 2 | True || 4 | m1.large | 8192 | 80 | 0 | 4 | True || 42 | m1.nano | 192 | 1 | 0 | 1 | True || 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True || 84 | m1.micro | 256 | 1 | 0 | 1 | True || c1 | cirros256 | 256 | 1 | 0 | 1 | True || d1 | ds512M | 512 | 5 | 0 | 1 | True || d2 | ds1G | 1024 | 10 | 0 | 1 | True || d3 | ds2G | 2048 | 10 | 0 | 2 | True || d4 | ds4G | 4096 | 20 | 0 | 4 | True |+----+-----------+-------+------+-----------+-------+-----------+ -
Create the HAProxy Enterprise virtual machine by calling
openstack server create. Here, we create anm1.mediummachine using the security group, VM image, andcloud-init.yamlfile we created previously:nixopenstack server create \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Default \--flavor m1.medium \--network private \--image haproxy-enterprise \--security-group load-balancer-sg \--user-data cloud-init.yaml \loadbalancer1nixopenstack server create \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Default \--flavor m1.medium \--network private \--image haproxy-enterprise \--security-group load-balancer-sg \--user-data cloud-init.yaml \loadbalancer1This could take several minutes to complete.
-
To create a floating IP address that will allow you to access the virtual machine from the host server, call
openstack floating ip create.nixopenstack floating ip create \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Default \publicnixopenstack floating ip create \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Default \publicThe floating IP address
172.24.4.248was created:outputtext+---------------------+--------------------------------------+| Field | Value |+---------------------+--------------------------------------+| created_at | 2025-03-25T21:17:20Z || description | || dns_domain | || dns_name | || fixed_ip_address | None || floating_ip_address | 172.24.4.248 || floating_network_id | 5bb7d124-0227-4ea6-bede-2d276911b53b || id | bc0557c7-3123-44d2-bcdb-e6b351171fe8 || name | 172.24.4.248 || port_details | None || port_id | None || project_id | 4a36ab79893548a6a424e8daf92f5d8b || qos_policy_id | None || revision_number | 0 || router_id | None || status | DOWN || subnet_id | None || tags | [] || updated_at | 2025-03-25T21:17:20Z |outputtext+---------------------+--------------------------------------+| Field | Value |+---------------------+--------------------------------------+| created_at | 2025-03-25T21:17:20Z || description | || dns_domain | || dns_name | || fixed_ip_address | None || floating_ip_address | 172.24.4.248 || floating_network_id | 5bb7d124-0227-4ea6-bede-2d276911b53b || id | bc0557c7-3123-44d2-bcdb-e6b351171fe8 || name | 172.24.4.248 || port_details | None || port_id | None || project_id | 4a36ab79893548a6a424e8daf92f5d8b || qos_policy_id | None || revision_number | 0 || router_id | None || status | DOWN || subnet_id | None || tags | [] || updated_at | 2025-03-25T21:17:20Z | -
Assign the floating IP address to the virtual machine:
nixopenstack server add floating ip \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Default \loadbalancer1 \172.24.4.248nixopenstack server add floating ip \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Default \loadbalancer1 \172.24.4.248 -
At this point, your HAProxy Enterprise virtual machine should be running. To check, run
openstack server list.nixopenstack server list \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Defaultnixopenstack server list \--os-auth-url "http://localhost/identity" \--os-project-name demo \--os-project-domain-name Default \--os-auth-type=v3password \--os-username admin \--os-password secret \--os-user-domain-name Defaultoutputtext+-------------+---------------+--------+---------------------------------+--------------------+-----------+| ID | Name | Status | Networks | Image | Flavor |+-------------+---------------+--------+---------------------------------+--------------------+-----------+| 2eff8628... | loadbalancer1 | ACTIVE | private=10.0.0.19, 172.24.4.248 | haproxy-enterprise | m1.medium |+-------------+---------------+--------+---------------------------------+--------------------+-----------+outputtext+-------------+---------------+--------+---------------------------------+--------------------+-----------+| ID | Name | Status | Networks | Image | Flavor |+-------------+---------------+--------+---------------------------------+--------------------+-----------+| 2eff8628... | loadbalancer1 | ACTIVE | private=10.0.0.19, 172.24.4.248 | haproxy-enterprise | m1.medium |+-------------+---------------+--------+---------------------------------+--------------------+-----------+From the OpenStack server, make an SSH connection to it:
nixssh -i ~/.ssh/id_ed25519 fusion@172.24.4.248nixssh -i ~/.ssh/id_ed25519 fusion@172.24.4.248outputtextThe authenticity of host '172.24.4.248 (172.24.4.248)' can't be established.ED25519 key fingerprint is SHA256:zLCERG3GGz6iXS3ngrRmHZhYxuza1yz09GeM+Kg9vnA.This key is not known by any other namesAre you sure you want to continue connecting (yes/no/[fingerprint])? yesWarning: Permanently added '172.24.4.248' (ED25519) to the list of known hosts.Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 6.8.0-52-generic x86_64)* Documentation: https://help.ubuntu.com* Management: https://landscape.canonical.com* Support: https://ubuntu.com/proSystem information as of Wed Mar 5 07:49:59 UTC 2025System load: 0.400390625 Processes: 104Usage of /: 7.0% of 19.20GB Users logged in: 0Memory usage: 2% IPv4 address for ens3: 192.168.222.194Swap usage: 0%outputtextThe authenticity of host '172.24.4.248 (172.24.4.248)' can't be established.ED25519 key fingerprint is SHA256:zLCERG3GGz6iXS3ngrRmHZhYxuza1yz09GeM+Kg9vnA.This key is not known by any other namesAre you sure you want to continue connecting (yes/no/[fingerprint])? yesWarning: Permanently added '172.24.4.248' (ED25519) to the list of known hosts.Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 6.8.0-52-generic x86_64)* Documentation: https://help.ubuntu.com* Management: https://landscape.canonical.com* Support: https://ubuntu.com/proSystem information as of Wed Mar 5 07:49:59 UTC 2025System load: 0.400390625 Processes: 104Usage of /: 7.0% of 19.20GB Users logged in: 0Memory usage: 2% IPv4 address for ens3: 192.168.222.194Swap usage: 0% -
If you’re using HAProxy Fusion, next add the HAProxy Enterprise instance as a Fusion node.
Do you have any suggestions on how we can improve the content of this page?