Skip to content

Octavia cannot create load balancers #367

New issue
New issue
Open
Bug
Open
Octavia cannot create load balancers#367
Bug
Assignees
raineszm
@raineszm

Description

@raineszm
raineszm
opened on Mar 9, 2026

Octavia deployed with stsstack-bundles is now no-longer able to sucessfully create load balancers.

Attempting to deploy a loadbalancer with openstack loadbalancer create --name lb --vip-subnet-id private_subnet leads to the amphora getting stuck in BOOTING status and the loadbalancer in PENDING_CREATE status until it eventually flips to ERROR.

Checking the octavia logs in /var/log/octavia/octavia-worker.log on the octavia/0 unit I see the following error repeated

2026-03-09 21:51:02.399 66214 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.: requests.exceptions.SSLError: HTTPSConnectionPool(host='fc00:db1b:10d3:f55:f816:3eff:fe89:b49f', port=9443): Max retries exceeded with url: // (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1007)')))

Attempting to reach the endpoint directly shows

curl -X GET http://[fc00:db1b:10d3:f55:f816:3eff:fe89:b49f]:9443
<html>
  <head>
    <title>Internal Server Error</title>
  </head>
  <body>
    <h1><p>Internal Server Error</p></h1>
    
  </body>
</html>

Reproduction

I have been able to reproduce the issue on noble-epoxy, noble-caracal, and jammy-caracal using the following setup.

From within the openstack directory

  1. ./generate-bundle.sh -n octavia-doesnt-work --octavia -r caracal -s jammy --run
  2. When blocked in needing to unseal vault ./tools/vault-unseal-and-authorise.sh
  3. Once everything but octavia has unsettled ./configure && tools/upload_octavia_amphora_image.sh&&tools/configure_octavia.sh
  4. source novarc
  5. Attempt to create a loadbalancer with openstack loadbalancer create --name lb --vip-subnet-id private_subnet
  6. Absorb the errors and behavior defined above

Root cause

I haven't yet been able to track down exactly what is causing the error, but bisecting shows that it was introduced in 9995d9a. My guess is that octavia-diskimage-retrofit is not trying to build amphorae from noble images and there is some incompatability that keeps amphorae from working on noble. This matches my testing where I was unable to build a functioning amphora on noble by using ubuntu packages and only succeeded when building directly from the the upstream source.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions