neutron

how to access metadata server when we use neutron provider network

Asked by Liping Mao

Hi all,

When we use neutron provider network and use a external Router. We do not need L3 agent function in Openstack.
But the NAT rules for 169.254.169.254 is done in add router and delete router.
What ever I know that I can add NAT in the external Router, but I still want this is done in Openstack .

The only way I can think out is that set route for 169.254.169.254 via dhcp addr in VM. And manually to modify the NAT rules in dhcp namespace.

Any way to solve this problem in Openstack?

Thanks so much.

Question information

Language:
English Edit question
Status:
Solved
For:
neutron Edit question
Assignee:
No assignee Edit question
Solved by:
Alfred Shen
Solved:
Last query:
Last reply:
Revision history for this message
Best Alfred Shen (alfredcs) said : 		#1

The metadata is served out on namespace along with dhcp which is handled by neutron-metadata-agent. The service is an unix socket based process running on the hypervisor node serving dnsmasq. During VM boot, it contacts the hard coded address http://169.254.169.254/latest for metadata service and metadata proxy queries controller node for metadata.

# ip netns list
qdhcp-78612bad-5ffc-4574-a7c3-ce057bac9511

# ip netns exec qdhcp-78612bad-5ffc-4574-a7c3-ce057bac9511 ip addr
13: tap2f723171-fd: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether fa:16:3e:e4:16:ab brd ff:ff:ff:ff:ff:ff
    inet 10.52.225.105/24 brd 10.52.225.255 scope global tap2f723171-fd
    inet 169.254.169.254/16 brd 169.254.255.255 scope global tap2f723171-fd
    inet6 fe80::f816:3eff:fee4:16ab/64 scope link
       valid_lft forever preferred_lft forever
15: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

# ip netns exec qdhcp-78612bad-5ffc-4574-a7c3-ce057bac9511 netstat -anpe
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 59391 6932/python <--- Metadata proxy process
tcp 0 0 10.52.225.105:53 0.0.0.0:* LISTEN 0 5236675 9367/dnsmasq <--- Dnsmasq
tcp 0 0 169.254.169.254:53 0.0.0.0:* LISTEN 0 5236673 9367/dnsmasq
tcp 0 0 fe80::f816:3eff:fee4:16a:53 :::* LISTEN 0 5236680 9367/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 0 5236665 9367/dnsmasq
udp 0 0 10.52.225.105:53 0.0.0.0:* 0 5236674 9367/dnsmasq
udp 0 0 169.254.169.254:53 0.0.0.0:* 0 5236672 9367/dnsmasq
udp 0 0 fe80::f816:3eff:fee4:16ab:53 :::* 0 5236679 9367/dnsmasq
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path

# ps -f --pid 6932| fold -w 80 -s
UID PID PPID C STIME TTY TIME CMD
root 6932 1 0 Dec02 ? 00:00:00 /usr/bin/python
/usr/bin/neutron-ns-metadata-proxy
--pid_file=/var/lib/neutron/external/pids/78612bad-5ffc-4574-a7c3-ce057bac9511.p
id --metadata_proxy_socket=/var/lib/neutron/metadata_proxy
--network_id=78612bad-5ffc-4574-a7c3-ce057bac9511 --state_path=/var/lib/neutron
--metadata_port=80
--log-file=neutron-ns-metadata-proxy-78612bad-5ffc-4574-a7c3-ce057bac9511.log
--log-dir=/var/log/neutron

# ps -f --pid 9367| fold -w 80 -s
UID PID PPID C STIME TTY TIME CMD
nobody 9367 1 0 01:08 ? 00:00:00 dnsmasq --no-hosts --no-resolv
--strict-order --bind-interfaces --interface=tap2f723171-fd
--except-interface=lo
--pid-file=/var/lib/neutron/dhcp/78612bad-5ffc-4574-a7c3-ce057bac9511/pid
--dhcp-hostsfile=/var/lib/neutron/dhcp/78612bad-5ffc-4574-a7c3-ce057bac9511/host
 --dhcp-optsfile=/var/lib/neutron/dhcp/78612bad-5ffc-4574-a7c3-ce057bac9511/opts
--leasefile-ro --dhcp-range=set:tag0,10.52.225.0,static,86400s
--dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq.conf
--domain=svc.wpc2.pdx.wd

# cat /var/lib/neutron/dhcp/78612bad-5ffc-4574-a7c3-ce057bac9511/opts
tag:tag0,option:dns-server,10.52.9.20,10.52.9.21
tag:tag0,option:router,10.52.225.1 <--- Provider router address

Revision history for this message
Liping Mao (limao) said : 		#2

Thanks Alfred Shen, that solved my question.

Revision history for this message
Liping Mao (limao) said : 		#3

BTW, here is someting we need to be careful:
1. in dhcp_agent.ini, we need to enable isolated metadata and metadata network:
enable_isolated_metadata = True
enable_metadata_network = True

2. When we create subnet, we can'set gateway_ip. And need to setup default route , this is because the following bug, and has solved in Icehouse.
https://bugs.launchpad.net/neutron/+bug/1236783

3. When I use cirros , I find that udhcp will not ask for "Classless-Static-Route", Cirros will not get the route for 169.254.169.254, so we will have problem. And I use CentOS6.3 it can work well. This means when we use this feature, some OS may not work.

Thanks again for Alfred Shen's help.

Revision history for this message
Darragh O'Reilly (darragh-oreilly) said : 		#4

Hi Liping,

I don't think you need enable_metadata_network in your case.

The cirros problem should be fixed soon https://bugs.launchpad.net/cirros/+bug/1190372

re, Darragh.

Revision history for this message
Liping Mao (limao) said : 		#5

Dear Darragh,

Thanks so much for your kindly reminder, it's my mistake. We do not need enable_metadata_network.
And great to see we will solve the cirros problem.

Regards,
Liping Mao