Revision history [back]

It should look like :-

[root@junoVHS01 ~(keystone_admin)]# ip netns exec qrouter-ecfefef4-4cee-49ff-900c-ac5773031cec netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:9697            0.0.0.0:*               LISTEN      4487/python         
[root@junoVHS01 ~(keystone_admin)]# ps -ef | grep 4487
root      4487     1  0 11:00 ?        00:00:00 /usr/bin/python /bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/ecfefef4-4cee-49ff-900c-ac5773031cec.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --router_id=ecfefef4-4cee-49ff-900c-ac5773031cec --state_path=/var/lib/neutron --metadata_port=9697 --verbose --log-file=neutron-ns-metadata-proxy-ecfefef4-4cee-49ff-900c-ac5773031cec.log --log-dir=/var/log/neutron

Per your report

$ ps -efl | grep neutron
5 S root       370     1  0  80   0 - 23678 ep_pol Mar26 ?        00:00:02 /usr/bin/python /usr/bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/1d518823-dd8e-4308-a41c-5338cfe3e6af.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --network_id=1d518823-dd8e-4308-a41c-5338cfe3e6af --state_path=/var/lib/neutron --metadata_port=80 --log-file=neutron-ns-metadata-proxy-1d518823-dd8e-4308-a41c-5338cfe3e6af.log --log-dir=/var/log/neutron

So, --metadata_port=80 is incorrect . I believe you are missing :-

[root@junoVHS01 neutron(keystone_admin)]# cat l3_agent.ini | grep 9697
# metadata_port = 9697
metadata_port = 9697

It should look like :-

[root@junoVHS01 ~(keystone_admin)]# ip netns exec qrouter-ecfefef4-4cee-49ff-900c-ac5773031cec netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:9697            0.0.0.0:*               LISTEN      4487/python         
[root@junoVHS01 ~(keystone_admin)]# ps -ef | grep 4487
root      4487     1  0 11:00 ?        00:00:00 /usr/bin/python /bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/ecfefef4-4cee-49ff-900c-ac5773031cec.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --router_id=ecfefef4-4cee-49ff-900c-ac5773031cec --state_path=/var/lib/neutron --metadata_port=9697 --verbose --log-file=neutron-ns-metadata-proxy-ecfefef4-4cee-49ff-900c-ac5773031cec.log --log-dir=/var/log/neutron

Per your report

$ ps -efl | grep neutron
5 S root       370     1  0  80   0 - 23678 ep_pol Mar26 ?        00:00:02 /usr/bin/python /usr/bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/1d518823-dd8e-4308-a41c-5338cfe3e6af.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --network_id=1d518823-dd8e-4308-a41c-5338cfe3e6af --state_path=/var/lib/neutron --metadata_port=80 --log-file=neutron-ns-metadata-proxy-1d518823-dd8e-4308-a41c-5338cfe3e6af.log --log-dir=/var/log/neutron

So, --metadata_port=80 is incorrect . I believe you are missing :-

[root@junoVHS01 neutron(keystone_admin)]# cat l3_agent.ini | grep 9697
# metadata_port = 9697
metadata_port = 9697

The Neutron-l3-agent starts a namespace proxy in this namespace and adds some iptables rules to redirect metadata requests to it. View for details :- http://bderzhavets.blogspot.com/2014/11/access-to-metadata-via-qrouter.html

It should look like :-

[root@junoVHS01 ~(keystone_admin)]# ip netns exec qrouter-ecfefef4-4cee-49ff-900c-ac5773031cec netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:9697            0.0.0.0:*               LISTEN      4487/python         
[root@junoVHS01 ~(keystone_admin)]# ps -ef | grep 4487
root      4487     1  0 11:00 ?        00:00:00 /usr/bin/python /bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/ecfefef4-4cee-49ff-900c-ac5773031cec.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --router_id=ecfefef4-4cee-49ff-900c-ac5773031cec --state_path=/var/lib/neutron --metadata_port=9697 --verbose --log-file=neutron-ns-metadata-proxy-ecfefef4-4cee-49ff-900c-ac5773031cec.log --log-dir=/var/log/neutron

Per your report

$ ps -efl | grep neutron
5 S root       370     1  0  80   0 - 23678 ep_pol Mar26 ?        00:00:02 /usr/bin/python /usr/bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/1d518823-dd8e-4308-a41c-5338cfe3e6af.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --network_id=1d518823-dd8e-4308-a41c-5338cfe3e6af --state_path=/var/lib/neutron --metadata_port=80 --log-file=neutron-ns-metadata-proxy-1d518823-dd8e-4308-a41c-5338cfe3e6af.log --log-dir=/var/log/neutron

So, --metadata_port=80 is incorrect . I believe you are missing :-

[root@junoVHS01 neutron(keystone_admin)]# cat l3_agent.ini | grep 9697
# metadata_port = 9697
metadata_port = 9697

The default gateway say 50.0.0.1 exists within a Neutron router namespace on the network node. The Neutron-l3-agent starts a namespace proxy in this namespace and adds some iptables rules to redirect metadata requests to it.

[root@junoVHS01 ~(keystone_admin)]# ip netns exec qrouter-ecfefef4-4cee-49ff-900c-ac5773031cec route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 qg-0289d92f-ca
50.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 qr-bdc3038d-50
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-0289d92f-ca
[root@junoVHS01 ~(keystone_admin)]# ip netns exec qrouter-ecfefef4-4cee-49ff-900c-ac5773031cec ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qg-0289d92f-ca: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.150  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::f816:3eff:fee8:fb84  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:e8:fb:84  txqueuelen 0  (Ethernet)
        RX packets 22308  bytes 27355095 (26.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13510  bytes 1209639 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-bdc3038d-50: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 50.0.0.1  netmask 255.255.255.0  broadcast 50.0.0.255
        inet6 fe80::f816:3eff:fec8:4bf  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:c8:04:bf  txqueuelen 0  (Ethernet)
        RX packets 13465  bytes 1207883 (1.1 MiB)
        RX errors 0  dropped 3  overruns 0  frame 0
        TX packets 21066  bytes 27210413 (25.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

View for details :- http://bderzhavets.blogspot.com/2014/11/access-to-metadata-via-qrouter.html