VM times out on metadata access [closed]

asked 2017-02-09 06:22:37 -0500

Hi,

I'm currently installing my first Openstack (newton) installation and following up the Ubuntu and HA Guide. Setup consist of a controller cluster (3 nodes) and 2 networking node plus currently 2 computing nodes. Everything looks fine so far: I can create networks, vm's and so on. VM's get also the right route for the metadata IP: 169.254.169.254. The neutron metadata agents run on the networking node and "neutron agent-list" reports also no issue. The content of the metadata_agent.ini is (* with secret information is wiped out*):

[DEFAULT] nova_metadata_ip = hostname of controller cluster metadata_proxy_shared_secret = same key as in nova.con on controller debug = true verbose = true

I also see no errors in the log files when I manually "curl http://169.254.169.254%22 (http://169.254.169.254"), it just times out.

Any ideas how to debug this?

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by Andreas Merk
close date 2017-02-24 12:42:30.900352

Comments

You should have netfilter rules in the router's namespace. This is from devstack; yours looks different I guess:

# iptables-save|grep 169
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
Bernd Bausch gravatar imageBernd Bausch ( 2017-02-09 19:11:26 -0500 )edit

If you use the distributed router, this rule may be on the compute node, otherwise the controllers. Not sure though. It also depends if you implement router HA.

Bernd Bausch gravatar imageBernd Bausch ( 2017-02-09 19:12:07 -0500 )edit

Hello Bernd, thank you for your reply. It looks all ok now and their wasn't a fault. It was a user understanding error.

Andreas Merk gravatar imageAndreas Merk ( 2017-02-24 12:41:57 -0500 )edit