metadata access problem (not privatekey inserted)

asked 2017-06-30 04:23:29 -0500

dtatay gravatar image

updated 2017-07-06 08:19:48 -0500

Hi all;

i'm experiencing an error with cloud-init and metadata access when any instances is being created and as result the private key is not being inserted.

cloud-init[807]: 2017-06-30 09:01:39,337 - url_helper.py[WARNING]: Calling 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [50/120s]: unexpected error ['NoneType' object has no attribute 'status_code']

and after a while: cloud-init[807]: 2017-06-30 09:04:43,419 - url_helper.py[WARNING]: Calling 'http://192.168.5.100//latest/meta-data/instance-id' failed [113/120s]: bad status code [500]

Of course when i change the metadata mode to: force_config_drive=true in nova.conf the key injection is working properly, but the already created instances stopped working.

Do anybody knows how to get rid the cloud-init error and make the instances get properly metadata access?

Openstack version: 12.0.1

Thanks in advance.

Regards.

edit retag flag offensive close merge delete

Comments

Are you trying to launch the instances in a provider (external) network? Metadata injection with cloud-init only works for networks that are controlled by neutron. That's why using config-drive works for external networks. At least that's what I assume from your description and my experiences.

eblock gravatar imageeblock ( 2017-07-06 08:29:48 -0500 )edit

Hi man, thanks, no all roles are at the same hypervisor.

dtatay gravatar imagedtatay ( 2017-07-06 08:40:52 -0500 )edit

Is the metadata agent up?

What happens when you run curl http://169.254.169.254/2009-04-04/meta-data/instance-id in one of those instances?

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-06 08:52:35 -0500 )edit

yes the metadata agent service is running and when i do a curl:

curl http://169.254.169.254/2009-04-04/meta-data/instance-id
curl: (7) couldn't connect to host
dtatay gravatar imagedtatay ( 2017-07-06 09:22:08 -0500 )edit

things to check: does the instance have an IP address? a route to the metadata API? does the router connect this address correctly?

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-07 00:23:31 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
0

answered 2017-07-06 11:50:39 -0500

rsoutar gravatar image

updated 2017-07-06 11:54:46 -0500

Try this.

Edit /etc/neutron/dhcp_agent.ini

And change

enable_isolated_metadata = false

to

enable_isolated_metadata = true

Then restart Neutron DHCP Agent

systemctl restart neutron-dhcp-agent

edit flag offensive delete link more

Comments

hi, thanks, tried before, with this modification i get 500 error,

cloud-init[818]: 2017-07-07 09:10:43,421 - url_helper.py[WARNING]: Calling 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [1/120s]: bad status code [500]
dtatay gravatar imagedtatay ( 2017-07-07 04:12:30 -0500 )edit

Any error in /var/log/neutron/metadata-agent.log ?

rsoutar gravatar imagersoutar ( 2017-07-07 08:01:55 -0500 )edit
0

answered 2017-07-07 10:50:18 -0500

dtatay gravatar image

Fixed, i figured out that the port 9697 was not listening , and i checked also that the metadata api in nova was enabled, that was the key i was not listening the 8775 port.

so i did:

enabled_apis=ec2,osapi_compute,metadata (in nova.conf) metadata was missing

and then activate in /etc/neutron/dhcp_agent.ini

enable_metadata_network = True
enable_isolated_metadata = True

restarted the services and working properly accessing to the metadata files.

"instance console logs" cloud-init[6835]: Cloud-init v. 0.7.5 running 'modules:final' at Fri, 07 Jul 2017 14:44:21 +0000. Up 24.99 seconds. ci-info: ++++++++++Authorized keys from /home/centos/.ssh/authorized_keys for user centos

Thanks you guys for the support, it made me open my eyes.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2017-06-30 04:23:29 -0500

Seen: 876 times

Last updated: Jul 07 '17