Ask Your Question
0

Unable to get metadata proxy to work

asked 2017-11-16 11:22:45 -0500

sarhaynes gravatar image

updated 2017-11-20 11:07:35 -0500

I just installed OpenStack pike on CentOs 7 and I am trying to get the demo instance to get the cloud metadata information. I have created a private network and it appears that routing within the instance is setup properly. I have done a tcpdump and traced the request to 169.254.169.254 to the controller node on the tap interface for the subnet. It just seems the requests are not being to routed to the metadata service. Do I need to setup a router in OpenStack to route the requests to the service? If so how do I do this? Here is my list of ports:

+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                           | Status |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| 47d01d48-01b3-4178-b98c-fa3332073a7b |      | fa:16:3e:09:02:e8 | ip_address='192.168.0.100', subnet_id='ca04a8d5-f47a-4832-9a84-602e1d0d3ca9' | ACTIVE |
| aeea927c-d837-4a19-9d58-c17fa50c5115 |      | fa:16:3e:bb:a7:43 | ip_address='192.168.0.106', subnet_id='ca04a8d5-f47a-4832-9a84-602e1d0d3ca9' | ACTIVE |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+

106 is my demo instance and 100 is the neutron "gateway". The routes appear to be setup properly in cirros demo instance.

When I attempt to curl http://169.254.169.254/openstack this is output of tcpdump on the controller node:

12:09:40.499175 IP (tos 0x0, ttl 64, id 35229, offset 0, flags [DF], proto TCP (6), length 60)
    controller.36129 > 169.254.169.254.http: Flags [S], cksum 0x9c8a (correct), seq 1018126589, win 14100, options [mss 1410,sackOK,TS val 1108320 ecr 0,nop,wscale 3], length 0
12:09:41.496448 IP (tos 0x0, ttl 64, id 35230, offset 0, flags [DF], proto TCP (6), length 60)
    controller.36129 > 169.254.169.254.http: Flags [S], cksum 0x9b90 (correct), seq 1018126589, win 14100, options [mss 1410,sackOK,TS val 1108570 ecr 0,nop,wscale 3], length 0
12:09:43.500526 IP (tos 0x0, ttl 64, id 35231, offset 0, flags [DF], proto TCP (6), length 60)
    controller.36129 > 169.254.169.254.http: Flags [S], cksum 0x999b (correct), seq 1018126589, win 14100, options [mss 1410,sackOK,TS val 1109071 ecr 0,nop,wscale 3], length 0

So it appears the traffic is getting through everywhere, its just not getting to the metadata service. I am unable to find any errors in any logs for either nova or neutron. Some other useful information:

lsof /var/lib/neutron/metadata_proxy
COMMAND    PID    USER   FD   TYPE             DEVICE SIZE/OFF  NODE NAME
neutron-m 4387 neutron    4u  unix 0xffff88154e7da000      0t0 44885 /var/lib/neutron/metadata_proxy
neutron-m 4397 neutron    4u  unix 0xffff88154e7da000      0t0 44885 /var/lib/neutron/metadata_proxy
neutron-m 4398 neutron    4u  unix 0xffff88154e7da000      0t0 44885 /var/lib/neutron/metadata_proxy
neutron-m 4399 neutron    4u  unix 0xffff88154e7da000      0t0 44885 /var/lib/neutron/metadata_proxy
neutron-m 4400 neutron    4u  unix 0xffff88154e7da000      0t0 44885 /var/lib/neutron/metadata_proxy
neutron-m 4401 neutron    4u  unix 0xffff88154e7da000      0t0 44885 /var/lib/neutron/metadata_proxy
neutron-m 4402 neutron    4u  unix 0xffff88154e7da000      0t0 44885 /var/lib/neutron/metadata_proxy

 ip netns
qdhcp-dfe4adfc-1e1f-4414-a6f4-43d5b6ef9a3f (id: 1)

Agent List

+--------------------------------------+--------------------+---------------------------------+-------------------+-------+-------+---------------------------+
    | ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
    +--------------------------------------+--------------------+---------------------------------+-------------------+-------+-------+---------------------------+
    | 25d86fcb-7f91-4f08-a48a-e09a618944bf | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
    | 27adc48c-317d-4734-b2b3-249ce4f1ba9a | Linux bridge agent ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2017-11-21 15:44:28 -0500

sarhaynes gravatar image

updated 2017-11-30 11:42:47 -0500

This issue was caused mostly by firewalld. I disabled firewalld and worked with a straight iptables solution. This solved most of my problems. I did have to rebuild all my firewall rules in iptables and figure out how to configure SNAT properly and then the system seems to be working properly.

edit flag offensive delete link more

Comments

thanks for info. useful for others.

SGPJ gravatar imageSGPJ ( 2018-01-16 08:39:03 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-11-16 11:22:45 -0500

Seen: 181 times

Last updated: Nov 30 '17