Ask Your Question
0

instances in provider network cannot reach metadata agent

asked 2019-10-10 15:21:22 -0500

faryus gravatar image

I've been installing OpenStack using the official installation guide (https://docs.openstack.org/install-guide/openstack-services.html (https://docs.openstack.org/install-gu...)) and have gotten everything to work except metadata agent on provider networks (internal networks work just fine).

(the problem itself is way at the bottom, if you want to skip right to it)

My setup looks like this:

CONTROLLER

1 x controller node with 2 x physical interfaces
ens192: 10.45.252.80 (external / provider)
ens224: 10.10.10.10 (internal / management)

nova / neutron services running on controller:
neutron-dhcp-agent.service
neutron-l3-agent.service
neutron-linuxbridge-agent.service
neutron-metadata-agent.service
neutron-server.service
openstack-nova-api.service
openstack-nova-conductor.service
openstack-nova-novncproxy.service
openstack-nova-scheduler.service

controller# cat /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vlan]
network_vlan_ranges = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

controller# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:ens192

[vxlan]
enable_vxlan = true
local_ip = 10.10.10.10
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

controller# cat /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
force_metadata = True

COMPUTE

1 x compute node with 2 x vlan interfaces
eno1.1: 10.45.252.156 (external / provider)
eno2.1: 10.10.10.20 (internal / provider)

nova / neutron services running on controller:
neutron-linuxbridge-agent.service
openstack-nova-compute.service

compute# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eno1.1

[vxlan]
enable_vxlan = true
local_ip = 10.10.10.20
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

And finally, the network and subnet in OpenStack:

controller# openstack network show provider -f yaml

admin_state_up: UP
availability_zone_hints: ''
availability_zones: nova
created_at: '2019-10-10T17:47:11Z'
description: ''
dns_domain: null
id: 2bf5174c-fac3-4897-9fa8-2188b0e56edb
ipv4_address_scope: null
ipv6_address_scope: null
is_default: null
is_vlan_transparent: null
location:
cloud: ''
project:
    domain_id: null
    domain_name: Default
    id: f6a16351f9294942a9fe93f52a76c70d
    name: admin
region_name: ''
zone: null
mtu: 1450
name: provider
port_security_enabled: true
project_id: f6a16351f9294942a9fe93f52a76c70d
provider:network_type: vxlan
provider:physical_network: null
provider:segmentation_id: 98
qos_policy_id: null
revision_number: 2
router:external: Internal
segments: null
shared: true
status: ACTIVE
subnets: b038b166-fc85-44f1-9837-8364e6f3de5d
tags: ''
updated_at: '2019-10-10T17:47:11Z'

controller# openstack subnet show provider -f yaml

allocation_pools: 10.45.252.220-10.45.252.250
cidr: 10.45.252.0/23
created_at: '2019-10-10T17:47:11Z'
description: ''
dns_nameservers: 16.110.135.51, 16.110.135.52
enable_dhcp: true
gateway_ip: 10.45.252.1
host_routes: ''
id: b038b166-fc85-44f1-9837-8364e6f3de5d
ip_version: 4
ipv6_address_mode: null
ipv6_ra_mode: null
location:
cloud: ''
project:
    domain_id: null
    domain_name: Default
    id: f6a16351f9294942a9fe93f52a76c70d
    name: admin
region_name: ''
zone: null
name: provider
network_id: 2bf5174c-fac3-4897-9fa8-2188b0e56edb
prefix_length: null
project_id: f6a16351f9294942a9fe93f52a76c70d
revision_number: 0
segment_id: null
service_types: ''
subnetpool_id: null
tags: ''
updated_at: '2019-10-10T17:47:11Z'

When I spawn a vm connected to this network, however it takes a very long time to get passed

         Starting LSB: Bring up/down networking...

cloud-init then allocates an IP address to the instance,

Cloud-init v. 18.2 running 'init' at Thu, 10 Oct 2019 19:02:40 +0000. Up 7.14 seconds.
ci-info: +++++++++++++++++++++++++++++++Net device info+++++++++++++++++++++++++++++++
ci-info: +--------+------+---------------+---------------+-------+-------------------+
ci-info: | Device |  Up  |    Address    |      Mask     | Scope |     Hw-Address    |
ci-info: +--------+------+---------------+---------------+-------+-------------------+
ci-info: | eth0 ...
(more)
edit retag flag offensive close merge delete

Comments

1

For provider networks I usually use config drive because it's an external network and it isn't handled by neutron.

eblock gravatar imageeblock ( 2019-10-11 00:55:04 -0500 )edit
add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2020-02-04 15:04:33 -0500

jsm gravatar image

enable_isolated_metadata = True Should do the trick.

And when creating the external provider network you should as you mention use the flag --router external

edit flag offensive delete link more
add a comment
0

answered 2020-02-02 03:57:51 -0500

frippe75 gravatar image

I'm getting the metadata-agent to work following https://docs.openstack.org/ocata/networking-guide/deploy-ovs-provider.html (https://docs.openstack.org/ocata/netw...)

[   11.307113] cloud-init[834]: Cloud-init v. 0.7.9 running 'init' at Sun, 02 Feb 2020 09:22:14 +0000. Up 11.27 seconds.
[   11.368959] cloud-init[834]: ci-info: +++++++++++++++++++++++++++++Net device info++++++++++++++++++++++++++++++
[   11.375669] cloud-init[834]: ci-info: +--------+------+--------------+-------------+-------+-------------------+
[   11.383321] cloud-init[834]: ci-info: | Device |  Up  |   Address    |     Mask    | Scope |     Hw-Address    |
[   11.390863] cloud-init[834]: ci-info: +--------+------+--------------+-------------+-------+-------------------+
[   11.397559] cloud-init[834]: ci-info: |  lo:   | True |  127.0.0.1   |  255.0.0.0  |   .   |         .         |
[   11.406569] cloud-init[834]: ci-info: |  lo:   | True |      .       |      .      |   d   |         .         |
[   11.413297] cloud-init[834]: ci-info: | eth0:  | True | 10.140.0.220 | 255.255.0.0 |   .   | fa:16:3e:cb:56:88 |
[   11.420840] cloud-init[834]: ci-info: | eth0:  | True |      .       |      .      |   d   | fa:16:3e:cb:56:88 |
[   11.428770] cloud-init[834]: ci-info: +--------+------+--------------+-------------+-------+-------------------+
[   11.436676] cloud-init[834]: ci-info: ++++++++++++++++++++++++++++++++Route IPv4 info+++++++++++++++++++++++++++++++++
[   11.444798] cloud-init[834]: ci-info: +-------+-----------------+--------------+-----------------+-----------+-------+
[   11.453845] cloud-init[834]: ci-info: | Route |   Destination   |   Gateway    |     Genmask     | Interface | Flags |
[   11.460579] cloud-init[834]: ci-info: +-------+-----------------+--------------+-----------------+-----------+-------+
[   11.467297] cloud-init[834]: ci-info: |   0   |     0.0.0.0     |  10.140.0.1  |     0.0.0.0     |    eth0   |   UG  |
[   11.473746] cloud-init[834]: ci-info: |   1   |    10.140.0.0   |   0.0.0.0    |   255.255.0.0   |    eth0   |   U   |
[   11.480763] cloud-init[834]: ci-info: |   2   | 169.254.169.254 | 10.140.0.200 | 255.255.255.255 |    eth0   |  UGH  |
[   11.488171] cloud-init[834]: ci-info: +-------+-----------------+--------------+-----------------+-----------+-------+

But. I cannot get traffic to flow...This is my provider network.

[root@os01-ctr01 ~(keystone_admin)]# openstack network show e23de27f-859b-4cb6-9220-7003e5d80ec0
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2020-02-01T10:45:28Z                 |
| description               |                                      |
| dns_domain                | None                                 |
| id                        | e23de27f-859b-4cb6-9220-7003e5d80ec0 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| is_default                | None                                 |
| is_vlan_transparent       | None                                 |
| mtu                       | 1500                                 |
| name                      | vlan_140_hpecp                       |
| port_security_enabled     | True                                 |
| project_id                | 9e424d09b1334ce18b3cf8e84329dd1e     |
| provider:network_type     | vlan                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  | 140                                  |
| router:external           | Internal                             |
| segments                  | None                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 848edac1-e859-433d-aa0b-a9f7df805fcd |
+---------------------------+--------------------------------------+

Could it be the router:externl = Internal ??

I have created the br-provider ovs switch, setup propper mappings of provider=br-provider:140:150 allowing vlan id 14-150. Added bond0 as the port for br-provider... Done tcpdump to make sure I see VLAN 140 on bond0...

ovs-vsctl show does not show any config around vlan's ... Not sure where that would be done... Could I see it on the qrouter??

Any assistance here would be really appreciated!

edit flag offensive delete link more
add a comment
0

answered 2019-10-11 04:33:07 -0500

faryus gravatar image

The answer provided by @eblock solved my issue.

I am creating instances connected to external networks by attaching a config drive to them instead of relying on metadata-agent connectivity.

Not ideal, but it works.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-10-10 14:52:30 -0500

Seen: 139 times

Last updated: Feb 04

Related questions

Create multiple flat-provider networks on same IP network but different IP range

I would like to set up Packstack with provider networks

Update config-drive after metadata change?

Kilo nova-network metadata unreachale 169.254.169.254

OpenStack Liberty MetaData ssh authentication problem

Metadata proxy 500 error from instances havana

this system does not support "SSSE3"

What network configuration is required for a provider network?

Adding a new propety to the API

openstack network create: bad request (HTTP 400)