Ask Your Question
0

instances in provider network cannot reach metadata agent

asked 2019-10-10 15:21:22 -0500

faryus gravatar image

I've been installing OpenStack using the official installation guide (https://docs.openstack.org/install-guide/openstack-services.html (https://docs.openstack.org/install-gu...)) and have gotten everything to work except metadata agent on provider networks (internal networks work just fine).

(the problem itself is way at the bottom, if you want to skip right to it)

My setup looks like this:

CONTROLLER

1 x controller node with 2 x physical interfaces
ens192: 10.45.252.80 (external / provider)
ens224: 10.10.10.10 (internal / management)

nova / neutron services running on controller:
neutron-dhcp-agent.service
neutron-l3-agent.service
neutron-linuxbridge-agent.service
neutron-metadata-agent.service
neutron-server.service
openstack-nova-api.service
openstack-nova-conductor.service
openstack-nova-novncproxy.service
openstack-nova-scheduler.service

controller# cat /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vlan]
network_vlan_ranges = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

controller# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:ens192

[vxlan]
enable_vxlan = true
local_ip = 10.10.10.10
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

controller# cat /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
force_metadata = True

COMPUTE

1 x compute node with 2 x vlan interfaces
eno1.1: 10.45.252.156 (external / provider)
eno2.1: 10.10.10.20 (internal / provider)

nova / neutron services running on controller:
neutron-linuxbridge-agent.service
openstack-nova-compute.service

compute# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eno1.1

[vxlan]
enable_vxlan = true
local_ip = 10.10.10.20
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

And finally, the network and subnet in OpenStack:

controller# openstack network show provider -f yaml

admin_state_up: UP
availability_zone_hints: ''
availability_zones: nova
created_at: '2019-10-10T17:47:11Z'
description: ''
dns_domain: null
id: 2bf5174c-fac3-4897-9fa8-2188b0e56edb
ipv4_address_scope: null
ipv6_address_scope: null
is_default: null
is_vlan_transparent: null
location:
cloud: ''
project:
    domain_id: null
    domain_name: Default
    id: f6a16351f9294942a9fe93f52a76c70d
    name: admin
region_name: ''
zone: null
mtu: 1450
name: provider
port_security_enabled: true
project_id: f6a16351f9294942a9fe93f52a76c70d
provider:network_type: vxlan
provider:physical_network: null
provider:segmentation_id: 98
qos_policy_id: null
revision_number: 2
router:external: Internal
segments: null
shared: true
status: ACTIVE
subnets: b038b166-fc85-44f1-9837-8364e6f3de5d
tags: ''
updated_at: '2019-10-10T17:47:11Z'

controller# openstack subnet show provider -f yaml

allocation_pools: 10.45.252.220-10.45.252.250
cidr: 10.45.252.0/23
created_at: '2019-10-10T17:47:11Z'
description: ''
dns_nameservers: 16.110.135.51, 16.110.135.52
enable_dhcp: true
gateway_ip: 10.45.252.1
host_routes: ''
id: b038b166-fc85-44f1-9837-8364e6f3de5d
ip_version: 4
ipv6_address_mode: null
ipv6_ra_mode: null
location:
cloud: ''
project:
    domain_id: null
    domain_name: Default
    id: f6a16351f9294942a9fe93f52a76c70d
    name: admin
region_name: ''
zone: null
name: provider
network_id: 2bf5174c-fac3-4897-9fa8-2188b0e56edb
prefix_length: null
project_id: f6a16351f9294942a9fe93f52a76c70d
revision_number: 0
segment_id: null
service_types: ''
subnetpool_id: null
tags: ''
updated_at: '2019-10-10T17:47:11Z'

When I spawn a vm connected to this network, however it takes a very long time to get passed

         Starting LSB: Bring up/down networking...

cloud-init then allocates an IP address to the instance,

Cloud-init v. 18.2 running 'init' at Thu, 10 Oct 2019 19:02:40 +0000. Up 7.14 seconds.
ci-info: +++++++++++++++++++++++++++++++Net device info+++++++++++++++++++++++++++++++
ci-info: +--------+------+---------------+---------------+-------+-------------------+
ci-info: | Device |  Up  |    Address    |      Mask     | Scope |     Hw-Address    |
ci-info: +--------+------+---------------+---------------+-------+-------------------+
ci-info: | eth0 ...
(more)
edit retag flag offensive close merge delete

Comments

1

For provider networks I usually use config drive because it's an external network and it isn't handled by neutron.

eblock gravatar imageeblock ( 2019-10-11 00:55:04 -0500 )edit
add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2020-02-04 15:04:33 -0500

jsm gravatar image

enable_isolated_metadata = True Should do the trick.

And when creating the external provider network you should as you mention use the flag --router external

edit flag offensive delete link more
add a comment
0

answered 2020-02-02 03:57:51 -0500

frippe75 gravatar image

I'm getting the metadata-agent to work following https://docs.openstack.org/ocata/networking-guide/deploy-ovs-provider.html (https://docs.openstack.org/ocata/netw...)

[   11.307113] cloud-init[834]: Cloud-init v. 0.7.9 running 'init' at Sun, 02 Feb 2020 09:22:14 +0000. Up 11.27 seconds.
[   11.368959] cloud-init[834]: ci-info: +++++++++++++++++++++++++++++Net device info++++++++++++++++++++++++++++++
[   11.375669] cloud-init[834]: ci-info: +--------+------+--------------+-------------+-------+-------------------+
[   11.383321] cloud-init[834]: ci-info: | Device |  Up  |   Address    |     Mask    | Scope |     Hw-Address    |
[   11.390863] cloud-init[834]: ci-info: +--------+------+--------------+-------------+-------+-------------------+
[   11.397559] cloud-init[834]: ci-info: |  lo:   | True |  127.0.0.1   |  255.0.0.0  |   .   |         .         |
[   11.406569] cloud-init[834]: ci-info: |  lo:   | True |      .       |      .      |   d   |         .         |
[   11.413297] cloud-init[834]: ci-info: | eth0:  | True | 10.140.0.220 | 255.255.0.0 |   .   | fa:16:3e:cb:56:88 |
[   11.420840] cloud-init[834]: ci-info: | eth0:  | True |      .       |      .      |   d   | fa:16:3e:cb:56:88 |
[   11.428770] cloud-init[834]: ci-info: +--------+------+--------------+-------------+-------+-------------------+
[   11.436676] cloud-init[834]: ci-info: ++++++++++++++++++++++++++++++++Route IPv4 info+++++++++++++++++++++++++++++++++
[   11.444798] cloud-init[834]: ci-info: +-------+-----------------+--------------+-----------------+-----------+-------+
[   11.453845] cloud-init[834]: ci-info: | Route |   Destination   |   Gateway    |     Genmask     | Interface | Flags |
[   11.460579] cloud-init[834]: ci-info: +-------+-----------------+--------------+-----------------+-----------+-------+
[   11.467297] cloud-init[834]: ci-info: |   0   |     0.0.0.0     |  10.140.0.1  |     0.0.0.0     |    eth0   |   UG  |
[   11.473746] cloud-init[834]: ci-info: |   1   |    10.140.0.0   |   0.0.0.0    |   255.255.0.0   |    eth0   |   U   |
[   11.480763] cloud-init[834]: ci-info: |   2   | 169.254.169.254 | 10.140.0.200 | 255.255.255.255 |    eth0   |  UGH  |
[   11.488171] cloud-init[834]: ci-info: +-------+-----------------+--------------+-----------------+-----------+-------+

But. I cannot get traffic to flow...This is my provider network.

[root@os01-ctr01 ~(keystone_admin)]# openstack network show e23de27f-859b-4cb6-9220-7003e5d80ec0
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2020-02-01T10:45:28Z                 |
| description               |                                      |
| dns_domain                | None                                 |
| id                        | e23de27f-859b-4cb6-9220-7003e5d80ec0 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| is_default                | None                                 |
| is_vlan_transparent       | None                                 |
| mtu                       | 1500                                 |
| name                      | vlan_140_hpecp                       |
| port_security_enabled     | True                                 |
| project_id                | 9e424d09b1334ce18b3cf8e84329dd1e     |
| provider:network_type     | vlan                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  | 140                                  |
| router:external           | Internal                             |
| segments                  | None                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 848edac1-e859-433d-aa0b-a9f7df805fcd |
+---------------------------+--------------------------------------+

Could it be the router:externl = Internal ??

I have created the br-provider ovs switch, setup propper mappings of provider=br-provider:140:150 allowing vlan id 14-150. Added bond0 as the port for br-provider... Done tcpdump to make sure I see VLAN 140 on bond0...

ovs-vsctl show does not show any config around vlan's ... Not sure where that would be done... Could I see it on the qrouter??

Any assistance here would be really appreciated!

edit flag offensive delete link more
add a comment
0

answered 2019-10-11 04:33:07 -0500

faryus gravatar image

The answer provided by @eblock solved my issue.

I am creating instances connected to external networks by attaching a config drive to them instead of relying on metadata-agent connectivity.

Not ideal, but it works.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-10-10 14:52:30 -0500

Seen: 253 times

Last updated: Feb 04 '20

Related questions

I would like to set up Packstack with provider networks

I am not able ping external provider network

how to updae configdrive when updating metadata?

Provider Network Metadata service

metadata/instance_id failed

Can't ping gateway inteface - provider external network

can't import public SSH key in Public Instance

metadata provider network

neutron-ns-metadata-proxy port is not available

Nova: Server's metadata