how to access metadata server when we use neutron provider network

asked 2013-12-04 08:04:08 -0500

limao gravatar image

Hi all,

When we use neutron provider network and use a external Router. We do not need L3 agent function in Openstack. But the NAT rules for is done in add router and delete router. What ever I know that I can add NAT in the external Router, but I still want this is done in Openstack .

The only way I can think out is that set route for via dhcp addr in VM. And manually to modify the NAT rules in dhcp namespace.

Any way to solve this problem in Openstack?

Thanks so much.

answered 2013-12-05 07:11:11 -0500

limao gravatar image

Thanks Alfred Shen, that solved my question.

answered 2016-03-02 07:42:57 -0500

astafeye gravatar image

When and for what purpose will we use enable_metadata_network = True? TIA Alex

answered 2013-12-04 19:41:34 -0500

alfredcs gravatar image

The metadata is served out on namespace along with dhcp which is handled by neutron-metadata-agent. The service is an unix socket based process running on the hypervisor node serving dnsmasq. During VM boot, it contacts the hard coded address for metadata service and metadata proxy queries controller node for metadata.

ip netns list


ip netns exec qdhcp-78612bad-5ffc-4574-a7c3-ce057bac9511 ip addr

13: tap2f723171-fd: <broadcast,up,lower_up> mtu 1500 qdisc noqueue state UNKNOWN link/ether fa:16:3e:e4:16:ab brd ff:ff:ff:ff:ff:ff inet brd scope global tap2f723171-fd inet brd scope global tap2f723171-fd inet6 fe80::f816:3eff:fee4:16ab/64 scope link valid_lft forever preferred_lft forever 15: lo: <loopback,up,lower_up> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever

ip netns exec qdhcp-78612bad-5ffc-4574-a7c3-ce057bac9511 netstat -anpe

Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0* LISTEN 0 59391 6932/python <--- Metadata proxy process tcp 0 0* LISTEN 0 5236675 9367/dnsmasq <--- Dnsmasq tcp 0 0* LISTEN 0 5236673 9367/dnsmasq
tcp 0 0 fe80::f816:3eff:fee4:16a:53 :::* LISTEN 0 5236680 9367/dnsmasq
udp 0 0* 0 5236665 9367/dnsmasq
udp 0 0* 0 5236674 9367/dnsmasq
udp 0 0* 0 5236672 9367/dnsmasq
udp 0 0 fe80::f816:3eff:fee4:16ab:53 :::* 0 5236679 9367/dnsmasq
Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node PID/Program name Path

ps -f --pid 6932| fold -w 80 -s

UID PID PPID C STIME TTY TIME CMD root 6932 1 0 Dec02 ? 00:00:00 /usr/bin/python /usr/bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/78612bad-5ffc-4574-a7c3-ce057bac9511.p id --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --network_id=78612bad-5ffc-4574-a7c3-ce057bac9511 --state_path=/var/lib/neutron --metadata_port=80 --log-file=neutron-ns-metadata-proxy-78612bad-5ffc-4574-a7c3-ce057bac9511.log --log-dir=/var/log/neutron

ps -f --pid 9367| fold -w 80 -s

UID PID PPID C STIME TTY TIME CMD nobody 9367 1 0 01:08 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tap2f723171-fd --except-interface=lo --pid-file=/var/lib/neutron/dhcp/78612bad-5ffc-4574-a7c3-ce057bac9511/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/78612bad-5ffc-4574-a7c3-ce057bac9511/host --dhcp-optsfile=/var/lib/neutron/dhcp/78612bad-5ffc-4574-a7c3-ce057bac9511/opts --leasefile-ro --dhcp-range=set:tag0,,static,86400s --dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq.conf --domain=svc.wpc2.pdx.wd

cat /var/lib/neutron/dhcp/78612bad-5ffc-4574-a7c3-ce057bac9511/opts

tag:tag0,option:dns-server, ... (more)

answered 2013-12-05 07:21:38 -0500

limao gravatar image

BTW, here is someting we need to be careful: 1. in dhcp_agent.ini, we need to enable isolated metadata and metadata network: enable_isolated_metadata = True enable_metadata_network = True

  1. When we create subnet, we can'set gateway_ip. And need to setup default route , this is because the following bug, and has solved in Icehouse. (

  2. When I use cirros , I find that udhcp will not ask for "Classless-Static-Route", Cirros will not get the route for, so we will have problem. And I use CentOS6.3 it can work well. This means when we use this feature, some OS may not work.

Thanks again for Alfred Shen's help.

answered 2013-12-05 09:57:55 -0500

darragh-oreilly gravatar image

Hi Liping,

I don't think you need enable_metadata_network in your case.

The cirros problem should be fixed soon

re, Darragh.

answered 2013-12-06 02:02:03 -0500

limao gravatar image

Dear Darragh,

Thanks so much for your kindly reminder, it's my mistake. We do not need enable_metadata_network. And great to see we will solve the cirros problem.

Regards, Liping Mao

