Ask Your Question
0

Instance can't access metadata [closed]

asked 2013-05-29 20:40:32 -0500

patrickvinas gravatar image

I am running a 4 node Grizzly setup, with quantum flat networking, on Ubuntu 12.04 LTS (openstack installed from Ubuntu Cloud Archive packages).

My instances cannot access the metadata service (running on the cloud controller) through the abstraction IP 169.254.169.254. DNAT is set up correctly in iptables on the compute node (if I tcpdump on the instance, compute node and cloud controller, I can see the requests going through and the responses coming back).

The only way I can retrieve metadata is if I curl directly to the cloud controller (IP 10.200.0.11) with the appropriate X-Instance-ID and X-Instance-ID-Signature. Is there any debugging I can do to figure out why, if the instances are ostensibly able to see the metadata service (see above, server responses getting all the way back to the instances), they wouldn't be able to actually retrieve metadata from the service? I've been beating my head against the wall on this issue for a couple weeks now, and it hasn't been a huge problem because I have the credentials for all my instances. We're getting close to rolling out to production, though, and I need to get this last issue nailed down (for the instance boot-up time, if nothing else.)

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by koolhead17
close date 2014-06-05 21:20:43.302057

3 answers

Sort by ยป oldest newest most voted
0

answered 2013-06-06 19:18:25 -0500

patrickvinas gravatar image

Ok. Got it working. Enabled namespaces in quantum, disabled the quantum metadata service, and set up an iptables rule on the compute node to DNAT to the correct server/port (it was trying to use a REDIRECT).

edit flag offensive delete link more
0

answered 2013-07-18 16:59:32 -0500

pborghard gravatar image

Patrick,

I'm running into a similar issue, grizzly+quantum(multinode). Can you give some more detail as to what you did to get it working? I'm still researching elsewhere, if I find a solution I will post back as well for the public.

Thanks, Peter Borghard

edit flag offensive delete link more
0

answered 2013-08-01 19:47:05 -0500

patrickvinas gravatar image

Peter-

On the quantum (neutron) server, in l3_agent.ini I set: nova_metadata_ip = <nova-api ip=""> (or nova-api-metadata IP, if you're running that service on your compute nodes) nova_metadata_port = <nova-api port=""> and in dhcp_agent.ini, I have: use_namespaces = true enable_isolated_metadata = true enable_metadata_network = true (not sure if these two are necessary, but they certainly aren't hurting anything)

On the nova server, in nova.conf: metadata_host = <nova-api ip=""> (or nova-api-metadata IP, as above) and: iptables -t nat -A PREROUTING -i <br-ex or="" equivalent=""> -p tcp -m tcp --dport 80 -j DNAT --to-destination <nova-api ip="">:8775

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-05-29 20:40:32 -0500

Seen: 529 times

Last updated: Aug 01 '13