Ask Your Question
0

how metadata requests to APIPA:80 are proxied to computenode:8775

asked 2014-10-18 02:25:55 -0600

kevin gravatar image

updated 2014-10-18 02:57:50 -0600

hi i have centos with cloud-init installed and i am trying to understand how it works:

from instance i tried

telnet to 169.254.169.254 80

in tcpdump on compute node i can see request are made to

ip-of-compute-node:8775 and reply from 169.254.169.254.http
  • how is request made to 169.254.169.254 port 80 gets converted to compute-node on port 8775 ?

    • how is "user data" specified in horizon dashboard(control node) for executing at boot time is downloaded by instance, ie how will metadata server running on each compute node gets this information.

using openstack icehouse with nova-network

edit retag flag offensive close merge delete

Comments

You wrote :- ie how will metadata server running on each compute node gets this information.
Metadata server agent runs on Neutron Node. I would suggest you to read https://www.hastexo.com/system/files/... from the beginning.

dbaxps gravatar imagedbaxps ( 2014-10-18 03:12:22 -0600 )edit

thanks dbaxps, can you tell me in case of neutron how will userdata is synced to network node from dashboard (in the custom script field i specified #!/bin/bash useradd user1 how will network node download this and later cloud-init executes it )

kevin gravatar imagekevin ( 2014-10-18 04:43:27 -0600 )edit

I believe cloud-init requires for download only content of curl http://169.254.169.254/latest/meta-data. I believe post customization script will be just run by cloud-init. Nova Medata server doesn't seem to be aware of yours script content.

dbaxps gravatar imagedbaxps ( 2014-10-18 05:01:23 -0600 )edit

thanks dbaxps my doubt is in case of nova-network metadata server listens on port 8775 on each compute node,how will this download custom script from dashboard where script is specified.I understand the role of cloudinit for executing,but for it to execute it should download scrip from some server

kevin gravatar imagekevin ( 2014-10-19 02:10:31 -0600 )edit

You wrote : nova-network metadata server listens on port 8775 on each compute node
Nova metadata server listens on port 8775 of Controller Node and nowhere else.

dbaxps gravatar imagedbaxps ( 2014-10-19 02:23:49 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
2

answered 2014-10-18 02:33:52 -0600

dbaxps gravatar image

updated 2014-10-18 03:25:19 -0600

Please , view https://www.hastexo.com/system/files/... page 20-21
VMS LOOKING FOR METADATA (section)

Quote (pp 20-21) of mentioned document :-

Add the cloud controller to our scheme here. We also need to add the so-called 
management network,which all nodes are physically connected to via the eth1 
physical interface. Also,we have the Nova-API metadata service running on our 
cloud controller. This is the source of metadata,the service that VMs eventually 
need to connect to to get it. And then,we have the metadata-agent and the 
metadata proxy running on the network node.

Let's start with the actual request coming from the VM.It makes its usual way and will
eventually make it to the qROUTER namespace. The destination is IP 169.254.169.254,
and thus,the packet leaves the VM via its default route,which is an IP inside the
qROUTER namespace. Within the qROUTER namespace,the package will be forwarded via DNAT 
from port 80 to the qrouter's port 9697, which is where the metadata proxy is running. 
The metadata proxy will relay the packets to the metadata agent running on the network
node. The latter part happens outside of any TCP/IP network connectivity: the metadata
agent has a UNIX socket open in /var/lib/neutron/metadata_proxy which the metadata
proxy pipes packets into

The rest is done by me on Network Node

[root@icehouse1 ~(keystone_admin)]# ip netns exec qrouter-ef95717c-1525-4750-9b57-20c5196275ac iptables  -S -t nat | grep 169.254
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697

[root@icehouse1 ~(keystone_admin)]# ip netns exec qrouter-ef95717c-1525-4750-9b57-20c5196275ac netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:9697            0.0.0.0:*               LISTEN      7045/python         

[root@icehouse1 ~(keystone_admin)]# ps -ef| grep 7045
root      7045     1  0 11:22 ?        00:00:00 /usr/bin/python /bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/ef95717c-1525-4750-9b57-20c5196275ac.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --router_id=ef95717c-1525-4750-9b57-20c5196275ac --state_path=/var/lib/neutron --metadata_port=9697 --verbose --log-file=neutron-ns-metadata-proxy-ef95717c-1525-4750-9b57-20c5196275ac.log --log-dir=/var/log/neutron
root     20075 19197  0 12:22 pts/0    00:00:00 grep --color=auto 7045
edit flag offensive delete link more

Comments

in case of neutron did they change metadata server port from 8775 to 9697?

kevin gravatar imagekevin ( 2014-10-18 04:44:39 -0600 )edit

No, on my both Neutron ML2&OVS&VXLAN (and GRE) systems (been set up via RDO packstack) nova metadata port is 8775

dbaxps gravatar imagedbaxps ( 2014-10-18 05:07:23 -0600 )edit

Kevin: port 9697 is the Neutron metadata proxy. Your instance talks to the proxy, and the proxy talks to the Nova metadata service on port 8775.

larsks gravatar imagelarsks ( 2014-10-18 08:26:54 -0600 )edit

thanks @larsks

kevin gravatar imagekevin ( 2014-10-22 05:48:59 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-10-18 02:25:55 -0600

Seen: 1,090 times

Last updated: Oct 18 '14