Ask Your Question
2

neutron-ns-metadata-proxy port is not available

asked 2014-12-10 08:27:51 -0500

vladber gravatar image

updated 2014-12-10 08:44:40 -0500

dbaxps gravatar image

Hi,

In Juno RDO I cannot make my Vms will get a metadata from 169.254.169.254 .

I noticed that the neutron-ns-metadata-proxy is running with the following options - pls note the port - 9697 .

root     28243     1  0 13:42 ?        00:00:00 /usr/bin/python /bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/4ee35a51-ab0d-4827-9bb1-5368f8f81ac3.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --router_id=4ee35a51-ab0d-4827-9bb1-5368f8f81ac3 --state_path=/var/lib/neutron --metadata_port=9697 --verbose --log-file=neutron-ns-metadata-proxy-4ee35a51-ab0d-4827-9bb1-5368f8f81ac3.log --log-dir=/var/log/neutron

In the other cluster I have ( Icehouse ) this service runs with --metadata_port=80

I inspected the ns status for dhcp net and neither port 9697 nor 80 do not show up there :

[root@cont neutron(keystone_admin)]#  ip netns exec qdhcp-0c32acbe-ec54-4b00-98f9-d5adfccbf450  netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 10.10.10.13:53          0.0.0.0:*               LISTEN      27656/dnsmasq
tcp        0      0 169.254.169.254:53      0.0.0.0:*               LISTEN      27656/dnsmasq
tcp6       0      0 fe80::f816:3eff:fefa:53 :::*                    LISTEN      27656/dnsmasq
udp        0      0 10.10.10.13:53          0.0.0.0:*                           27656/dnsmasq
udp        0      0 169.254.169.254:53      0.0.0.0:*                           27656/dnsmasq
udp        0      0 0.0.0.0:67              0.0.0.0:*                           27656/dnsmasq
udp6       0      0 fe80::f816:3eff:fefa:53 :::*                                27656/dnsmasq

This explains why VMs cannot access the metadata .

Why neutron-ns-metadata-proxy runs without port up ?

Regards ,

/Vlad

edit retag flag offensive close merge delete

Comments

On IceHouse Cluster, please, post (as UPDATE to question )

# cat /etc/neutron/metadata_agent.ini | grep -v ^# | grep -v ^$
# cat /etc/nova/nova.conf  | grep -v ^# | grep -v ^$
dbaxps gravatar imagedbaxps ( 2014-12-10 08:48:07 -0500 )edit

and also 

# cat /etc/neutron/l3_agent.ini | grep -v ^# | grep -v ^$
dbaxps gravatar imagedbaxps ( 2014-12-10 08:55:53 -0500 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
3

answered 2014-12-10 11:35:57 -0500

dbaxps gravatar image

updated 2014-12-11 05:50:34 -0500

Test following configuration on Network Node of IceHouse Cluster :-

 # cat /etc/nova/nova.conf  | grep -v ^# | grep -v ^$ | grep metadata
    enabled_apis=ec2,osapi_compute,metadata
    metadata_listen=0.0.0.0
    metadata_workers=2
    metadata_host=192.168.1.127
    neutron_metadata_proxy_shared_secret=xxxxxxxxxxxxxx
    service_neutron_metadata_proxy=True


   # cat /etc/neutron/metadata_agent.ini | grep -v ^# | grep -v ^$ | grep metadata
    nova_metadata_ip = 192.168.1.127
    nova_metadata_port = 8775
    metadata_proxy_shared_secret =xxxxxxxxxxxxxxx   (same as above)
    metadata_workers =2
    metadata_backlog = 4096

   # cat /etc/neutron/l3_agent.ini | grep -v ^# | grep -v ^$
    [DEFAULT]
    debug = False
    interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver
    use_namespaces = True
    handle_internal_only_routers = True
    external_network_bridge = br-ex
    metadata_port = 9697
    send_arp_for_ha = 3
    periodic_interval = 40
    periodic_fuzzy_delay = 5
    enable_metadata_proxy = True
    router_delete_namespaces = False

    # cat /etc/neutron/dhcp_agent.ini | grep -v ^# | grep -v ^$ 
    [DEFAULT]
    debug = False
    resync_interval = 30
    interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver
    dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
    use_namespaces = True
    enable_isolated_metadata = False
    enable_metadata_network = False
    # dnsmasq_config_file = /etc/neutron/dnsmasq.conf
    dhcp_delete_namespaces = False
    root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
    state_path=/var/lib/neutron

Option enabled_isolated_metada=True , providing access to metadata vi dnsmasq's opts file

root@netnode:/# cat /var/lib/neutron/dhcp/xxxxxxxxxxxxxxxxxxxxxxxxxx/opts 
tag:tag0,option:classless-static-route,169.254.169.254/32,172.17.17.1

was brought to work following http://techbackground.blogspot.ie/201...

edit flag offensive delete link more

Comments

In my settings I have the same ones except these two lines in the /etc/neutron/dhcp_agent.ini

enable_isolated_metadata = True enable_metadata_network = True

  • without then a VMs do not see the 169.254.0.0 network
vladber gravatar imagevladber ( 2014-12-11 02:28:54 -0500 )edit

To get metadata via qrouter-namespace ,i.e neutron-metadata-proxy :-

enable_isolated_metadata = False
enable_metadata_network = False
dbaxps gravatar imagedbaxps ( 2014-12-11 02:59:07 -0500 )edit

Both configurations work. Why neutron-ns-metadata-proxy runs without port up ?
It's not needed you get them via qdhcp-namespace. Did I address your question ?

dbaxps gravatar imagedbaxps ( 2014-12-11 03:01:58 -0500 )edit

To get metadata via qdhcp-namespace follow http://techbackground.blogspot.ie/201... && ip netns exec qdhcp-your-private-net-id netstat -4 -anpt :- 

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      27409/python
dbaxps gravatar imagedbaxps ( 2014-12-11 03:09:00 -0500 )edit

The problem has been resolved - due to the link was sent I found that in a dhcp-optsfile for my dnsmasq process there was no option for the 169.254.169.254 . For some reason this route on VM didn't work: 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 Works now.

vladber gravatar imagevladber ( 2014-12-11 05:34:22 -0500 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-12-10 08:27:51 -0500

Seen: 4,206 times

Last updated: Dec 11 '14

Related questions

Multiple metadata agents

Metadata proxy 500 error from instances havana

Calling 'http://169.254.169.254/2009-04-04/meta-data/instance-id': Network is unreachable

Neutron uses wrong os-auth-url

Can we deploy - controller, compute, networking inside one host?

Using in-house IPAM with OpenStack

Iptables and Neutron (using LinuxBridge)

Neutron metadata agent "unexpected error"

how networking works in openstack?

New added extension URL returns 404