Ask Your Question
1

why neutron metadata proxy is running with the router id?

asked 2015-04-06 11:00:53 -0500

pradeepcsekar gravatar image

I see the neutron metadata proxy is running with the router id attached to it, Can somebody please explain the theory behind this? My thought was, all the metadata requests eventually go to the 169.254.169.254.

Thanks and Appreciate your explanation!

/usr/bin/python /bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/664c634a-d7f4-4886-a0f0-702c2f5acfac.pid --metadata_proxy_socket=/tmp/proxy_sockets/a.sock --router_id=664c634a-d7f4-4886-a0f0-702c2f5acfac --state_path=/var/lib/neutron --metadata_port=9697 --verbose --log-file=neutron-ns-metadata-proxy-664c634a-d7f4-4886-a0f0-702c2f5acfac.log --log-dir=/var/log/neutron

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted
3

answered 2015-04-06 14:00:36 -0500

dbaxps gravatar image

View core stuff written for Quantum :-
http://techbackground.blogspot.ie/201...
You can also take a look at remake just verifying same principles from original link for Neutron on RDO Juno are still the same
http://bderzhavets.blogspot.com/2014/...

[root@juno1 ~(keystone_admin)]# ip netns exec qrouter-1cf08ea2-959f-4206-b2f1-a9b4708399c1 netstat -anpt

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:9697            0.0.0.0:*               LISTEN      6755/python        

[root@juno1 ~(keystone_admin)]# ps -f --pid 6755 | fold -s -w 82

UID        PID  PPID  C STIME TTY          TIME CMD
root      6755     1  0 08:01 ?        00:00:00 /usr/bin/python
/bin/neutron-ns-metadata-proxy
--pid_file=/var/lib/neutron/external/pids/1cf08ea2-959f-4206-b2f1-a9b4708399c1.pid
 --metadata_proxy_socket=/var/lib/neutron/metadata_proxy
--router_id=1cf08ea2-959f-4206-b2f1-a9b4708399c1 --state_path=/var/lib/neutron
--metadata_port=9697 --verbose
--log-file=neutron-ns-metadata-proxy-1cf08ea2-959f-4206-b2f1-a9b4708399c1.log
--log-dir=/var/log/neutron

The nameserver proxy adds two HTTP headers to the request:
    X-Forwarded-For: with the instance's IP address
    X-Neutron-Router-ID: with the uuid of the Neutron router
and proxies it to a Unix domain socket with name
/var/lib/Neutron/metadata_proxy.


 3. Metadata agent receives request and queries the Neutron service
The metadata agent listens on this Unix socket. It is a normal Linux service that runs in the main operating system IP namespace, and so it is able to reach the Neutron  and Nova metadata services. Its configuration file has all the information required to do so.
edit flag offensive delete link more
1

answered 2015-04-06 15:11:28 -0500

Basically your qrouter namespace has a PREROUTING rule that redirects the HTTP request to a listener at port 9697

ip netns exec qrouter-664c634a-d7f4-4886-a0f0-702c2f5acfac iptables-save | grep 169.254.169.254 

ip netns exec qrouter-664c634a-d7f4-4886-a0f0-702c2f5acfac netstat -tlp

run these commands to get a better idea of what's going on.

The listener in this case is the Neutron metadata proxy service that in turn proxies the metadata request to the Nova metadata service.

The links @dbaxps should be helpful this was just a simpler version of what's going on.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-04-06 11:00:53 -0500

Seen: 1,465 times

Last updated: Apr 06 '15