Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

metadata service not reachable from instance in neutron single flat provider network

Hello

I have the following Icehouse setup and using neutron with ML2 and the OVS Plugin in a single flat provider network:

  • Controler Node: 10.117.200.7
  • Network Node: 10.117.200.10
  • Compute Node: 10.117.200.12

Network is working fine. The Instances get a IP from the DHCP with the correct getaway and DNS settings. But the metadata service is not reachable from the instance.

Here the log from the CirrOS Image.

adding dns 10.117.192.145
adding dns 10.117.192.160
adding net 169.254.169.254/32 with router 10.117.200.50
cirros-ds 'net' up at 0.72
checking http://169.254.169.254/2009-04-04/instance-id
failed 1/20: up 0.73. request failed
failed 2/20: up 12.75. request failed
failed 3/20: up 24.76. request failed

Inside the CirrOS Instance:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.117.200.254  0.0.0.0         UG    0      0        0 eth0
10.117.200.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.169.254 10.117.200.50   255.255.255.255 UGH   0      0        0 eth0
$ ping 169.254.169.254
PING 169.254.169.254 (169.254.169.254): 56 data bytes
64 bytes from 169.254.169.254: seq=0 ttl=64 time=1.199 ms
64 bytes from 169.254.169.254: seq=1 ttl=64 time=0.235 ms
64 bytes from 169.254.169.254: seq=2 ttl=64 time=0.252 ms
^C
--- 169.254.169.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.235/0.562/1.199 ms
$ curl http://169.254.169.254
curl: (7) couldn't connect to host

From the Controller Node I can reach the metadata service with the own IP and the service is listening:

curl http://10.117.200.7:8775
1.0
2007-01-19
2007-03-01
2007-08-29
2007-10-10
2007-12-15
2008-02-01
2008-09-01
2009-04-04

curl http://169.254.169.254
<html>
 <head>
  <title>500 Internal Server Error</title>
 </head>
 <body>
  <h1>500 Internal Server Error</h1>
  Remote metadata server experienced an internal server error.<br /><br />
 </body>
</html>

Network Node:

cat /etc/neutron/neutron.conf | grep "^[^#;\[]"
auth_strategy = keystone
rpc_backend = neutron.openstack.common.rpc.impl_qpid
qpid_hostname = controller
core_plugin = ml2
service_plugins = router
verbose = True
debug = False
allow_overlapping_ips = True
auth_uri = http://controller:5000
auth_host = controller
auth_protocol = http
auth_port = 35357
admin_tenant_name = service
admin_user = neutron
admin_password = xxx

cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep "^[^#;\[]"
type_drivers = local,flat
mechanism_drivers = openvswitch,l2population
flat_networks = *
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_tunneling = False
local_ip = 10.117.200.11
network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-eth1

cat /etc/neutron/metadata_agent.ini | grep "^[^#;\[]"
debug = True
auth_url = http://controller:5000/v2.0
auth_region = regionOne
admin_tenant_name = service
admin_user = neutron
admin_password = xxx
nova_metadata_ip = 10.117.200.7
metadata_proxy_shared_secret = xxx

cat /etc/neutron/dhcp_agent.ini | grep "^[^#;\[]"
debug = True
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
enable_isolated_metadata = True
dhcp_domain = mydomain.com

Controller Node:

cat /etc/nova/nova.conf | grep "^[^#;\[]"
rpc_backend = qpid
qpid_hostname = controller
my_ip = 10.117.200.7
vncserver_listen = 10.117.200.7
vncserver_proxyclient_address = 10.117.200.7
auth_strategy = keystone
debug=false
verbose=true
network_api_class = nova.network.neutronv2.api.API
neutron_url = http://controller:9696
neutron_auth_strategy = keystone
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = xxx
neutron_admin_auth_url = http://controller:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api = neutron
service_neutron_metadata_proxy = false
connection = mysql://nova:xxx@database/nova
auth_uri = http://controller:5000
auth_host = controller
auth_protocol = http
auth_port = 35357
admin_user = nova
admin_tenant_name = service
admin_password = xxx

Networks:

neutron net-show 5a227a11-11ea-495e-9a1b-e55b5b6731ef
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 5a227a11-11ea-495e-9a1b-e55b5b6731ef |
| name                      | VLAN200                              |
| provider:network_type     | flat                                 |
| provider:physical_network | physnet1                             |
| provider:segmentation_id  |                                      |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 5357f315-9e51-409d-bda5-69aca9c07158 |
| tenant_id                 | 42601f4a604d4c1583d4e77507c31f9d     |
+---------------------------+--------------------------------------+


neutron subnet-show 5357f315-9e51-409d-bda5-69aca9c07158
+------------------+-----------------------------------------------------+
| Field            | Value                                               |
+------------------+-----------------------------------------------------+
| allocation_pools | {"start": "10.117.200.50", "end": "10.117.200.200"} |
| cidr             | 10.117.200.0/24                                     |
| dns_nameservers  | 10.117.192.145                                      |
|                  | 10.117.192.160                                      |
| enable_dhcp      | True                                                |
| gateway_ip       | 10.117.200.254                                      |
| host_routes      |                                                     |
| id               | 5357f315-9e51-409d-bda5-69aca9c07158                |
| ip_version       | 4                                                   |
| name             |                                                     |
| network_id       | 5a227a11-11ea-495e-9a1b-e55b5b6731ef                |
| tenant_id        | 42601f4a604d4c1583d4e77507c31f9d                    |
+------------------+-----------------------------------------------------+