How does access to the metadata service work when using quantum?

Asked by Doug

Hello,

I used this install guide https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/blob/stable/GRE/OpenStack_Folsom_Install_Guide_WebVersion.rst. We are not using namespaces.

We have the metadata service installed on the controller, howcome I can't see the 169.254.169.254 address listed anywhere anywhere on the controller. Where does that address live?

If the VM needs to talk to the 169.254.169.254 address, will the layer 3 agent change it to whatever address you have listed for the matadata_ip in the l3_agent.ini file?

Question information

Language:
English Edit question
Status:
Solved
For:
neutron Edit question
Assignee:
No assignee Edit question
Solved by:
Doug
Solved:
Last query:
Last reply:
Revision history for this message
Aaron Rosen (arosen) said :
#1

If using folsom you will need an iptables rule in order to redirect this request to your nova metadata server.. something like:
 iptables -t nat -A PREROUTING -d 169.254.169.254 -p tcp -m tcp --dport 80 -j DNAT --to-destination <metadata_server>:8775

I also think your metadata_server needs to be running on the same host as your l3 agent or you need to setup a metadata proxy running on localhost otherwise the packets won't be able to route back to you.

Revision history for this message
yong sheng gong (gongysh) said :
#2

https://skydrive.live.com/view.aspx?resid=8F95A76243630FB1!127&authkey=!AK0Y3KWzD6o3WVI slide 29.
metadata proxy is started auto, u need to start metadata agent.

Revision history for this message
yong sheng gong (gongysh) said :
#3

169.254.169.254:80 is nated to network node's local port which the metata proxy is listening on, metatada proxy will communicate with metadata agent on the same node, then the metadata agent will connect to nova metadata API.

Revision history for this message
Doug (dsmith4546) said :
#4

Hey, looks like we fixed it, without any custom iptables rules.
We followed this documented here: http://docs.openstack.org/folsom/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html

The page stated that the nova-metadata service must be reachable from the external network. Sense this is the case I updated the metadata ip in the nova.conf and the l3-agent.ini files to reflect the external ip address of the box that is running the metadata service. So in our case we were running the metadata service on the controller. After that, we restarted all of the nova-services and quantum services. We are now able to curl the following address from our vms: 'curl http://169.254.169.254/openstack'

Revision history for this message
Doug (dsmith4546) said :
#5

As a reminder we had to add routes on the host that is running the metadata service that point back to the ip address of the l3 agent. For each private network that you create.

Example)

route add -net 192.168.4.0/24 gw 192.168.38.199 <---That .199 is the address of the l3 agent.
route add -net 192.168.5.0/24 gw 192.168.38.199