Metadata Service in openstack is broken with ODL Integration
Description
Environment
Activity
Nishchya January 14, 2020 at 5:29 AM
Cannot reproduced in latest master with rocky, please reopen the issue if seen again.
Nishchya January 6, 2020 at 8:45 AM
This is a pretty old issue, now as specified in the workaround /etc/neutron/dhcp_agent.ini is already have "force_metadata = True". So mostly issue will not be there, but will try this locally and update the results.
Manuel Buil June 26, 2018 at 7:45 AM
guys,
I still think the bug is in Netvirt.Neutron default behaviour is:
Push static route to the VM when network is isolated through DHCP (169.254.169.254 through the DHCP port)
Implement the logic in the router namespace when network is not isolated (through iptables:
REDIRECT tcp -- anywhere 169.254.169.254 tcp dpt:http redir ports 9697)
When using ODL, the first scenario (isolated networks) works, however the second one does not work. Note that I am using odl-router_v2 plugin, so there are no router namespaces and all the routing logic is implemented by ODL. I would expect ODL to implement everything which was covered by the router namespace, including the static route to 169.254.169.254. In fact, the issue is solved when adding that route to the neutron router (192.168.0.2 is the ip where the DHCP server is listening):
neutron router-update router-ext --route destination=169.254.169.254/32,nexthop=192.168.0.2
In my opinion, perhaps I am missing something, everytime a subnet is connected to a router, Netvirt should add that static route. Netvirt knows the DHCP server ip and the metadata server is always 169.254.169.254, so it should be easy. The suggested "force_metadata=true" option is not the best because it forces a static route into the VM and that should be something exceptional. Besides, it seems wrong to me that a neutron plug-in changes the default neutron behaviour, or?
Shivashankar Chitragar June 23, 2018 at 3:36 AM
Ok.
If "force_metadata=true" should be the expectation then Openstack-Ansible is not doing it while preparing configuration file dhcp_agent.ini.
If there is nothing to do from Netvirt perspective, you can close this issue.
I will update the same in defect raised under Openstack-ansible.
Thanks
Sam Hague June 21, 2018 at 3:28 PM
Same opinion, we expect force_metadata=true to be configured for this to work.
Details
Details
Assignee
Reporter
Components
Fix versions
Priority
Medium
Issue:
I have installed stable/queens using openstack-ansible on Ubuntu with ODL + OVS.
I have created an instance with cirros image(since it has pre-set pwd i am able to login through console and ssh), I can ping to external gateway and even Google DNS(8.8.8.8) but it is not able to reach metadata server.
So i am not able to create instance with any other OS as it is not getting password or SSH keys.
Observations:
1. If private network doesnot have an interface connected to router then metadata service works, meaning instances will receive the cloud config.
2. When private network is not connected to router, then static route for 169.254.169.254 will have nexthop as 10.0.0.2 which is present in dhcp namespace.
3. When private network is connected to router, then static route for 169.254.169.254 will have nexthop as 10.0.0.1 which is ip of router interface connected to private network.
Workaround:
1. In /etc/neutron/dhcp_agent.ini add "force_metadata = True"
2. Restart neutron-dhcp-agent service
Then things will start working.
After these changes dhcp agent will send route 169.254.169.254/32 with nexthop as 10.0.0.2 and cloud-init works.
Since router namespace is not created after integrating with odl, should this route point to nexthop in dhcp namespace?
Kindly provide the fix for this issue.