openstack team mailing list archive

Thread
Date

Re: problem ssh-ing into vms

To: Pierre Amadio <pierre.amadio@xxxxxxxxxxxxx>
From: Vishvananda Ishaya <vishvananda@xxxxxxxxx>
Date: Wed, 28 Mar 2012 10:01:19 -0700
Cc: openstack <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <4F7327BD.8060100@canonical.com>

On Mar 28, 2012, at 8:01 AM, Pierre Amadio wrote:

> Was my assumption wrong or is there something special to do to have the
> metadata service available without running nova-api ?

You can run the metadata service by itself using bin/nova-api-metadata.  For performance reasons, I prefer this option.

Alternatively you can leave it running on the api node but you have to make sure config is set on your compute and network hosts to tell the system where to forward to.  You do this via a config option in nova.conf

###### (StrOpt) the ip for the metadata api server
# metadata_host="$my_ip"

Also you have to make sure that packets  are not snatted when they leave the network host if they are going to the metadata server. You can do this via a config option as well:

###### (StrOpt) dmz range that should be accepted
# dmz_cidr="10.128.0.0/24"

So setting the following:
metadata_host=<api_ip>
dmz_cidr=<api_ip>/32

should work with nova-api running separately

References

problem ssh-ing into vms
From: Pierre Amadio, 2012-03-28
Re: problem ssh-ing into vms
From: Scott Moser, 2012-03-28
Re: problem ssh-ing into vms
From: Pierre Amadio, 2012-03-28