← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #05943

[Bug 1246148] Re: Metadata port inconsistency

  Thread PreviousDate PreviousThread Next 
Hi, nope this is actually intended. In the namespace there is a metadata
proxy webserver that runs on 9697 (not 80 so it doesn't have to run as
root) the iptables rule redirects requests from 80 to 9697. Then, the
metadata-namespace agent proxies the request through a unix domain
socket to another agent living out side the namespace which proxies the
request to nova-metadata running on 8775.  You must be running into a
configuration issue. What does the metadata agent log say when you make
a request to 169.254.169.254?

** Changed in: neutron
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1246148

Title:
  Metadata port inconsistency

Status in OpenStack Neutron (virtual network service):
  Invalid

Bug description:
  There seems to be an inconsistency between the default metadata port
  set within the L3 agent and the metadata agent configuration files.
  This leads to a problem where an out of the box configuration
  redirects metadata requests to a port in which the metadata service is
  not listening.

  The default metadata port in the L3 agent is '9697'
  (https://github.com/openstack/neutron/blob/master/etc/l3_agent.ini)
  yet in the metadata agent it's '8775'
  (https://github.com/openstack/neutron/blob/master/etc/metadata_agent.ini).

  This is also the case within Nova
  (https://github.com/openstack/nova/blob/master/etc/nova/nova.conf.sample),
  the default metadata port is '8775'.

  Chain neutron-l3-agent-PREROUTING (1 references)
  target     prot opt source               destination         
  REDIRECT   tcp  --  anywhere             169.254.169.254     tcp dpt:http redir ports 9697

  [root@cloud01 ~]# netstat -tunpl | grep 9697 | wc -l
  0

  [root@cloud01 ~]# netstat -tunpl | grep 8775
  tcp        0      0 0.0.0.0:8775                0.0.0.0:*                   LISTEN      22119/python

  Note: When modifying the L3 agent's metadata port to reflect the
  '8775' which seems to be the default for the remainder of the services
  I can successfully use it without problem, it redirects to the correct
  port (no more 'Connection Refused').

  I've proposed a change and submitted a patch
  (https://review.openstack.org/#/c/54396/) to update the Puppet
  manifests to write down a consistent port and have proven this to work
  as expected, however it may seem that this is a wider problem that
  could be worth patching further, perhaps restandardising the metadata
  port as set within the L3 agent?

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1246148/+subscriptions
  Thread PreviousDate PreviousThread Next