← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1450548] [NEW] Some VMs get a bad metadata route

 

Public bug reported:

In a configuration using the dhcp_agent.ini setting

           enable_isolated_metadata = True

When creating a network configuration that is *not* isolated it has been
observed that the dnsmasq processes are being configured with static
routes for the metadata-service (169.254.169.254) that point to the
local dhcp server.

ci-info: +-------+-----------------+------------+-----------------+-----------+-------+
ci-info: | Route |   Destination   |  Gateway   |     Genmask     | Interface | Flags |
ci-info: +-------+-----------------+------------+-----------------+-----------+-------+
ci-info: |   0   |     0.0.0.0     | 71.0.0.161 |     0.0.0.0     |    eth0   |   UG  |
ci-info: |   1   |    71.0.0.160   |  0.0.0.0   | 255.255.255.240 |    eth0   |   U   |
ci-info: |   2   | 169.254.169.254 | 71.0.0.163 | 255.255.255.255 |    eth0   |  UGH  |


However, in this particular scenario the dnsmasq processes have no metadata-proxy processes.

When a VM boots it gets the static route via DHCP and is unable to
access the metadata service.

This issue seems to have appeared due to patch #116832 "Don't spawn
metadata-proxy for non-isolated nets".

Is it possible that the basis for that optimisation is flawed?

The optimisation implements checks of whether a subnet is considered isolated. These checks include whether a subnet has a neutron router port available. However, it appears that decision can change during network construction or manipulation. 
That potential change of decision would appear to defeat the previous optimisation.

Once it has been decided that a network is isolated the static route for metadata-service may be passed to VMs. At which point we cannot run without metadata-proxies on the dhcp-servers, even if a neutron router becomes available and the network become non-isolated.
 
A proposal would be to remove the optimisation of not launching metadata-proxy-agents on dhcp-servers. Which means we will return to carrying the metadata-proxy-agents processes.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1450548

Title:
  Some VMs get a bad metadata route

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  In a configuration using the dhcp_agent.ini setting

             enable_isolated_metadata = True

  When creating a network configuration that is *not* isolated it has
  been observed that the dnsmasq processes are being configured with
  static routes for the metadata-service (169.254.169.254) that point to
  the local dhcp server.

  ci-info: +-------+-----------------+------------+-----------------+-----------+-------+
  ci-info: | Route |   Destination   |  Gateway   |     Genmask     | Interface | Flags |
  ci-info: +-------+-----------------+------------+-----------------+-----------+-------+
  ci-info: |   0   |     0.0.0.0     | 71.0.0.161 |     0.0.0.0     |    eth0   |   UG  |
  ci-info: |   1   |    71.0.0.160   |  0.0.0.0   | 255.255.255.240 |    eth0   |   U   |
  ci-info: |   2   | 169.254.169.254 | 71.0.0.163 | 255.255.255.255 |    eth0   |  UGH  |

  
  However, in this particular scenario the dnsmasq processes have no metadata-proxy processes.

  When a VM boots it gets the static route via DHCP and is unable to
  access the metadata service.

  This issue seems to have appeared due to patch #116832 "Don't spawn
  metadata-proxy for non-isolated nets".

  Is it possible that the basis for that optimisation is flawed?

  The optimisation implements checks of whether a subnet is considered isolated. These checks include whether a subnet has a neutron router port available. However, it appears that decision can change during network construction or manipulation. 
  That potential change of decision would appear to defeat the previous optimisation.

  Once it has been decided that a network is isolated the static route for metadata-service may be passed to VMs. At which point we cannot run without metadata-proxies on the dhcp-servers, even if a neutron router becomes available and the network become non-isolated.
   
  A proposal would be to remove the optimisation of not launching metadata-proxy-agents on dhcp-servers. Which means we will return to carrying the metadata-proxy-agents processes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1450548/+subscriptions


Follow ups

References