yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1450548] Re: Some VMs get a bad metadata route

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1450548@xxxxxxxxxxxxxxxxxx>
Date: Wed, 22 Feb 2017 04:18:41 -0000
Reply-to: Bug 1450548 <1450548@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1450548

Title:
  Some VMs get a bad metadata route

Status in neutron:
  Expired

Bug description:
  In a configuration using the dhcp_agent.ini setting

             enable_isolated_metadata = True

  When creating a network configuration that is *not* isolated it has
  been observed that the dnsmasq processes are being configured with
  static routes for the metadata-service (169.254.169.254) that point to
  the local dhcp server.

  ci-info: +-------+-----------------+------------+-----------------+-----------+-------+
  ci-info: | Route |   Destination   |  Gateway   |     Genmask     | Interface | Flags |
  ci-info: +-------+-----------------+------------+-----------------+-----------+-------+
  ci-info: |   0   |     0.0.0.0     | 71.0.0.161 |     0.0.0.0     |    eth0   |   UG  |
  ci-info: |   1   |    71.0.0.160   |  0.0.0.0   | 255.255.255.240 |    eth0   |   U   |
  ci-info: |   2   | 169.254.169.254 | 71.0.0.163 | 255.255.255.255 |    eth0   |  UGH  |

  
  However, in this particular scenario the dnsmasq processes have no metadata-proxy processes.

  When a VM boots it gets the static route via DHCP and is unable to
  access the metadata service.

  This issue seems to have appeared due to patch #116832 "Don't spawn
  metadata-proxy for non-isolated nets".

  Is it possible that the basis for that optimisation is flawed?

  The optimisation implements checks of whether a subnet is considered isolated. These checks include whether a subnet has a neutron router port available. However, it appears that decision can change during network construction or manipulation. 
  That potential change of decision would appear to defeat the previous optimisation.

  Once it has been decided that a network is isolated the static route for metadata-service may be passed to VMs. At which point we cannot run without metadata-proxies on the dhcp-servers, even if a neutron router becomes available and the network become non-isolated.
   
  A proposal would be to remove the optimisation of not launching metadata-proxy-agents on dhcp-servers. Which means we will return to carrying the metadata-proxy-agents processes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1450548/+subscriptions

References

[Bug 1450548] [NEW] Some VMs get a bad metadata route
From: Mark Rawlings, 2015-04-30