← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #66635

[Bug 1687187] Re: metadata-api requires iptables-save/restore

  Thread PreviousDate PreviousThread Next 
** Also affects: nova/newton
   Importance: Undecided
       Status: New

** Also affects: nova/ocata
   Importance: Undecided
       Status: New

** Changed in: nova/ocata
       Status: New => In Progress

** Changed in: nova/ocata
     Assignee: (unassigned) => Sam Yaple (s8m)

** Changed in: nova/newton
       Status: New => In Progress

** Changed in: nova/newton
     Assignee: (unassigned) => Sam Yaple (s8m)

** Changed in: nova/newton
   Importance: Undecided => High

** Changed in: nova/ocata
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1687187

Title:
  metadata-api requires iptables-save/restore

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) newton series:
  In Progress
Status in OpenStack Compute (nova) ocata series:
  In Progress

Bug description:
  The metadata-api still loads pieces of nova-network even when using
  neutron=True.

  Specifically, it is still loading linuxnet_interface_driver and it is
  adding in ACCEPT rules with iptables to allow the metadata port. While
  this may make sense with nova-network, it doesn't make sense for an
  api to be messing with iptables.

  Since neutron uses metadata-api through its proxy, it cannot be said
  that the metadata-api is purely a nova-network thing.

  The MetadataManager class that is loaded makes note of the fact that
  all the class does is add that ACCEPT rule [0]. Previously in Newton I
  was able to work around this by overriding the MetadataManager class
  with 'nova.manager.Manager', that that option was removed in Ocata
  [1]. Now the 'nova.api.manager.MetadataManager' name is hardcoded [2]
  and requires modifying nova source.

  TL;DR when using the metadata-api, bits of nova-network are still
  loaded when they shouldn't be.

  [0]
  https://github.com/openstack/nova/blob/4f91ed3a547965ed96a22520edcfb783e7936e95/nova/api/manager.py#L24

  [1]
  https://github.com/openstack/nova/blob/stable/newton/nova/conf/service.py#L51

  [2]
  https://github.com/openstack/nova/blob/065cd6a8d69c1ec862e5b402a3150131f35b2420/nova/service.py#L60

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1687187/+subscriptions

References

  Thread PreviousDate PreviousThread Next