← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1905115] [NEW] [RFE] Extend neutron-metadata-agent to support to proxy multiple external services

 

Public bug reported:

Currently, the neutron-metadata-agent only support proxy the nova-
metadata-api so that the internal server instance can get metadata
informations. This REF is to propose a extension for neutron-metadata-
agent, in order to with the metadata channel, the internal VMs can
access more external services.

The user cases:

1. The Unified monitoring platform for multiple tenants:
Suppose that a private cloud provider have multiple departments and each department has a tenant on the cloud platform. The cloud admin wish to monitor all tenant's VMs. Current neutron need to use router to achieve the scheme, the implementation method is difficult and inflexible. By extend neutron metadata channel, the monitor agent that in tenant internal VM can easily pust monitor data to the external unified monitoring platform.

2. Shared license pool:
Run commericial software in VMs is a common demand for users. To resolve the authorization issue, these commericial software providers will provide a shared license pool to cloud providre. In multiple tenant environment, as the cidr overlap issue the VMs must by router which set external gateway to access the shared liscense pool, this will limit some use scenarios, such as the pure internal network environment which needn't router service plugin.So, extend neutron metadata channel is an alternative solution.

My initial idea about how to implement it:
Support two type proxys: L7 (layer 7) proxy and L4 (layer 4) proxy, user by write neutron configuration file to tell neutron to provide which proxies and what type proxies.
For L7 proxy:
The implementation can reference the current solution that proxy the nova metadata service. And by neutron configuration file user can configure insert what headers to request for specify proxy.
For L4 proxy:
About TCP proxy, we can introduce HAproxy to implement it. About UDP proxy,  I have no idea about how implement it now.

In additional to, need to add a rest API to query that the current
neutron env provided which proxies for user, and extend network API,
user can configure that a specified network support which proxies.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: rfe

** Tags added: rfe

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1905115

Title:
  [RFE] Extend neutron-metadata-agent to support to proxy multiple
  external services

Status in neutron:
  New

Bug description:
  Currently, the neutron-metadata-agent only support proxy the nova-
  metadata-api so that the internal server instance can get metadata
  informations. This REF is to propose a extension for neutron-metadata-
  agent, in order to with the metadata channel, the internal VMs can
  access more external services.

  The user cases:

  1. The Unified monitoring platform for multiple tenants:
  Suppose that a private cloud provider have multiple departments and each department has a tenant on the cloud platform. The cloud admin wish to monitor all tenant's VMs. Current neutron need to use router to achieve the scheme, the implementation method is difficult and inflexible. By extend neutron metadata channel, the monitor agent that in tenant internal VM can easily pust monitor data to the external unified monitoring platform.

  2. Shared license pool:
  Run commericial software in VMs is a common demand for users. To resolve the authorization issue, these commericial software providers will provide a shared license pool to cloud providre. In multiple tenant environment, as the cidr overlap issue the VMs must by router which set external gateway to access the shared liscense pool, this will limit some use scenarios, such as the pure internal network environment which needn't router service plugin.So, extend neutron metadata channel is an alternative solution.

  My initial idea about how to implement it:
  Support two type proxys: L7 (layer 7) proxy and L4 (layer 4) proxy, user by write neutron configuration file to tell neutron to provide which proxies and what type proxies.
  For L7 proxy:
  The implementation can reference the current solution that proxy the nova metadata service. And by neutron configuration file user can configure insert what headers to request for specify proxy.
  For L4 proxy:
  About TCP proxy, we can introduce HAproxy to implement it. About UDP proxy,  I have no idea about how implement it now.

  In additional to, need to add a rest API to query that the current
  neutron env provided which proxies for user, and extend network API,
  user can configure that a specified network support which proxies.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1905115/+subscriptions