yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #94445
[Bug 2069482] Re: [OVN] VMs cannot access metadata when connected to a network with only IPv6 subnets
Reviewed: https://review.opendev.org/c/openstack/neutron/+/922264
Committed: https://opendev.org/openstack/neutron/commit/f7000f3d57bc59732522c4943d6ff2e9dfcf7d31
Submitter: "Zuul (22348)"
Branch: master
commit f7000f3d57bc59732522c4943d6ff2e9dfcf7d31
Author: Miguel Lavalle <mlavalle@xxxxxxxxxx>
Date: Tue Jun 18 19:36:13 2024 -0500
Fix support of IPv6 only networks in OVN metadata agent
When an IPv6 only network is used as the sole network for a VM and
there are no other bound ports on the same network in the same chassis,
the OVN metadata agent concludes that the associated namespace is not
needed and deletes it. As a consequence, the VM cannot access the
metadata service. With this change, the namespace is preserved if there
is at least one bound port on the chassis with either IPv4 or IPv6
addresses.
Closes-Bug: #2069482
Change-Id: Ie15c3344161ad521bf10b98303c7bb730351e2d8
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2069482
Title:
[OVN] VMs cannot access metadata when connected to a network with only
IPv6 subnets
Status in neutron:
Fix Released
Bug description:
VMs cannot access the metadata service when connected to a network
with only IPv6 subnets.
Neutron branch: master
Steps to reproduce:
1) Create a network with a single IPv6 subnet:
$ openstack network create ipv6-net-dhcpv6-slaac
$ openstack subnet create --subnet-range fdba:e036:9e22::/64 --ip-version 6 --gateway dba:e036:9e22::1 --ipv6-ra-mode slaac --ipv6-address-mode slaac --network ipv6-net-dhcpv6-slaac ipv6-subnet-dhcpv6-slaac
2) Create a VM using this network:
$ openstack server create --key-name my_key --flavor m1.small --image
ubuntu-20.04-minimal-cloudimg-amd64 --network ipv6-net-dhcpv6-slaac
--security-group sg1 my-vm-slaac
3) The following message is added to the metadata agent log file:
Jun 14 22:00:32 central neutron-ovn-metadata-agent[89379]: DEBUG
neutron.agent.ovn.metadata.agent [-] No valid VIF ports were found for
network 191a0539-edbc-4037-b973-dfa77e3208f6, tearing the namespace
down if needed {{(pid=89379) _get_provision_params
/opt/stack/neutron/neutron/agent/ovn/metadata/agent.py:720}}
which is produced here:
https://github.com/openstack/neutron/blob/79b2d709c80217830fed8ad73dcf6fbd3eea91b4/neutron/agent/ovn/metadata/agent.py#L719-L723
4) When an IPv4 subnet is added to the network and the VM is
recreated, the metadata service is accessible to it over IPv6:
$ openstack subnet create --network ipv6-net-dhcpv6-slaac ipv4-subnet-dhcpv6-slaac --subnet-range 10.2.0.0/24
$ openstack server delete my-vm-slaac
$ openstack server create --key-name my_key --flavor m1.small --image ubuntu-20.04-minimal-cloudimg-amd64 --network ipv6-net-dhcpv6-slaac --security-group sg1 my-vm-slaac
From the VM:
ubuntu@my-vm-slaac:~$ curl http://[fe80::a9fe:a9fe%ens3]
1.0
2007-01-19
2007-03-01
2007-08-29
2007-10-10
2007-12-15
2008-02-01
2008-09-01
2009-04-04
latest
ubuntu@my-vm-slaac:~$ curl http://[fe80::a9fe:a9fe%ens3]/openstack
2012-08-10
2013-04-04
2013-10-17
2015-10-15
2016-06-30
2016-10-06
2017-02-22
2018-08-27
2020-10-14
latest
How reproducible: 100%
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2069482/+subscriptions
References
