Instance without public ip fails reading metadata with separate CC & CLC
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eucalyptus (Ubuntu) |
Expired
|
Medium
|
Unassigned |
Bug Description
With separate CC and CLC, when an instance without a public address (in MANAGED[_NOVLAN] mode) attempts to contact the metadata service to get its ssh key, the CC reroutes the request to the CLC and masquerades the requestor's address. So the CLC appears to get the metadata request from the CC address and doesn't properly respond (how can it identify which instance is asking?), whereas a request from an instance with a public ip shows up as coming from that public ip (since the CC nat's the public/private address and doesn't masquerade it).
For example:
CC+SC: 10.0.0.1
CLC+WALRUS: 10.0.0.2
VNET_MODE=
VNET_SUBNET=
VNET_CLOUDIP=
A private instance (no public ip) is created as 172.16.1.1. On boot it queries (in /etc/rc.local) to http://
In contrast, a public instance is created as 172.16.1.2 with public ip 10.0.0.3. It makes the same HTTP request which gets redirected through the CC to the CLC. The CC, however, applies SNAT and DNAT rules which make the request appear as coming from 10.0.0.3 (the instance public IP) and the CLC properly responds to the request since it can identify the source instance. And there was much rejoicing...
Changed in eucalyptus (Ubuntu): | |
importance: | Undecided → Medium |
Is this easily reproducible for you ? always reproducible ?
It seems that you might be hitting the same bug 566792 .
The symptom of the request to the metadata service coming from the CC is the same.