metadata service does not function when there are overlapping network address spaces
When an OpenStack instance has multiple networks using the same IP address space the metadata service does not function as expected.
Blueprint information
- Status:
- Complete
- Approver:
- dan wendlandt
- Priority:
- High
- Drafter:
- Mark McClain
- Direction:
- Needs approval
- Assignee:
- Mark McClain
- Definition:
- New
- Series goal:
- Accepted for grizzly
- Implementation:
- Implemented
- Milestone target:
- 2013.1
- Started by
- Mark McClain
- Completed by
- Mark McClain
Related branches
Related bugs
Sprints
Whiteboard
If we think we're still in good shape to get this for G-1, please update to 'Good Progress', otherwise, move to G-2.
Note: Transferring this back to a blueprint since the work required too many changes late in the Folsom cycle. The old bug was originally: https:/
The current Nova metadata server uses the remote IP of the connection to identify the instance making a request for metadata information. In an environment where Quantum and overlapping IPs are in use, the service is unable to properly identify the instance metadata that should be returned. This blueprint covers the changes necessary to make the metadata service work in the Quantum environment.
--
Hi all
I wrote some metadata proxy in tenant router namespace and patch nova-api for this issue.
please refer https:/
It's just idea.
--
Hi, yes, that's definitely one possible approach that we were discussing. Rather than using tenant_id though, I would probably use network_id, since the same tenant could even have multiple networks with the same IP (e.g., if they had two copies of an application template running).
Also, I think you should be able to avoid having the DNAT rule populated at all, just by making sure the "metadata_ip"
---
I agree. net_id is better than tenant_id.
DNAT rule are managed my l3_agent(is'nt is?). here is just idea proof so I don't patch this.
I make patch l3_agent if time available.. ^^;
- whitekid
Gerrit topic: https:/
Addressed by: https:/
add metadata proxy support for Quantum Networks
Work Items
Work items:
Add support to the Nova Metadata Service to retrieve data via Instance ID: TODO
Create a Quantum Metadata Service Proxy: TODO