[openstack-dev] [Neutron] cloud-init IPv6 support

Scott Moser smoser at ubuntu.com
Mon Jul 7 19:29:31 UTC 2014


On Mon, 7 Jul 2014, Sean Dague wrote:

>
> Right, but that assumes router control.
>
> > In general, anyone doing singlestack v6 at the moment relies on
> > config-drive to make it work.  This works fine but it depends what
> > cloud-init support your application has.
>
> I think it's also important to realize that the metadata service isn't
> OpenStack invented, it's an AWS API. Which means I don't think we really

Thats incorrect.  The metadata service that lives at
  http://169.254.169.254/
   and
  http://169.254.169.254/ec2
is a mostly-aws-compatible metadata service.

The metadata service that lives at
   http://169.254.169.254/openstack
is 100% "Openstack Invented".

> have the liberty to go changing how it works, especially with something
> like IPv6 support.
>
> I'm not sure I understand why requiring config-drive isn't ok. In our
> upstream testing it's a ton more reliable than the metadata service due
> to all the crazy networking things it's doing.

Because config-drive is "initialization only".  Block devices are not a 2
way communication mechanism.

The obvious immediate need for something more than "init only" is hotplug
of a network device.  In amazon, this actuall works.
  * The device is hot-plug added
  * udev rules are available that then hit the metadata service
    to find out what the network configuration should be for that newly
    added nic.
  * the udev rules bring up the interface.

To the end user, they made an api call that said "attach this network
interface with this IP" and it just magically happened.  In openstack at
the moment, they have to add the nic, and then ssh in and configure the
newly added nic (or some other mechanism).

See bug 1153626 (http://pad.lv/1153626) for more info on how it works on
Amazon.

Amazon also has other neat things in the metadata service such
time-limited per-instance credentials that can be used by the instance to
do things that the user provides an IAM role for.

More info on the AWS metadata service is at
 http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html


We should do neat things like this in sane ways in the Openstack Metadata
service.  And that openstack metadata service should be available via
ipv6.

>
> I'd honestly love to see us just deprecate the metadata server.

If I had to deprecate one or the other, I'd deprecate config drive.  I do
realize that its simplicity is favorable, but not if it is insufficient.



More information about the OpenStack-dev mailing list