[Openstack-operators] [neutron] Kilo neutron-ns-metadata-proxy Problem

Ihar Hrachyshka ihrachys at redhat.com
Mon Sep 7 08:52:42 UTC 2015


> On 07 Sep 2015, at 09:29, Eren Türkay <erent at skyatlas.com> wrote:
> 
> On 31-08-2015 14:56, Eren Türkay wrote:
>> Hello,
> 
> Hello agiain,
> 
>> I installed Kilo neutron. I can create networks, namespaces are created and
>> neutron-ns-metadata-proxy is running. However, VM's cannot get SSH keys. I've
>> isolated the problem down the network namespace and a particular iptables rule.
>> Here is the iptables rule, it accepts the packets marked with 0x1 and rejects it:
>> 
>> -A neutron-vpn-agen-INPUT -m mark --mark 0x1 -j ACCEPT
>> -A neutron-vpn-agen-INPUT -p tcp -m tcp --dport 8775 -j DROP
>> 
>> When I remove the DROP rule, everything works. My question is how are these
>> packages to 169.245.169.254 is marked with 0x1? The iptables rules inside the
>> namespace can be found here: http://paste.ubuntu.com/12237691/
> 
> I am still stuck at this problem. Has anyone experienced it? I would be really
> happy if someone can give a tip regarding to the issue.
> 
> Regards,


See metadata_access_mark option in etc/l3_agent.ini

Ihar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150907/c84b17f8/attachment.pgp>


More information about the OpenStack-operators mailing list