<div dir="ltr"><div><div>Sending a feedback to all answers bellow. <br><br></div>I've solved the problem using a configuration on neutron dhcp_agent (dhcp_agent.ini). I was using just the option "enable_isolated_metadata = True", so I could use dhcp on networks that didn't have a router. Now, I enabled "force_metadata = true". So, DHCP send a route to new instance saying it is the 169.254.169.254. The instance sends requests directly to DHCP host/port. So, the iptables rule <span id="gmail-result_box" class="gmail-short_text" lang="en"><span class="gmail-trans-target-highlight">previously</span></span> used <span id="gmail-result_box" class="gmail-short_text" lang="en"><span class="gmail-">is no longer used</span></span>. After that configuration I <span id="gmail-result_box" class="gmail-short_text" lang="en"><span class="gmail-">did not realize the mistake anymore</span></span>.<br><br></div>Thank for all help!<br>:)<br><div><div><div><div class="gmail_extra"><br>----<br clear="all">On Mon, Feb 26, 2018 at 9:44 AM, Itxaka Serrano Garcia <span dir="ltr"><<a href="mailto:igarcia@suse.com" target="_blank">igarcia@suse.com</a>></span> wrote:<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="gmail-"></span>
Did you check if port 80 is listening inside the dhcp namespace with
"ip netns exec NAMESPACE netstat -punta" ? <br>
<br>
We recently hit something similar in which the ns-proxy was up and
the metadata-agent as well but the port 80 was missing inside the
namespace, a restart fixed it but there was no logs of a failure
anywhere so it may be similar.<br>
<br></div></blockquote></div><br></div><div class="gmail_extra">I've checked but I was not looking for port 80. I just checked all my namespaces now and no one has an opened port 80. All have <br><br><span style="font-family:monospace,monospace">"tcp 0 0 <a href="http://0.0.0.0:9697">0.0.0.0:9697</a> 0.0.0.0:* LISTEN <PID>/python". </span><br><br>And, as said, all namespaces have an iptables rules that redirect all <a href="http://169.254.169.254:80">169.254.169.254:80</a> traffic to this 9697 port. <br><br><span style="font-family:monospace,monospace">ip netns exec qrouter-HASH_ID iptables -n -L -t nat<br><br>Chain neutron-l3-agent-PREROUTING (1 references)<br>target prot opt source destination <br>REDIRECT tcp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> 169.254.169.254 tcp dpt:80 redir ports 9697</span><br><br></div><div class="gmail_extra">So, is this listening port 80 really necessary? I can see in the logs that information arrives to this service on compute nodes. <br><br>---<br>On Tue, Feb 27, 2018 at 5:43 AM, Tobias Urdin <span dir="ltr"><<a href="mailto:tobias.urdin@crystone.com" target="_blank">tobias.urdin@crystone.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Did some troubleshooting on this myself just some days ago.</p>
<p>You want to check out the neutron-metadata-agent log in /var/log/neutron/neutron-<wbr>metadata-agent.log</p>
<p>neutron-metadata-agent in turn connects to your nova keystone
endpoint to talk to nova metadata api (nova api port 8775) to get
instance information.</p>
<p><br>
</p>
<p>I had a issue with connectivity between neutron-metadata-agent and nova metadata api causing the issue for me.</p>
<p>Should probably check the nova metadata api logs as well.</p>
</div></blockquote>Ok, I've checked that information could arrive to metada proxy on compute node, but on controller I cannot see data arriving to nova metadata api. So, I suspected to be a problem with connectivity inside openvswitch (network connectivy was ok). But I couldn't identify why this data was not being well transfered. <br><br>---<br>On Tue, Feb 27, 2018 at 12:26 PM, Paras pradhan <span dir="ltr"><<a href="mailto:pradhanparas@gmail.com" target="_blank">pradhanparas@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">If this is project specifc usually I run the router-update and fixes the problem.<div><br></div><div><div>/usr/bin/neutron router-update --admin-state-up False $routerid</div><div>/usr/bin/neutron router-update --admin-state-up True $routerid</div></div></div></blockquote><br></div><div class="gmail_extra">I'd tried that but couldn't solve the problem.<br></div><div class="gmail_extra"><br></div></div></div></div></div>