[Wallaby] Interface operations not supported for ovn_metadata_agent

5 May 2025

      Dear openstack community,

I am trying to get metadata service to work on a TripleO Wallaby Openstack.

Upon successful creation of the virtual machine in a geneve type internal network, namespace gets created on the compute node which hosts the VM:
[root@overcloud-computesriov-0 ~]# ip netns list
ovnmeta-fae7b699-3086-4213-bec7-9d91737c934c (id: 0)
[root@overcloud-computesriov-0 ~]# ip netns exec ovnmeta-fae7b699-3086-4213-bec7-9d91737c934c ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: tapfae7b699-31@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether fa:16:3e:d0:d6:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::ac69:a2ff:feb3:89c9/64 scope link
       valid_lft forever preferred_lft forever

The problem is that the VM cannot reach the metadata service IP 169.254.169.254 even though it has the route to it via 10.0.0.2 (DHCP port in the internal network).
I can also see ovn_metadata_agent crashing every 6 seconds with the following:

2025-05-05 13:22:39.044 226779 INFO neutron.common.config [-] Logging enabled!
2025-05-05 13:22:39.044 226779 INFO neutron.common.config [-] /usr/bin/networking-ovn-metadata-agent version 18.6.1.dev209
2025-05-05 13:22:39.050 226779 WARNING oslo_config.cfg [-] Deprecated: Option "heartbeat_in_pthread" from group "oslo_messaging_rabbit" is deprecated for removal.  Its value may be silently ignored in the future.
2025-05-05 13:22:39.064 226779 INFO ovsdbapp.backend.ovs_idl.vlog [-] tcp:127.0.0.1:6640: connecting...
2025-05-05 13:22:39.064 226779 INFO ovsdbapp.backend.ovs_idl.vlog [-] tcp:127.0.0.1:6640: connected
2025-05-05 13:22:39.095 226779 INFO neutron.agent.ovn.metadata.agent [-] Loaded chassis name 983d11af-8faf-4f85-99c2-62c00ed8165b (UUID: 983d11af-8faf-4f85-99c2-62c00ed8165b) and ovn bridge br-int.
2025-05-05 13:22:39.108 226779 INFO neutron.agent.ovn.metadata.ovsdb [-] Getting OvsdbSbOvnIdl for MetadataAgent with retry
2025-05-05 13:22:39.108 226779 INFO ovsdbapp.backend.ovs_idl.vlog [-] tcp:10.100.22.91:6642: connecting...
2025-05-05 13:22:39.109 226779 INFO ovsdbapp.backend.ovs_idl.vlog [-] tcp:10.100.22.91:6642: connected
2025-05-05 13:22:39.126 226779 INFO oslo_service.service [-] Starting 2 workers
2025-05-05 13:22:39.136 226779 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/plugins/networking-ovn/networking-ovn-metadata-agent.ini', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpnbw1fxbg/privsep.sock']
2025-05-05 13:22:39.171 226809 INFO neutron.agent.ovn.metadata.ovsdb [-] Getting OvsdbSbOvnIdl for MetadataAgent with retry
2025-05-05 13:22:39.173 226809 INFO ovsdbapp.backend.ovs_idl.vlog [-] tcp:10.100.22.95:6642: connecting...
2025-05-05 13:22:39.174 226810 INFO neutron.agent.ovn.metadata.ovsdb [-] Getting OvsdbSbOvnIdl for MetadataAgent with retry
2025-05-05 13:22:39.175 226809 INFO ovsdbapp.backend.ovs_idl.vlog [-] tcp:10.100.22.95:6642: connected
2025-05-05 13:22:39.176 226810 INFO ovsdbapp.backend.ovs_idl.vlog [-] tcp:10.100.22.67:6642: connecting...
2025-05-05 13:22:39.178 226810 INFO ovsdbapp.backend.ovs_idl.vlog [-] tcp:10.100.22.67:6642: connected
2025-05-05 13:22:39.204 226809 INFO eventlet.wsgi.server [-] (226809) wsgi starting up on http:/var/lib/neutron/metadata_proxy
2025-05-05 13:22:39.209 226810 INFO eventlet.wsgi.server [-] (226810) wsgi starting up on http:/var/lib/neutron/metadata_proxy
2025-05-05 13:22:40.270 226779 INFO oslo.privsep.daemon [-] Spawned new privsep daemon via rootwrap
2025-05-05 13:22:40.167 226859 INFO oslo.privsep.daemon [-] privsep daemon starting
2025-05-05 13:22:40.175 226859 INFO oslo.privsep.daemon [-] privsep process running with uid/gid: 0/0
2025-05-05 13:22:40.180 226859 INFO oslo.privsep.daemon [-] privsep process running with capabilities (eff/prm/inh): CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_NET_ADMIN|CAP_SYS_ADMIN/CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_NET_ADMIN|CAP_SYS_ADMIN/none
2025-05-05 13:22:40.180 226859 INFO oslo.privsep.daemon [-] privsep daemon running as pid 226859
2025-05-05 13:22:40.972 226779 INFO neutron.agent.ovn.metadata.agent [-] Provisioning metadata for network fae7b699-3086-4213-bec7-9d91737c934c
2025-05-05 13:22:41.159 226779 CRITICAL neutron [-] Unhandled error: neutron.privileged.agent.linux.ip_lib.InterfaceOperationNotSupported: Operation not supported on interface tapfae7b699-31, namespace ovnmeta-fae7b699-3086-4213-bec7-9d91737c934c.
2025-05-05 13:22:41.159 226779 ERROR neutron Traceback (most recent call last):
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/bin/networking-ovn-metadata-agent", line 10, in <module>
2025-05-05 13:22:41.159 226779 ERROR neutron     sys.exit(main())
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/lib/python3.6/site-packages/neutron/cmd/eventlet/agents/ovn_metadata.py", line 24, in main
2025-05-05 13:22:41.159 226779 ERROR neutron     metadata_agent.main()
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/lib/python3.6/site-packages/neutron/agent/ovn/metadata_agent.py", line 41, in main
2025-05-05 13:22:41.159 226779 ERROR neutron     agt.start()
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/lib/python3.6/site-packages/neutron/agent/ovn/metadata/agent.py", line 278, in start
2025-05-05 13:22:41.159 226779 ERROR neutron     self.sync()
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/lib/python3.6/site-packages/neutron/agent/ovn/metadata/agent.py", line 61, in wrapped
2025-05-05 13:22:41.159 226779 ERROR neutron     return f(*args, **kwargs)
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/lib/python3.6/site-packages/neutron/agent/ovn/metadata/agent.py", line 357, in sync
2025-05-05 13:22:41.159 226779 ERROR neutron     self.provision_datapath(datapath)
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/lib/python3.6/site-packages/neutron/agent/ovn/metadata/agent.py", line 585, in provision_datapath
2025-05-05 13:22:41.159 226779 ERROR neutron     ip2.addr.delete(cidr)
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 544, in delete
2025-05-05 13:22:41.159 226779 ERROR neutron     delete_ip_address(cidr, self.name, self._parent.namespace)
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 842, in delete_ip_address
2025-05-05 13:22:41.159 226779 ERROR neutron     net.version, str(net.ip), net.prefixlen, device, namespace)
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 247, in _wrap
2025-05-05 13:22:41.159 226779 ERROR neutron     return self.channel.remote_call(name, args, kwargs)
2025-05-05 13:22:41.159 226779 ERROR neutron   File "/usr/lib/python3.6/site-packages/oslo_privsep/daemon.py", line 224, in remote_call
2025-05-05 13:22:41.159 226779 ERROR neutron     raise exc_type(*result[2])
2025-05-05 13:22:41.159 226779 ERROR neutron neutron.privileged.agent.linux.ip_lib.InterfaceOperationNotSupported: Operation not supported on interface tapfae7b699-31, namespace ovnmeta-fae7b699-3086-4213-bec7-9d91737c934c.
2025-05-05 13:22:41.159 226779 ERROR neutron
2025-05-05 13:22:41.592 226810 INFO oslo_service.service [-] Parent process has died unexpectedly, exiting
2025-05-05 13:22:41.592 226809 INFO oslo_service.service [-] Parent process has died unexpectedly, exiting
2025-05-05 13:22:41.593 226810 INFO eventlet.wsgi.server [-] (226810) wsgi exited, is_accepting=True
2025-05-05 13:22:41.593 226809 INFO eventlet.wsgi.server [-] (226809) wsgi exited, is_accepting=True

I can confirm that I tried assigning and deleting the IP to the interface tapfae7b699-31 from the host and from the container (podman exec -it --user root container-id bash) and succeeded.
I didn't succeed to assign IP to the interface with a regular neutron user (podman exec -it container-id bash).

Also, nova metadata service hosted on the controller is accessible from the compute node:
[root@overcloud-computesriov-0 ~]# curl http://10.100.22.127:8775
1.0
2007-01-19
2007-03-01
2007-08-29
2007-10-10
2007-12-15
2008-02-01
2008-09-01
2009-04-04

Did anyone come across anything like this? 

Best regards,
Davorin

[Wallaby] Interface operations not supported for ovn_metadata_agent

davorin.mikulic＠gmail.com