[neutron] metadata IPv6
Slawek Kaplonski
skaplons at redhat.com
Sat Nov 19 14:45:32 UTC 2022
Hi,
Dnia piątek, 18 listopada 2022 19:04:04 CET Roberto Bartzen Acosta pisze:
> Hi Rodolfo,
>
> Thanks for the feedback, we know it's supported by default in neutron
> metadata agent.
>
> My question came because I couldn't make it work with
> the neutron-ovn-metadata-agent. Checking some logs I believe that the
> problem is because the Port_Binding external_ids should have the
> "neutron:cidrs"
> [1],but this is empty.
> [1] -
> https://opendev.org/openstack/neutron/src/branch/master/neutron/agent/ovn/metadata/agent.py#L432
>
> I still don't know how to solve this (:
Unfortunately it's not yet supported by OVN backend. It will work only with the neutron-metadata-agent which is used e.g. in ML2/OVS and ML2/LB backends.
Please also remember that AFAIK there is no support for that IPv6 metadata in cloud-init so You will probably need to have some own tool in the guest VMs which will send requests to the metadata server using IPv6.
>
> Regards,
>
> neutron-ovn-metadata-agent logs:
> Nov 18 17:38:52 compute2 neutron-ovn-metadata-agent[188802]: 2022-11-18
> 17:38:52.996 188802 DEBUG ovsdbapp.backend.ovs_idl.event [-] Matched
> UPDATE: PortBindingChassisCreatedEvent(events=('update',),
> table='Port_Binding', conditions=None, old_conditions=None), priority=20 to
> row=Port_Binding(parent_port=[], chassis=[<ovs.db.idl.Row object at
> 0x7f4e958ba770>], mac=['fa:16:3e:e8:92:d8 2001:db9:1234::35e'],
> options={'mcast_flood_reports': 'true', 'requested-chassis': 'compute2'},
> ha_chassis_group=[], type=, tag=[], requested_chassis=[<ovs.db.idl.Row
> object at 0x7f4e958ba770>], tunnel_key=3, up=[False],
> logical_port=2beb4efd-23c1-4bf6-b57d-6c97a0277124, gateway_chassis=[],
> external_ids={'neutron:cidrs': '2001:db9:1234::35e/64',
> 'neutron:device_id': 'cfbbc54a-1772-495b-8fe4-864c717e22b4',
> 'neutron:device_owner': 'compute:nova', 'neutron:network_name':
> 'neutron-2af7badf-1958-4fc8-b13a-b2e8379e6531', 'neutron:port_name': '',
> 'neutron:project_id': 'd11daecfe9d847ddb7d9ce2932c2fe26',
> 'neutron:revision_number': '2', 'neutron:security_group_ids':
> 'cf2e7d53-0db7-4873-82ab-cf67eceda937'}, encap=[], virtual_parent=[],
> nat_addresses=[], datapath=02e203c7-714a-417c-bc02-c2877ec758a7)
> old=Port_Binding(chassis=[]) matches
> /usr/lib/python3/dist-packages/ovsdbapp/backend/ovs_idl/event.py:43
> Nov 18 17:38:52 compute2 neutron-ovn-metadata-agent[188802]: 2022-11-18
> 17:38:52.996 188802 INFO neutron.agent.ovn.metadata.agent [-] Port
> 2beb4efd-23c1-4bf6-b57d-6c97a0277124 in datapath
> 2af7badf-1958-4fc8-b13a-b2e8379e6531 bound to our chassis
> Nov 18 17:38:52 compute2 neutron-ovn-metadata-agent[188802]: 2022-11-18
> 17:38:52.996 188802 DEBUG neutron.agent.ovn.metadata.agent [-] Provisioning
> metadata for network 2af7badf-1958-4fc8-b13a-b2e8379e6531
> provision_datapath
> /usr/lib/python3/dist-packages/neutron/agent/ovn/metadata/agent.py:434
> Nov 18 17:38:52 compute2 neutron-ovn-metadata-agent[188802]: 2022-11-18
> 17:38:52.997 188802 DEBUG neutron.agent.ovn.metadata.agent [-] There is no
> metadata port for network 2af7badf-1958-4fc8-b13a-b2e8379e6531 or it has no
> MAC or IP addresses configured, tearing the namespace down if needed
> provision_datapath
> /usr/lib/python3/dist-packages/neutron/agent/ovn/metadata/agent.py:442
> Nov 18 17:38:52 compute2 neutron-ovn-metadata-agent[188802]: 2022-11-18
> 17:38:52.997 188812 DEBUG oslo.privsep.daemon [-] privsep:
> reply[c6aff129-2417-45c3-bee1-7b01ff6298f9]: (4, False) _call_back
> /usr/local/lib/python3.10/dist-packages/oslo_privsep/daemon.py:501
>
>
>
>
>
> Em sex., 18 de nov. de 2022 às 12:25, Rodolfo Alonso Hernandez <
> ralonsoh at redhat.com> escreveu:
>
> > Hi Roberto:
> >
> > The documentation you are referring to must be updated. The LP#1460177 RFE
> > implemented this feature. Actually there is a test class that is testing
> > this functionality in the CI [1][2].
> >
> > Regards.
> >
> > [1]https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/750355/
> > [2]
> > https://github.com/openstack/neutron-tempest-plugin/blob/f10618eac3a12d35a35044443b63d144b71e0c6b/neutron_tempest_plugin/scenario/test_metadata.py#L36-L44
> >
> > On Fri, Nov 18, 2022 at 2:45 PM Roberto Bartzen Acosta <
> > roberto.acosta at luizalabs.com> wrote:
> >
> >> Hey folks,
> >>
> >> Can you confirm if the metadata should work in an ipv6-only environment?
> >>
> >> As I understand from this discussion on LP:1460177
> >> <https://bugs.launchpad.net/neutron/+bug/1460177> and the fork of the
> >> discussion in many opendev reviews #315604
> >> <https://review.opendev.org/c/openstack/neutron-specs/+/315604>, #738205
> >> <https://review.opendev.org/c/openstack/neutron-lib/+/738205> #745705
> >> <https://review.opendev.org/c/openstack/neutron/+/745705>, ..., it seems
> >> like it should work.
> >>
> >> However, this comment in the openstack doc [1] has me questioning if
> >> it really works.
> >> *"There are no provisions for an IPv6-based metadata service similar to
> >> what is provided for IPv4. In the case of dual-stacked guests though it is
> >> always possible to use the IPv4 metadata service instead. IPv6-only guests
> >> will have to use another method for metadata injection such as using a
> >> configuration drive, which is described in the Nova documentation
> >> on config-drive
> >> <https://docs.openstack.org/nova/latest/user/config-drive.html>."*
> >>
> >> Is anyone using metadata in an ipv6-only Openstack setup?
> >>
> >> Regards,
> >> Roberto
> >>
> >> [1]
> >> https://docs.openstack.org/neutron/latest/admin/config-ipv6.html#configuring-interfaces-of-the-guest
> >>
> >>
> >>
> >>
> >>
> >> *‘Esta mensagem é direcionada apenas para os endereços constantes no
> >> cabeçalho inicial. Se você não está listado nos endereços constantes no
> >> cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo dessa
> >> mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas estão
> >> imediatamente anuladas e proibidas’.*
> >>
> >> *‘Apesar do Magazine Luiza tomar todas as precauções razoáveis para
> >> assegurar que nenhum vírus esteja presente nesse e-mail, a empresa não
> >> poderá aceitar a responsabilidade por quaisquer perdas ou danos causados
> >> por esse e-mail ou por seus anexos’.*
> >>
> >
>
> --
>
>
>
>
> _‘Esta mensagem é direcionada apenas para os endereços constantes no
> cabeçalho inicial. Se você não está listado nos endereços constantes no
> cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo dessa
> mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas estão
> imediatamente anuladas e proibidas’._
>
>
> * **‘Apesar do Magazine Luiza tomar
> todas as precauções razoáveis para assegurar que nenhum vírus esteja
> presente nesse e-mail, a empresa não poderá aceitar a responsabilidade por
> quaisquer perdas ou danos causados por esse e-mail ou por seus anexos’.*
>
>
>
>
--
Slawek Kaplonski
Principal Software Engineer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20221119/06f8bff9/attachment.sig>
More information about the openstack-discuss
mailing list