[Openstack] Metadata issue when using allowed address pairs

Kevin Benton kevin at benton.pub
Mon Apr 3 22:54:16 UTC 2017


You won't be able to use the metadata service using an IP that isn't in the
fixed_ips list for a port. The way the metadata service associates a
request with an instance is only based on that field.

So if you want an IP to work with metadata, you'll have to add it to the
fixed_ips field for the port with a port-update.

On Mon, Apr 3, 2017 at 3:43 PM, Robson Ramos Barreto <
robson.rbarreto at gmail.com> wrote:

> Hello Guys
>
> I'm facing a metadata issue just when using allowed address pairs and
> static ip address.
>
> Steps:
> 1. Create new instance
> 2. Allow the IP address on neutron port: neutron port-update <port-uuid>
> --allowed-address-pairs type=dict list=true mac_address=<mac_address>,ip_
> address=<ip_cidr>
> 3. Inside the instance, configure the static IP address allowed on step
> before.
> 4. Create static route to metadata service: ip ro add 169.254.169.254/32
> via << metadata service IP >>
>
> ------------------
>
> From cloud-init log:
>
> url_helper.py[WARNING]: Calling 'http://169.254.169.254/
> latest/meta-data/instance-id' failed [114/120s]: bad status code [404]
>
> ------------------
>
> From curl command:
>
> # curl -vvv http://169.254.169.254/latest/meta-data/instance-id
> * About to connect() to 169.254.169.254 port 80 (#0)
> *   Trying 169.254.169.254...
> * Connected to 169.254.169.254 (169.254.169.254) port 80 (#0)
> > GET /latest/meta-data/instance-id HTTP/1.1
> > User-Agent: curl/7.29.0
> > Host: 169.254.169.254
> > Accept: */*
> >
> < HTTP/1.1 404 Not Found
> < Content-Length: 154
> < Content-Type: text/html; charset=UTF-8
> < Date: Mon, 03 Apr 2017 22:13:29 GMT
> <
> <html>
>  <head>
>   <title>404 Not Found</title>
>  </head>
>  <body>
>   <h1>404 Not Found</h1>
>   The resource could not be found.<br /><br />
>
>
>
>  </body>
> * Connection #0 to host 169.254.169.254 left intact
>
> ------------------
>
> From controllers logs:
>
> /var/log/neutron/metadata-agent.log: 2017-04-03 17:21:10.895 4793 INFO
> eventlet.wsgi.server [-] << INSTANCE_IP >>,<local> - - [03/Apr/2017
> 17:21:10] "GET //latest/meta-data/ HTTP/1.1
> " 404 176 0.079642
> /var/log/neutron/neutron-ns-metadata-proxy-32307540-a5ef-
> 4cf0-9ef7-9760d4f11ffe.log:2017-04-03 17:17:13.812 5791 INFO neutron.wsgi
> [-] (5791) accepted ('<< INSTANCE_IP >>', 58852)
> /var/log/neutron/neutron-ns-metadata-proxy-32307540-a5ef-
> 4cf0-9ef7-9760d4f11ffe.log:2017-04-03 17:17:13.896 5791 INFO neutron.wsgi
> [-] << INSTANCE_IP >> - - [03/Apr/2017 17:17:13] "GET
> //latest/meta-data/instance-id HTTP/1.1" 404 302 0.082646
>
> ------------------
>
> From step 3, everything works fine like external access, dns resolver, and
> so on.
>
> I think that it isn't a network issue because the allowed IP address and
> the metadata service IP are in the same subnet.
>
> Any help would be greatly appreciated.
>
> Thank you
>
> Regards
>
> Robson
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170403/84a6c71b/attachment.html>


More information about the Openstack mailing list