From 9b966a64a3bbf50f4661d4d8adac2a56794db5cb Mon Sep 17 00:00:00 2001 From: Andy Ning Date: Fri, 13 Jun 2014 11:21:16 -0400 Subject: Add metadata service support to controller node The metadata service is working as the following: - metadata is being served by nova-api on controller at port 8775. - VM instance requests metadata by 169.254.169.254 (eg, curl http://169.254.169.254/latest/meta-data) - metadata request comes to neutron-ns-metadata-proxy on controller in dhcp network name space. - neutron-ns-metadata-proxy forwards the request to neutron-metadata-agent through a unix domain socket (/var/lib/neutron/metadata_proxy). - neutron-metadata-agent sends the request to nova-api on port 8775 to be serviced. To support metadata service, neutron-ns-metadata-proxy is baked into the controller image. Also neutron-metadata-agent startup script (/etc/init.d/neutron-metadata-agent) and config file (/etc/neutron/metadata_agent.ini) are added to start up metadata agent at system initialization. dhcp_agent.ini and nova.conf are updated as well. A README.metadata is added in the Documentation/ directory. Signed-off-by: Andy Ning Signed-off-by: Bruce Ashfield --- .../python/python-neutron/dhcp_agent.ini | 1 + .../python/python-neutron/metadata_agent.ini | 29 ++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 meta-openstack/recipes-devtools/python/python-neutron/metadata_agent.ini (limited to 'meta-openstack/recipes-devtools/python/python-neutron') diff --git a/meta-openstack/recipes-devtools/python/python-neutron/dhcp_agent.ini b/meta-openstack/recipes-devtools/python/python-neutron/dhcp_agent.ini index f9b1523..7cc648f 100644 --- a/meta-openstack/recipes-devtools/python/python-neutron/dhcp_agent.ini +++ b/meta-openstack/recipes-devtools/python/python-neutron/dhcp_agent.ini @@ -37,6 +37,7 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # be activated when the subnet does not contain any router port. The guest # instance must be configured to request host routes via DHCP (Option 121). # enable_isolated_metadata = False +enable_isolated_metadata = True # Allows for serving metadata requests coming from a dedicated metadata # access network whose cidr is 169.254.169.254/16 (or larger prefix), and diff --git a/meta-openstack/recipes-devtools/python/python-neutron/metadata_agent.ini b/meta-openstack/recipes-devtools/python/python-neutron/metadata_agent.ini new file mode 100644 index 0000000..98d958d --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-neutron/metadata_agent.ini @@ -0,0 +1,29 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = True + +# The Neutron user information for accessing the Neutron API. +auth_url = http://localhost:5000/v2.0 +auth_region = RegionOne +admin_tenant_name = %SERVICE_TENANT_NAME% +admin_user = %SERVICE_USER% +admin_password = %SERVICE_PASSWORD% + +# Network service endpoint type to pull from the keystone catalog +# endpoint_type = adminURL + +# IP address used by Nova metadata server +# nova_metadata_ip = 127.0.0.1 + +# TCP Port used by Nova metadata server +# nova_metadata_port = 8775 + +# When proxying metadata requests, Neutron signs the Instance-ID header with a +# shared secret to prevent spoofing. You may select any string for a secret, +# but it must match here and in the configuration used by the Nova Metadata +# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret +# metadata_proxy_shared_secret = +metadata_proxy_shared_secret = %METADATA_SHARED_SECRET% + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy -- cgit v1.2.3-54-g00ecf