From 9b966a64a3bbf50f4661d4d8adac2a56794db5cb Mon Sep 17 00:00:00 2001 From: Andy Ning Date: Fri, 13 Jun 2014 11:21:16 -0400 Subject: Add metadata service support to controller node The metadata service is working as the following: - metadata is being served by nova-api on controller at port 8775. - VM instance requests metadata by 169.254.169.254 (eg, curl http://169.254.169.254/latest/meta-data) - metadata request comes to neutron-ns-metadata-proxy on controller in dhcp network name space. - neutron-ns-metadata-proxy forwards the request to neutron-metadata-agent through a unix domain socket (/var/lib/neutron/metadata_proxy). - neutron-metadata-agent sends the request to nova-api on port 8775 to be serviced. To support metadata service, neutron-ns-metadata-proxy is baked into the controller image. Also neutron-metadata-agent startup script (/etc/init.d/neutron-metadata-agent) and config file (/etc/neutron/metadata_agent.ini) are added to start up metadata agent at system initialization. dhcp_agent.ini and nova.conf are updated as well. A README.metadata is added in the Documentation/ directory. Signed-off-by: Andy Ning Signed-off-by: Bruce Ashfield --- .../python/python-neutron/dhcp_agent.ini | 1 + .../python/python-neutron/metadata_agent.ini | 29 ++++++++++++++++++++++ .../recipes-devtools/python/python-neutron_git.bb | 24 ++++++++++++++++-- .../recipes-devtools/python/python-nova/nova.conf | 6 +++++ .../recipes-devtools/python/python-nova_git.bb | 2 ++ 5 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 meta-openstack/recipes-devtools/python/python-neutron/metadata_agent.ini (limited to 'meta-openstack/recipes-devtools/python') diff --git a/meta-openstack/recipes-devtools/python/python-neutron/dhcp_agent.ini b/meta-openstack/recipes-devtools/python/python-neutron/dhcp_agent.ini index f9b1523..7cc648f 100644 --- a/meta-openstack/recipes-devtools/python/python-neutron/dhcp_agent.ini +++ b/meta-openstack/recipes-devtools/python/python-neutron/dhcp_agent.ini @@ -37,6 +37,7 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # be activated when the subnet does not contain any router port. The guest # instance must be configured to request host routes via DHCP (Option 121). # enable_isolated_metadata = False +enable_isolated_metadata = True # Allows for serving metadata requests coming from a dedicated metadata # access network whose cidr is 169.254.169.254/16 (or larger prefix), and diff --git a/meta-openstack/recipes-devtools/python/python-neutron/metadata_agent.ini b/meta-openstack/recipes-devtools/python/python-neutron/metadata_agent.ini new file mode 100644 index 0000000..98d958d --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-neutron/metadata_agent.ini @@ -0,0 +1,29 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = True + +# The Neutron user information for accessing the Neutron API. +auth_url = http://localhost:5000/v2.0 +auth_region = RegionOne +admin_tenant_name = %SERVICE_TENANT_NAME% +admin_user = %SERVICE_USER% +admin_password = %SERVICE_PASSWORD% + +# Network service endpoint type to pull from the keystone catalog +# endpoint_type = adminURL + +# IP address used by Nova metadata server +# nova_metadata_ip = 127.0.0.1 + +# TCP Port used by Nova metadata server +# nova_metadata_port = 8775 + +# When proxying metadata requests, Neutron signs the Instance-ID header with a +# shared secret to prevent spoofing. You may select any string for a secret, +# but it must match here and in the configuration used by the Nova Metadata +# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret +# metadata_proxy_shared_secret = +metadata_proxy_shared_secret = %METADATA_SHARED_SECRET% + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy diff --git a/meta-openstack/recipes-devtools/python/python-neutron_git.bb b/meta-openstack/recipes-devtools/python/python-neutron_git.bb index ab803f8..5fbad17 100644 --- a/meta-openstack/recipes-devtools/python/python-neutron_git.bb +++ b/meta-openstack/recipes-devtools/python/python-neutron_git.bb @@ -14,6 +14,7 @@ SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=stable/icehouse \ file://neutron-agent.init \ file://l3_agent.ini \ file://dhcp_agent.ini \ + file://metadata_agent.ini \ file://neutron-dhcp-agent-netns-cleanup.cron \ file://0001-neutron.conf-jumpstart-nova-state-reporting-configur.patch \ " @@ -91,6 +92,22 @@ do_install_append() { install -m 0755 ${WORKDIR}/neutron-$AGENT.init.sh ${D}${sysconfdir}/init.d/neutron-$AGENT-agent install -m 600 ${WORKDIR}/${AGENT}_agent.ini ${NEUTRON_CONF_DIR}/ fi + + AGENT=metadata + ARGS="--config-file=${sysconfdir}/${SRCNAME}/neutron.conf --config-file=${sysconfdir}/${SRCNAME}/metadata_agent.ini" + if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + sed "s:@suffix@:$AGENT:;s:@args@:$ARGS:" < ${WORKDIR}/neutron-agent.init >${WORKDIR}/neutron-$AGENT.init.sh + install -m 0755 ${WORKDIR}/neutron-$AGENT.init.sh ${D}${sysconfdir}/init.d/neutron-$AGENT-agent + install -m 600 ${WORKDIR}/${AGENT}_agent.ini ${NEUTRON_CONF_DIR}/ + fi + sed -e "s:%SERVICE_TENANT_NAME%:${SERVICE_TENANT_NAME}:g" \ + -i ${NEUTRON_CONF_DIR}/metadata_agent.ini + sed -e "s:%SERVICE_USER%:${SRCNAME}:g" \ + -i ${NEUTRON_CONF_DIR}/metadata_agent.ini + sed -e "s:%SERVICE_PASSWORD%:${SERVICE_PASSWORD}:g" \ + -i ${NEUTRON_CONF_DIR}/metadata_agent.ini + sed -e "s:%METADATA_SHARED_SECRET%:${METADATA_SHARED_SECRET}:g" \ + -i ${NEUTRON_CONF_DIR}/metadata_agent.ini cp run_tests.sh ${NEUTRON_CONF_DIR} } @@ -182,8 +199,9 @@ FILES_${SRCNAME}-l3-agent = "${bindir}/neutron-l3-agent \ " FILES_${SRCNAME}-metadata-agent = "${bindir}/neutron-metadata-agent \ + ${bindir}/neutron-ns-metadata-proxy \ ${sysconfdir}/${SRCNAME}/metadata_agent.ini \ - ${sysconfdir}/init.d/metadata_agent \ + ${sysconfdir}/init.d/neutron-metadata-agent \ " FILES_${SRCNAME}-extra-agents = "${bindir}/*" @@ -233,7 +251,7 @@ RDEPENDS_${SRCNAME}-setup = "postgresql sudo" RRECOMMENDS_${SRCNAME}-server = "${SRCNAME}-plugin-openvswitch" -INITSCRIPT_PACKAGES = "${SRCNAME}-server ${SRCNAME}-plugin-openvswitch ${SRCNAME}-plugin-linuxbridge ${SRCNAME}-dhcp-agent ${SRCNAME}-l3-agent" +INITSCRIPT_PACKAGES = "${SRCNAME}-server ${SRCNAME}-plugin-openvswitch ${SRCNAME}-plugin-linuxbridge ${SRCNAME}-dhcp-agent ${SRCNAME}-l3-agent ${SRCNAME}-metadata-agent" INITSCRIPT_NAME_${SRCNAME}-server = "neutron-server" INITSCRIPT_PARAMS_${SRCNAME}-server = "${OS_DEFAULT_INITSCRIPT_PARAMS}" INITSCRIPT_NAME_${SRCNAME}-plugin-openvswitch = "neutron-openvswitch-agent" @@ -244,3 +262,5 @@ INITSCRIPT_NAME_${SRCNAME}-dhcp-agent = "neutron-dhcp-agent" INITSCRIPT_PARAMS_${SRCNAME}-dhcp-agent = "${OS_DEFAULT_INITSCRIPT_PARAMS}" INITSCRIPT_NAME_${SRCNAME}-l3-agent = "neutron-l3-agent" INITSCRIPT_PARAMS_${SRCNAME}-l3-agent = "${OS_DEFAULT_INITSCRIPT_PARAMS}" +INITSCRIPT_NAME_${SRCNAME}-metadata-agent = "neutron-metadata-agent" +INITSCRIPT_PARAMS_${SRCNAME}-metadata-agent = "${OS_DEFAULT_INITSCRIPT_PARAMS}" diff --git a/meta-openstack/recipes-devtools/python/python-nova/nova.conf b/meta-openstack/recipes-devtools/python/python-nova/nova.conf index 35eed8b..fbaaa78 100644 --- a/meta-openstack/recipes-devtools/python/python-nova/nova.conf +++ b/meta-openstack/recipes-devtools/python/python-nova/nova.conf @@ -73,6 +73,12 @@ libvirt_images_rbd_ceph_conf=/etc/ceph/ceph.conf rbd_user=cinder-volume #rbd_secret_uuid= +# nova-api configuration for metadata +# neutron_metadata_proxy_shared_secret must match +# metadata_proxy_shared_secret in metadata_agent.ini +service_neutron_metadata_proxy = true +neutron_metadata_proxy_shared_secret=%METADATA_SHARED_SECRET% + [spice] agent_enabled=True enabled=True diff --git a/meta-openstack/recipes-devtools/python/python-nova_git.bb b/meta-openstack/recipes-devtools/python/python-nova_git.bb index 0c6686d..0af38db 100644 --- a/meta-openstack/recipes-devtools/python/python-nova_git.bb +++ b/meta-openstack/recipes-devtools/python/python-nova_git.bb @@ -81,6 +81,8 @@ do_install_append() { sed -e "s:%DB_USER%:${DB_USER}:g" -i ${NOVA_CONF_DIR}/nova.conf sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${NOVA_CONF_DIR}/nova.conf + sed -e "s:%METADATA_SHARED_SECRET%:${METADATA_SHARED_SECRET}:g" -i ${NOVA_CONF_DIR}/nova.conf + sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${NOVA_CONF_DIR}/nova.conf sed -e "s:%CONTROLLER_HOST%:${CONTROLLER_HOST}:g" -i ${NOVA_CONF_DIR}/nova.conf -- cgit v1.2.3-54-g00ecf