| 2013-10-08 10:30:25 |
Darragh O'Reilly |
description |
When isolated_metadata=true, the dhcp agent will only push out a static route for the metadata address (169.254.169.254/32 via the dhcp ip) when the subnet is isolated. This makes sense because if the subnet is connected to a Neutron router, then the instances can get the metadata from the Neutron router namespace via their default route, and so there is no need for the static route.
Currently the dhcp agent determines that the subnet is isolated by simply checking that the subnet gateway_ip is not set.
https://github.com/openstack/neutron/blob/177bfb030e60267fb009b181e752ec6c37d9010b/neutron/agent/linux/dhcp.py#L450
enable_metadata = (
self.conf.enable_isolated_metadata
and not subnet.gateway_ip
and subnet.ip_version == 4)
But this creates difficulty for users who don't want to use Neutron routers, but want to use a provider network with an external router and get the metadata via the proxy in the dhcp namespace instead. You would like to set gateway_ip to the external router, but when you do that, the agent will not push out the route.
To workaround, you can push out the default route as a static route, eg, if the external router is at 10.0.0.254:
neutron subnet-create net1 10.0.0.0/24 --name sub1 \
--no-gateway \
--host-route destination=0.0.0.0/0,nexthop=10.0.0.254 \
--allocation-pool start=10.0.0.1,end=10.0.0.253
Or you can set the gateway_ip and manually add the static route to the subnet. But then you need to first determine what the dhcp IP is, or will be, and I think it can land on any of the first 3 ips of the CIDR depending on where the gateway_ip is, and if the dhcp-agent is restarted before the first instance for the network is booted.
Anyway, these workarounds are tricky and are not very obvious. It would be better if users could just do this:
neutron subnet-create net1 10.0.0.0/24 --name sub1 ---gateway_ip 10.0.0.254
This would be possible if the agent determined that the subnet was isolated by checking for the absence of a Neutron router on it, rather than just checking that it has no gateway_ip. |
When isolated_metadata=true, the dhcp agent will only push out a static route for the metadata address (169.254.169.254/32 via the dhcp ip) when the subnet is isolated. This makes sense because if the subnet is connected to a Neutron router, then the instances can get the metadata from the Neutron router namespace via their default route, and so there is no need for the static route.
Currently the dhcp agent determines that the subnet is isolated by simply checking that the subnet gateway_ip is not set.
https://github.com/openstack/neutron/blob/177bfb030e60267fb009b181e752ec6c37d9010b/neutron/agent/linux/dhcp.py#L450
enable_metadata = (
self.conf.enable_isolated_metadata
and not subnet.gateway_ip
and subnet.ip_version == 4)
But this creates difficulty for users who don't want to use Neutron routers, but want to use a provider network with an external router and get the metadata via the proxy in the dhcp namespace instead. You would like to set gateway_ip to the external router, but when you do that, the agent will not push out the route.
To workaround, you can push out the default route as a host route, eg, if the external router is at 10.0.0.254:
neutron subnet-create net1 10.0.0.0/24 --name sub1 \
--no-gateway \
--host-route destination=0.0.0.0/0,nexthop=10.0.0.254 \
--allocation-pool start=10.0.0.1,end=10.0.0.253
Or you can set the gateway_ip and manually add the metadata static route to the subnet. But then you need to first determine what the dhcp IP is, or will be, and I think it can land on any of the first 3 ips of the CIDR depending on where the gateway_ip is, and if the dhcp-agent is restarted before the first instance for the network is booted.
Anyway, these workarounds are tricky and are not very obvious. It would be better if users could just do this:
neutron subnet-create net1 10.0.0.0/24 --name sub1 ---gateway_ip 10.0.0.254
This would be possible if the agent determined that the subnet was isolated by checking for the absence of a Neutron router on it, rather than just checking that it has no gateway_ip. |
|
