Comment 2 for bug 1843801

I'm not sure there is a bug here, but wanted to correct some of the above information and ask some questions.

With provider networks with no l3-agent, the dhcp-agent will start a metadata proxy in it's namespace. This is enabled in dhcp_agent.ini by setting enable_isolated_metadata = True.

In Rocky, this namespace proxy should be haproxy, for example, from ps output:

  haproxy -f /opt/stack/data/neutron/ns-metadata-proxy/b4d7444e-9549-4156-8596-09eb8b81253a.conf

That process should log to /var/log/haproxy.log* or /var/log/syslog depending on the setup.

It connects to the metadata-agent via a Unix Domain Socket from inside the namespace.

The dhcp-agent is responsible for monitoring the process, but will only deal with restarting when the process exits, it doesn't do wellness checks on port 80.

The haproxy process does not listen on port 80 however, it binds and listens on 0.0.0.0:9697 and an iptables redirect rule is added from port 80 to that. For example, in a router namespace there is:

-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697

So could you provide more information like:

1) Is the iptables redirect rule present?
2) Is the haproxy process running and listening on port 9697?
3) Is there anything in /var/log/* regarding haproxy?