Cloud-Init cannot contact Meta-Data-Service on Xena with OVN
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Invalid
|
Undecided
|
Unassigned |
Bug Description
## Brief
When running Xena with OVN, neither debian nor cirros cloud-init bootstraps can reach the meta-data service during boot.
- Using Wallaby+OVN works.
- Using Xena+OVS works.
Assuming this must be a regression in Xena, when OVN is used
## Pre-Conditions:
- Xena
- OVN
- Cirros Cloud init boot
Other environment details:
- non DVR - (not sure it is required, but that is what has been used)
- Debian 11 hosts (if that is a required, but that is what has been used)
- Ubuntu based docker - images (if that is a required, but that is what has been used)
Reproduction:
You can use https:/
After the deployment the following API request should be run: https:/
The booted cirros instance should already show the errors.
The exact same stack can be tested using wallaby here https:/
## Expected output:
The cirros instance can reach the meta-data service like that (boot logs)
--------
WARN: failed: route add -net "0.0.0.0/0" gw "10.10.0.1"
OK
checking http://
successful after 1/20 tries: up 9.89. iid=i-00000002
failed to get http://
warning: no ec2 metadata for user-data
--------
## Actual Output
--------
route: SIOCADDRT: File exists
WARN: failed: route add -net "0.0.0.0/0" gw "10.10.0.1"
OK
checking http://
failed 1/20: up 1.34. request failed
failed 2/20: up 50.36. request failed
failed 3/20: up 99.38. request failed
--------
## Version
Yet hard to understand for me, since those are not tagged yet.
What-ever https:/
## Severity
Blocks us from using Xena entirely
## More Informations
Interface TCPDUMP and namespace information: https:/
In the meta-data agent, i can see this configuration.
On the compute instance, i see those 2 running https:/
Those are the debug logs https:/
Normal logs: https:/
https:/
Hello Eugen:
We need more information to try to debug this issue. The metadata agent creates a namespace in the compute node when a VM is spawned on a network.
This namespace will be named as "ovnmeta- <neutron_ network_ id>". Please check that you have something similar to https:/ /paste. opendev. org/show/ 810261/. The tap device IP must match the network subnet CIDR.
You should also have a haproxy instance running using a configuration file named like "...ovn- metadata- proxy/< neutron_ network_ id>.conf"
When the VM is started you should be able to dump the traffic of the namespace TAP device, going to 169.254.169.254/32. You should have something like https:/ /paste. opendev. org/show/ 810262/.
The namespace should be deleted when no VM belonging to this network is present in this compute node.
Regards.