<div dir="ltr">Hi Vikran<br><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Sep 23, 2017 at 8:22 AM, Vikrant Aggarwal <span dir="ltr"><<a href="mailto:ervikrant06@gmail.com" target="_blank">ervikrant06@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi Folks,<br><br></div>I am trying to understand how instance get metadata when OVN is used as mechanism driver. I read the theory on [1] but not able to understand the practical implementation of same. <br><br></div>Created two private networks (internal1 and internal2), one private network (internal1) is created to router and other one (internal2) is isolated. <br><br></div>I tried to spin the cirros instances using both networks. Both instances are able to get the metadata from networks. <br><br></div>List of metadata related processes running on devstack node. <br><div><br>~~~<br>stack@testuser-KVM:~/devstack$ ps -ef | grep -i metadata<br>stack 1067 1 0 Sep22 ? 00:00:39 /usr/bin/python /usr/local/bin/networking-ovn-<wbr>metadata-agent --config-file /etc/neutron/networking_ovn_<wbr>metadata_agent.ini<br>stack 1414 1067 0 Sep22 ? 00:00:17 /usr/bin/python /usr/local/bin/networking-ovn-<wbr>metadata-agent --config-file /etc/neutron/networking_ovn_<wbr>metadata_agent.ini<br>stack 1415 1067 0 Sep22 ? 00:00:17 /usr/bin/python /usr/local/bin/networking-ovn-<wbr>metadata-agent --config-file /etc/neutron/networking_ovn_<wbr>metadata_agent.ini<br>stack 25192 1 0 10:43 ? 00:00:00 haproxy -f /opt/stack/data/neutron/ovn-<wbr>metadata-proxy/54f264d5-c2f5-<wbr>409c-9bd2-dbcec52edffd.conf<br>stack 27424 1 0 11:24 ? 00:00:00 haproxy -f /opt/stack/data/neutron/ovn-<wbr>metadata-proxy/86eefb22-1417-<wbr>407a-b56f-a1f3f147ee4e.conf<br>~~~</div><div><br></div><div>Default content of neutron ovn metadata file. <br></div><div><br></div><div>~~~</div><div>stack@testuser-KVM:~/devstack$ egrep -v "^(#|$)" /etc/neutron/networking_ovn_<wbr>metadata_agent.ini<br>[DEFAULT]<br>state_path = /opt/stack/data/neutron<br>metadata_workers = 2<br>nova_metadata_ip = 192.168.122.98<br>debug = True<br>[ovs]<br>ovsdb_connection = unix:/usr/local/var/run/<wbr>openvswitch/db.sock<br>[agent]<br>root_helper_daemon = sudo /usr/local/bin/neutron-<wbr>rootwrap-daemon /etc/neutron/rootwrap.conf<br>[ovn]<br>ovn_sb_connection = tcp:<a href="http://192.168.122.98:6642" target="_blank">192.168.122.98:6642</a></div><div>~~~<br></div><div><br><div><div>I don't see any NAT rule inside the network namespace which can route the request coming for "169.254.169.254" to nova metadata IP which is mentioned in ovn metadata configuration file.</div><div><br></div><div>~~~<br></div><div>stack@testuser-KVM:~/devstack$ sudo ip netns list<br>ovnmeta-86eefb22-1417-407a-<wbr>b56f-a1f3f147ee4e (id: 1)<br>ovnmeta-54f264d5-c2f5-409c-<wbr>9bd2-dbcec52edffd (id: 0)<br>stack@testuser-KVM:~/devstack$ sudo ip netns exec ovnmeta-86eefb22-1417-407a-<wbr>b56f-a1f3f147ee4e iptables -t nat -L<br>Chain PREROUTING (policy ACCEPT)<br>target prot opt source destination<br><br>Chain INPUT (policy ACCEPT)<br>target prot opt source destination<br><br>Chain OUTPUT (policy ACCEPT)<br>target prot opt source destination<br><br>Chain POSTROUTING (policy ACCEPT)<br>target prot opt source destination</div><div>~~~</div><div><br></div><div>Content of the haproxy configuration file. <br></div><div><br></div><div>~~~</div><div>root@testuser-KVM:~/devstack# cat /opt/stack/data/neutron/ovn-<wbr>metadata-proxy/86eefb22-1417-<wbr>407a-b56f-a1f3f147ee4e.conf<br><br>global<br> log /dev/log local0 debug<br> user stack<br> group stack<br> maxconn 1024<br> pidfile /opt/stack/data/neutron/<wbr>external/pids/86eefb22-1417-<wbr>407a-b56f-a1f3f147ee4e.pid<br> daemon<br><br>defaults<br> log global<br> mode http<br> option httplog<br> option dontlognull<br> option http-server-close<br> option forwardfor<br> retries 3<br> timeout http-request 30s<br> timeout connect 30s<br> timeout client 32s<br> timeout server 32s<br> timeout http-keep-alive 30s<br><br>listen listener<br> bind <a href="http://0.0.0.0:80" target="_blank">0.0.0.0:80</a><br> server metadata /opt/stack/data/neutron/<wbr>metadata_proxy<br> http-request add-header X-OVN-Network-ID 86eefb22-1417-407a-b56f-<wbr>a1f3f147ee4e</div><div>~~~</div><div><br></div><div>It seems like that isolate metadata option is enabled by default in my setup, but in neutron ovn configuration files I don't see such setting, I am suspecting it's enabled because when network is not connected to router even in that case instance spawned using isolated network able to get the metadata. <br></div></div></div></div></blockquote><div><br></div><div>The way we implemented metadata in OVN is as ML2/OVS implements it for the isolated networks case.</div><div>No matter if the network is connected to a router or not, metadata will be served in OVN locally in each controller.</div><div>A metadata agent is running on each controller and one instance of haproxy will be running for each network for</div><div>which that chassis is hosting a port in.</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div></div><div><br></div><div>How the instance is able to get metadata in both cases isolate network and network connected to router? <br></div></div></div></div></blockquote><div><br></div><div>The way instances reach the metadata namespace is through a static route (see the contents of the DHCP_Options table</div><div>and route command output from the instance itself) which is pushed via DHCP so that when traffic is directed to 169.254.169.254,</div><div>instead of hitting the default route it will be directed to the IP address of the metadata port for that network.</div><div>As I said, this is true regardless of the network being connected to a router or not.</div><div><br></div><div>Hope this helps :)</div><div>Daniel</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div></div><div><br>[1] <a href="https://docs.openstack.org/networking-ovn/latest/contributor/design/metadata_api.html" target="_blank">https://docs.openstack.org/<wbr>networking-ovn/latest/<wbr>contributor/design/metadata_<wbr>api.html</a><br><div><div><br><br clear="all"><div><div class="gmail-m_-1170920925708791525gmail_signature"><div dir="ltr"><div>Thanks & Regards,</div>
<div>Vikrant Aggarwal</div><br><span></span><span></span></div></div></div>
</div></div></div></div></div></div>
<br>______________________________<wbr>_________________<br>
discuss mailing list<br>
<a href="mailto:discuss@openvswitch.org">discuss@openvswitch.org</a><br>
<a href="https://mail.openvswitch.org/mailman/listinfo/ovs-discuss" rel="noreferrer" target="_blank">https://mail.openvswitch.org/<wbr>mailman/listinfo/ovs-discuss</a><br>
<br></blockquote></div><br></div></div>