OpenStack Compute (nova)

No iptable rule to metadata

Bug #1083105 reported by Msekni on 2012-11-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Invalid	Undecided	Unassigned

Bug Description

Hello,

When i installed OpenStack Folsom ,i installed all nova components except for nova-network so the result was when i do

iptables -L -nv -t nat

I can't find the route to my metadata server :

Chain nova-network-PREROUTING (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 169.254.169.254 tcp dpt:80 to:10.100.8.223:8775

This rule is not created until nova-network is installed which is not necessary if someone wants to use quantum !

Regards,

Michael Still (mikal) on 2012-11-27

Changed in nova:
status:	New → Triaged
importance:	Undecided → Critical

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-01-04:

It's my understanding that the Quantum agent (that you run instead of the nova-network node) will set up that route for you. Adding Dan to confirm.

Changed in nova:
importance:	Critical → Undecided
status:	Triaged → Incomplete

Revision history for this message

dan wendlandt (danwent) wrote on 2013-01-04:

with quantum, the rule is created by the quantum-l3-agent.

you must configure the quantum-l3-agent with the metadata ip and port.

depending on whether you are using namespaces, the iptables rule may either be visible in the root namespace (i.e., just by running iptables -L) or in a router specific namespace (hidden unless you run the iptables command within the namespace).

see: http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html

Changed in nova:
status:	Incomplete → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.