[RFE] Extend neutron-metadata-agent to support to proxy multiple external services
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Wishlist
|
Unassigned |
Bug Description
Currently, the neutron-
The user cases:
1. The Unified monitoring platform for multiple tenants:
Suppose that a private cloud provider have multiple departments and each department has a tenant on the cloud platform. The cloud admin wish to monitor all tenant's VMs. Current neutron need to use router to achieve the scheme, the implementation method is difficult and inflexible. By extend neutron metadata channel, the monitor agent that in tenant internal VM can easily pust monitor data to the external unified monitoring platform.
2. Shared license pool:
Run commericial software in VMs is a common demand for users. To resolve the authorization issue, these commericial software providers will provide a shared license pool to cloud providre. In multiple tenant environment, as the cidr overlap issue the VMs must by router which set external gateway to access the shared liscense pool, this will limit some use scenarios, such as the pure internal network environment which needn't router service plugin.So, extend neutron metadata channel is an alternative solution.
My initial idea about how to implement it:
Support two type proxys: L7 (layer 7) proxy and L4 (layer 4) proxy, user by write neutron configuration file to tell neutron to provide which proxies and what type proxies.
For L7 proxy:
The implementation can reference the current solution that proxy the nova metadata service. And by neutron configuration file user can configure insert what headers to request for specify proxy.
For L4 proxy:
About TCP proxy, we can introduce HAproxy to implement it. About UDP proxy, I have no idea about how implement it now.
In additional to, need to add a rest API to query that the current neutron env provided which proxies for user, and extend network API, user can configure that a specified network support which proxies.
tags: | added: rfe |
Changed in neutron: | |
importance: | Undecided → Wishlist |
Hi,
Is my understanding of this proposal correct that You want to propose possibility to server various services on various endpoints behind 169.254.169.254 address, like e.g.:
- http:// 169.254. 169.254/ windows- license/ - to provide some Windows licenses (I have no idea if exactly such use case makes any sense, it just an idea)
And for this monitoring, do You want to allow instances e.g. to do POST requests to http:// 169.254. 169.254/ so instance would be able to send some metrics data to some external system?