Issues with neutron metadata service in AIO
Bug #1483603 reported by
Matt Thompson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-ansible |
Fix Released
|
High
|
Matt Thompson | ||
Kilo |
Fix Released
|
High
|
Jesse Pretorius | ||
Trunk |
Fix Released
|
High
|
Matt Thompson |
Bug Description
While working on https:/
Ideally, we will want to default force_config_drive to False when we bump to liberty, however we will need to get the neutron metadata service working in an AIO environment first.
description: | updated |
Changed in openstack-ansible: | |
importance: | Undecided → High |
status: | New → Confirmed |
To post a comment you must log in.
Apsu investigated this for us, and found that in the AIO we'll need to drop the following in any neutron_agents containers:
iptables -t mangle -A POSTROUTING -j CHECKSUM --checksum-fill
Some chat log for posterity:
16:30:08 Apsu | Instantly worked.
16:30:33 Apsu | The symptom is that the vxlan iface gets the 169.254.169.254:80 traffic but the bridge it's in does not
16:30:39 Apsu | Which happens due to the invalid checksum.
16:30:53 Apsu | Which happens because there's not a real network interface managing checksums
16:31:18 Apsu | On a multi-node, that instance traffic crosses a real interface on the way across the vxlan tunnel
16:31:23 Apsu | So it picks up a proper checksum