Openstack Metadata on Provider Networks

Neutron, Nova, Openstack, metadata

This is probably a non standard way to configure this up but is required for our current architecture

Subnet needs have dhcp enabled

The requesting subnet needs to be trunked to the host running dhcp-agent

DHCP IP Helpers on the switches will fuck everything up

Controller

/etc/neutron/dhcp_agent.ini

1
2
3
4
5
6
7
[DEFAULT]
debug = True
verbose = True
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
enable_isolated_metadata = True
dnsmasq_base_log_dir = /var/log/
[AGENT]

/etc/neutron/metadata_agent.ini

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[DEFAULT]
debug = True

auth_uri = http://$keystone:5000
auth_url = http://$keystone:35357
auth_region = regionThree
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = barkfucking

metadata_proxy_shared_secret = stuffedmushrooms
verbose = True

nova_metadata_ip = $host_running_nova-api

[AGENT]

/etc/nova/nova.conf

1
2
3
[neutron]
service_metadata_proxy = True
metadata_proxy_shared_secret = stuffedmushrooms

Example net-show

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 2261f182-809d-4ad3-bdb4-7a001c45f5fc |
| mtu                       | 0                                    |
| name                      | provider-11                          |
| port_security_enabled     | True                                 |
| provider:network_type     | vlan                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  | 11                                   |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 202274d3-97cc-4eaa-8b05-745da6011471 |
| tenant_id                 | e5e7ab304fd24c6ebee4c43193529d07     |
+---------------------------+--------------------------------------+

Example subnet-show

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
+-------------------+----------------------------------------------------+
| Field             | Value                                              |
+-------------------+----------------------------------------------------+
| allocation_pools  | {"start": "192.168.1.11", "end": "192.168.1.249"} |
| cidr              | 192.168.1.0/21                                     |
| dns_nameservers   |                                                    |
| enable_dhcp       | True                                               |
| gateway_ip        | 192.168.1.1                                        |
| host_routes       |                                                    |
| id                | 202274d3-97cc-4eaa-8b05-745da6011471               |
| ip_version        | 4                                                  |
| ipv6_address_mode |                                                    |
| ipv6_ra_mode      |                                                    |
| name              | provider-11-subnet                                 |
| network_id        | 2261f182-809d-4ad3-bdb4-7a001c45f5fc               |
| subnetpool_id     |                                                    |
| tenant_id         | e5e7ab304fd24c6ebee4c43193529d07                   |
+-------------------+----------------------------------------------------+

DHCP agent should be running, grab the uuid from agent list

1
2
3
4
5
6
7
8
9
10
11
+--------------------------------------+--------------------+-------------------------------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host                                      | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+-------------------------------------------+-------+----------------+---------------------------+
| 446dbae4-a2e8-4812-a24c-c3ded53face7 | DHCP agent         | controller | :-)   | True           | neutron-dhcp-agent        |
| 4e8b69ef-8da1-4433-8f66-7f77f01de2ee | Metadata agent     | compute1    | :-)   | True           | neutron-metadata-agent    |
| 622abc9b-ef3c-49ff-873d-a62fdf1eec83 | Linux bridge agent | compute2    | :-)   | True           | neutron-linuxbridge-agent |
| 72325215-b8af-480e-9966-40e1f4517585 | Metadata agent     | controller1 | :-)   | True           | neutron-metadata-agent    |
| 83a5f1e6-6f47-4595-b71c-585a0413a1d5 | Linux bridge agent | controller1 | :-)   | True           | neutron-linuxbridge-agent |
| e43c5c2f-ff51-432e-b000-9f63d24ffac2 | Linux bridge agent | compute3    | :-)   | True           | neutron-linuxbridge-agent |
| e56e5701-663a-4432-a560-90857e59573f | Linux bridge agent | compute1    | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+-------------------------------------------+-------+----------------+---------------------------+

Add network to your dhcp agent 

1
neutron dhcp-agent-network-add 2c141ec6-82ad-4139-b721-78df8a92e72d 2261f182-809d-4ad3-bdb4-7a001c45f5fc

Verify

1
2
3
4
5
+--------------------------------------+----------------------------------------+----------------+-------+
| id                                   | host                                   | admin_state_up | alive |
+--------------------------------------+----------------------------------------+----------------+-------+
| 2c141ec6-82ad-4139-b721-78df8a92e72d | compute1 | True           | :-)   |
+--------------------------------------+----------------------------------------+----------------+-------+

After that, hopefully nothing is fucked up