6124f60297
Currently the metadata proxy binds to default 0.0.0.0, which does not add any advantage (metadata requests are not sent to random IP addresses), and may allow access to cloud information from third parties. This changes the generated configuration to bind to METADATA_DEFAULT_IP address instead. This is not enabled in other metadata proxy configuration (in the L3 agent), as this would require net.ipv4.ip_nonlocal_bind everywhere (currently only enabled for DVR) or transparent mode in haproxy (which requires net.ipv4.ip_nonlocal_bind anyway) Changed set_ip_nonlocal_bind_for_namespace() to support setting the value in both the given and root namespace correctly, since it was only used from inside the neutron codebase according to codesearch. Change-Id: I388391cf697dade1a163d15ab568b33134f7b2d9 Co-Authored-By: Andrey Arapov <andrey.arapov@nixaid.com> Closes-Bug: #1745618 |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| test_agent.py | ||
| test_driver.py | ||