Handle setting a new default route.

In a production environment, the overcloud, which has it's metadata server as default route until we kill file injection, may not be the default route, so we need to be able to influence routing. Change-Id: I698682183a301141e224e5713a49b23f8e6c863e
2013-10-11 22:27:19 +13:00 · 2013-10-11 22:27:19 +13:00 · ad95866d16
commit ad95866d16
parent 7cc5df7f2f
2 changed files with 21 additions and 0 deletions
--- a/elements/neutron-openvswitch-agent/README.md
+++ b/elements/neutron-openvswitch-agent/README.md
@ -10,6 +10,7 @@ configured via Heat Metadata. For example:
      ovs:
        public_interface: vlan25
        public_interface_raw_device: eth2
+        public_interface_route: 12.34.56.78
        physical_bridge: br-ctlplane
        physical_network: ctlplane
        network_vlan_ranges: ctlplane
@ -23,3 +24,9 @@ counterparts in the OVS section of ovs\_neutron\_plugin.ini If
 public\_interface\_raw\_device is set, public\_interface must be a vlan device,
 and the vlan device will be created using the raw device during
 os-collect-config configuration.
+
+Once the public interface is configured, public\_interface\_route (if set)
+will replace the default route's next hop. The hop this replaces will be
+added as the next hop for 169.254.169.254/32.
+This permits routing default traffic out through a hardware router without
+breaking the ability to contact a bare metal metadata server.
--- a/elements/neutron-openvswitch-agent/neutron-ovs-agent-bin/init-neutron-ovs
+++ b/elements/neutron-openvswitch-agent/neutron-ovs-agent-bin/init-neutron-ovs
@ -28,6 +28,10 @@
 # An iptables rule to redirect incoming metadata server requests on the public
 # bridge device is inserted if not present.
 #
+# If public_interface_route is set then the current default route is
+# specialised to a 169.254.169.254/32 only route and a default route via
+# public_interface_route is added on the public interface.
+#
 # Note that no persistent config file is written to the OS : ovs-vsctl modifies
 # a persistent database so the bridge device will persist across reboots, but
 # [on Ubuntu at least] early boot does not bring up ovs-vswitch early enough,
@ -41,6 +45,7 @@ EXTERNAL_BRIDGE=$(os-config-applier --key neutron.ovs.physical_bridge --type raw
 PHYSICAL_INTERFACE=$(os-config-applier --key neutron.ovs.public_interface --type raw  --key-default '')
 PHYSICAL_INTERFACE_IP=$(os-config-applier --key bootstack.public_interface_ip --type netaddress  --key-default '')
 PHYSICAL_INTERFACE_RAW_DEVICE=$(os-config-applier --key neutron.ovs.public_interface_raw_device --type raw --key-default '')
+PUBLIC_INTERFACE_ROUTE=$(os-config-applier --key neutron.ovs.public_interface_route --type netaddress --key-default '')

 if [ -n "$PHYSICAL_INTERFACE_RAW_DEVICE" ]; then
  if ! (ip link show dev $PHYSICAL_INTERFACE) ; then
@ -111,4 +116,13 @@ if [ -n "$PHYSICAL_INTERFACE" ] ; then
    for IP in $IPS ; do
      ip addr del $IP dev $PHYSICAL_INTERFACE
    done
+    # Handle default route replacement.
+    if [ -n "$PUBLIC_INTERFACE_ROUTE" ]; then
+        DEFAULT_VIA=$(ip route show | awk '/default / { print $3 }')
+        if [ "$DEFAULT_VIA" != "$PUBLIC_INTERFACE_ROUTE" ]; then
+          ip route add 169.254.169.254/32 via $DEFAULT_VIA
+          ip route prepend dev $EXTERNAL_BRIDGE default via $PUBLIC_INTERFACE_ROUTE
+          ip route del default via $DEFAULT_VIA
+        fi
+    fi
 fi