Browse Source

Fix the Neutron OVN metadata service setup

* Set the Nova metadata server address properly so that
  neutron-ovn-metadata-agents running on compute nodes forward the
  requests to the right place instead of trying to use 127.0.0.1;
* generate a random secret instead of hard-coding one.

Change-Id: I6525a4150808ef257bb7a8f49589c1151ca279b0
changes/49/757249/1
Dmitrii Shcherbakov 2 years ago
parent
commit
81cbaa4433
  1. 1
      snap-overlay/bin/set-default-config.py
  2. 1
      snap-overlay/snap-openstack.yaml
  3. 5
      snap-overlay/templates/neutron_ovn_metadata_agent.ini.j2
  4. 2
      snap-overlay/templates/nova.conf.d.neutron.conf.j2

1
snap-overlay/bin/set-default-config.py

@ -79,6 +79,7 @@ def _setup_secrets():
'config.credentials.neutron-password',
'config.credentials.placement-password',
'config.credentials.glance-password',
'config.credentials.ovn-metadata-proxy-shared-secret',
] if k not in existing_cred_keys
})

1
snap-overlay/snap-openstack.yaml

@ -108,6 +108,7 @@ setup:
alerting_tag: 'config.alerting.tag'
ovn_nb_connection: 'config.network.ovn-nb-connection'
ovn_sb_connection: 'config.network.ovn-sb-connection'
ovn_metadata_proxy_shared_secret: 'config.credentials.ovn-metadata-proxy-shared-secret'
setup_loop_based_cinder_lvm_backend: 'config.cinder.setup-loop-based-cinder-lvm-backend'
lvm_backend_volume_group: 'config.cinder.lvm-backend-volume-group'
entry_points:

5
snap-overlay/templates/neutron_ovn_metadata_agent.ini.j2

@ -1,5 +1,8 @@
[DEFAULT]
metadata_proxy_shared_secret = supersecret
nova_metadata_host = {{ control_ip }}
metadata_proxy_shared_secret = {{ ovn_metadata_proxy_shared_secret }}
[ovs]
ovsdb_connection = unix:{{ snap_common }}/run/openvswitch/db.sock

2
snap-overlay/templates/nova.conf.d.neutron.conf.j2

@ -10,4 +10,4 @@ project_name = service
username = neutron
password = {{ neutron_password }}
service_metadata_proxy = True
metadata_proxy_shared_secret = supersecret
metadata_proxy_shared_secret = {{ ovn_metadata_proxy_shared_secret }}

Loading…
Cancel
Save