声明:
本博客欢迎转发,但请保留原作者信息!
新浪微博:@孔令贤HW;
博客地址:http://blog.csdn.net/lynn_kong
内容系本人学习、研究和总结,如有雷同,实属荣幸!
上一篇讲了一个虚拟机如何通过router的namespace-metadata-proxy访问169.254.169.254获取一些自定义信息。其实在Quantum中,还有dhcp的namespace-metadata-proxy可以提供访问。在使用前,需要在dhcp agent的配置文件中增加一个配置:
# The DHCP server can assist with providing metadata support on isolated # networks. Setting this value to True will cause the DHCP server to append # specific host routes to the DHCP request. The metadata service will only # be activated when the subnet gateway_ip is None. The guest instance must # be configured to request host routes via DHCP (Option 121). enable_isolated_metadata = True
然后,创建subnet,注意不要指定gateway:
root@controller231:/usr/lib/python2.7/dist-packages# quantum subnet-create testnet01 172.17.17.0/24 --no-gateway --name=sub_no_gateway
Created a new subnet:
+------------------+--------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "172.17.17.1", "end": "172.17.17.254"} |
| cidr | 172.17.17.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | |
| host_routes | |
| id | 34168195-f101-4be4-8ca8-c9d07b58d41a |
| ip_version | 4 |
| name | sub_no_gateway |
| network_id | 3d42a0d4-a980-4613-ae76-a2cddecff054 |
| tenant_id | 6fbe9263116a4b68818cf1edce16bc4f |
+------------------+--------------------------------------------------+
此时,DHCP agent就会在所在的节点上,在dhcp namespace内,添加一个地址169.254.169.254,并启动metadata namespace proxy监听TCP的80端口。
root@network232:~# ip netns | grep qdhcp
qdhcp-9daeac7c-a98f-430f-8e38-67f9c044e299
qdhcp-3d42a0d4-a980-4613-ae76-a2cddecff054
root@network232:~# ip netns exec qdhcp-3d42a0d4-a980-4613-ae76-a2cddecff054 ip -4 a
11: tap332ce137-ec: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
inet 10.1.1.3/24 brd 10.1.1.255 scope global tap332ce137-ec
inet 10.0.0.2/24 brd 10.0.0.255 scope global tap332ce137-ec
14: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
21: tap21b5c483-84: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
inet 10.1.1.3/24 brd 10.1.1.255 scope global tap21b5c483-84
inet 169.254.169.254/16 brd 169.254.255.255 scope global tap21b5c483-84
inet 10.0.10.2/24 brd 10.0.10.255 scope global tap21b5c483-84
inet 10.0.2.2/24 brd 10.0.2.255 scope global tap21b5c483-84
inet 172.17.17.1/24 brd 172.17.17.255 scope global tap21b5c483-84
root@network232:~# ip netns exec qdhcp-3d42a0d4-a980-4613-ae76-a2cddecff054 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap332ce137-ec
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 tap21b5c483-84
10.0.10.0 0.0.0.0 255.255.255.0 U 0 0 0 tap21b5c483-84
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tap332ce137-ec
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tap21b5c483-84
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap21b5c483-84
172.17.17.0 0.0.0.0 255.255.255.0 U 0 0 0 tap21b5c483-84
root@network232:~# ip netns exec qdhcp-3d42a0d4-a980-4613-ae76-a2cddecff054 netstat -4 -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7035/python
tcp 0 0 10.1.1.3:53 0.0.0.0:* LISTEN 14592/dnsmasq
tcp 0 0 169.254.169.254:53 0.0.0.0:* LISTEN 14592/dnsmasq
tcp 0 0 10.0.10.2:53 0.0.0.0:* LISTEN 14592/dnsmasq
tcp 0 0 10.0.2.2:53 0.0.0.0:* LISTEN 14592/dnsmasq
tcp 0 0 172.17.17.1:53 0.0.0.0:* LISTEN 14592/dnsmasq
root@network232:~# ps -f --pid 7035 | fold -s -w 82
UID PID PPID C STIME TTY TIME CMD
root 7035 1 0 Jun17 ? 00:00:00 python
/usr/bin/quantum-ns-metadata-proxy
--pid_file=/var/lib/quantum/external/pids/3d42a0d4-a980-4613-ae76-a2cddecff054.pid
--network_id=3d42a0d4-a980-4613-ae76-a2cddecff054 --state_path=/var/lib/quantum
--metadata_port=80 --debug --verbose
--log-file=quantum-ns-metadata-proxy3d42a0d4-a980-4613-ae76-a2cddecff054.log
--log-dir=/var/log/quantum
root@network232:~# ps -f --pid 14592 | fold -s -w 82
UID PID PPID C STIME TTY TIME CMD
nobody 14592 1 0 15:34 ? 00:00:00 dnsmasq --no-hosts --no-resolv
--strict-order --bind-interfaces --interface=tap21b5c483-84 --except-interface=lo
--pid-file=/var/lib/quantum/dhcp/3d42a0d4-a980-4613-ae76-a2cddecff054/pid
--dhcp-hostsfile=/var/lib/quantum/dhcp/3d42a0d4-a980-4613-ae76-a2cddecff054/host
--dhcp-optsfile=/var/lib/quantum/dhcp/3d42a0d4-a980-4613-ae76-a2cddecff054/opts
--dhcp-script=/usr/bin/quantum-dhcp-agent-dnsmasq-lease-update --leasefile-ro
--dhcp-range=set:tag0,10.0.2.0,static,120s
--dhcp-range=set:tag1,172.17.17.0,static,120s
--dhcp-range=set:tag2,10.0.10.0,static,120s
--dhcp-range=set:tag3,10.1.1.0,static,120s --conf-file= --domain=openstacklocal
root@network232:~# cat /var/lib/quantum/dhcp/3d42a0d4-a980-4613-ae76-a2cddecff054/opts
tag:tag0,option:router,10.0.2.1
tag:tag1,option:classless-static-route,169.254.169.254/32,172.17.17.1
tag:tag1,option:router
tag:tag2,option:dns-server,8.8.8.7,8.8.8.8
tag:tag2,option:router,10.0.10.1
tag:tag3,option:dns-server,8.8.8.7,8.8.8.8
tag:tag3,option:router,10.1.1.1
当DHCP客户端请求DHCP option 121时,就会收到静态路由的配置信息,在虚拟机上其实就会执行:
ip route add 169.254.169.254/32 via 172.17.17.1
(需要注意的是,cirros镜像不会发送dhcp option 121请求)
当虚拟机内有该条静态路由后,到169.254.169.254:80的请求,就会发送到network node上dhcp namespace里的metadata nameserver proxy,proxy就会为消息添加X-Quantum-Network-ID和X-Forwarded-For头部,分别表示network-id和instance-id,然后通过Unix domain socket发送给quantum-metadata-agent,然后的流程就可以参考前一篇blog了。