On 01/21/2015 02:29 PM, Xavier León wrote: > On Tue, Jan 20, 2015 at 10:32 PM, Brian Haley <brian.ha...@hp.com> wrote: >> On 01/20/2015 09:20 AM, Xavier León wrote: >>> Hi all, >>> >>> we've been doing some tests with openstack kilo and found >>> out a problem: iptables routes are not being injected to the >>> router namespace. >>> >>> Scenario: >>> - a private network NOT connected to the outside world. >>> - a router with only one interface connected to the private network. >>> - a vm instance connected to the private network as well. <snip> >> Are you sure the l3-agent is running? You should have seen wrapped rules >> from >> it in most of these tables, for example: >> >> # Generated by iptables-save v1.4.21 on Tue Jan 20 16:29:19 2015 >> *filter >> :INPUT ACCEPT [34:10882] >> :FORWARD ACCEPT [0:0] >> :OUTPUT ACCEPT [1:84] >> :neutron-filter-top - [0:0] >> :neutron-l3-agent-FORWARD - [0:0] >> :neutron-l3-agent-INPUT - [0:0] >> :neutron-l3-agent-OUTPUT - [0:0] >> :neutron-l3-agent-local - [0:0] >> [...] > > Yes, the l3-agent is up and running. I see these rules when executing > the same test in juno but not in kilo. FYI, it's a all-in-one devstack > deployment. > >> >> I would check the log files for any errors. > > There are no errors in the logs. > > After digging a bit more, we have seen that setting the config value > of enable_isolated_metadata to True (default: False) in dhcp_agent.ini > solves the problem in our scenario. > However, this change in configuration was not necessary before (our > tests passed in juno for that matter with that setting to False). So > we were wondering if there has been a change in how the metadata > service is accessed in such scenarios, a new issue because of the l3 > agent refactoring or any other problem in our setup we haven't > narrowed yet.
There have been some changes recently in the code, perhaps: https://review.openstack.org/#/c/135467/ Or just look at some of the other recent changes in the repository? -Brian __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev