Public bug reported: The metadata-api still loads pieces of nova-network even when using neutron=True.
Specifically, it is still loading linuxnet_interface_driver and it is adding in ACCEPT rules with iptables to allow the metadata port. While this may make sense with nova-network, it doesn't make sense for an api to be messing with iptables. Since neutron uses metadata-api through its proxy, it cannot be said that the metadata-api is purely a nova-network thing. The MetadataManager class that is loaded makes note of the fact that all the class does is add that ACCEPT rule [0]. Previously in Newton I was able to work around this by overriding the MetadataManager class with 'nova.manager.Manager', that that option was removed in Ocata [1]. Now the 'nova.api.manager.MetadataManager' name is hardcoded [2] and requires modifying nova source. TL;DR when using the metadata-api, bits of nova-network are still loaded when they shouldn't be. [0] https://github.com/openstack/nova/blob/4f91ed3a547965ed96a22520edcfb783e7936e95/nova/api/manager.py#L24 [1] https://github.com/openstack/nova/blob/stable/newton/nova/conf/service.py#L51 [2] https://github.com/openstack/nova/blob/065cd6a8d69c1ec862e5b402a3150131f35b2420/nova/service.py#L60 ** Affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1687187 Title: metadata-api requires iptables-save/restore Status in OpenStack Compute (nova): New Bug description: The metadata-api still loads pieces of nova-network even when using neutron=True. Specifically, it is still loading linuxnet_interface_driver and it is adding in ACCEPT rules with iptables to allow the metadata port. While this may make sense with nova-network, it doesn't make sense for an api to be messing with iptables. Since neutron uses metadata-api through its proxy, it cannot be said that the metadata-api is purely a nova-network thing. The MetadataManager class that is loaded makes note of the fact that all the class does is add that ACCEPT rule [0]. Previously in Newton I was able to work around this by overriding the MetadataManager class with 'nova.manager.Manager', that that option was removed in Ocata [1]. Now the 'nova.api.manager.MetadataManager' name is hardcoded [2] and requires modifying nova source. TL;DR when using the metadata-api, bits of nova-network are still loaded when they shouldn't be. [0] https://github.com/openstack/nova/blob/4f91ed3a547965ed96a22520edcfb783e7936e95/nova/api/manager.py#L24 [1] https://github.com/openstack/nova/blob/stable/newton/nova/conf/service.py#L51 [2] https://github.com/openstack/nova/blob/065cd6a8d69c1ec862e5b402a3150131f35b2420/nova/service.py#L60 To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1687187/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
