<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi Tobias,<br><br>I would say that the NAT method will not work if both the metadata-server and the instances are on the same IP network.<br><br>You can try to do the following:<br><br>- On your router, add a new IP to the VLAN => 169.254.169.253/30<br>- On the metadata-server, add the IP 169.254.169.254/30 to the interface<br>- Edit the /etc/one/metadata.conf to listen on 169.254.169.254, and port 80<br>- Make sure your router forwards packets from your instance network to this network<br><br>To ensure metadata server is working fine, before making the changes, just change the IP address and port on the ec2-metadata script to the real ip and port of the server, and check if it returns any value.<br><br>Regards,<br>Ricardo Duarte<br><br><div>> Date: Wed, 23 Oct 2013 09:12:28 +0200<br>> From: tobias@tobru.ch<br>> To: rjtd21@hotmail.com<br>> CC: users@lists.opennebula.org<br>> Subject: RE: [one-users] Ubuntu Cloud Images<br>> <br>> Hi,<br>> <br>> Thanks for the explanation.<br>> <br>> The Ubuntu Saucy Cloud image works out of the box without the metadata <br>> server. Cloud-init 0.7.3 is compatible with the OpenNebula <br>> contextualization system [1].<br>> <br>> But I'm trying to get the metadata server working anyway. The problem <br>> I'm facing is how I can make the IP 169.254.169.254 reachable... I've <br>> tried a NAT rule on the router, after that the connection was made to <br>> the metadata server, but never reached the VM back (both the VM and the <br>> metadata server are in the same VLAN). With tcpdump I saw that the <br>> packets reached the VM back but with a different source IP which <br>> confused curl.<br>> Now I'd like to do it with iptables, which I think is far more better <br>> than to rely on the router... I'm using Open vSwitch on the hosts and <br>> couldn't get the iptables rule described on [2] matching any packet <br>> flowing out of the VM. Is iptables compatible with Open vSwitch? Or has <br>> the NAT rule to be done with Open vSwitch tools? If yes, how?<br>> <br>> Cheers,<br>> Tobias<br>> <br>> [1] <br>> http://cloudinit.readthedocs.org/en/latest/topics/datasources.html#opennebula<br>> [2] https://bitbucket.org/ricardoduarte/opennebula-metadata<br>> <br>> On 21.10.2013 10:23, Ricardo Duarte wrote:<br>> > Hi there,<br>> > <br>> > The image will default to 169.254.169.254 IP address.<br>> > You either NAT it to the metadata server on your router, or redirect<br>> > it to the metadata server with IPtables on each host.<br>> > Please have a look at the "REDIRECT TO 169.254.169.254:80" section on<br>> > [1].<br>> > This will make everything (cloud-init, byobu, etc) work as if it was<br>> > running on EC2.<br>> > <br>> > You can try to set a instance-data DNS record, pointing to the<br>> > metadata-server, as some images also try to reach that if<br>> > 169.254.169.254 fails.<br>> > But be aware it will not work for every image.<br>> > <br>> > For the serial port I use the following, and it works:<br>> > <br>> > RAW = [ DATA="<devices><serial type='pty'><target<br>> > port='0'/></serial></devices>", TYPE="kvm" ]<br>> > <br>> > It looks similiar to yours, so I don't know what can be wrong,<br>> > <br>> > [1] https://bitbucket.org/ricardoduarte/opennebula-metadata<br>> > <br>> > Regards,<br>> > Ricardo Duarte<br>> <br></div> </div></body>
</html>