On 24-Oct-2013, at 9:21 pm, Darren Shepherd <darren.s.sheph...@gmail.com> wrote:
> So additionally you need to do > > ip addr add dev eth0 169.254.169.254/0 Thanks Kris and Darren. Thats very useful information. The reason I ask is currently there is a bit of heuristics involved in obtaining the meta data server IP from the DHCP lease files. Scripts are not portable across different OSes and distribution as they use different DHCP clients. Having a consistent well known meta data server IP 169.254.169.254 would be nice. :) > > On Thu, Oct 24, 2013 at 8:29 AM, Kris G. Lindgren <klindg...@godaddy.com> > wrote: >> You would also need to supernet 169.254.169.254 on the virtual router >> (assigning it as 169.254.169.254 netmask 0.0.0.0 on eth0) that way it will >> still arp to servers that are calling it that have real ip addresses. >> >> Additionally we had some other iptables rules in there that would change >> the the ip address of the incoming request to metadata based upon the mac >> address that was hitting it. This was to prevent spoofing of another vm's >> IP and getting someone else's metadata (at least in our metadata >> implementation we keyed off of the VM IP calling into metadata). This >> also allowed a user to set whatever ipaddress they wanted, but as long as >> the mac address was the same and they still had a zeroconfig route on the >> VM, they still got only their metadata. >> ____________________________________________ >> >> Kris Lindgren >> Senior Linux Systems Engineer >> GoDaddy, LLC. >> >> >> This email message and any attachment(s) hereto are intended for use only >> by its intended recipient(s) and may contain confidential information. If >> you have received this email in error, please immediately notify the >> sender and permanently delete the original and any copy of this message >> and its attachments. >> >> >> >> >> >> >> >> On 10/24/13 9:12 AM, "Darren Shepherd" <darren.s.sheph...@gmail.com> wrote: >> >>> My guess, I don't really know, would be because its hard. The VR uses >>> link local for the control network so 169.254/16 is bound to the wrong >>> nic. To fix this you just need some ip routing magic in linux (credit >>> goes to Kris Lindgren who showed me how to do this). Add the below to >>> a file, substitute eth0 for the guest network nic, run "ip -b <FILE>" >>> The below effectively creates a routing table dedicated to the IP >>> 169.254.169.254 that sets it default route to go out the guest network >>> nic. >>> >>> rule add from 169.254.169.254 table 70 >>> rule add to 169.254.169.254 dev eth0 table 70 >>> route flush table 70 >>> route add default dev eth0 src 169.254.169.254 table 70 >>> route flush cache >>> >>> Darren >>> >>> On Thu, Oct 24, 2013 at 6:10 AM, Shanker Balan >>> <shanker.ba...@shapeblue.com> wrote: >>>> Hi Guys, >>>> >>>> CloudStack metadata services are on the default gateway while on EC2, >>>> its at 169.254.169.254. Am curious to know why CloudStack does not >>>> use a link local address for meta data services. >>>> >>>> A search of the Wiki >>>> (https://cwiki.apache.org/confluence/dosearchsite.action?where=CLOUDSTACK >>>> &tooltip=Type+ALL%3A+in+your+query+to+search+all+of+Confluence&spaceSearc >>>> h=true&queryString=metadata) didnĀ¹t seem to list any doc related to the >>>> design of this service. >>>> >>>> TIA. >>>> >>>> -- >>>> @shankerbalan >>>> >>>> M: +91 98860 60539 | O: +91 (80) 67935867 >>>> shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue >>>> ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade >>>> Centre, Bangalore - 560 055 >>>> >>>> CloudStack Bootcamp Training on 27/28 November, Bangalore >>>> http://www.shapeblue.com/cloudstack-training/ >>>> >>>> >>>> >>>> >>>> This email and any attachments to it may be confidential and are >>>> intended solely for the use of the individual to whom it is addressed. >>>> Any views or opinions expressed are solely those of the author and do >>>> not necessarily represent those of Shape Blue Ltd or related companies. >>>> If you are not the intended recipient of this email, you must neither >>>> take any action based upon its contents, nor copy or show it to anyone. >>>> Please contact the sender if you believe you have received this email in >>>> error. Shape Blue Ltd is a company incorporated in England & Wales. >>>> ShapeBlue Services India LLP is a company incorporated in India and is >>>> operated under license from Shape Blue Ltd. Shape Blue Brasil >>>> Consultoria Ltda is a company incorporated in Brasil and is operated >>>> under license from Shape Blue Ltd. ShapeBlue is a registered trademark. -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 CloudStack Bootcamp Training on 27/28 November, Bangalore http://www.shapeblue.com/cloudstack-training/ This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
