Reach MetaData service over IPv6 #856
Conversation
Changes the logic to how the MetaData is reached. New implementation follows the logic below: - Config-drive - IPv6 over HTTPS - IPv6 over HTTP - IPv4 over HTTPS - IPv4 over HTTP - Report an error
|
Thanks for your PR,
To skip the vendors CIs, Maintainers can use one of:
|
pkg/platforms/openstack/openstack.go
Outdated
| metaData, networkData, err = getOpenstackDataFromMetadataService() | ||
| if err != nil { | ||
| return metaData, networkData, fmt.Errorf("GetOpenStackData(): error getting OpenStack data: %w", err) | ||
| // Attempt to reach MetaData over IPv6 then over IPv4 for both HTTPS and HTTP |
There was a problem hiding this comment.
I believe most of the deployments will be IPv4, so maybe we should try IPv4 first and if it fails, we try IPv6.
There was a problem hiding this comment.
Okay i changed the logic to firstly check IPv4 then IPv6
pkg/platforms/openstack/openstack.go
Outdated
| // Attempt to reach MetaData over IPv6 then over IPv4 for both HTTPS and HTTP | ||
| reachedMetaData := false | ||
| for i, baseURL := range ospBaseURLS { | ||
| isIPv6 := i == 0 |
There was a problem hiding this comment.
One idea: maybe we could remove the usage of a loop given the only possible addresses are either IPv4 or IPv6 and that list won't grow.
There was a problem hiding this comment.
I agree a loop is not necessary but I prefer using one because it allows us to exit as soon as we find the first address that can reach the metadata gracefully.
| } | ||
|
|
||
| for _, intf := range interfaces { | ||
| if intf.Flags&network.FlagUp != 0 && intf.Flags&network.FlagLoopback == 0 { |
There was a problem hiding this comment.
We should check if there is at least one IPv6 address defined in the interface to be used
There was a problem hiding this comment.
Okay i added this check thanks for the feedback
- Changed the order to check IPv4 first - Added a check to make sure there is at least one IPv6 address defined in the interface.
Pull Request Test Coverage Report for Build 13856261115Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
| encodedSign := "%25" | ||
| port := "80" | ||
| if isIPv6 { | ||
| urls = append(urls, ospHTTPS+"["+baseURL+encodedSign+activeInterface+"]:"+port) |
There was a problem hiding this comment.
Hi question can you please explain why we need the interface name here?
base on this we can just send a request to the ipv6 address and it should be good no?
https://specs.openstack.org/openstack/neutron-specs/specs/ussuri/metadata-add-ipv6-support.html
|
Can one of the admins verify this patch? |
5 participants
The current implementation accesses the MetaData service exclusively over HTTP IPv4. If this attempt fails, a fatal error is thrown.
The new implementation follows the below logic:
- Config-drive
- IPv6 over HTTPS
- IPv6 over HTTP
- IPv4 over HTTPS
- IPv4 over HTTP
- Fatal error