Userdata to display static NAT as public ip instead of VR ip#3862
Conversation
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✖centos6 ✔centos7 ✔debian. JID-745 |
DaanHoogland
left a comment
DaanHoogland
left a comment
There was a problem hiding this comment.
@ravening this looks great, thanks. Can we rebase this on 4.13, please?
|
if @ravening does decide to change to 4.13, we can change the milestone to 4.13.1 @DaanHoogland - it's not exactly a bug fix is it? |
|
It is marked as a bug and could be considered so by a user that has a static address assigned. The want to be visible by that address in the outside world, @rhtyd . |
|
@ravening cc @weizhouapache - can you explain how the user-data would be used by the user VM? Could that cause regressions for VMs which were previously expecting the VR/gateway public IP instead? |
|
When static nat is configured for a VM - then it actually shows it's IP address clearly, so this is in line with the fix I believe: |
andrijapanicsb
changed the title
|
@blueorangutan test |
|
@andrijapanicsb a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-929)
|
|
@blueorangutan test |
|
@andrijapanicsb a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✖centos6 ✖centos7 ✔debian. JID-818 |
If VM's dont have static NAT enabled, it will still display VR gateway as public ip. Only when static NAT is enabled, it will display static NAT as public ip. I guess that should be the expected behavior and shouldnt break regression |
ravening
force-pushed
the
display_static_nat
branch
from
20cc832 to
b131cf1
Compare
|
will test once I'm available for the sake of "somebody else tested as well" thx. |
|
@blueorangutan test |
|
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-1024)
|
|
Can anyone confirm manual testing? Are we breaking any compatibility? |
|
@wido @GabrielBrascher Are using this kind of configuration? @pdion891 @swill ? @rhtyd I don't see any related error in that report from the blue ape. I am fine with merging. |
|
testing it now |
|
Tested fine, except for a single issue I noticed (might not be related, but it also might)
The issue has something to do with IPtables and the way we (don't) clean those rules properly, see the image below. @weizhouapache if you think this is not related to the PR, then we can move forward with this one (and this is kind of edge case, you are usually supposed to disable Static NAT, but again - a valid issue anyway)
|
@andrijapanicsb thanks for testing ! |
If static nat is enabled on VM then metadata service should return the static nat instead of gateway IP. If static not is not enabled then it should return the gateway IP as the public IP Test results: Step to reproduce: 1. Create a vm 2. Ssh to vm. 3. Run the below command inside the vm wget http://<VR public ip>/latest/meta-data/public-ipv4 Note down the output of the above command 4. Now acquire a new public and enable static NAT on that IP to this vm 5. Now run the same command mentioned above in the VM This should display the static NAT ip instead of VR public IP Output: Before enabling static nat wget http://10.10.10.40/latest/meta-data/public-ipv4 $ cat public-ipv4 10.10.10.29 After enabling static nat wget http://10.10.10.40/latest/meta-data/public-ipv4 $ cat public-ipv4 10.11.10.30
ravening
force-pushed
the
display_static_nat
branch
from
b131cf1 to
bef2f53
Compare
@andrijapanicsb Thanks for testing. I have updated the commit. Can you please test it again and let me know if you face any issues? |
|
@ravening the new commits is not related to the issue @andrijapanicsb reported. |
@weizhouapache tested the steps which @andrijapanicsb mentioned above. |
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✖centos6 ✔centos7 ✔debian. JID-971 |
|
@blueorangutan test |
|
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-1149)
|
|
@andrijapanicsb can you re-test? |
yadvr
left a comment
yadvr
left a comment
There was a problem hiding this comment.
LGTM, last smoketest LGTM - kindly test and then merge @andrijapanicsb
|
@andrijapanicsb can you re-test? |
|
incoming... |
andrijapanicsb
left a comment
andrijapanicsb
left a comment
There was a problem hiding this comment.
LGTM based on manual testing (both VPC and Isolated network) - last issues were fixed and all looks good (also validated real remote connections as seen by the outer world - not just the metadata)
Also tested (on Isolated only) with IPs from an additional Public IP range (different VLAN), and all good.
|
Merging based on 3 x LGTMs/Approvals and extensive manual testing, and passing regression tests. |
8 participants
Description
If static nat is enabled on VM then metadata service should return
the static nat instead of gateway IP.
If static not is not enabled then it should return the gateway IP
as the public IP
Types of changes
Screenshots (if appropriate):
How Has This Been Tested?
Step to reproduce:
Create a vm
Ssh to vm.
Run the below command inside the vm
wget http://<VR public ip>/latest/meta-data/public-ipv4
Note down the output of the above command
Now acquire a new public and enable static NAT on that IP to this vm
Now run the same command mentioned above in the VM
This should display the static NAT ip instead of VR public IP
Output:
Before enabling static nat
wget http://10.10.10.40/latest/meta-data/public-ipv4
$ cat public-ipv4
10.10.10.29
After enabling static nat
wget http://10.10.10.40/latest/meta-data/public-ipv4
$ cat public-ipv4
10.11.10.30