Re-add missing iptables rule for metadata service

In patch [1] there were some lines that were missed out. Specifically an iptables rule and a cleanup line. This patch re-adds the rule and cleanup code. [1] https://review.openstack.org/#/c/583878/ Change-Id: I32045f60e205d59382ef3d98f845c4c1c8bea37f Partial-Bug: #1781376
2018-08-07 11:07:38 +03:00 · 2018-08-07 11:07:38 +03:00 · 945b1e368c
parent 0f05fc13d7
commit 945b1e368c
2 changed files with 13 additions and 8 deletions
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -184,10 +184,10 @@ function configure_df_metadata_service {
        iniset $DRAGONFLOW_CONF df_metadata ip "$DF_METADATA_SERVICE_IP"
        iniset $DRAGONFLOW_CONF df_metadata port "$DF_METADATA_SERVICE_PORT"
        iniset $DRAGONFLOW_CONF df_metadata metadata_interface "$DF_METADATA_SERVICE_INTERFACE"
-	pushd $DRAGONFLOW_DIR
+        pushd $DRAGONFLOW_DIR
        # TODO(snapiri) When we add more switch backends, this should be conditional
-        tools/ovs_metadata_service_deployment.sh install $INTEGRATION_BRIDGE $DF_METADATA_SERVICE_INTERFACE $DF_METADATA_SERVICE_IP
-	popd
+        tools/ovs_metadata_service_deployment.sh install $INTEGRATION_BRIDGE $DF_METADATA_SERVICE_INTERFACE $DF_METADATA_SERVICE_IP $DF_METADATA_SERVICE_PORT
+        popd
    fi
 }

@ -507,10 +507,10 @@ function stop_df_metadata_agent {
    if is_service_enabled df-metadata ; then
        echo "Stopping Dragonflow metadata service"
        stop_process df-metadata
-	pushd $DRAGONFLOW_DIR
+        pushd $DRAGONFLOW_DIR
        # TODO(snapiri) When we add more switch backends, this should be conditional
        tools/ovs_metadata_service_deployment.sh remove $INTEGRATION_BRIDGE $DF_METADATA_SERVICE_INTERFACE
-	popd
+        popd
    fi
 }

--- a/tools/ovs_metadata_service_deployment.sh
+++ b/tools/ovs_metadata_service_deployment.sh
@ -3,14 +3,16 @@
 ACTION=$1; shift
 INTEGRATION_BRIDGE=${1:-"br-int"}; shift
 DF_METADATA_SERVICE_INTERFACE=${1:-"tap-metadata"}; shift
+METADATA_ROUTE_TABLE_ID=2

 function usage {
    cat>&2<<EOF
-        USAGE: $0 <action> [<integration-bridge>] [<interface>] [<IP>]
+        USAGE: $0 <action> [<integration-bridge>] [<interface>] [<IP>] [<port>]
        action - install / remove
        integration-bridge - name of the integration bridge (br-int)
        interface - name of the interface to add to the bridge (tap-metadata)
        IP - address to assign to the interface (169.254.169.254)
+        port - port to listen on (18080)
 EOF
 }

@ -22,15 +24,18 @@ fi
 case $ACTION in
    install)
        DF_METADATA_SERVICE_IP=${1:-"169.254.169.254"}; shift
+        DF_METADATA_SERVICE_PORT=${1:-18080}; shift

        sudo ovs-vsctl add-port $INTEGRATION_BRIDGE $DF_METADATA_SERVICE_INTERFACE -- set Interface $DF_METADATA_SERVICE_INTERFACE type=internal
        sudo ip addr add dev $DF_METADATA_SERVICE_INTERFACE $DF_METADATA_SERVICE_IP/0
        sudo ip link set dev $DF_METADATA_SERVICE_INTERFACE up
-        sudo ip route add 0.0.0.0/0 dev $DF_METADATA_SERVICE_INTERFACE table 2
-        sudo ip rule add from $DF_METADATA_SERVICE_IP table 2
+        sudo ip route add 0.0.0.0/0 dev $DF_METADATA_SERVICE_INTERFACE table ${METADATA_ROUTE_TABLE_ID}
+        sudo ip rule add from $DF_METADATA_SERVICE_IP table ${METADATA_ROUTE_TABLE_ID}
+        sudo iptables -I INPUT -i $INTEGRATION_BRIDGE -p tcp --dport ${DF_METADATA_SERVICE_PORT} -j ACCEPT
        ;;
    remove)
        sudo ovs-vsctl del-port $INTEGRATION_BRIDGE $DF_METADATA_SERVICE_INTERFACE
+        sudo ip rule del from $DF_METADATA_SERVICE_IP table ${METADATA_ROUTE_TABLE_ID}
        ;;
    *)
        usage