Metadata Agent

Liberty - Liberty - Liberty - Liberty - Liberty - Liberty - Liberty - Liberty -

Use the following options in the metadata_agent.ini file for the Metadata agent.

Table 10.76. Description of metadata configuration options
Configuration option = Default value	Description
[DEFAULT]
`metadata_access_mark` = `0x1`	(StrOpt) Iptables mangle mark used to mark metadata valid requests. This mark will be masked with 0xffff so that only the lower 16 bits will be used.
`metadata_backlog` = `4096`	(IntOpt) Number of backlog requests to configure the metadata server socket with
`metadata_port` = `9697`	(IntOpt) TCP Port used by Neutron metadata namespace proxy.
`metadata_proxy_group` =	(StrOpt) Group (gid or name) running metadata proxy after its initialization (if empty: agent effective group).
`metadata_proxy_shared_secret` =	(StrOpt) Shared secret to sign instance-id request
`metadata_proxy_socket` = `$state_path/metadata_proxy`	(StrOpt) Location for Metadata Proxy UNIX domain socket.
`metadata_proxy_socket_mode` = `deduce`	(StrOpt) Metadata Proxy UNIX domain socket mode, 4 values allowed: 'deduce': deduce mode from metadata_proxy_user/group values, 'user': set metadata proxy socket mode to 0o644, to use when metadata_proxy_user is agent effective user or root, 'group': set metadata proxy socket mode to 0o664, to use when metadata_proxy_group is agent effective group or root, 'all': set metadata proxy socket mode to 0o666, to use otherwise.
`metadata_proxy_user` =	(StrOpt) User (uid or name) running metadata proxy after its initialization (if empty: agent effective user).
`metadata_proxy_watch_log` = `None`	(BoolOpt) Enable/Disable log watch by metadata proxy. It should be disabled when metadata_proxy_user/group is not allowed to read/write its log file and copytruncate logrotate option must be used if logrotate is enabled on metadata proxy log files. Option default value is deduced from metadata_proxy_user: watch log is enabled if metadata_proxy_user is agent effective user id/name.
`metadata_workers` = `1`	(IntOpt) Number of separate worker processes for metadata server (defaults to half of the number of CPUs)
`nova_metadata_insecure` = `False`	(BoolOpt) Allow to perform insecure SSL (https) requests to nova metadata
`nova_metadata_ip` = `127.0.0.1`	(StrOpt) IP address used by Nova metadata server.
`nova_metadata_port` = `8775`	(IntOpt) TCP Port used by Nova metadata server.
`nova_metadata_protocol` = `http`	(StrOpt) Protocol to access nova metadata, http or https

	Note
Previously, neutron metadata agent connected to a neutron server via REST API using a neutron client. This is ineffective because keystone is then fully involved into the authentication process and gets overloaded. The neutron metadata agent has been reworked to use RPC by default to connect to a server since Kilo release. This is a typical way of interacting between neutron server and its agents. If neutron server does not support metadata RPC then neutron client will be used.

Note

Previously, neutron metadata agent connected to a neutron server via REST API using a neutron client. This is ineffective because keystone is then fully involved into the authentication process and gets overloaded.

The neutron metadata agent has been reworked to use RPC by default to connect to a server since Kilo release. This is a typical way of interacting between neutron server and its agents. If neutron server does not support metadata RPC then neutron client will be used.

	Warning
	Do not run the `neutron-ns-metadata-proxy` proxy namespace as root on a node with the L3 agent running. In OpenStack Kilo and newer, you can change the permissions of `neutron-ns-metadata-proxy` after the proxy installation using the `metadata_proxy_user` and `metadata_proxy_group` options.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

Legal notices