The Compute service uses a special metadata service to enable virtual machine
instances to retrieve instance-specific data. Instances access the metadata service at
http://169.254.169.254. For example, instances retrieve the
public SSH key (identified by keypair name when a user requests a new instance) by
making a GET request
to:
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
Instances also retrieve user data (passed as the user_data
parameter in the API call or by the --user_data flag in the
nova boot command) through the metadata service, by making a GET
request
to:
http://169.254.169.254/latest/user-data
The Compute metadata service is compatible with the Amazon EC2 metadata service; virtual machine images that are designed for EC2 will work properly with OpenStack.
The metadata service is implemented by either the nova-api service or the nova-api-metadata service. (The nova-api-metadata service is generally only used when running in
multi-host mode, see the section titled Existing High Availability Options for Networking for details). If you are
running the nova-api service, you must have
metadata as one of the elements of the list of the
enabled_apis configuration option in
/etc/nova/nova.conf. The default
enabled_apis configuration setting includes the metadata service,
so you should not need to modify it.
To allow instances to reach the metadata service, the nova-network service will configure iptables to NAT port
80 of the 169.254.169.254 address to the IP
address specified in metadata_host (default
$my_ip, which is the IP address of the nova-network service) and port specified in
metadata_port (default 8775) in
/etc/nova/nova.conf.
![[Warning]](../common/images/admon/warning.png) | Warning |
|---|---|
The |
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
The default Compute service settings assume that the Set the |
