Atom feed of this document
Kilo -  Kilo -  Kilo -  Kilo -  Kilo -  Kilo -  Kilo -  Kilo - 

 Metadata Agent

Use the following options in the metadata_agent.ini file for the Metadata agent.

Table 9.57. Description of metadata configuration options
Configuration option = Default value Description
meta_flavor_driver_mappings = None (StrOpt) Mapping between flavor and LinuxInterfaceDriver. It is specific to MetaInterfaceDriver used with admin_user, admin_password, admin_tenant_name, admin_url, auth_strategy, auth_region and endpoint_type.
metadata_access_mark = 0x1 (StrOpt) Iptables mangle mark used to mark metadata valid requests
metadata_backlog = 4096 (IntOpt) Number of backlog requests to configure the metadata server socket with
metadata_port = 9697 (IntOpt) TCP Port used by Neutron metadata namespace proxy.
metadata_proxy_group = (StrOpt) Group (gid or name) running metadata proxy after its initialization (if empty: agent effective group).
metadata_proxy_shared_secret = (StrOpt) Shared secret to sign instance-id request
metadata_proxy_socket = $state_path/metadata_proxy (StrOpt) Location for Metadata Proxy UNIX domain socket.
metadata_proxy_socket_mode = deduce (StrOpt) Metadata Proxy UNIX domain socket mode, 3 values allowed: 'deduce': deduce mode from metadata_proxy_user/group values, 'user': set metadata proxy socket mode to 0o644, to use when metadata_proxy_user is agent effective user or root, 'group': set metadata proxy socket mode to 0o664, to use when metadata_proxy_group is agent effective group or root, 'all': set metadata proxy socket mode to 0o666, to use otherwise.
metadata_proxy_user = (StrOpt) User (uid or name) running metadata proxy after its initialization (if empty: agent effective user).
metadata_proxy_watch_log = None (BoolOpt) Enable/Disable log watch by metadata proxy. It should be disabled when metadata_proxy_user/group is not allowed to read/write its log file and copytruncate logrotate option must be used if logrotate is enabled on metadata proxy log files. Option default value is deduced from metadata_proxy_user: watch log is enabled if metadata_proxy_user is agent effective user id/name.
metadata_workers = 2 (IntOpt) Number of separate worker processes for metadata server
nova_metadata_insecure = False (BoolOpt) Allow to perform insecure SSL (https) requests to nova metadata
nova_metadata_ip = (StrOpt) IP address used by Nova metadata server.
nova_metadata_port = 8775 (IntOpt) TCP Port used by Nova metadata server.
nova_metadata_protocol = http (StrOpt) Protocol to access nova metadata, http or https


Previously, neutron metadata agent connected to a neutron server via REST API using a neutron client. This is ineffective because keystone is then fully involved into the authentication process and gets overloaded.

The neutron metadata agent has been reworked to use RPC by default to connect to a server since Kilo release. This is a typical way of interacting between neutron server and its agents. If neutron server does not support metadata RPC then neutron client will be used.


Do not run the neutron-ns-metadata-proxy proxy namespace as root on a node with the L3 agent running. In OpenStack Kilo and newer, you can change the permissions of neutron-ns-metadata-proxy after the proxy installation using the metadata_proxy_user and metadata_proxy_group options.

Questions? Discuss on
Found an error? Report a bug against this page

loading table of contents...