Knowledge Base
2025.10
GENERIC
Networking
Storage
Compute
Designate
Orchestration
Self-Hosted
Install
UPGRADE
Monitoring
Add-Ons
Powered By
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
VMs Unable to Retrieve Metadata From Cloud-Init
Copy Markdown
Open in ChatGPT
Open in Claude
Problem
Virtual machines in a specific subnet fail to reach metadata service on 169.254.169.254. As a result, cloud-init did not apply user-data configurations such as password injection.
Environment
- Private Cloud Director Virtualization - v2025.4 and Higher
- Private Cloud Director Kubernetes – v2025.4 and Higher
- Self-Hosted Private Cloud Director Virtualization - v2025.4 and Higher
- Self-Hosted Private Cloud Director Kubernetes - v2025.4 and Higher
- Component:
- Networking ( Neutron/OVN)
Cause
The root cause of the issue is a missing network namespace used for metadata routing. This network namespace is critical for OVN to route metadata requests from VMs to the metadata proxy service.
Diagnostics
- VMs failed to reach
169.254.169.254viapingorcurl. - Gateway IP was also unreachable from within the instance.
ip netns lscommand on impacted hosts showed no namespaces.- Found no distributed Neutron port on the host.
pf9-neutron-ovn-metadata-agentservice was confirmed to be listening on port8775.
Resolution
- Check if a distributed neutron port exists for the network:
command
xxxxxxxxxx$ openstack port list --network <NETWORK_ID> --device-owner network:distributed #sample output:+--------------+-------------+---------------+-----------------------------------------------------+--------+| ID | Name | MAC Address | Fixed IP Addresses | Status |+--------------+-------------+---------------+-----------------------------------------------------+--------+| [PORT_UUID] | [PORT_NAME] | [MAC_ADDRESS] | ip_address='[IP_ADDRESS]', subnet_id='[SUBNET_UUID]'| DOWN |+--------------+-------------+---------------+-----------------------------------------------------+--------+- If the distributed Neutron port is present, proceed to Step 3. If it is missing, manually create the distributed Neutron port using the command:
Command
$ openstack port create --network <NETWORK_ID> \ --fixed-ip subnet=<SUBNET_ID>,ip-address=<IP_ADDRESS>\ --device-owner network:distributed \ metadata-proxy-port-<IP_ADDRESS> +-------------------------+-----------------------------------------------------+| Field | Value | +-------------------------+-----------------------------------------------------+| admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | | | binding_profile | | | binding_vif_details | | | binding_vif_type | unbound | | binding_vnic_type | normal | | data_plane_status | None | | device_id | | | device_owner | network:distributed || device_profile | None | | extra_dhcp_opts | || . | || fixed_ips | ip_address='[IP-Address]', subnet_id='[subnet-id]' | |. | || hardware_offload_type | None || security_group_ids | || status | DOWN |+-------------------------+-----------------------------------------------------+The [IP-Address] is any free IP Address available in the DHCP pool of the subnet.
- Restart pf9-neutron-ovn-metadata-agent on all impacted compute nodes.
Affected Host
xxxxxxxxxx$ sudo systemctl restart pf9-neutron-ovn-metadata-agent- Verify that ip netns ls showed namespaces post-restart.
Affected Host
xxxxxxxxxx$ ip netns listovnmeta-[ovnnetns-id-1] (id: 0)- Re-test metadata access from inside VMs using curl.
- Spawn a new VM with Ubuntu image and confirm that cloud-init correctly applied the configured password and user-data.
Cirros OS image do not have cloud init service for handling the user data injection. Use image with cloud init service ex: Ubuntu or Rocky Linux for validation
Validation
- From within the VM, below curl command returns the expected user-data content :
Getting meta_data within the VM
$ curl http://169.254.169.254/openstack/latest/meta_data.json{"uuid":"[UUID]", availability_zone":"[AZ]", "hostname":"[hostname]", "name": "[name]","launch_index": 0, "random_seed": "[random-id]", "devices":[], "dedicated_cpus":[]}Getting user_data within the VM
xxxxxxxxxx$ curl http://169.254.169.254/openstack/latest/user_data#cloud-configpassword: [Password] chpasswd: { expire: False }ssh_pwauth: Truemanage_etc_hosts: true runcmd:- ['sh' , '-c', 'echo "Hello World" › /tmp/helloworld.txt' ]- Cloud-init logs inside the Ubuntu VM (/var/log/cloud-init.log) confirmed successful metadata retrieval and password configuration.
- VM SSH access was successful using credentials configured via user-data.
Additional Information
- In OVN-based OpenStack environments, the distributed metadata port must be explicitly present for each subnet requiring metadata access.
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Last updated on
Was this page helpful?
Next to read:
Unable to Create Virtualized Clusternull
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message