OpenStack Nova presents configuration information to instances it starts via a mechanism called metadata. This metadata is made available via metadata service. Services like cloud-init make use of this metadata to initialize and configure an instance on launch.
Beside metadata information in AWS compatible format, OpenStack additionally supports metadata in its own style. There are three different kinds of metadata which can be made available to the instance.
| Typ | Description |
|---|---|
| Nova (Compute) data | Structured data containing information about network, hostname, public-key, etc. |
| User data | The user has the ability to pass unstructured data like shell scripts, ... to the instance. |
| Vendor data | (Optional) The cloud provider can make vendor specific information (static or dynamic) available |
Vendor data can be static or dynamic or a mixture of both.
Querying the vendor_data2.json returns all available vendor data (static and dynamic) in a single json file.
> curl http://169.254.169.254/openstack/latest/vendor_data2.json | jq
>{
"denbi": [
{
"elixir_name": "XXXX",
"id": "...",
"name": "...",
"perun_id": "...",
"public_keys": [
"ecdsa-sha2-nistp256 AAAA...",
]
},
...
],
"nfdi": ...
}
Dynamic vendor data can be enabled and configured in the Nova API configuration. It is possible to configure more
than one endpoint. Different endpoints are distinguished by a unique prefix. The configuration example below configures
the two endpoints denbi and nfdi.
[api]
vendordata_providers=DynamicJSON
vendordata_dynamic_targets=denbi@http://localhost:9898,nfdi@http://localhost
Information like the project ID of the current instance is provided to each dynamic endpoint.
The nova_dynamic_vendordata service can be configured using a configuration file in yaml syntax. The configuration
is searched in $(pwd)/nova_dynamic_vendordata.yaml (preferred) and /etc/nova_dynamic_vendordata.yaml
The nova_dynamic_vendordata service needs access to the OpenStack API, therefore valid cloud credentials
must be passed to the service (using environment or clouds.yaml).
If the cloud option is set, the clouds.yaml configuration is used instead of environment variables.
The OpenStack CLI manpage gives an overview about supported and used environment variables.
clouds.yaml is a configuration file that contains everything needed to connect to one or more clouds.
It may contain private information and is generally considered private to a user. OpenStack API looks
for a file called clouds.yaml in the following locations:
$(pwd)(current working directory)~/.config/openstack/etc/openstack
The first file found is used.
The nova_dynamic_vendordata service supports _allow- or blocklisting for domains and projects.
In general, it is a good idea to use allowlist to give only specific domains/projects full access
to the service by providing their UUIDs.
Attention! The API is unprotected if neither allowlist nor blocklist are set.
The nova_dynamic_vendordata service caches data to minimize OpenStack API access using
memcached. The Data is cached for 300 seconds (= 5 minutes)
by default and can be set using the cache.expires option. The memcached host url is
"localhost:11211" by default and can be set using the cache.host option.
cloud: <name of cloud configuration to be used>
cache:
host: "localhost:11211"
expire: 300
domains:
allowlist:
- a82d19f5f457eed321d5cfd7805a246a
- ...
blocklist:
- 587c3572e782e8d7fb0f84e901bf9304
- ...
projects:
allowlist:
- ...
blocklist:
- 4dab5f6ee619185275777efb79fd019fA simple container based on the latest alpine/python3 can be built using the Dockerfile ...
docker build -t denbi/nova_dynamic_vendordata .and be can run as follows ...
docker run --rm --env-file env.file -v $(pwd)/config.yaml:/etc/nova_dynamic_vendordata.yaml --network host nova_dynamic_vendordatausing host network or ...
docker run --rm --env-file env.file -v $(pwd)/config.yaml:/etc/nova_dynamic_vendordata.yaml -p 9898:9898 nova_dynamic_vendordatausing a separate network layer.
nova_dynamic_vendordata has been tested on Ubuntu 20.04 and newer (Python 3.8 or newer). Older python versions might work, but
Ubuntu 18.04 with default python 3 version (3.6) is known NOT to be working.