instance access 169.254.169.254 return 500 internal server error

curl 169.254.169.254
1.0
2007-01-19
2007-03-01
...
2009-04-04

curl http://169.254.169.254/2009-04-04
报错
500 internal server error

tail -f /var/log/neutron/metadata-agent.log
2015-12-08 17:09:48.228 26540 WARNING neutron.agent.metadata.agent [-] The remote metadata server responded with Forbidden. This response usually occurs when shared secrets do not match.
2015-12-08 17:09:48.228 26540 INFO eventlet.wsgi.server [-] 10.0.2.14,<local> - - [08/Dec/2015 17:09:48] "GET /latest/meta-data/ HTTP/1.1" 403 179 0.032440

配置文件：
controller:
[root@controller neutron]# cat /etc/nova/nova.conf |grep meta
service_metadata_proxy = True
neutron_metadata_proxy_shared_secret = mmim
metadata_host=controller
enabled_apis=ec2,osapi_compute,metadata

compute1:
service_neutron_metadata_proxy = true
neutron_metadata_proxy_shared_secret = mmim
metadata_host=controller
enabled_apis=ec2,osapi_compute,metadata

network:
[DEFAULT]
verbose = True
auth_url = http://controller:5000/v2.0
auth_region = regionOne
admin_tenant_name = service
admin_user = neutron
admin_password = 123456
nova_metadata_ip = controller
metadata_proxy_shared_secret = mmim

# ip netns exec qdhcp-fdc4153a-b9d8-4390-b675-453c7bb7d3d9 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
10: tap11ab2fb8-55: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether fa:16:3e:ff:1c:53 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.11/24 brd 10.0.2.255 scope global tap11ab2fb8-55
       valid_lft forever preferred_lft forever
    inet 169.254.169.254/16 brd 169.254.255.255 scope global tap11ab2fb8-55
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:feff:1c53/64 scope link
       valid_lft forever preferred_lft forever

虚拟机route -n
### route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.1        0.0.0.0         UG    0      0        0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.169.254 10.0.2.11       255.255.255.255 UGH   0      0        0 eth0     

请大侠们帮分析一下问题出在那？

看下neutron-server.log，应该是控制节点出问题了

bioger_hit 发表于 2015-12-8 17:40
看下neutron-server.log，应该是控制节点出问题了

2015-12-08 17:39:02.480 28878 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-12-08 17:39:02.480 28878 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "Could not find token: 037570f9e56e442896ebd6c0c88301d8", "code": 404, "title": "Not Found"}}
2015-12-08 17:39:02.480 28878 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-12-08 17:39:02.481 28878 INFO keystonemiddleware.auth_token [-] Invalid user token - rejecting request
2015-12-08 17:39:02.481 28878 INFO neutron.wsgi [-] 10.0.0.3 - - [08/Dec/2015 17:39:02] "GET /v2.0/ports.json?fixed_ips=ip_address%3D10.0.2.14 HTTP/1.1" 401 287 0.019805
2015-12-08 17:39:02.577 28878 INFO neutron.wsgi [-] (28878) accepted ('10.0.0.3', 42634)
2015-12-08 17:39:02.656 28878 INFO neutron.wsgi [req-3fdd4ad5-05a2-46d3-8216-b2a47a71cd42 None] 10.0.0.3 - - [08/Dec/2015 17:39:02] "GET /v2.0/ports.json?fixed_ips=ip_address%3D10.0.2.14 HTTP/1.1" 200 946 0.077998
2015-12-08 17:39:04.675 28878 INFO neutron.wsgi [-] (28878) accepted ('10.0.0.3', 42636)
2015-12-08 17:39:04.692 28878 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-12-08 17:39:04.693 28878 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "Could not find token: 3b74a12f573440e6b2ed3250f5f30610", "code": 404, "title": "Not Found"}}
2015-12-08 17:39:04.693 28878 WARNING keystonemiddleware.auth_token [-] Authorization failed for token

果然有报错，10.0.0.3是compute1 node.这里的token是指的什么的token?

bioger_hit 发表于 2015-12-8 17:40
看下neutron-server.log，应该是控制节点出问题了

2015-12-08 17:39:04.693 28878 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "Could not find token: 3b74a12f573440e6b2ed3250f5f30610", "code": 404, "title": "Not Found"}}
2015-12-08 17:39:04.693 28878 WARNING keystonemiddleware.auth_token [-] Authorization failed for token这个问题解决了，但是curl http://169.254.169.254/2009-04-04还是一样报500 internal server error的错。。

luoyupeng 发表于 2015-12-8 20:02
2015-12-08 17:39:04.693 28878 WARNING keystonemiddleware.auth_token [-] Identity response: {"error ...

Authorization failed for token
Invalid user token - rejecting request

keystone认证失败了。先确保keystone正确

easthome001 发表于 2015-12-8 20:07
Authorization failed for token
Invalid user token - rejecting request

认证通过了，还是一样报错，，