Retrieving VM Metadata

How to retrieve the metadata for a running Orka VM. Available only with the Orka API.

For VMs deployed with Orka 1.5.0 or later, you can retrieve their default or custom metadata. You can later use this metadata to identify or manage the running VM in your workloads.

Metadata is stored in the format {"key": "my key", "value": "my value"}. Every VM stores its metadata on a metadata server. You can query this metadata server to retrieve a VM's metadata only from within the VM.

  1. Connect to your cluster via VPN. For more information, see VPN Connection.
  2. Make sure your cluster is updated to Orka 1.5.0 or later.
  3. Make sure you have a VM configuration with enabled VNC, SSH, or Screen Sharing. See VNC, SSH, and Screen Sharing for Orka VMs.
  4. Connect to the VM via VNC, SSH or Screen Sharing.
  5. From within the VM, query the root URL.
curl http://169.254.169.254/metadata/

By default, all VM metadata endpoints return their response in a JSON format.

The IP address 169.254.169.254 is a link-local address and is accessible only from within the VM.

All metadata values are defined as sub-paths below this root URL. To retrieve a specific VM metadata value for a specific key, pass the following request:

curl http://169.254.169.254/metadata/<default_orka_key>
curl http://169.254.169.254/metadata/<custom_key>

Replace <default_orka_key> with a valid default Orka key. See here
Replace <custom_key> with your own custom key.

For example, you can get the VM's node name using the following request:

curl http://169.254.169.254/metadata/orka_node_name

Limitations

Note that some encoded characters aren'n supported in the request path, when you use the curl command to retrieve metadata from the metadata server.

For example, the following request will not work:

curl http://169.254.169.254/metadata/my key

For this request to work, you must replace the unsupported space symbol in the request path with the equivalent accepted value (%20).

curl 169.254.169.254/metadata/my%20key

Is the metadata request secure?

When you request information from the metadata server, your request and the subsequent metadata response never leave the K8s Pod that is running the Orka VM.

📘

IMPORTANT

Do not store sensitive data, such as passwords or long-lived encryption keys, as VM metadata.

Although accessible only from within the VM, the VM metadata is not protected by authentication or cryptographic methods. Anyone with direct access to the VM, and potentially any software running on the VM, can query and view the metadata.


Did this page help you?