Hi,
Due to known security issues, the current Fedora Cloud's API is not available from the public internet.
Regards, Patrick
On Sun, Dec 10, 2017 at 10:02 PM, Miroslav Suchy msuchy@redhat.com wrote:
Hi, I am curious about current state of fed-cloud09.
I wanted to use ansible module os_server to spin up new VM in Fedora Cloud, but I got error that ansible cannot connect to: http://fedorainfracloud.org:8696/v2.0/networks
That was strange as 8696 should be an internal port for neutron. HAProxy should listen on default port 9696, handle the ssl stuff, and then forward it to localhost:8696 which should not be propagated to outside networks. (And indeed curl of https://fedorainfracloud.org:9696/ works).
When I query endpoints I get:
# openstack catalog list ....
| neutron | network | RegionOne | | | | publicURL: http://fedorainfracloud.org:8696/ | | | | internalURL: http://fedorainfracloud.org:8696/ | | | | adminURL: http://fedorainfracloud.org:8696/
This is strange, because in our playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml playbook we have:
- shell: source /root/keystonerc_admin && keystone service-list | grep
'neutron' | awk '{print $2}' check_mode: no changed_when: false register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |
grep {{SERVICE_ID.stdout}} | awk '{print $2}' check_mode: no changed_when: false register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep
{{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://%7B%7B controller_publicname }}:9696/' --adminurl 'https://%7B%7B controller_publicname }}:9696/' --internalurl 'https://%7B%7B controller_publicname }}:9696/' ) || true
Which should set publicURL to 9696. It seems that this is set for some time (but was not for sure in past). I before I run the fed-cloud09 playbook (which itself can break a lot of stuff if some stuff was done manually and not put in playbook) and change the public port to 9696 back (and generaly to ssl version for all services), whether there is some reason I should not touch it?
Mirek _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org