Hi,
Due to known security issues, the current Fedora Cloud's API is not
available from the public internet.
Regards,
Patrick
On Sun, Dec 10, 2017 at 10:02 PM, Miroslav Suchy <msuchy(a)redhat.com> wrote:
> Hi,
> I am curious about current state of fed-cloud09.
>
> I wanted to use ansible module os_server to spin up new VM in Fedora
> Cloud, but I got error that ansible cannot connect to:
>
http://fedorainfracloud.org:8696/v2.0/networks
>
> That was strange as 8696 should be an internal port for neutron. HAProxy
> should listen on default port 9696, handle the ssl stuff, and then
> forward it to localhost:8696 which should not be propagated to outside
> networks.
> (And indeed curl of
https://fedorainfracloud.org:9696/ works).
>
> When I query endpoints I get:
>
> # openstack catalog list
> ....
>
> | neutron | network | RegionOne
> |
> | | | publicURL:
>
http://fedorainfracloud.org:8696/
> |
> | | | internalURL:
>
http://fedorainfracloud.org:8696/ |
> | | | adminURL:
http://fedorainfracloud.org:8696/
>
> This is strange, because in our
> playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml playbook we have:
>
>
> - shell: source /root/keystonerc_admin && keystone service-list | grep
> 'neutron' | awk '{print $2}'
> check_mode: no
> changed_when: false
> register: SERVICE_ID
> - shell: source /root/keystonerc_admin && keystone endpoint-list |
> grep {{SERVICE_ID.stdout}} | awk '{print $2}'
> check_mode: no
> changed_when: false
> register: ENDPOINT_ID
> - shell: source /root/keystonerc_admin && keystone endpoint-list |grep
> {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone
> endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create
> --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl
> 'https://{{ controller_publicname }}:9696/' --adminurl 'https://{{
> controller_publicname }}:9696/' --internalurl 'https://{{
> controller_publicname }}:9696/' ) || true
>
> Which should set publicURL to 9696. It seems that this is set for some
> time (but was not for sure in past). I before I run the fed-cloud09
> playbook (which itself can break a lot of stuff if some stuff was done
> manually and not put in playbook) and change the public port to 9696
> back (and generaly to ssl version for all services), whether there is
> some reason I should not touch it?
>
> Mirek
> _______________________________________________
> infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org