On Fri, 06 Mar 2015 16:02:39 +0100 Miroslav Suchý <msuchy@xxxxxxxxxx> wrote: > All services are using SSL but novncproxy, which does not worked for > me and according some random notes on internet does not work over SSL > due some bugs. But novncproxy does not work for me even over plain > http. And I do not know why. If somebody else can check it, it would > be great. Strange thing is that > telnet fed-cloud09.cloud.fedoraproject.org 6080 > from my workstation is rejected, while on fed-cloud09 it pass. And > iptable allows port 6080. Strange. I got this all fixed up and updated ansible. Basically three issues: 1. novncproxy was listening only on the internal ip, so it wasn't answering for external people using the web browser. 2. It was not able to talk to vnc on the compute nodes due to firewall. 3. It was not using https links in nova config and in novncproxy sysconfig. All thats set and I can see console in the web dash again just fine for any of the instances I tried, and they are all https using only. > I tried to automatize adding of SSH keys using this: I wonder if we shouldn't have something to update/upload everyones ssh keys. Might be handy but of course it's not a blocker/that important. We could even look at just tieing into our existing fedmsg listener (when someone with a cloud account changes ssh key, update the cloud). > Anyway, I am able (again) to start VM and log to those VM. Me too. I uploaded the F22 Alpha cloud image and it worked fine. (aside cloud-init taking about 35 seconds to run. It seemed to be timing out on some metadata ?) We should look at hooking our cloud image upload service into this soon so we can get images as soon as they are done. > My plan for next week is to migrate dev instance to new OpenStack > (before it will be re-provisioned) and see what needs to be changed. Sounds good! I think: * We will of course need to change the variables it uses to point to the new cloud (credentials, ips, etc). * We will need to adapt to not giving every instance a floating ip. For copr, I think this would be fine, as you don't care that they have external ips they only need to talk to the backend right? * Might be a good time to look at moving copr to f21? and builders also to be f21? (they should come up faster and in general be better than the el6 ones currently used, IMHO) * Can we adjust the default tennat quotas in the playbooks? They seem a bit low to me given the amount of resources we have. * Right now ansible on lockbox01 is using euca2ools to manage cloud instances, perhaps we could/should just move to nova now? Or this could perhaps wait for us to move lockbox01 to rhel7. Anyhow, I think we are making real progress now, lets keep it going! kevin
Attachment:
pgpszzHHxjm2s.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
