OpenStack endpoints in fed-cloud09

Miroslav Suchy <msuchy@xxxxxxxxxx> · Sun, 10 Dec 2017 22:02:40 +0100

Hi,
I am curious about current state of fed-cloud09.

I wanted to use ansible module os_server to spin up new VM in Fedora
Cloud, but I got error that ansible cannot connect to:
   http://fedorainfracloud.org:8696/v2.0/networks

That was strange as 8696 should be an internal port for neutron. HAProxy
should listen on default port 9696, handle the ssl stuff, and then
forward it to localhost:8696 which should not be propagated to outside
networks.
(And indeed curl of https://fedorainfracloud.org:9696/ works).

When I query endpoints I get:

# openstack catalog list
....

| neutron    | network      | RegionOne
                                               |
|            |              |   publicURL:
http://fedorainfracloud.org:8696/
    |
|            |              |   internalURL:
http://fedorainfracloud.org:8696/                                          |
|            |              |   adminURL: http://fedorainfracloud.org:8696/

This is strange, because in our
playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml playbook we have:

  - shell: source /root/keystonerc_admin && keystone service-list | grep
'neutron' | awk '{print $2}'
    check_mode: no
    changed_when: false
    register: SERVICE_ID
  - shell: source /root/keystonerc_admin && keystone endpoint-list |
grep {{SERVICE_ID.stdout}} | awk '{print $2}'
    check_mode: no
    changed_when: false
    register: ENDPOINT_ID
  - shell: source /root/keystonerc_admin && keystone endpoint-list |grep
{{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone
endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create
--region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl
'https://{{ controller_publicname }}:9696/'  --adminurl 'https://{{
controller_publicname }}:9696/' --internalurl 'https://{{
controller_publicname }}:9696/' ) || true

Which should set publicURL to 9696. It seems that this is set for some
time (but was not for sure in past). I before I run the fed-cloud09
playbook (which itself can break a lot of stuff if some stuff was done
manually and not put in playbook) and change the public port to 9696
back (and generaly to ssl version for all services), whether there is
some reason I should not touch it?

Mirek
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx