Hi, Due to known security issues, the current Fedora Cloud's API is not available from the public internet. Regards, Patrick On Sun, Dec 10, 2017 at 10:02 PM, Miroslav Suchy <msuchy@xxxxxxxxxx> wrote: > Hi, > I am curious about current state of fed-cloud09. > > I wanted to use ansible module os_server to spin up new VM in Fedora > Cloud, but I got error that ansible cannot connect to: > http://fedorainfracloud.org:8696/v2.0/networks > > That was strange as 8696 should be an internal port for neutron. HAProxy > should listen on default port 9696, handle the ssl stuff, and then > forward it to localhost:8696 which should not be propagated to outside > networks. > (And indeed curl of https://fedorainfracloud.org:9696/ works). > > When I query endpoints I get: > > # openstack catalog list > .... > > | neutron | network | RegionOne > | > | | | publicURL: > http://fedorainfracloud.org:8696/ > | > | | | internalURL: > http://fedorainfracloud.org:8696/ | > | | | adminURL: http://fedorainfracloud.org:8696/ > > This is strange, because in our > playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml playbook we have: > > > - shell: source /root/keystonerc_admin && keystone service-list | grep > 'neutron' | awk '{print $2}' > check_mode: no > changed_when: false > register: SERVICE_ID > - shell: source /root/keystonerc_admin && keystone endpoint-list | > grep {{SERVICE_ID.stdout}} | awk '{print $2}' > check_mode: no > changed_when: false > register: ENDPOINT_ID > - shell: source /root/keystonerc_admin && keystone endpoint-list |grep > {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone > endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create > --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl > 'https://{{ controller_publicname }}:9696/' --adminurl 'https://{{ > controller_publicname }}:9696/' --internalurl 'https://{{ > controller_publicname }}:9696/' ) || true > > Which should set publicURL to 9696. It seems that this is set for some > time (but was not for sure in past). I before I run the fed-cloud09 > playbook (which itself can break a lot of stuff if some stuff was done > manually and not put in playbook) and change the public port to 9696 > back (and generaly to ssl version for all services), whether there is > some reason I should not touch it? > > Mirek > _______________________________________________ > infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
