Proper SSL cert for fed-cloud09?
by Miroslav Suchý
When I do:
[root@fed-cloud09 ~(keystone_admin)]# cinder type-list
ERROR: Unable to establish connection: [Errno 1] _ssl.c:504: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Which just transit to:
[root@fed-cloud09 ~(keystone_admin)]# curl -i https://fed-cloud09.cloud.fedoraproject.org/
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
Is it time to get SSL cert signed by some CA?
However I would swear I had not this problems yesterday. But it behaves this way even if I revert my work.
Comments are welcome.
--
Miroslav Suchy, RHCE, RHCDS
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
9 years, 1 month
route between fed-cloud10 and fed-cloud09
by Miroslav Suchý
[root@fed-cloud10 etc(keystone_admin)]# telnet 209.132.184.9 443
Trying 209.132.184.9...
telnet: connect to address 209.132.184.9: No route to host
I am able to connect using 172.24.0.0 network, but it would be nice (and
required to have new OS) to be able to communicate even over public IP.
Can someone (nirik, ssmoogen) fix this please? And I would need to do
that for fed-cloud11 too. It seems that without this fixed I am unable
to add compute node to OS.
Mirek
9 years, 1 month
How to open port?
by Miroslav Suchý
How do we open ports in ansible today?
I want to open port 5672 for 172.24.0.10/24. Currently it is open only to:
[root@fed-cloud09 ~]# iptables-save |grep 5672
-A INPUT -s 209.132.184.9/32 -p tcp -m multiport --dports 5671,5672 -m comment --comment "001 amqp incoming
amqp_209.132.184.9" -j ACCEPT
So I done this change:
diff --git a/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
b/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
index 2559de1..4a96e81 100644
--- a/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
+++ b/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
@@ -1,2 +1,3 @@
---
root_auth_users: msuchy
+tcp_ports: [ 80, 443, 5672 ]
But it have no effect (yes, I run the playbook again).
What is our best practice now and where I made mistake?
--
Miroslav Suchy, RHCE, RHCDS
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
9 years, 1 month