Can I modify the API Listen Address in production model?


#1

Hi, I am working on cfme 5.6, Can I modify the API Listen Address in production model?


#2

The /api endpoint requests are proxied to the :4000 internal port where the worker with API runs. The apache is configured to do it this way. So you probably need to play with the apache settings manually to run the /api proxying rules on a separate port. I personally can’t help with this task since I don’t have the experience configuring apache.


#3

Hi, @mfalesni
I want to change the worker default listen address, like 0.0.0.0:3000, Rather than 127.0.0.1:3000


#4

I found the way to modify,

$ cd /opt/manageiq #In mangeiq directory

$ sed -i 's/Rails.env.production? ? "127.0.0.1" : "0.0.0.0")/Rails.env.production? ? "0.0.0.0" : "0.0.0.0")/gi' manageiq/app/models/mixins/miq_web_server_worker_mixin.rb

$ systemctl restart evmserverd 

Then miq web worker can listen in 0.0.0.0, but I have some of the problems, why when I connect web_interface , it can’t login, but api can access.

Before, I tried to use nginx and haproxy reverse proxy web worker, also can’t login, API can cacess

Why is that?


#5

I still have some questions, I’m through ps -ef|grep puma see MIQ Web Server Worker Running for three. Listen on 3000/tcp, 4000/tcp, 5000/tcp, I Know 5000 port is webscoket, But I don 't know, 3000 and 4000 the port are respectively used to do. I usually visit API by 3000 port.


#6

Port 4000 is used to serve /api only. It does not serve UI routes due to memory saving (devs correct me if I am wrong). Port 3000 is used to serve everything except the /api (but not necessary not having API, it is just the way it is routed in apache). Websocket worker is used for the VNC/SPICE consoles, where the appliance acts like a “router”.

You are not supposed to connect to the workers directly, because:

  1. They are not designed to handle traffic of various speed efficiently, you should have something (apache, nginx, …) acting as a reverse proxy in front of it
  2. The api worker will most likely not serve you the Web UI.
  3. Even though you reach the port 3000 to see the Web UI, the static files are served by the reverse proxy, apache in this case, so you will have no assets (styles, JS, images), so it will not work. Enabling debug mode would probably give you the worker serving the assets, but it is not a good idea, unless you are running rails on your machine and debugging.

So I believe you should abandon your current plan and figure out something else. If you need to change the API listen port, can you just tweak the apache configuration to proxy the API endpoint on a different port? I am no apache expert so I cannot help here.


#7

Thank you for your detailed reply, really appreciate it.

But I don’t think that is apapche problem, I’ve tested, 3000/4000 port have the same return value, I through the following architecture to miq web worker for load balancing, API can normal response, However, direct access to the 3000/4000 port can’t to login. I don’t know why is this??