[openstack-dev] [Keystone] internalAdminURL?
Adam Young
ayoung at redhat.com
Thu Dec 13 19:27:24 UTC 2012
On 12/13/2012 02:16 PM, Mark Washenberger wrote:
> Hi keystone folks,
>
> When I do keystone help endpoint-create, I see
>
> --publicurl <public-url>
> Public URL endpoint
> --adminurl <admin-url>
> Admin URL endpoint
> --internalurl <internal-url>
> Internal URL endpoint
>
> Is there any reason why we don't support an internal admin use case?
>
> If we did, we might be able to make the auth_token middleware use its
> own service catalog instead of a configured default for validating
> (uuid) tokens, which I would imagine could help out with some deployer
> migration scenarios.
>
> Any thoughts? Should I write up a brief blueprint?
>
> markwash
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Personally, I want to get away from that, and have it all go through one
server. My driving argument is that we should be deploying HTTPS and on
port 443 for web traffic. That said, we can still point to different
URLs running on the same port and server:
https://hostname/keystone/admin/
https://hostname/keystone/main/
https://hostname/keystone/internal/
I can also see an argument for TCP based token validation service that
is not http for high volume request, although we might be able to fake
that using a Keep-alive.
More information about the OpenStack-dev
mailing list