<div dir="ltr"><div><div><div><div><div>Thanks for your answer.<br></div><div><br>The real question is do we agree in the <br></div>internalULR usage what suggested in [1] is a bad security practice<br></div>and should not be told to operators at all.<br><br></div>Also we should try to get rid off the enpointTypes in keystone v4.<br></div><br>Do we have any good (not just making happy funny dev envs) to keep<br></div><div>endpoint types ?<br><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 21, 2017 at 1:37 PM, Giulio Fidente <span dir="ltr"><<a href="mailto:gfidente@redhat.com" target="_blank">gfidente@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Only a comment about the status in TripleO<br>
<br>
On 07/21/2017 12:40 PM, Attila Fazekas wrote:<br>
<br>
[...]<br>
<span class=""><br>
> We should seriously consider using names instead of ip address also<br>
> on the devstack gates to avoid people thinking the catalog entries<br>
> meant to be used with ip address and keystone is a replacement for DNS.<br>
<br>
</span>this is configurable, you can have names or ips in the keystone<br>
endpoints ... actually you can chose to use names or ips independently<br>
for each service and even for the different endpoints<br>
(Internal/Admin/Public) of the same service<br>
<br>
if an operator, like you suggested, configures the DNS to resolve<br>
different IPs for the same name basing on where the request comes from,<br>
then he can use the same 'hostname' for all Public, Admin and Internal<br>
endpoints which I *think* is what you're suggesting<br>
<br>
also using names is the default when ssl is enabled<br>
<br>
check environments/ssl/tls-<wbr>endpoints-public-dns.yaml and note how<br>
EndpointMap can resolve to CLOUDNAME or IP_ADDRESS<br>
<br>
adding Juan on CC as he did a great work around this and can help further<br>
<span class="HOEnZb"><font color="#888888">--<br>
Giulio Fidente<br>
GPG KEY: 08D733BA<br>
</font></span></blockquote></div><br></div>