On Wed, Feb 20, 2019 at 1:43 PM Jonathan Rosser <jonathan.rosser at rd.bbc.co.uk> wrote: > > In openstack-ansible we are trying to help a number of our end users > with their heat deployments, some of them in conjunction with magnum. > > There is some uncertainty with how the following heat.conf sections > should be configured: > > [clients_keystone] > auth_uri = ... > > [keystone_authtoken] > www_authenticate_uri = ... > > It does not appear to be possible to define a set of internal or > external keystone endpoints in heat.conf which allow the following: > > * The orchestration panels being functional in horizon > * Deployers isolating internal openstack from external networks > * Deployers using self signed/company cert on the external endpoint > * Magnum deployments completing > * Heat delivering an external endpoint at [1] > * Heat delivering an external endpoint at [2] > > There are a number of related bugs: > > https://bugs.launchpad.net/openstack-ansible/+bug/1814909 > https://bugs.launchpad.net/openstack-ansible/+bug/1811086 > https://storyboard.openstack.org/#!/story/2004808 > https://storyboard.openstack.org/#!/story/2004524 > > Any help we could get from the heat team to try to understand the root > cause of these issues would be really helpful. I think this is a really critical issue that Jonathan has spent a lot of time on to get to work. If we can't support this model, maybe we should consider dropping the whole idea of admin/internal/public if we can't commit to testing it properly. > Jon. > > > [1] > https://github.com/openstack/heat/blob/master/heat/engine/resources/server_base.py#L87 > > [2] > https://github.com/openstack/heat/blob/master/heat/engine/resources/signal_responder.py#L106 > -- Mohammed Naser — vexxhost ----------------------------------------------------- D. 514-316-8872 D. 800-910-1726 ext. 200 E. mnaser at vexxhost.com W. http://vexxhost.com