<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">We use virtual hosts, haproxy runs on our VIP at port 80 and port 443 (SSL) (with keepalived to make sure it’s always running) and we use `use_backend` to send to the appropriate backend, more information here:</div><div class=""><br class=""></div><div class=""><a href="http://blog.haproxy.com/2015/01/26/web-application-name-to-backend-mapping-in-haproxy/" class="">http://blog.haproxy.com/2015/01/26/web-application-name-to-backend-mapping-in-haproxy/</a></div><div class=""><br class=""></div><div class="">It makes our catalog nice and neat, we have a <service>-<region>.<a href="http://vexxhost.net" class="">vexxhost.net</a> internal naming convention, so our catalog looks nice and clean and the API calls don’t get blocked by firewalls (the strange ports might be blocked on some customer-side firewalls).</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">+----------------------------------+----------+--------------+-----------------+---------+-----------+------------------------------------------------------------------+</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| ID | Region | Service Name | Service Type | Enabled | Interface | URL |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">+----------------------------------+----------+--------------+-----------------+---------+-----------+------------------------------------------------------------------+</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 01fdd8e07ca74c9daf80a8b66dcc8bf6 | ca-ymq-1 | cinderv2 | volumev2 | True | internal | <a href="https://block-storage-ca-ymq-1.vexxhost.net/v2/%(tenant_id)s" class="">https://block-storage-ca-ymq-1.vexxhost.net/v2/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 09b4a971659643528875f70d93ef6846 | ca-ymq-1 | manila | share | True | internal | <a href="https://file-storage-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s" class="">https://file-storage-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class="">| 203fd4e466b44569aa9ab8c78ef55bad | ca-ymq-1 | heat | orchestration | True | admin | <a href="https://orchestration-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s" class="">https://orchestration-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s</a> |</div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 20b24181722b49a3983d17d42147a22c | ca-ymq-1 | swift | object-store | True | admin | <a href="https://object-storage-ca-ymq-1.vexxhost.net/v1/$(tenant_id)s" class="">https://object-storage-ca-ymq-1.vexxhost.net/v1/$(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 2f582f99db974766af7548dda56c3b50 | ca-ymq-1 | nova | compute | True | internal | <a href="https://compute-ca-ymq-1.vexxhost.net/v2/$(tenant_id)s" class="">https://compute-ca-ymq-1.vexxhost.net/v2/$(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 37860b492dd947daa738f461b9084d2a | ca-ymq-1 | neutron | network | True | admin | <a href="https://network-ca-ymq-1.vexxhost.net" class="">https://network-ca-ymq-1.vexxhost.net</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 4d38fa91197e4712a2f2d3f89fcd7dad | ca-ymq-1 | nova | compute | True | public | <a href="https://compute-ca-ymq-1.vexxhost.net/v2/$(tenant_id)s" class="">https://compute-ca-ymq-1.vexxhost.net/v2/$(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 58894a7156b848d3baa0382ed465f3c2 | ca-ymq-1 | manilav2 | sharev2 | True | internal | <a href="https://file-storage-ca-ymq-1.vexxhost.net/v2/%(tenant_id)s" class="">https://file-storage-ca-ymq-1.vexxhost.net/v2/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 5ebc8fa90c3c46d69d3fa8a03688e452 | ca-ymq-1 | manila | share | True | public | <a href="https://file-storage-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s" class="">https://file-storage-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 769a4de22d864c3bb2beefe775e3cb9f | ca-ymq-1 | manila | share | True | admin | <a href="https://file-storage-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s" class="">https://file-storage-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 79fa33ff42ec45118ae8b36789fcb8ae | ca-ymq-1 | swift | object-store | True | public | <a href="https://object-storage-ca-ymq-1.vexxhost.net/v1/$(tenant_id)s" class="">https://object-storage-ca-ymq-1.vexxhost.net/v1/$(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 7a095734e4984cc7b8ac581aa6131f23 | ca-ymq-1 | neutron | network | True | public | <a href="https://network-ca-ymq-1.vexxhost.net" class="">https://network-ca-ymq-1.vexxhost.net</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 7f8b519dfb494cef811b164f5eed0360 | ca-ymq-1 | sahara | data-processing | True | internal | <a href="https://data-processing-ca-ymq-1.vexxhost.net/v1.1/%(tenant_id)s" class="">https://data-processing-ca-ymq-1.vexxhost.net/v1.1/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 8842c03d2c51449ebf9ff36778cf17c1 | ca-ymq-1 | glance | image | True | public | <a href="https://image-ca-ymq-1.vexxhost.net" class="">https://image-ca-ymq-1.vexxhost.net</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 8df18f47fcdc4c348d521d4724a5b7ac | ca-ymq-1 | keystone | identity | True | admin | <a href="https://identity-ca-ymq-1.vexxhost.net/v2.0" class="">https://identity-ca-ymq-1.vexxhost.net/v2.0</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| 96357df3d6694477b0ad17fef6091210 | ca-ymq-1 | neutron | network | True | internal | <a href="https://network-ca-ymq-1.vexxhost.net" class="">https://network-ca-ymq-1.vexxhost.net</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| a25efaf48347441a8d36ce302f31d527 | ca-ymq-1 | cinderv2 | volumev2 | True | public | <a href="https://block-storage-ca-ymq-1.vexxhost.net/v2/%(tenant_id)s" class="">https://block-storage-ca-ymq-1.vexxhost.net/v2/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| b073b767f10d44f895d9d14fbc3e3d6b | ca-ymq-1 | swift | object-store | True | internal | <a href="https://object-storage-ca-ymq-1.vexxhost.net/v1/$(tenant_id)s" class="">https://object-storage-ca-ymq-1.vexxhost.net/v1/$(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| b132fe7bcf98440f8e72a142df76292d | ca-ymq-1 | sahara | data-processing | True | admin | <a href="https://data-processing-ca-ymq-1.vexxhost.net/v1.1/%(tenant_id)s" class="">https://data-processing-ca-ymq-1.vexxhost.net/v1.1/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| b736338e3c94402a9b21b32b3d0bf1e5 | ca-ymq-1 | sahara | data-processing | True | public | <a href="https://data-processing-ca-ymq-1.vexxhost.net/v1.1/%(tenant_id)s" class="">https://data-processing-ca-ymq-1.vexxhost.net/v1.1/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| c0dd9f5f8db248b093d6735b167e1af6 | ca-ymq-1 | keystone | identity | True | public | <a href="https://auth.vexxhost.net/v2.0" class="">https://auth.vexxhost.net/v2.0</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| c8505f07c349413aa7cd61d42337af99 | ca-ymq-1 | keystone | identity | True | internal | <a href="https://auth.vexxhost.net/v2.0" class="">https://auth.vexxhost.net/v2.0</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class="">| da3d087e0c724338ba12c9a1168ef80c | ca-ymq-1 | heat | orchestration | True | internal | <a href="https://orchestration-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s" class="">https://orchestration-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s</a> |</div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| dd203f9e09da4eba9effb9119edc9eb2 | ca-ymq-1 | manilav2 | sharev2 | True | admin | <a href="https://file-storage-ca-ymq-1.vexxhost.net/v2/%(tenant_id)s" class="">https://file-storage-ca-ymq-1.vexxhost.net/v2/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| e8e1eb90f7394f5999aec5c8f8c75c88 | ca-ymq-1 | cinder | volume | True | public | <a href="https://block-storage-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s" class="">https://block-storage-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| f0a311cb5dbf4ae788670107a3433ac2 | ca-ymq-1 | heat | orchestration | True | public | <a href="https://orchestration-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s" class="">https://orchestration-ca-ymq-1.vexxhost.net/v1/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">| f33c8ab0445a422b90f93b1ec092a7d0 | ca-ymq-1 | manilav2 | sharev2 | True | public | <a href="https://file-storage-ca-ymq-1.vexxhost.net/v2/%(tenant_id)s" class="">https://file-storage-ca-ymq-1.vexxhost.net/v2/%(tenant_id)s</a> |</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(40, 42, 54);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">+----------------------------------+----------+--------------+-----------------+---------+-----------+------------------------------------------------------------------+</span></div></div><div class=""><br class=""></div><div class="">I’d be more than happy to give my comments, but I think this is the best way. Prefixes can work too and would make things easy during dev, but in a production deployment, I would rather not deal with something like that. Also, all of those are CNAME records pointing to api-<region>.<a href="http://vexxhost.net" class="">vexxhost.net</a> so it makes it easy to move things over if needed. I guess the only problem is DNS setup overhead</div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jan 10, 2017, at 4:56 PM, Emilien Macchi <<a href="mailto:emilien@redhat.com" class="">emilien@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">On Tue, Jan 10, 2017 at 6:00 AM, Andy McCrae <<a href="mailto:andy.mccrae@gmail.com" class="">andy.mccrae@gmail.com</a>> wrote:<br class=""><blockquote type="cite" class="">Sorry to resurrect a few weeks old thread, but I had a few questions.<br class=""><br class=""><blockquote type="cite" class=""><br class="">Yes, we should stop with the magic ports. Part of the reason of<br class="">switching over to apache was to alleviate all of that.<br class=""><br class=""> -Sean<br class=""></blockquote><br class=""><br class="">Is this for devstack specifically?<br class="">I can see the motivation for Devstack, since it reduces the concern for<br class="">managing port allocations.<br class=""><br class="">Is the idea that we move away from ports and everything is on 80 with a<br class="">VHost to differentiate between services/endpoints?<br class=""><br class="">It seems to me that it would still be good to have a "designated" (and<br class="">unique - or as unique as possible at least within OpenStack) port for<br class="">services. We may not have all services on the same hosts, for example, using<br class="">a single VIP for load balancing. The issue then is that it becomes hard to<br class="">differentiate the LB pool based on the request.<br class="">I.e. How would i differentiate between Horizon requests and requests for any<br class="">other service on port 80, the VIP is the same, but the backends may be<br class="">completely different (so all requests aren't handled by the same Apache<br class="">server).<br class=""></blockquote><br class="">Right, it causes conflicts when running architectures with HAproxy &<br class="">API co-located.<br class="">In the case of HAproxy, you might need to run ACLs, but it sounds<br class="">adding a layer of complexity in the current deployments that might not<br class="">exist in some cases yet.<br class=""><br class="">In TripleO, we decided to pick a port (8778) and deploy Placement API<br class="">on this port, so it's consistent with existing services already<br class="">deployed.<br class=""><br class="">Regarding Sean's comment about switching to Apache, I agree it<br class="">simplifies a lot of things but I don't remember we decided to pick<br class="">Apache because of the magic port thing. Though I remember because it<br class="">was also for the SSL configuration that would be standard across all<br class="">services.<br class=""><br class="">Any feedback at how our operators do here would be very welcome<br class="">(adding operators mailing-list), so we would make sure we're taking<br class="">the more realistic approach here.<br class="">So the question would it be:<br class=""><br class="">When deploying OpenStack APIs under WSGI, do you pick magic port (ex:<br class="">8774 for Nova Compute API) or do you use 80/443 + vhost path?<br class=""><br class="">Thanks,<br class=""><br class=""><blockquote type="cite" class="">Assuming, in that case, having a designated port is the only way (and if it<br class="">isn't I'd love to discuss alternate, and simpler, methods of achieving this)<br class="">it then seems that assigning a dedicated port for services in Devstack would<br class="">make sense - it would ensure that there is no overlap, and in a way the<br class="">error received when the ports overlapped is a genuine issue that would need<br class="">to be addressed. Although if that is the case, perhaps there is a better way<br class="">to manage that.<br class=""><br class="">Essentially it seems better to handle port conflicts (within the OpenStack<br class="">ecosystem, at least) at source rather than pass that on to the deployer to<br class="">randomly pick ports and avoid conflicts.<br class=""><br class="">Andy<br class=""><br class=""><br class="">__________________________________________________________________________<br class="">OpenStack Development Mailing List (not for usage questions)<br class="">Unsubscribe: <a href="mailto:OpenStack-dev-request@lists.openstack.org" class="">OpenStack-dev-request@lists.openstack.org</a>?subject:unsubscribe<br class=""><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br class=""><br class=""></blockquote><br class=""><br class=""><br class="">-- <br class="">Emilien Macchi<br class=""><br class="">_______________________________________________<br class="">OpenStack-operators mailing list<br class=""><a href="mailto:OpenStack-operators@lists.openstack.org" class="">OpenStack-operators@lists.openstack.org</a><br class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators<br class=""></div></div></blockquote></div><br class=""></div></body></html>