[Openstack] publicurl definition in keystone
Martinx - ジェームズ
thiagocmartinsc at gmail.com
Wed Oct 9 22:17:31 UTC 2013
Hi Xin,
I don't know if it can help you out but, I'm using "Name Resolution" for
all my OpenStack services, this means that doesn't matter the IP of the
endpoint, even if it is IPv4 or IPv6, it will work out-of-the-box (in most
of my tests)...
So, when people tries to resolve your Quantum endpoint from the Internet,
you'll provide your ISP IP and, with a NAT rule at your firewall, you'll
redirect it (DNAT) to the internal-only endpoint IP address. And, when
people tries to resolve the endpoint from within your network, you should
provide your internal IP for them.
I can say that: it works for me.
Please, check my Keystone scripts (you can see where I use Name Resolution
instead of IPs):
wget
https://gist.github.com/tmartinx/5453358/raw/f132d27eeab0c3c25d5b3e65bfec6704503e84b6/keystone_basic.sh
wget
https://gist.github.com/tmartinx/5453336/raw/eded917b78213123c46b62be18f55f3c7aac558e/keystone_endpoints_basic.sh
NOTE: When with IPv6, this is much more easy to achieve, since there is no
need to deal with creepy NAT rules. Which means that your endpoints will
always have a public IP address (if you have IPv6). Keep it in mind!
Cheers!
Thiago
On 9 October 2013 12:28, Xin Zhao <xzhao at bnl.gov> wrote:
> Thanks for all the reply.
>
> One more question though: when defining endpoint for network service, the
> IP should be for the network host, not the controller host (we have them in
> separate hosts, as most doc suggest).
> But the network host doesn't have a single out-facing IP assigned to it,
> the doc says the out-facing NIC should have a range of IPs assigned to it
> from the external provider network. In this case,
> how to define the publicurl for the quantum service endpoint? If the info
> of endpoints is only used by the other openstack components, can I just put
> the internal IP in for the publicurl ?
>
> Thanks,
> Xin
>
>
> On 10/7/2013 12:07 PM, JuanFra Rodriguez Cardoso wrote:
>
> Yes, internal and adminurl are normally the same address.
>
> ---
> JuanFra
>
>
> 2013/10/7 Razique Mahroua <razique.mahroua at gmail.com>
>
>> Hi,
>> yes :)
>> Internal and adminiurl should be the private network, and "public" the
>> "out-facing" IP
>>
>> Razique
>>
>> Le 7 oct. 2013 à 17:30, Xin Zhao <xzhao at bnl.gov> a écrit :
>>
>> > Hello,
>> >
>> > Our openstack controller has two IPs, one out-facing, the other is
>> internal only (on the management network).
>> > When it comes to define service endpoints in keystone, the publicurl
>> entry should be the out-facing IP, and the
>> > internalurl and adminurl should be the internal IP, right?
>> >
>> > Thanks,
>> > Xin
>> >
>> > _______________________________________________
>> > Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> > Post to : openstack at lists.openstack.org
>> > Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131009/98a5ffe6/attachment.html>
More information about the Openstack
mailing list