<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 07/13/2012 05:39 PM, Nathanael
Burton wrote:<br>
</div>
<blockquote
cite="mid:CAHTGUNTBWVdnFfoKsSkqW6mqg5=VTD7T1axAzgDiMvDHmKMJPg@mail.gmail.com"
type="cite">
<p>Dan,</p>
<p>Adam Young was advocating for something like this. I don't
know if a consensus was ever reached, but I thought it was a
good idea.</p>
<p><a moz-do-not-send="true"
href="https://lists.launchpad.net/openstack/msg10864.html">https://lists.launchpad.net/openstack/msg10864.html</a></p>
<p>Nate</p>
</blockquote>
Dan,<br>
<br>
Here's my proposed scheme.<br>
<br>
<a class="moz-txt-link-freetext" href="http://wiki.openstack.org/URLs">http://wiki.openstack.org/URLs</a><br>
<br>
I have submitted a patch for running Keystone in Apache:<br>
<a class="moz-txt-link-freetext" href="https://review.openstack.org/#/c/9735/">https://review.openstack.org/#/c/9735/</a><br>
<br>
This assumes that you put admin on <a class="moz-txt-link-freetext" href="https://hostname/admin">https://hostname/admin</a><br>
and so on.<br>
<br>
For Nova, there is a pretty good write up here:<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.rackspace.com/blog/enabling-ssl-for-the-openstack-api/">http://www.rackspace.com/blog/enabling-ssl-for-the-openstack-api/</a><br>
<br>
<br>
Which pretty much takes the same approach.<br>
<br>
Glance needs some work to fit into that scheme, too, as I recall.<br>
<br>
The Client pieces need to be flexible enough to call with the
suburls. For example, look at this patch:<br>
<br>
<a class="moz-txt-link-freetext" href="https://review.openstack.org/#/c/7156/">https://review.openstack.org/#/c/7156/</a><br>
<br>
<br>
<br>
<br>
<br>
<blockquote
cite="mid:CAHTGUNTBWVdnFfoKsSkqW6mqg5=VTD7T1axAzgDiMvDHmKMJPg@mail.gmail.com"
type="cite">
<div class="gmail_quote">On Jul 13, 2012 5:31 PM, "Dan Sneddon"
<<a moz-do-not-send="true" href="mailto:dan@cloudscaling.com">dan@cloudscaling.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
I am attempting to find a workable solution for the following
use case, and would like to get feedback from the community
about it.<br>
<br>
There are some situations when it is required to put a proxy
in front of multiple API endpoints and route by URL. This
allows for more flexible routing/filtering in load balancers
and firewalls, and makes it possible to differentiate between
services in unified HTTP logs. In the current OpenStack model
a typical API endpoint looks something like this:<br>
<br>
http(s)://<hostname>:<port>/<api
version>/<account>/<container>/<object><br>
<br>
In essence, separate services have similar URLs, and are
separated by the port number. It is difficult to use a
request-header-aware proxy to route to a particular endpoint,
since there is no clear differentiation between service URLs
if the hostname and port are the same.<br>
<br>
With standard HTTP, this can be handled by using several
different hostnames pointing to the same IP. This is
particularly a problem with SSL certificates, which need to
match the hostname.<br>
<br>
If the URLs contained a service identifier at the beginning of
the URL, this would allow a proxy to make decisions about
where to route requests based on the beginning of the URL, for
example the URL above would become:<br>
<br>
http(s)://<hostname>:<port>/<service>/<api
version>/<account>/<container>/<object><br>
e.g.<br>
<a moz-do-not-send="true"
href="https://api-host:443/compute/v2.0/." target="_blank">https://api-host:443/compute/v2.0/.</a>..<br>
<a moz-do-not-send="true"
href="https://api-host:443/auth/v2.0/." target="_blank">https://api-host:443/auth/v2.0/.</a>..<br>
etc.<br>
<br>
It seems that the API services are compatible with this
through the use of the urlmap configuration by including both
versions of the URL:<br>
<br>
[composite:osapi_compute]<br>
use = call:nova.api.openstack.urlmap:urlmap_factory<br>
/: oscomputeversions<br>
/v1.1: openstack_compute_api_v2<br>
/v2: openstack_compute_api_v2<br>
/compute/: oscomputeversions<br>
/compute/v1.1: openstack_compute_api_v2<br>
/compute/v2: openstack_compute_api_v2<br>
<br>
Is allowing both forms of this URL in all services likely to
break anything down the line? Does this seem like a common
enough use case that it should be considered as an addition to
the default configuration? Also, as services change (such as
nova-volume being replaced by cinder) is there a set of
generic service descriptors defined that can be used to
abstract from the particular name of the service? Some of
these are obvious, like "network", but it would be nice to be
consistent across versions and instances.<br>
<br>
Thank you for your feedback,<br>
--<br>
Dan Sneddon<br>
Senior Engineer, Cloudscaling<br>
<a moz-do-not-send="true" href="mailto:dan@cloudscaling.com">dan@cloudscaling.com</a>
- @dxs on Twitter<br>
_______________________________________________<br>
Mailing list: <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a moz-do-not-send="true"
href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a moz-do-not-send="true"
href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
More help : <a class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>