
<div dir="ltr">Hi Joe,<div><br></div><div>Are you using the different FQDN for admin than internal/public for keystone endpoints ?</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div><div>Regards<b><br><font size="1">Jitendra</font></b><font size="1"><br></font></div><div><font size="1">+91-9989743042</font><br></div><div><br></div><br></div></div><br><div><div><div><br></div></div></div></div></div></div></div></div>

<br><div class="gmail_quote">On Fri, Apr 8, 2016 at 3:18 AM, Kaustubh Kelkar <span dir="ltr"><<a href="mailto:kaustubh.kelkar@casa-systems.com" target="_blank">kaustubh.kelkar@casa-systems.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>

-----Original Message-----<br>

From: D'ANDREA, JOE (JOE) [mailto:<a href="mailto:jdandrea@research.att.com">jdandrea@research.att.com</a>]<br>

Sent: Thursday, April 7, 2016 4:28 PM<br>

To: <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>

Subject: [Openstack] [keystone] publicurl vs adminurl reachability<br>

<br>

<br>

More to the point: It's unclear to me whether adminurl endpoints are designed such that they may be restricted to private networks, or if they are expected to be as reachable as publicurl endpoints are.<br>

</span>[Kaustubh] I haven't tried this out, but this seems to be supported. (<a href="http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-services.html#id1" rel="noreferrer" target="_blank">http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-services.html#id1</a>), point 2:<br>

"In a production environment, the variants might reside on separate networks that service different types of users for security reasons". It does makes sense to isolate at least the public API (read customer traffic )network from the admin and internal API endpoints.<br>

<span class="HOEnZb"><font color="#888888"><br>

<br>

-Kaustubh<br>

</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>

Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>

Post to     : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>

Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>

_______________________________________________<br>

Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>

Post to     : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>

Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>

</div></div></blockquote></div><br></div>