<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Sorry, found the way immediately:<br>
    <br>
    <pre style="background-color:#ffffff;color:#000000;font-family:'Menlo';font-size:9.0pt;">ks = identity.Client(<span style="color:#660099;">session </span>= auth, <span style="color:#660099;">interface</span>=<span style="color:#008080;font-weight:bold;">'public'</span>)</pre>
    <br>
    <br>
    <div class="moz-cite-prefix">On 11/5/18 6:12 PM, Volodymyr Litovka
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:af9a9c52-b4ec-af4d-cdc7-e45e17282992@gmx.com">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      Dear colleagues,<br>
      <br>
      I have the following configuration of endpoints:<br>
      <br>
      <tt>$ openstack endpoint list --service identity<br>
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+<br>
        | ID                               | Region    | Service Name |
        Service Type | Enabled | Interface |
        URL                            |<br>
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+<br>
        | 68a4eabc27474beeb6f08d986cca3263 | RegionOne | keystone     |
        identity     | True    | public    | <a
          class="moz-txt-link-freetext"
          href="http://controller-ext:5000/v3/" moz-do-not-send="true">http://controller-ext:5000/v3/</a>
        |<br>
        | 6fab7abe61e84463a05b4e58d8f7bb60 | RegionOne | keystone     |
        identity     | True    | internal  | <a
          class="moz-txt-link-freetext"
          href="http://controller:5000/v3/" moz-do-not-send="true">http://controller:5000/v3/</a>    
        |<br>
        | eb378df5949046a49661dad3c887677f | RegionOne | keystone     |
        identity     | True    | admin     | <a
          class="moz-txt-link-freetext"
          href="http://controller:5000/v3/" moz-do-not-send="true">http://controller:5000/v3/</a>    
        |<br>
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+</tt><br>
      <br>
      and want to explicitly use public endpoint (calling
      controller-ext, NOT controller) when doing API calls. Example of
      code:<br>
      <br>
      <pre style="background-color: rgb(255, 255, 255); font-family: "Menlo"; font-size: 9pt;">from keystoneauth1.identity import v3
from keystoneauth1 import session as authsession
from keystoneclient.v3 import client as identity

os_domain = 'default'
auth_url = '<a class="moz-txt-link-freetext" href="http://controller-ext:5000/v3" moz-do-not-send="true">http://controller-ext:5000/v3</a>'
os_username = 'admin'
os_password = 'adminpass'
project_name = 'admin'

password = v3.Password(auth_url=auth_url,
                       username=os_username,
                       password=os_password,
                       user_domain_name=os_domain,<span style="font-style: italic;">
</span><span style="font-style: italic;">                       </span>project_name=project_name,<span style="font-style: italic;">
</span><span style="font-style: italic;">                       </span>project_domain_name=os_domain)<span style="font-style: italic;">
</span><span style="font-style: italic;">
</span>auth = authsession.Session(auth=password)
ks = identity.Client(session = auth)

for ep in ks.endpoints.list():
<span style="font-style: italic;">    </span>pass
</pre>
      <br>
      returns an error since it tries to call 'controller' (which is
      internal address and isn't resolvable):<br>
      <br>
      <tt>keystoneauth1.exceptions.connection.ConnectFailure: Unable to
        establish connection to
        <a class="moz-txt-link-freetext"
href="http://controller:5000/v3/endpoints?endpoint_filter=service_type&endpoint_filter=interface"
          moz-do-not-send="true">http://controller:5000/v3/endpoints?endpoint_filter=service_type&endpoint_filter=interface</a>:
        HTTPConnectionPool(host='controller', port=5000): Max retries
        exceeded with url:
        /v3/endpoints?endpoint_filter=service_type&endpoint_filter=interface
        (Caused by
        NewConnectionError('<urllib3.connection.HTTPConnection object
        at 0x1063f1940>: Failed to establish a new connection: [Errno
        8] nodename nor servname provided, or not known',))</tt><br>
      <br>
      The question is: are there ways to implicitly point to 'public'
      (and whatever else) endpoint when working with identity service?<br>
      <br>
      Thank you.<br>
      <br>
      <pre class="moz-signature" cols="72">-- 
Volodymyr Litovka
  "Vision without Execution is Hallucination." -- Thomas Edison</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Volodymyr Litovka
  "Vision without Execution is Hallucination." -- Thomas Edison</pre>
  </body>
</html>