[openstack-dev] [horizon] settings part
Gabriel Hurley
Gabriel.Hurley at nebula.com
Thu Nov 8 18:41:45 UTC 2012
First, there's no "right" answer for what "internal" vs. "admin" vs. etc. means in Keystone's service catalog. It's left ambiguous in Keystone-land to allow for flexibility of deployments.
That said, in this instance what Keystone core developers have generally said is that "public URL" would be a URL that external users (think someone trying to use an API/CLI from their desktop) would use, an "internal URL" is what services on the management network would use, and an "admin URL" would be a special administrator-only endpoint (if it exists).
So, what's in Fedora's catalog there is wrong according to those guidelines. Port 35357 is the special admin endpoint, not an endpoint for general service use.
That said, if Fedora feels they're right in their service catalog, they could alternatively fix this problem at least for Horizon by setting the OPENSTACK_ENDPOINT_TYPE setting in Horizon's local_conf.py:
https://github.com/openstack/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L82
Thanks so much for tracking down that issue!
- Gabriel
> -----Original Message-----
> From: Matthias Runge [mailto:mrunge at redhat.com]
> Sent: Thursday, November 08, 2012 7:51 AM
> To: OpenStack Development Mailing List
> Subject: Re: [openstack-dev] [horizon] settings part
>
> On 11/01/2012 09:19 PM, Matthias Runge wrote:
> > Hi,
> >
> > I have a question: using (folsom/master branch) horizon as a non
> > privileged user, the Settings menu has three panels:
> >
> > - "User Settings" (language, timezone), but nothing is saved other
> > than to the session.
> > - "OpenStack API" brings up a "Forbidden" message. Why is that link
> > shown? IMHO it should be possible to prevent showing that link.
> > - "EC2 Credentials" following that link immediately logs the
> > (non-privileged) user off, without a warning or giving a reason. ....
> >
> > Because this looks so unfinished/half finished, I'm writing to the
> > list, to ask, if anybody has a greater plan for this I didn't see....
> >
> Just a follow up:
>
> I was able to trace my issues down to the following difference between
> devstack and fedoras configuration:
>
> in devstack internalURL and publicURL are the same:
> Service: identity
> +-------------+----------------------------------+
> | Property | Value |
> +-------------+----------------------------------+
> | adminURL | http://192.168.36.14:35357/v2.0 |
> | id | 08d6bf6269d847f2b6d8ad3166409e3a |
> | internalURL | http://192.168.36.14:5000/v2.0 | publicURL |
> | http://192.168.36.14:5000/v2.0 |
> | region | RegionOne |
> +-------------+----------------------------------+
>
> in fedora, they're different:
> Service: identity
> +-------------+----------------------------------+
> | Property | Value |
> +-------------+----------------------------------+
> | adminURL | http://localhost:35357/v2.0 |
> | id | 9bf1ba3f23ce461682af37e5e944b4ad |
> | internalURL | http://localhost:35357/v2.0 |
> | publicURL | http://localhost:5000/v2.0 |
> | region | RegionOne |
> +-------------+----------------------------------+
>
>
> When overwriting the connection URL for keystone to use the public URL,
> everything works as expected.
>
> So, the question is, what is the appropriate value for internal URL?
>
>
> Regards,
> Matthias
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list