[openstack-dev] [Keystone] Admin and public VersionV3 endpoints

hashmap hashmap at gmail.com
Sun Nov 23 18:08:05 UTC 2014


while working on a bug 'Keystone API GET 5000/v3 returns wrong endpoint
URL in response body'

I found a design solution which I need to understand better to fix this
bug. I'd appreciate the community help.

In service.py
we create 2 identical apps which are both deployed on admin and public
ports (interfaces).

# Add in the v3 version api
sub_routers.append(routers.VersionV3('admin', _routers))
sub_routers.append(routers.VersionV3('public', _routers))

>From my experience the first one always handles all
requests to the VersionV3 app. This is why the admin endpoint URL is
returned regardless of the request URL.

We can see it only if 'admin_endpoint' is set in keystone.conf.
base_url from wsgi.py returns context['host_url'] and only if
public_endpoint or admin_endpoint is set (in our case admin app always
handles requests so public_endpoint is irelevant) returns URL from


So I have 2 questions:

* Why do we need to have this setup? I saw in docs a remark about
'historical reasons' which I don't understand. Anyway the second
VersionV3 has no chance to handle any requests (perhaps I missed

* Why do we need admin_endpoint, public_endpoint settings in
keystone.conf? There is a comment "You should only need to set this
value if the base URL contains a path (e.g. /prefix/v2.0) or the
endpoint should be found on a different server." The first point might
be addressed by filly reconstruct the request URL by using
context['environment']. Could somebody explain the second one?


More information about the OpenStack-dev mailing list