[openstack-dev] [Fuel] API services available on public VIP

Adam Heczko aheczko at mirantis.com
Fri Nov 13 13:02:53 UTC 2015


Hello fuelers,

today I'd like to raise a questions about Fuel deployment practice related
to Public (external) network.
Current approach is to expose by default over public IP openstack API
endpoints like nova, cinder, glance, neutron etc. These API services are
exposed through HAProxy with TLS support, so this approach seems to be
relatively secure.
OTOH industry practice is to don't expose over public IPs too much and
rather rely on user action / decision to expose API access to the public.
I'd like to ask for your opinions regarding this topic and approach taken
by Fuel.

Thank you,

-- 
Adam Heczko
Security Engineer @ Mirantis Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151113/55903c26/attachment.html>


More information about the OpenStack-dev mailing list