[openstack-dev] [TripleO][keystone] internal endpoints vs sanity

Giulio Fidente gfidente at redhat.com
Fri Jul 21 11:37:34 UTC 2017

Only a comment about the status in TripleO

On 07/21/2017 12:40 PM, Attila Fazekas wrote:


> We should seriously consider using names instead of ip address also
> on the devstack gates to avoid people thinking the catalog entries
> meant to be used with ip address and keystone is a replacement for DNS.

this is configurable, you can have names or ips in the keystone
endpoints ... actually you can chose to use names or ips independently
for each service and even for the different endpoints
(Internal/Admin/Public) of the same service

if an operator, like you suggested, configures the DNS to resolve
different IPs for the same name basing on where the request comes from,
then he can use the same 'hostname' for all Public, Admin and Internal
endpoints which I *think* is what you're suggesting

also using names is the default when ssl is enabled

check environments/ssl/tls-endpoints-public-dns.yaml and note how
EndpointMap can resolve to CLOUDNAME or IP_ADDRESS

adding Juan on CC as he did a great work around this and can help further
Giulio Fidente

More information about the OpenStack-dev mailing list