[openstack-dev] [TripleO][keystone] internal endpoints vs sanity

Gyorgy Szombathelyi gyorgy.szombathelyi at doclerholding.com
Wed Jul 26 09:24:53 UTC 2017


Hi,
> 
> 
> 
> On Mon, Jul 24, 2017 at 10:53 AM, Dmitry Tantsur <dtantsur at redhat.com
> <mailto:dtantsur at redhat.com> > wrote:
> 
> 
> 	These questions are to the operators, and should be asked on
> openstack-operators IMO (maybe with tuning the overall tone to be a bit less
> aggressive).
> 
> 
> 
> So the question looks like this without tuning:
> 
>  - Do you think is it good idea to spam the users with internal data which
> useless for them unless they want to use it against you ?
> 

As a person who configured some OpenStack clusters, I can say that I use
the same name for internal and public endpoints, and configure the OpenStack
servers' host files to resolve this name to an internal address, where a load balancer
listens.
This is mainly because it makes TLS certificate handling much easier for us, we
can use a certificate for OpenStack services issued for one domain name only.
Second point of course, that there's no point to show the internal addresses to users
in the service catalog.

Br,
Gy├Ârgy
 


More information about the OpenStack-dev mailing list