[Openstack] Network setup - Swift / keystone location and configuraton?

Kuo Hugo tonytkdk at gmail.com
Sat Jan 19 08:57:10 UTC 2013 

Would you mind to have a network diagram of your environment ?

Hugo


2013/1/19 Brian Ipsen <brian.ipsen at ryesgade47c.dk>

>  Hi****
>
> ** **
>
> I am trying to figure out how to build a swift setup with Keystone
> identity management – and have the environment secured by a firewall.****
>
> ** **
>
> I expect, that a number of proxy nodes are accessible through the firewall
> (traffic will be NAT’ed). The proxy nodes are connected to a private
> “storage network” (not accessible from the outside) on a second network
> interface. Will the keystone have to be on the “public” side of the proxy
> nodes – or can it be on the “private” side (see
> http://docs.openstack.org/trunk/openstack-object-storage/admin/content/example-object-storage-installation-architecture.html- here it is on the “public” side)
> ****
>
> ** **
>
> But I am not quite sure about the configuration of the different service
> when it comes to specifying the different URL’s…****
>
> For example, for the Keystone service:****
>
> ** **
>
> Assuming, that storage/swift nodes are located in the range
> 172.21.100.20-172.21.100.80, the keystone server on 172.21.100.10 – and the
> proxies on 172.21.100.100-172.21.100.120 (and external
> 10.32.30.10-10.32.30.30). What would be the correct IP’s to use on this
> command ?****
>
> keystone service-create --name keystone --type=identity --description
> "Keystone Identity Service"****
>
> keystone endpoint-create --region RegionOne --service-id $KEYSVC_ID
> --publicurl 'http://x.x.x.x5000/v2.0' --adminurl '
> http://x.x.x.x:35357/v2.0' --internalurl 'http://x.x.x.x:5000/v2.0'****
>
> ** **
>
> And for swift:****
>
> keystone service-create --name keystone --type=identity --description
> "Swift Storage Service"****
>
> keystone endpoint-create --service-id $SWIFTSVC_ID --publicurl '
> http://x.x.x.x:8080/v1/AUTH_\$(tenant_id)s' --adminurl '
> http://x.x.x.x:8080/v1/AUTH_\$(tenant_id)s ' --internalurl '
> http://x.x.x.x:8080/v1/AUTH_\$(tenant_id)s '****
>
> ** **
>
> Regards****
>
> Brian****
>
> ** **
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
+Hugo Kuo+
tonytkdk at gmail.com
+ <tonytkdk at gmail.com>886 935004793
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130119/8a919975/attachment.html>

More information about the Openstack mailing list