[Openstack] publicurl definition in keystone
Xin Zhao
xzhao at bnl.gov
Thu Oct 10 16:40:41 UTC 2013
Hi Thiago,
Thanks for your info and sharing scripts. I don't have similar config
in our firewall, are there other alternatives ?
Thanks,
Xin
On 10/9/2013 6:17 PM, Martinx - ジェームズ wrote:
> Hi Xin,
>
> I don't know if it can help you out but, I'm using "Name Resolution"
> for all my OpenStack services, this means that doesn't matter the IP
> of the endpoint, even if it is IPv4 or IPv6, it will work
> out-of-the-box (in most of my tests)...
>
> So, when people tries to resolve your Quantum endpoint from the
> Internet, you'll provide your ISP IP and, with a NAT rule at your
> firewall, you'll redirect it (DNAT) to the internal-only endpoint IP
> address. And, when people tries to resolve the endpoint from within
> your network, you should provide your internal IP for them.
>
> I can say that: it works for me.
>
>
> Please, check my Keystone scripts (you can see where I use Name
> Resolution instead of IPs):
>
> wget
> https://gist.github.com/tmartinx/5453358/raw/f132d27eeab0c3c25d5b3e65bfec6704503e84b6/keystone_basic.sh
> wget
> https://gist.github.com/tmartinx/5453336/raw/eded917b78213123c46b62be18f55f3c7aac558e/keystone_endpoints_basic.sh
>
>
> NOTE: When with IPv6, this is much more easy to achieve, since there
> is no need to deal with creepy NAT rules. Which means that your
> endpoints will always have a public IP address (if you have IPv6).
> Keep it in mind!
>
>
> Cheers!
> Thiago
>
>
> On 9 October 2013 12:28, Xin Zhao <xzhao at bnl.gov
> <mailto:xzhao at bnl.gov>> wrote:
>
> Thanks for all the reply.
>
> One more question though: when defining endpoint for network
> service, the IP should be for the network host, not the controller
> host (we have them in separate hosts, as most doc suggest).
> But the network host doesn't have a single out-facing IP assigned
> to it, the doc says the out-facing NIC should have a range of IPs
> assigned to it from the external provider network. In this case,
> how to define the publicurl for the quantum service endpoint? If
> the info of endpoints is only used by the other openstack
> components, can I just put the internal IP in for the publicurl ?
>
> Thanks,
> Xin
>
>
> On 10/7/2013 12:07 PM, JuanFra Rodriguez Cardoso wrote:
>> Yes, internal and adminurl are normally the same address.
>>
>> ---
>> JuanFra
>>
>>
>> 2013/10/7 Razique Mahroua <razique.mahroua at gmail.com
>> <mailto:razique.mahroua at gmail.com>>
>>
>> Hi,
>> yes :)
>> Internal and adminiurl should be the private network, and
>> "public" the "out-facing" IP
>>
>> Razique
>>
>> Le 7 oct. 2013 à 17:30, Xin Zhao <xzhao at bnl.gov
>> <mailto:xzhao at bnl.gov>> a écrit :
>>
>> > Hello,
>> >
>> > Our openstack controller has two IPs, one out-facing, the
>> other is internal only (on the management network).
>> > When it comes to define service endpoints in keystone, the
>> publicurl entry should be the out-facing IP, and the
>> > internalurl and adminurl should be the internal IP, right?
>> >
>> > Thanks,
>> > Xin
>> >
>> > _______________________________________________
>> > Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> > Post to : openstack at lists.openstack.org
>> <mailto:openstack at lists.openstack.org>
>> > Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack at lists.openstack.org
>> <mailto:openstack at lists.openstack.org>
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> <mailto:openstack at lists.openstack.org>
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131010/fc42ea2b/attachment.html>
More information about the Openstack
mailing list