[Openstack] [keystone] publicurl vs adminurl reachability

D'ANDREA, JOE (JOE) jdandrea at research.att.com
Thu Apr 7 20:27:57 UTC 2016


Does anyone out there restrict their adminurl endpoints to private networks (e.g., reachable only from within the cluster hosts themselves)?

I ask because I'm working on a cluster where the publicurl endpoints are reachable from my workstation, but the adminurl endpoints aren't.

As such, a request like 'keystone tenant-list' ends up stalling while ultimately connecting to an adminurl endpoint. Other requests like 'nova list' appear to use the public endpoint, which of course works fine.

More to the point: It's unclear to me whether adminurl endpoints are designed such that they may be restricted to private networks, or if they are expected to be as reachable as publicurl endpoints are. 

Perhaps the answer is "It depends."

Thoughts and insight welcome!

jd

--
Joe D’Andrea
Cloud Software Infrastructure Research, AT&T Labs - Research
AT&T Shannon Labs
1 AT&T Way
Bedminster NJ, 07921



More information about the Openstack mailing list