Daniel Yes, if you want to do some administrative stuff you need to have access to management network to be able to work with internal and admin endpoints.
On Fri, Jul 10, 2015 at 9:58 AM, Daniel Comnea <comnea.d...@gmail.com> wrote: > I know about the flow but what i'm questioning is: > > admin endpoint is mapped to br-mgmt subnet (you do have the HAproxy as > below defined in 6.1. In 6.0 and before you had no HAproxy) > > listen keystone-2 > bind 192.168.20.3:35357 > option httpchk > option httplog > option httpclose > server node-17 192.168.20.20:35357 check inter 10s fastinter 2s > downinter 3s rise 3 fall 3 > server node-18 192.168.20.21:35357 check inter 10s fastinter 2s > downinter 3s rise 3 fall 3 > server node-23 192.168.20.26:35357 check inter 10s fastinter 2s > downinter 3s rise 3 fall 3 > > public endpoint is mapped to br-ex > > So with this behavior you are saying the bt-mgmt subnet (which i thought > is only for controller <> compute traffic, isolated network) should be > routable in the same way br-ex is? > > Dani > > > On Thu, Jul 9, 2015 at 11:30 PM, Stanislaw Bogatkin < > sbogat...@mirantis.com> wrote: > >> Hi Daniel, >> >> answer is no - actually there is no strong dependency between public and >> internal/admin endpoints. In your case keystone client ask keystone on >> address 10.52.71.39 (which, I think, was provided by system >> variable OS_AUTH_URL), auth on it and then keystone give endpoints list to >> client. Client selected admin endpoint from this list (192.168.20.3 >> address) and tried to get information you asked. It's a normal behavior. >> >> So, in Fuel by default we have 3 different endpoints for keystone - >> public on public VIP, port 5000; internal on management VIP, port 5000, >> admin on management VIP, port 35357. >> >> On Thu, Jul 9, 2015 at 4:59 PM, Daniel Comnea <comnea.d...@gmail.com> >> wrote: >> >>> Hi, >>> >>> I'm running Fuel 6.1 and i've seen an interesting behavior which i >>> think match bug [1] >>> >>> Basically the adminUrl & publicUrl part of keystone endpoint are >>> different >>> >>> And the result of that is that you can't run keystone cli - i.e >>> create/list tenants etc >>> >>> keystone --debug tenant-list >>> /usr/local/lib/python2.7/site-packages/keystoneclient/shell.py:65: >>> DeprecationWarning: The keystone CLI is deprecated in favor of python- >>> openstackclient. For a Python library, continue using python-keys >>> toneclient. >>> 'python-keystoneclient.', DeprecationWarning) >>> DEBUG:keystoneclient.auth.identity.v2:Making authentication request to >>> http://10.20.71.39:5000/v2.0/tokens >>> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP >>> connection (1): 10.52.71.39 >>> DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens >>> HTTP/1.1" 200 3709 >>> DEBUG:keystoneclient.session:REQ: curl -g -i -X GET >>> http://192.168.20.3:35357/v2.0/tenants -H "User-Agent: python- >>> keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: >>> {SHA1}cc918b89c2dca563edda43e01964b1f1979c552b" >>> >>> shouldn't adminURL = publicURL = br-ex for keystone? >>> >>> >>> Dani >>> >>> >>> [1] https://bugs.launchpad.net/fuel/+bug/1441855 >>> >>> >>> __________________________________________________________________________ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Yours Faithfully, Vladimir Kuklin, Fuel Library Tech Lead, Mirantis, Inc. +7 (495) 640-49-04 +7 (926) 702-39-68 Skype kuklinvv 35bk3, Vorontsovskaya Str. Moscow, Russia, www.mirantis.com <http://www.mirantis.ru/> www.mirantis.ru vkuk...@mirantis.com
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
