Dani You are always welcome - I am adding fuel documentation team into the thread.
On Fri, Jul 10, 2015 at 5:45 PM, Daniel Comnea <comnea.d...@gmail.com> wrote: > Okay Vladimir, thanks for confirmation! > > So then you happy to stick my sketch proposal (of course needs re-wording) > into documentation? > > Dani > > On Fri, Jul 10, 2015 at 11:31 AM, Vladimir Kuklin <vkuk...@mirantis.com> > wrote: > >> Daniel >> >> Yes, if you want to do some administrative stuff you need to have access >> to management network to be able to work with internal and admin endpoints. >> >> On Fri, Jul 10, 2015 at 9:58 AM, Daniel Comnea <comnea.d...@gmail.com> >> wrote: >> >>> I know about the flow but what i'm questioning is: >>> >>> admin endpoint is mapped to br-mgmt subnet (you do have the HAproxy as >>> below defined in 6.1. In 6.0 and before you had no HAproxy) >>> >>> listen keystone-2 >>> bind 192.168.20.3:35357 >>> option httpchk >>> option httplog >>> option httpclose >>> server node-17 192.168.20.20:35357 check inter 10s fastinter 2s >>> downinter 3s rise 3 fall 3 >>> server node-18 192.168.20.21:35357 check inter 10s fastinter 2s >>> downinter 3s rise 3 fall 3 >>> server node-23 192.168.20.26:35357 check inter 10s fastinter 2s >>> downinter 3s rise 3 fall 3 >>> >>> public endpoint is mapped to br-ex >>> >>> So with this behavior you are saying the bt-mgmt subnet (which i thought >>> is only for controller <> compute traffic, isolated network) should be >>> routable in the same way br-ex is? >>> >>> Dani >>> >>> >>> On Thu, Jul 9, 2015 at 11:30 PM, Stanislaw Bogatkin < >>> sbogat...@mirantis.com> wrote: >>> >>>> Hi Daniel, >>>> >>>> answer is no - actually there is no strong dependency between public >>>> and internal/admin endpoints. In your case keystone client ask keystone on >>>> address 10.52.71.39 (which, I think, was provided by system >>>> variable OS_AUTH_URL), auth on it and then keystone give endpoints list to >>>> client. Client selected admin endpoint from this list (192.168.20.3 >>>> address) and tried to get information you asked. It's a normal behavior. >>>> >>>> So, in Fuel by default we have 3 different endpoints for keystone - >>>> public on public VIP, port 5000; internal on management VIP, port 5000, >>>> admin on management VIP, port 35357. >>>> >>>> On Thu, Jul 9, 2015 at 4:59 PM, Daniel Comnea <comnea.d...@gmail.com> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> I'm running Fuel 6.1 and i've seen an interesting behavior which i >>>>> think match bug [1] >>>>> >>>>> Basically the adminUrl & publicUrl part of keystone endpoint are >>>>> different >>>>> >>>>> And the result of that is that you can't run keystone cli - i.e >>>>> create/list tenants etc >>>>> >>>>> keystone --debug tenant-list >>>>> /usr/local/lib/python2.7/site-packages/keystoneclient/shell.py:65: >>>>> DeprecationWarning: The keystone CLI is deprecated in favor of python- >>>>> openstackclient. For a Python library, continue using python-keys >>>>> toneclient. >>>>> 'python-keystoneclient.', DeprecationWarning) >>>>> DEBUG:keystoneclient.auth.identity.v2:Making authentication request >>>>> to http://10.20.71.39:5000/v2.0/tokens >>>>> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP >>>>> connection (1): 10.52.71.39 >>>>> DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens >>>>> HTTP/1.1" 200 3709 >>>>> DEBUG:keystoneclient.session:REQ: curl -g -i -X GET >>>>> http://192.168.20.3:35357/v2.0/tenants -H "User-Agent: python- >>>>> keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: >>>>> {SHA1}cc918b89c2dca563edda43e01964b1f1979c552b" >>>>> >>>>> shouldn't adminURL = publicURL = br-ex for keystone? >>>>> >>>>> >>>>> Dani >>>>> >>>>> >>>>> [1] https://bugs.launchpad.net/fuel/+bug/1441855 >>>>> >>>>> >>>>> __________________________________________________________________________ >>>>> OpenStack Development Mailing List (not for usage questions) >>>>> Unsubscribe: >>>>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>> >>>>> >>>> >>>> >>>> __________________________________________________________________________ >>>> OpenStack Development Mailing List (not for usage questions) >>>> Unsubscribe: >>>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>> >>>> >>> >>> >>> __________________________________________________________________________ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> >> -- >> Yours Faithfully, >> Vladimir Kuklin, >> Fuel Library Tech Lead, >> Mirantis, Inc. >> +7 (495) 640-49-04 >> +7 (926) 702-39-68 >> Skype kuklinvv >> 35bk3, Vorontsovskaya Str. >> Moscow, Russia, >> www.mirantis.com <http://www.mirantis.ru/> >> www.mirantis.ru >> vkuk...@mirantis.com >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Yours Faithfully, Vladimir Kuklin, Fuel Library Tech Lead, Mirantis, Inc. +7 (495) 640-49-04 +7 (926) 702-39-68 Skype kuklinvv 35bk3, Vorontsovskaya Str. Moscow, Russia, www.mirantis.com <http://www.mirantis.ru/> www.mirantis.ru vkuk...@mirantis.com
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
