Serguei, You should check with your security team. Normally, they will have a strong opinion on this configuration. In many cases, the public interfaces is the one enabled SSL and the internal one is not and indeed is a common practice.
Edgar On 4/13/16, 7:46 PM, "Serguei Bezverkhi (sbezverk)" <sbezv...@cisco.com> wrote: >Hello folks, > >I was wondering if you let me know if enabling keystone to listen on public >interface for ports 5000 and 35357 is considered as a normal practice. Example >if a customer wants to authenticate not via horizon or some other proxy but >setting up OS_AUTH_URL=http://blah variable to be able to run OpenStack >commands in cli. > >Thank you in advance > >Serguei > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators@lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
