The answer is depends on your service plan . Generally , the IP for keystone is the network which could be accessed from client . Also , the publicurl / adminurl / internal could be different .
Keystone is the auth agent for swift(and all other services) , while you produce a request to ask for "services URLs / role / token" with your username/password . It will return a bunch of of information . In keystone v1.0 legacy auth method , it presents as several x-headers . In keystone v2.0 , it returns a pack of json which includes more information . Such as service urls , in your case the service type is object-storage(aka. swift) . The client could parse the needed url for using. The swift-client is using --publicurl as I know . [Q]Could I have a question ? Which network will the client located ? For x.x.x.x , you can just fill in the IP which accessible from client . If there's a NAT of LB , you need to point to NAT entry point of LB IP and redirect to the service port or internal IP . keystone endpoint-create --region RegionOne --service-id $KEYSVC_ID --publicurl 'http://x.x.x.x5000/v2.0' --adminurl 'http://x.x.x.x:35357/v2.0' --internalurl 'http://x.x.x.x:5000/v2.0' keystone endpoint-create --service-id $SWIFTSVC_ID --publicurl ' http://x.x.x.x:8080/v1/AUTH_\$(tenant_id)s' --adminurl ' http://x.x.x.x:8080/v1/AUTH_\$(tenant_id)s ' --internalurl ' http://x.x.x.x:8080/v1/AUTH_\$(tenant_id)s ' 2013/1/19 Brian Ipsen <brian.ip...@ryesgade47c.dk> > Hi**** > > ** ** > > I am trying to figure out how to build a swift setup with Keystone > identity management – and have the environment secured by a firewall.**** > > ** ** > > I expect, that a number of proxy nodes are accessible through the firewall > (traffic will be NAT’ed). The proxy nodes are connected to a private > “storage network” (not accessible from the outside) on a second network > interface. Will the keystone have to be on the “public” side of the proxy > nodes – or can it be on the “private” side (see > http://docs.openstack.org/trunk/openstack-object-storage/admin/content/example-object-storage-installation-architecture.html- > here it is on the “public” side) > **** > > ** ** > > But I am not quite sure about the configuration of the different service > when it comes to specifying the different URL’s…**** > > For example, for the Keystone service:**** > > ** ** > > Assuming, that storage/swift nodes are located in the range > 172.21.100.20-172.21.100.80, the keystone server on 172.21.100.10 – and the > proxies on 172.21.100.100-172.21.100.120 (and external > 10.32.30.10-10.32.30.30). What would be the correct IP’s to use on this > command ?**** > > keystone service-create --name keystone --type=identity --description > "Keystone Identity Service"**** > > keystone endpoint-create --region RegionOne --service-id $KEYSVC_ID > --publicurl 'http://x.x.x.x5000/v2.0' --adminurl ' > http://x.x.x.x:35357/v2.0' --internalurl 'http://x.x.x.x:5000/v2.0'**** > > ** ** > > And for swift:**** > > keystone service-create --name keystone --type=identity --description > "Swift Storage Service"**** > > keystone endpoint-create --service-id $SWIFTSVC_ID --publicurl ' > http://x.x.x.x:8080/v1/AUTH_\$(tenant_id)s' --adminurl ' > http://x.x.x.x:8080/v1/AUTH_\$(tenant_id)s ' --internalurl ' > http://x.x.x.x:8080/v1/AUTH_\$(tenant_id)s '**** > > ** ** > > Regards**** > > Brian**** > > ** ** > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > -- +Hugo Kuo+ tonyt...@gmail.com + <tonyt...@gmail.com>886 935004793
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
