Hi Thiago,
Thanks for your info and sharing scripts. I don't have similar config
in our firewall, are there other alternatives ?
Thanks,
Xin
On 10/9/2013 6:17 PM, Martinx - ジェームズ wrote:
Hi Xin,
I don't know if it can help you out but, I'm using "Name Resolution"
for all my OpenStack services, this means that doesn't matter the IP
of the endpoint, even if it is IPv4 or IPv6, it will work
out-of-the-box (in most of my tests)...
So, when people tries to resolve your Quantum endpoint from the
Internet, you'll provide your ISP IP and, with a NAT rule at your
firewall, you'll redirect it (DNAT) to the internal-only endpoint IP
address. And, when people tries to resolve the endpoint from within
your network, you should provide your internal IP for them.
I can say that: it works for me.
Please, check my Keystone scripts (you can see where I use Name
Resolution instead of IPs):
wget
https://gist.github.com/tmartinx/5453358/raw/f132d27eeab0c3c25d5b3e65bfec6704503e84b6/keystone_basic.sh
wget
https://gist.github.com/tmartinx/5453336/raw/eded917b78213123c46b62be18f55f3c7aac558e/keystone_endpoints_basic.sh
NOTE: When with IPv6, this is much more easy to achieve, since there
is no need to deal with creepy NAT rules. Which means that your
endpoints will always have a public IP address (if you have IPv6).
Keep it in mind!
Cheers!
Thiago
On 9 October 2013 12:28, Xin Zhao <xz...@bnl.gov
<mailto:xz...@bnl.gov>> wrote:
Thanks for all the reply.
One more question though: when defining endpoint for network
service, the IP should be for the network host, not the controller
host (we have them in separate hosts, as most doc suggest).
But the network host doesn't have a single out-facing IP assigned
to it, the doc says the out-facing NIC should have a range of IPs
assigned to it from the external provider network. In this case,
how to define the publicurl for the quantum service endpoint? If
the info of endpoints is only used by the other openstack
components, can I just put the internal IP in for the publicurl ?
Thanks,
Xin
On 10/7/2013 12:07 PM, JuanFra Rodriguez Cardoso wrote:
Yes, internal and adminurl are normally the same address.
---
JuanFra
2013/10/7 Razique Mahroua <razique.mahr...@gmail.com
<mailto:razique.mahr...@gmail.com>>
Hi,
yes :)
Internal and adminiurl should be the private network, and
"public" the "out-facing" IP
Razique
Le 7 oct. 2013 à 17:30, Xin Zhao <xz...@bnl.gov
<mailto:xz...@bnl.gov>> a écrit :
> Hello,
>
> Our openstack controller has two IPs, one out-facing, the
other is internal only (on the management network).
> When it comes to define service endpoints in keystone, the
publicurl entry should be the out-facing IP, and the
> internalurl and adminurl should be the internal IP, right?
>
> Thanks,
> Xin
>
> _______________________________________________
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
<mailto:openstack@lists.openstack.org>
> Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
<mailto:openstack@lists.openstack.org>
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
<mailto:openstack@lists.openstack.org>
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
