Does anyone out there restrict their adminurl endpoints to private networks (e.g., reachable only from within the cluster hosts themselves)?
I ask because I'm working on a cluster where the publicurl endpoints are reachable from my workstation, but the adminurl endpoints aren't. As such, a request like 'keystone tenant-list' ends up stalling while ultimately connecting to an adminurl endpoint. Other requests like 'nova list' appear to use the public endpoint, which of course works fine. More to the point: It's unclear to me whether adminurl endpoints are designed such that they may be restricted to private networks, or if they are expected to be as reachable as publicurl endpoints are. Perhaps the answer is "It depends." Thoughts and insight welcome! jd -- Joe D’Andrea Cloud Software Infrastructure Research, AT&T Labs - Research AT&T Shannon Labs 1 AT&T Way Bedminster NJ, 07921 _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
