Hi Joe, Are you using the different FQDN for admin than internal/public for keystone endpoints ?
Regards *Jitendra* +91-9989743042 On Fri, Apr 8, 2016 at 3:18 AM, Kaustubh Kelkar < kaustubh.kel...@casa-systems.com> wrote: > > -----Original Message----- > From: D'ANDREA, JOE (JOE) [mailto:jdand...@research.att.com] > Sent: Thursday, April 7, 2016 4:28 PM > To: openstack@lists.openstack.org > Subject: [Openstack] [keystone] publicurl vs adminurl reachability > > > More to the point: It's unclear to me whether adminurl endpoints are > designed such that they may be restricted to private networks, or if they > are expected to be as reachable as publicurl endpoints are. > [Kaustubh] I haven't tried this out, but this seems to be supported. ( > http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-services.html#id1), > point 2: > "In a production environment, the variants might reside on separate > networks that service different types of users for security reasons". It > does makes sense to isolate at least the public API (read customer traffic > )network from the admin and internal API endpoints. > > > -Kaustubh > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
