On Thu, Apr 7, 2016 at 6:07 PM, Remo Mattei <r...@italy1.com> wrote: > I did a project where we had all three of them in a sep VLAN, sep net. > > So to answer your question, this depends how much you want to secure, what > is the requirements of your env, with access etc.. > here is one of the answer from OpenStack > > Keep in mind that public URL are just read only in most cases, where Admin > URL are used to set password change roles, add roles etc.. > > > > https://ask.openstack.org/en/question/9255/when-the-internal-endpoint-will-be-used/ > > > > Remo > > On Apr 7, 2016, at 14:48, Kaustubh Kelkar < > kaustubh.kel...@casa-systems.com> wrote: > > > > > > -----Original Message----- > > From: D'ANDREA, JOE (JOE) [mailto:jdand...@research.att.com] > > Sent: Thursday, April 7, 2016 4:28 PM > > To: openstack@lists.openstack.org > > Subject: [Openstack] [keystone] publicurl vs adminurl reachability > > > > > > More to the point: It's unclear to me whether adminurl endpoints are > designed such that they may be restricted to private networks, or if they > are expected to be as reachable as publicurl endpoints are. > > [Kaustubh] I haven't tried this out, but this seems to be supported. ( > http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-services.html#id1), > point 2: > > "In a production environment, the variants might reside on separate > networks that service different types of users for security reasons". It > does makes sense to isolate at least the public API (read customer traffic > )network from the admin and internal API endpoints. > > > > > > -Kaustubh >
Also keep in mind there is no real differentiation between "admin" and "public" in keystone V3. The difference (public for auth only and a few other minor things) was an artifact of the V2 implementation. --Morgan
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
