On Fri, Apr 8, 2016 at 1:46 PM, Morgan Fainberg <morgan.fainb...@gmail.com> wrote: > > > On Thu, Apr 7, 2016 at 6:07 PM, Remo Mattei <r...@italy1.com> wrote: >> >> I did a project where we had all three of them in a sep VLAN, sep net. >> >> So to answer your question, this depends how much you want to secure, what >> is the requirements of your env, with access etc.. >> here is one of the answer from OpenStack >> >> Keep in mind that public URL are just read only in most cases, where Admin >> URL are used to set password change roles, add roles etc.. >> >> >> >> https://ask.openstack.org/en/question/9255/when-the-internal-endpoint-will-be-used/ >> >> >> >> Remo >> > On Apr 7, 2016, at 14:48, Kaustubh Kelkar >> > <kaustubh.kel...@casa-systems.com> wrote: >> > >> > >> > -----Original Message----- >> > From: D'ANDREA, JOE (JOE) [mailto:jdand...@research.att.com] >> > Sent: Thursday, April 7, 2016 4:28 PM >> > To: openstack@lists.openstack.org >> > Subject: [Openstack] [keystone] publicurl vs adminurl reachability >> > >> > >> > More to the point: It's unclear to me whether adminurl endpoints are >> > designed such that they may be restricted to private networks, or if they >> > are expected to be as reachable as publicurl endpoints are. >> > [Kaustubh] I haven't tried this out, but this seems to be supported. >> > (http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-services.html#id1), >> > point 2: >> > "In a production environment, the variants might reside on separate >> > networks that service different types of users for security reasons". It >> > does makes sense to isolate at least the public API (read customer traffic >> > )network from the admin and internal API endpoints. >> > >> > >> > -Kaustubh > > > Also keep in mind there is no real differentiation between "admin" and > "public" in keystone V3. The difference (public for auth only and a few > other minor things) was an artifact of the V2 implementation.
So regarding to v3, the difference between them does not make at all in terms of functionality? > > --Morgan > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > -- Email: shin...@linux.com GitHub: shinobu-x Blog: Life with Distributed Computational System based on OpenSource _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
