Out of the box, vms usually can contact the controllers though the routers nat, but not visa versa. So its preferable for guest agents to make the connection, not the controller connect to the guest agents. No floating ips, security group rules or special networks are needed then.
Thanks, Kevin ________________________________ From: Clint Byrum Sent: Monday, June 15, 2015 6:10:27 PM To: openstack-dev Subject: Re: [openstack-dev] [Magnum] TLS Support in Magnum Excerpts from Fox, Kevin M's message of 2015-06-15 15:59:18 -0700: > No, I was confused by your statement: > "When we create a bay, we have an ssh keypair that we use to inject the ssh > public key onto the nova instances we create." > > It sounded like you were using that keypair to inject a public key. I just > misunderstood. > > It does raise the question though, are you using ssh between the controller > and the instance anywhere? If so, we will still run into issues when we go to > try and test it at our site. Sahara does currently, and we're forced to put a > floating ip on every instance. Its less then ideal... > Why not just give each instance a port on a network which can route directly to the controller's network? Is there some reason you feel "forced" to use a floating IP? __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev