how difficult is it to change the admin endpoint to a public url? > On Oct 20, 2015, at 5:28 PM, Matt Fischer <[email protected]> wrote: > > One simple workaround for this if you ssh directly to your Keystone node and > run the admin commands from there. Once you bootstrap your project with the > proper tenants and users it's not an operation that most people do all that > often. We expose an admin endpoint on an internal load balancer URL but not > publicly. You could always consider that, so that VPN access is required to > make admin calls. > > On Oct 20, 2015 5:25 PM, "James Denton" <[email protected]> wrote: > Hi Jason, > > Certain commands can only be executed via admin url, which in your case may > not be routable from external networks. You would need to consider changing > the admin endpoint to an ip/FQDN that can be accessed externally (like public > url) or limit the ability to execute those particular commands to internal > clients only that can hit the existing admin url. This is an architectural > decision you'll have to make that may impact security. > > James > > Sent from my iPhone > > > On Oct 20, 2015, at 6:04 PM, Sesso <[email protected]> wrote: > > > > I have this below. > > > > publicurl | > > internalurl | adminurl > > https://public.domain.com:5000/v2.0 | > > http://192.168.0.2:5000/v2.0 | http://192.168.0.2:35357/v2.0 > > > > > > The module is trying to access http://192.168.0.2:35357/v2.0 it seems > > but it will say connection time out. > > > > I can access the public URL > > > > But on create tenant, it replies with connection time out at the admin url. > > > > > > Jason > > > >> On Oct 20, 2015, at 2:58 PM, Abel Lopez <[email protected]> wrote: > >> > >> You should have your public endpoints be externally reachable. > >> > >>> On Oct 20, 2015, at 2:38 PM, Sesso <[email protected]> wrote: > >>> > >>> Hello, > >>> > >>> I am trying to use a module to automate VM deployments. I can't connect > >>> to keystone externally so it will make new tenants. What is the best > >>> route to allow access? > >>> I am using kilo. > >>> > >>> Sent from my iPhone > >>> _______________________________________________ > >>> OpenStack-operators mailing list > >>> [email protected] > >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > > _______________________________________________ > > OpenStack-operators mailing list > > [email protected] > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > _______________________________________________ > OpenStack-operators mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
