It's simple. Just delete the existing one, keystone endpoint-delete <ID> and then re-create it. However you should follow James's advice and make sure you understand the security implications first.
On Tue, Oct 20, 2015 at 7:21 PM, Sesso <[email protected]> wrote: > how difficult is it to change the admin endpoint to a public url? > > > On Oct 20, 2015, at 5:28 PM, Matt Fischer <[email protected]> wrote: > > > > One simple workaround for this if you ssh directly to your Keystone node > and run the admin commands from there. Once you bootstrap your project with > the proper tenants and users it's not an operation that most people do all > that often. We expose an admin endpoint on an internal load balancer URL > but not publicly. You could always consider that, so that VPN access is > required to make admin calls. > > > > On Oct 20, 2015 5:25 PM, "James Denton" <[email protected]> > wrote: > > Hi Jason, > > > > Certain commands can only be executed via admin url, which in your case > may not be routable from external networks. You would need to consider > changing the admin endpoint to an ip/FQDN that can be accessed externally > (like public url) or limit the ability to execute those particular commands > to internal clients only that can hit the existing admin url. This is an > architectural decision you'll have to make that may impact security. > > > > James > > > > Sent from my iPhone > > > > > On Oct 20, 2015, at 6:04 PM, Sesso <[email protected]> wrote: > > > > > > I have this below. > > > > > > publicurl | > internalurl | > adminurl > > > https://public.domain.com:5000/v2.0 | > http://192.168.0.2:5000/v2.0 | http://192.168.0.2:35357/v2.0 > > > > > > > > > The module is trying to access http://192.168.0.2:35357/v2.0 it > seems but it will say connection time out. > > > > > > I can access the public URL > > > > > > But on create tenant, it replies with connection time out at the > admin url. > > > > > > > > > Jason > > > > > >> On Oct 20, 2015, at 2:58 PM, Abel Lopez <[email protected]> wrote: > > >> > > >> You should have your public endpoints be externally reachable. > > >> > > >>> On Oct 20, 2015, at 2:38 PM, Sesso <[email protected]> wrote: > > >>> > > >>> Hello, > > >>> > > >>> I am trying to use a module to automate VM deployments. I can't > connect to keystone externally so it will make new tenants. What is the > best route to allow access? > > >>> I am using kilo. > > >>> > > >>> Sent from my iPhone > > >>> _______________________________________________ > > >>> OpenStack-operators mailing list > > >>> [email protected] > > >>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > > > > > _______________________________________________ > > > OpenStack-operators mailing list > > > [email protected] > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > _______________________________________________ > > OpenStack-operators mailing list > > [email protected] > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > >
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
