Hi, At the moment when you deploy RDO using RDO-Manager/tripleo, the keystone internal api endpoint and admin api endpoint will get deployed on the ctlplane network. Unfortunately there are situations where we would like the admin api endpoint to be deployed on the external network (for example, we want to do keystone admin commands from outside the ctlplane network). If I have an environment file with the following parameters: ServiceNetMap: NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api MongoDbNetwork: internal_api CinderApiNetwork: internal_api CinderIscsiNetwork: storage GlanceApiNetwork: storage GlanceRegistryNetwork: internal_api KeystoneAdminApiNetwork: external KeystonePublicApiNetwork: internal_api NeutronApiNetwork: internal_api HeatApiNetwork: internal_api NovaApiNetwork: internal_api NovaMetadataNetwork: internal_api NovaVncProxyNetwork: internal_api SwiftMgmtNetwork: storage_mgmt SwiftProxyNetwork: storage HorizonNetwork: internal_api MemcachedNetwork: internal_api RabbitMqNetwork: internal_api RedisNetwork: internal_api MysqlNetwork: internal_api CephClusterNetwork: storage_mgmt CephPublicNetwork: storage ControllerHostnameResolveNetwork: internal_api ComputeHostnameResolveNetwork: internal_api BlockStorageHostnameResolveNetwork: internal_api ObjectStorageHostnameResolveNetwork: internal_api CephStorageHostnameResolveNetwork: storage This correctly puts the keystone admin endpoint on the external network, but also puts the keystone internal api endpoint on the external network as well, which is not desired. There should be a way to just put the admin api endpoint on whatever network I would like, while keeping the internal api endpoint on the internal_api or ctlplane network. Regards, Graeme
This bug is against a Version which has reached End of Life. If it's still present in supported release (http://releases.openstack.org), please update Version and reopen.