Bug 1415175 - Keystone InternalURL endpoint is unusable
Summary: Keystone InternalURL endpoint is unusable
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone
Version: 9.0 (Mitaka)
Hardware: x86_64
OS: Linux
Target Milestone: ---
: ---
Assignee: John Dennis
QA Contact: nlevinki
Depends On:
TreeView+ depends on / blocked
Reported: 2017-01-20 13:11 UTC by Benjamin Schmaus
Modified: 2020-07-16 09:08 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-06-21 15:31:03 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Benjamin Schmaus 2017-01-20 13:11:11 UTC
Description of problem:

It is typical for our customers to VPN in to their OpenStack environment, and only have access to the private networks in the environment via the VPN.  In these cases, we would like them to use the Internal endpoints.  Due to the Keystone configuration, any requests to the internal identity endpoint are re-directed to the PublicURL.  To get around this, currently our customers have to modify their environment files to set OS_AUTH_URL to the identity endpoint admin URL.  This scenario, while not the preferred solution, works fine along with the endpoint type set to internal.  Things break with this configuration when the customer attempts to use any of the identity functions.

Ideally we would be able to set the auth URL and endpoint type to Internal and have that work successfully.  In the future OSP 10 on, we would also like to take advantage of SSL enabled internal endpoints, which do/will use a different subnet from the Public URLs.

Version-Release number of selected component (if applicable):
OSP9 & OSP10

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 5 Benjamin Schmaus 2017-04-12 12:37:19 UTC
@John - Is there any information regarding the possibility of fixing this issue?

Note You need to log in before you can comment on or make changes to this bug.