Default DNS hostname for public TLS endpoints unavailable from external network
Bug #1484452 reported by
Evgeny Sikachev
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Fuel for OpenStack |
Invalid
|
High
|
Fuel Library (Deprecated) | ||
Bug Description
When we deploy MOS 7.0 with default DNS hostname for public TLS endpoints, we have similar endpoints:
And this URL's unavailable from external network. I think need use IP of Horizon instead public.fuel.local as default host
| Changed in fuel: | |
| milestone: | none → 7.0 |
| assignee: | nobody → Fuel Library Team (fuel-library) |
| importance: | Undecided → High |
| Changed in fuel: | |
| status: | New → Confirmed |
Revision history for this message
| Stanislaw Bogatkin (sbogatkin) wrote | #1 |
| Changed in fuel: | |
| status: | Confirmed → Invalid |
To post a comment you must log in.
It doesn't look as a bug for me. You should have consistent data in HTTP header and certificate CN, so if you will use IP for CN, you will have no such problem. Also, if you use DNS name in CN - you must set your DNS for external clients properly. It is not environment issue - in environment itself name resolution for endpoints is set.
As regarding horizon - we already have a horizon available by IP address. This address you can see after deployment. It is happened cause horizon itself not listed as an endpoint in keystone but created just as an IP address in HAProxy.
As regarding endpoints inavailability - I can propose 3 ways to solve this:
1. You can set public hostname in certificate equal to public VIP IP address. It should work, but you should know your VIP before deployment that can be a little tricky.
2. You can disable public TLS, then you'll have endpoints in keystone setted as IP addresses.
3. You can properly configure your client DNS resolution protocol - just add to it pair endpoint_