OpenStack Charm Guide

keystone always advertises its public endpoint in the identity-service relation

Bug #1812361 reported by Junien F on 2019-01-18

This bug affects 4 people

	Status	Importance	Assigned to	Milestone
OpenStack Charm Guide	Fix Released	Undecided	Unassigned	OpenStack Charm Guide 21.04
OpenStack Dashboard Charm	Fix Released	Low	Felipe Reyes	OpenStack Dashboard Charm 21.04
OpenStack Keystone Charm	Fix Released	Low	Felipe Reyes	OpenStack Keystone Charm 21.04

Bug Description

Hi,

keystone always advertises its public endpoint in the identity-service relation, see :

https://github.com/openstack/charm-keystone/blob/5a18adffbd413dcabed2e443e44f572e36a4c108/hooks/keystone_utils.py#L1551

https://github.com/openstack/charm-keystone/blob/5a18adffbd413dcabed2e443e44f572e36a4c108/hooks/keystone_utils.py#L1671

There should at least be a config knob to make it advertise its private endpoint.

I need this because the openstack-dashboard charm will use this host to reach keystone, so there's no way to tell openstack-dashboard to use the internal endpoint.

Thanks

Tags:

Revision history for this message

Junien F (axino) wrote on 2019-01-25:

heat is also using the public keystone endpoint even with "use-internal-endpoints" set to true.

Revision history for this message

James Page (james-page) wrote on 2019-02-22:

This is somewhat complicated - currently we template:

[keystone_authtoken]
auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}

where service host is always the PUBLIC endpoint, and auth host is always the ADMIN endpoint.

auth_uri must be the PUBLIC endpoint as its used in 'authentication required' responses to end users - so it needs to be the PUBLIC endpoint.

The charm usage of the ADMIN endpoint for the auth_url appears to be atypical - most deployments will use the INTERNAL endpoint for this configuration.

That said the openstack-dashboard charm does no differentiation between endpoints - it just gets pointed at service_host (which is always the public endpoint).

Revision history for this message

James Page (james-page) wrote on 2019-02-22:

I think exposing the internal endpoint for keystone and an additional set of keys is a good idea; the admin endpoint is a bit of a legacy concept.

Changed in charm-openstack-dashboard:
status:	New → Triaged
Changed in charm-keystone:
status:	New → Triaged
importance:	Undecided → Low
Changed in charm-openstack-dashboard:
importance:	Undecided → Low

Seyeong Kim (seyeongkim) on 2019-12-03

tags:

added: sts

Revision history for this message

Boggy (kowalczykb) wrote on 2019-12-09:

Exposing internal url - https://review.opendev.org/#/c/696997

Felipe Reyes (freyes) on 2021-02-17

Changed in charm-keystone:
assignee:	nobody → Felipe Reyes (freyes)
Changed in charm-openstack-dashboard:
assignee:	nobody → Felipe Reyes (freyes)
Changed in charm-keystone:
status:	Triaged → In Progress
Changed in charm-openstack-dashboard:
status:	Triaged → In Progress

Revision history for this message

Felipe Reyes (freyes) wrote on 2021-02-17:

PR for openstack-dashboard https://review.opendev.org/c/openstack/charm-openstack-dashboard/+/776254

Edward Hope-Morley (hopem) on 2021-03-15

Changed in charm-keystone:
milestone:	none → 21.04
Changed in charm-openstack-dashboard:
milestone:	none → 21.04

Revision history for this message

Aurelien Lourot (aurelien-lourot) wrote on 2021-03-16:

@Felipe would you like to create a charm-guide review for the release notes? Thanks!

Changed in charm-keystone:
status:	In Progress → Fix Committed
Changed in charm-openstack-dashboard:
status:	In Progress → Fix Committed

Aurelien Lourot (aurelien-lourot) on 2021-03-30

Changed in charm-guide:
status:	New → In Progress
assignee:	nobody → Aurelien Lourot (aurelien-lourot)

Revision history for this message

Aurelien Lourot (aurelien-lourot) wrote on 2021-03-30:

Release notes: https://review.opendev.org/c/openstack/charm-guide/+/783879

Aurelien Lourot (aurelien-lourot) on 2021-03-31

Changed in charm-guide:
status:	In Progress → Fix Committed
assignee:	Aurelien Lourot (aurelien-lourot) → nobody

Alex Kavanagh (ajkavanagh) on 2021-05-03

Changed in charm-guide:
milestone:	none → 21.04
Changed in charm-keystone:
status:	Fix Committed → Fix Released
Changed in charm-openstack-dashboard:
status:	Fix Committed → Fix Released
Changed in charm-guide:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.