I am also seeing nova-api attempting to use the keystone public endpoint when /v2.1/os-quota-sets is called on my Pike deployment. This is not valid in my environment; the API must use the internal endpoint to reach keystone. When the public endpoint is used, the connection sits in SYN_SENT state in netstat until it times out after a minute or two.
I am also seeing nova-api attempting to use the keystone public endpoint when /v2.1/os-quota-sets is called on my Pike deployment. This is not valid in my environment; the API must use the internal endpoint to reach keystone. When the public endpoint is used, the connection sits in SYN_SENT state in netstat until it times out after a minute or two.
Hacking the endpoint_filter at https:/ /github. com/openstack/ nova/blob/ d536bec9fc098c9 db8d46f39aab30f eb0783e428/ nova/api/ openstack/ identity. py#L43- L46 to include interface=internal fixes the issue.
Unless I am mistaken this issue still exists in master: /github. com/openstack/ nova/blob/ ef4000a0d326deb 004843ee51d1803 0224c5630f/ nova/api/ openstack/ identity. py#L33- L35
https:/