| *** ykarel__ is now known as ykarel | 04:42 | |
| anande_ | Hi - I am testing freezer on openstack-helm. I am trying to now communicate to freezer-api from a VM where freezer-scheduler and freezer-agent will be running. | 09:27 |
|---|---|---|
| anande_ | The keystone-api endpoint via an rc file communicates back when testing via a curl command. | 09:27 |
| anande_ | Do I need the service tenant to communicate over the public endpoint to the freezer-api? | 09:28 |
| gtema | anande_ I am not sure I really get the question, but Keystone on it's own never communicates with other services. It only provider clients with the information where to talk to and the services may get dedicated keystone users for cross-communication. If the client is expected to talk with the freezer api (what is most likely the case) you need to register the publicly accessible endpoint in the catalog | 09:46 |
| anande_ | @gtema : "If the client is expected to talk with the freezer api (what is most likely the case) you need to register the publicly accessible endpoint in the catalog" - Yes I have the freezer-api public endpoint in the catalog. | 09:58 |
| anande_ | gtema: so a service tenant can use the public endpoint of an api-service? Any benefits in doing so? | 10:01 |
| gtema | what do you mean by service tenant | 10:01 |
| anande_ | gtema: the one seen in 'openstack project list' besides admin | 10:16 |
| gtema | ok, so you mean a regular customer projects (not tenants). What do you then mean "customer project can user the public point of an api-service"? It is not the projects that use the endpoint, it is the customer clients (cli, sdk etc) that access endpoint. Whatever is means to be used by customer (end user) should be always going through "public" interface of the service (on practice nothing prevents you to choose the other one though) | 10:20 |
| anande_ | gtema: got you! In my case - only the public endpoint's FQDN can be resolved by the client over DNS, the admin and internal endpoints FQDN cant be resolved. Thats why I have no other option than to make the client choose the public endpoint | 10:24 |
| anande_ | which is why I was checking whether service project needs to be used when using the public endpoint | 10:25 |
| gtema | clients always default to public endpoint unless explicitly specified. Keystone will refuse to create any other interface than [public, internal, admin] - those exist only as a way to differentiate the inter-service communications but are not necessary | 10:26 |
| *** mhen_ is now known as mhen | 10:44 | |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!