Why do most services look up the publicURL by default

asked 2015-07-02 09:13:55 -0500

updated 2015-07-02 15:47:39 -0500

In the OpenStack (Kilo) documentation I see a lot of configuration defaults controlling which service URL should be looked up. Most of them prefer the publicURL, for example the http://docs.openstack.org/kilo/config-reference/content/configuring-image-service-backends.html (default for Cinder) is:

cinder_catalog_info = volume:cinder:publicURL
swift_store_endpoint_type = publicURL

Similar is in http://docs.openstack.org/kilo/config-reference/content/nova-conf-changes-kilo.html (nova):

[cinder] catalog_info   volume:cinder:publicURL     volumev2:cinderv2:publicURL
[barbican] catalog_info = key-manager:barbican:public

I would have expected the internalURL for such links between services. Is this used differently in order to better allow regions and federation? Is there a easy way to make sure a OpenStack installation with a single AZ uses the internalURL endpoint type? Is it actually a good idea to change (all of those)?

In our case this is relevant as the public network has reduced bandwith compared to the internal network, but I can also imagine reducing the usage of public services allows easier hardening later on.

edit retag flag offensive close merge delete