Dedicated set of nova-api instances for metadata

asked 2015-09-05 06:18:33 -0500

nd gravatar image

Hello

I was reading the Cloud admin guide for Openstack (http://docs.openstack.org/admin-guide...). In the "Configure Metadata" section the Note says:

As a precaution, even when using metadata_proxy_shared_secret, we recommend that you do not expose metadata using the same nova-api instances that are used for tenants. Instead, you should run a dedicated set of nova-api instances for metadata that are available only on your management network. Whether a given nova-api instance exposes metadata APIs is determined by the value of enabled_apis in its nova.conf.

Can someone guide me through the configurations I need to do to have a separate nova-api for the metadata and separate nova-api for tenants to access?

Thanks, nd

edit retag flag offensive close merge delete