Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Making OpenStack API public

Hi, I am trying to find a good way to give the public (Internet) access to an existing OpenStack cloud. Let's assume the environment was set up using private IP addresses, say 192.168.10.0/24 for all Open Stack services. Now I would like to allow customers to deploy instances and work with them from the internet. There are 2 problem I am seeing from the top of my head if I tried to NAT OpenStack services to public IP addresses:

1) Keystone's service catalog points to URLs (endpoints) that cannot be reached from the internet. All URLs point to somewhere on the 192.168.10.0/24 network.

2) The URL that is returned by nova for VNC access also points to an internal address.

Well, one way would be to deploy OpenStack controller(s) in a DMZ right from the beginning but that is a very ugly way in my opinion.

So my questions: How is that typically handled?