Revision history [back]

click to hide/show revision 1
initial version

Making OpenStack API public

Hi, I am trying to find a good way to give the public (Internet) access to an existing OpenStack cloud. Let's assume the environment was set up using private IP addresses, say for all Open Stack services. Now I would like to allow customers to deploy instances and work with them from the internet. There are 2 problem I am seeing from the top of my head if I tried to NAT OpenStack services to public IP addresses:

1) Keystone's service catalog points to URLs (endpoints) that cannot be reached from the internet. All URLs point to somewhere on the network.

2) The URL that is returned by nova for VNC access also points to an internal address.

Well, one way would be to deploy OpenStack controller(s) in a DMZ right from the beginning but that is a very ugly way in my opinion.

So my questions: How is that typically handled?