On 25 November 2015 at 05:40, Ajay Kalambur (akalambu) <[email protected]> wrote:
> Hi > Have a deployment where keystone sits behind a ha proxy node. Now > authentication requests are made to a vip. Problem is when there is an > authentication failure we cannot track the remote ip that failed login as > all authentication failures show the VIP ip since ha proxy fwds the request > to a backend keystone server > > How do we use a load balancer like ha proxy and also track the remote > failed ip for authentication failures > We get all authentication failures showing up with remote ip as vip ip > It's probably best to enable the forwardfor option [1] and ensure that your Keystone logs record that information. This is relatively trivial if Keystone is using Apache/wsgi, but I can't recall whether the eventlet server logs the info. [1] https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20forwardfor
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
