Re: [openstack-dev] [Fuel] API services available on public VIP

I haven't seen any more discussion on this topic. It looks like since we default to enabling SSL/TLS on deployments, there's no reason to block access to public API endpoints. On Fri, Nov 13, 2015 at 5:15 PM, Vladimir Kuklin wrote: > Adam > > I think, the answer is

Re: [openstack-dev] [Fuel] API services available on public VIP

Adam I think, the answer is realtively simple - if user does not want to expose those APIs, he can easily configure his infra to filter this traffic. We just need to mention this in Ops Guide. On Fri, Nov 13, 2015 at 4:02 PM, Adam Heczko wrote: > Hello fuelers, > > today

[openstack-dev] [Fuel] API services available on public VIP

Hello fuelers, today I'd like to raise a questions about Fuel deployment practice related to Public (external) network. Current approach is to expose by default over public IP openstack API endpoints like nova, cinder, glance, neutron etc. These API services are exposed through HAProxy with TLS