8.7. Setting a DNS name for the compute API

8.7. Setting a DNS name for the compute APIΒΆ

By means of the Compute API traffic type, Acronis Cyber Infrastructure exposes a public endpoint that listens to OpenStack API requests. By default, it points to the IP address of the management node (or to its virtual IP address if high availability is enabled).

In some cases, you need to modify all public endpoints to use the domain name resolvable to the management node IP address (or its virtual IP), for example, to secure OpenStack API traffic with an SSL certificate without the subjectAltName field or to make the Kubernetes service access the compute API via the DNS name.

You can modify all public endpoints to use the domain name when creating the compute cluster or afterwards using the --endpoint-hostname option (refer to vinfra service compute create or Changing compute cluster parameters). For example, to use dns-name.example for public endpoints, execute:

# vinfra service compute set --endpoint-hostname dns-name.example
+---------+--------------------------------------+
| Field   | Value                                |
+---------+--------------------------------------+
| task_id | 534391a2-946a-4406-8dc0-756f161cd595 |
+---------+--------------------------------------+

Wait until the task is complete:

# vinfra task show 534391a2-946a-4406-8dc0-756f161cd595
+---------+------------------------------------------------------------------+
| Field   | Value                                                            |
+---------+------------------------------------------------------------------+
| details |                                                                  |
| name    | backend.presentation.compute.tasks.ReconfigureComputeClusterTask |
| result  |                                                                  |
| state   | success                                                          |
| task_id | 534391a2-946a-4406-8dc0-756f161cd595                             |
+---------+------------------------------------------------------------------+

To check that the given domain name is used instead of the management node IP address, do the following:

  1. Generate or regenerate the admin OpenRC script:

    # kolla-ansible post-deploy
    
  2. Run the script:

    # source /etc/kolla/admin-openrc.sh
    
  3. List the public endpoints:

    # openstack --insecure endpoint list | grep public
    | 5a845b4b813047c292db73c42dad5efd | <...> | https://dns-name.example:8780                    |
    | 7d901686bca549f9b294e572f046f634 | <...> | https://dns-name.example:8776/v2/%(tenant_id)s   |
    | 44aa0f53a40e4e52b1c7eeeb20c7811e | <...> | https://dns-name.example:8774/v2.1/%(tenant_id)s |
    | 0e6d3a39d6c44aa883984a35dde434bb | <...> | https://dns-name.example:9292                    |
    | 0b906e518b1041c8b94af7f410403369 | <...> | https://dns-name.example:9696                    |
    | 1b68ac7c3f7949fbaeef4a815fe6f3b1 | <...> | https://dns-name.example:8776/v3/%(tenant_id)s   |
    | d80af756adf1449f9237c3aeebc9206a | <...> | https://dns-name.example:8004/v1/%(tenant_id)s   |
    | d0e8c7da7d174e1f9aa4efbc6dff2113 | <...> | https://dns-name.example:5000/v3                 |