I’m starting from the position of having all my service endpoints defined the same for internal and public services. The APIs are in fact all private at this point, instances running in Openstack cannot reach them. I want to provide some proper public endpoints in order to bootstrap Juju within Openstack.
The setup uses nginx to proxy Horizon and novnc to the existing private API endpoints. I am trying to use the same nginx to proxy all the APIs, but I run in to a problem. After setting os-public-hostname to point to the nginx proxy, I now find e.g. openstack-dashboard trying to use the newly defined public API. Actually this API is only available to the public and not to the internals.
Update: I just noticed I can indeed set use-internal-endpoints=true in nova-cloud-controller and other places, but apparently not in openstack-dashboard. Problem half solved, but unable to log in to Horizon.
The openstack-dashboard charm has a config option called endpoint-type which you should be able to set to “internalURL” in order to tell the Horizon to use the internal endpoints. It is a bit inconsistent in that it doesn’t have the clear use-internal-endpoints=true option. I’ve raised bug 1895758 for the inconsistency.