Currently our wmcs web UI hosts are on public IPs. We're moving all those services to new hosts, labweb1001 and 1002.
The services running on labweb hosts will need to access a variety of openstack endpoints:
| keystone | identity | True | public | http://labcontrol1001.wikimedia.org:5000/v3
| glance | image | True | public | http://labcontrol1001.wikimedia.org:9292
| designate | dns | True | public | http://labservices1001.wikimedia.org:9001
| keystone | identity | True | admin | http://labcontrol1001.wikimedia.org:35357/v3
| nova | compute | True | public | http://labnet1001.eqiad.wmnet:8774/v2/$(tenant_id)s
All of those are simple ferm changes except for the last one -- labnet hosts are on a different private vlan and I'm not clear on how to get access set up between labweb and labnet.
I've been assuming that those hosts would be on private IPs behind misc-web -- that's how they're set up currently. It wouldn't hurt me any to move labweb hosts to public IPs if that's somehow necessary.