Ask Your Question
0

Identity API keystone Newton HA

asked 2016-12-20 08:46:56 -0500

zarko gravatar image

Hello,

I'm following the documentation from http://docs.openstack.org/ha-guide/controller-ha-identity.html (http://docs.openstack.org/ha-guide/co...) Im installing OpenStack on CentOS7.

The documentation says:

pcs resource create openstack-keystone systemd:openstack-keystone --clone interleave=true

But there is no service named openstack-keystone. Is there something that I'm missing that needs to be done? Or is the HA for Keyston in Newton release done with haproxy?

As far as I can see the Keystone serverice is running under httpd service.

Regards, Zarko

edit retag flag offensive close merge delete
add a comment

3 answers

Sort by ยป oldest newest most voted
1

answered 2016-12-21 05:41:57 -0500

volenbovsky gravatar image

Hi, as I see this problem was/is discussed in: https://bugs.launchpad.net/keystone/+...

How do I see the problem is that from perspective of this CentOS delivery (=this RPM) it is not expected to install Keystone service' in systemd and well, yes that is because httpd.service is the one (=Apache) that Keystone now runs under.

That means you can replace openstack-keystone with httpd in command of 'pcs resource create' However, I think that it is not what is designed behaviour. Somehow I think that there is no use of Pacemaker for Keystone and having it just under systemd is OK. I do remember that recently RH OSP indicates control of most (/almost all) OpenStack services via systemd only.

Suggested way forward: -contact Scott W as submitter of bug above/RDO development via bugzilla as indicated by Steve Martinelli in bug discussion to confirm I do understand that you are not using RDO, but in the case of RDO is same. And https://www.rdoproject.org/ha/setting... also points to "pcs resource create keystone lsb:openstack-keystone --clone" -depending on outcome - write a bug against HA guide

edit flag offensive delete link more
add a comment
0

answered 2016-12-22 03:16:46 -0500

silently gravatar image

updated 2016-12-22 03:18:11 -0500

you can use the service as follows:

systemctl start pcsd.service
systemctl start corosync.service
systemctl start pacemaker.service

the configure them ,start them, know the inside story.

the backend service of keystone is mysql and rabbitmq, so mysql and rabbitmq is ha must .

edit flag offensive delete link more

Comments

1

It is not about Pacemaker/Corosync as systemd service, it is about Keystone as systemd service

volenbovsky gravatar imagevolenbovsky ( 2016-12-22 11:37:56 -0500 )edit

ps -ef|grep -i keystone

If you use apache, keystone as wsgi service in apache's configure file .

silently gravatar imagesilently ( 2016-12-25 20:25:31 -0500 )edit
add a comment
0

answered 2016-12-28 04:05:37 -0500

zarko gravatar image

Just to clarify what we did in the end. Keystone is published via HAProxy which is in Pacemaker. Keystone is made high- available by coping it's fernet keys form the key repository directory to each keystone instance and defining the right permissions.

Thanks for your help volebovsky.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-12-20 08:46:56 -0500

Seen: 479 times

Last updated: Dec 28 '16

Related questions

admin_endpoint in keystone is ignored?

keystone authentication in tripleo with haproxy

keystone API history page has disappeared

how to integrate vmware vcenter via rdo answer file

Cannot attach volume - cinder + netapp + iscsi

publicURL endpoint for orchestration not found [closed]

Openstack Newton RBAC/ policy.json not enforcing

nova list shows printt as response

Gnocchi API responses 401 Unauthorised

HTTP 500 error while installing the keystone identity service (Mitaka)