Ask Your Question
0

Identity API keystone Newton HA

asked 2016-12-20 08:46:56 -0600

zarko gravatar image

Hello,

I'm following the documentation from http://docs.openstack.org/ha-guide/controller-ha-identity.html (http://docs.openstack.org/ha-guide/co...) Im installing OpenStack on CentOS7.

The documentation says:

pcs resource create openstack-keystone systemd:openstack-keystone --clone interleave=true

But there is no service named openstack-keystone. Is there something that I'm missing that needs to be done? Or is the HA for Keyston in Newton release done with haproxy?

As far as I can see the Keystone serverice is running under httpd service.

Regards, Zarko

edit retag flag offensive close merge delete
add a comment

3 answers

Sort by ยป oldest newest most voted
1

answered 2016-12-21 05:41:57 -0600

volenbovsky gravatar image

Hi, as I see this problem was/is discussed in: https://bugs.launchpad.net/keystone/+...

How do I see the problem is that from perspective of this CentOS delivery (=this RPM) it is not expected to install Keystone service' in systemd and well, yes that is because httpd.service is the one (=Apache) that Keystone now runs under.

That means you can replace openstack-keystone with httpd in command of 'pcs resource create' However, I think that it is not what is designed behaviour. Somehow I think that there is no use of Pacemaker for Keystone and having it just under systemd is OK. I do remember that recently RH OSP indicates control of most (/almost all) OpenStack services via systemd only.

Suggested way forward: -contact Scott W as submitter of bug above/RDO development via bugzilla as indicated by Steve Martinelli in bug discussion to confirm I do understand that you are not using RDO, but in the case of RDO is same. And https://www.rdoproject.org/ha/setting... also points to "pcs resource create keystone lsb:openstack-keystone --clone" -depending on outcome - write a bug against HA guide

edit flag offensive delete link more
add a comment
0

answered 2016-12-22 03:16:46 -0600

silently gravatar image

updated 2016-12-22 03:18:11 -0600

you can use the service as follows:

systemctl start pcsd.service
systemctl start corosync.service
systemctl start pacemaker.service

the configure them ,start them, know the inside story.

the backend service of keystone is mysql and rabbitmq, so mysql and rabbitmq is ha must .

edit flag offensive delete link more

Comments

1

It is not about Pacemaker/Corosync as systemd service, it is about Keystone as systemd service

volenbovsky gravatar imagevolenbovsky ( 2016-12-22 11:37:56 -0600 )edit

ps -ef|grep -i keystone

If you use apache, keystone as wsgi service in apache's configure file .

silently gravatar imagesilently ( 2016-12-25 20:25:31 -0600 )edit
add a comment
0

answered 2016-12-28 04:05:37 -0600

zarko gravatar image

Just to clarify what we did in the end. Keystone is published via HAProxy which is in Pacemaker. Keystone is made high- available by coping it's fernet keys form the key repository directory to each keystone instance and defining the right permissions.

Thanks for your help volebovsky.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-12-20 08:46:56 -0600

Seen: 448 times

Last updated: Dec 28 '16

Related questions

Keystone authentication failure in a HA Setup

How does keystone token get to swift?

dedicated network between cinder and compute

swift and keystone backup

HAProxy shows glance-registry down

Keystone stopped working

problem with ceilometer-api

How to configure Neutron Server for HA

How to change Keystone

installing opendaylight with openstack kolla