Ask Your Question
0

Identity API keystone Newton HA

asked 2016-12-20 08:46:56 -0600

zarko gravatar image

Hello,

I'm following the documentation from http://docs.openstack.org/ha-guide/controller-ha-identity.html (http://docs.openstack.org/ha-guide/co...) Im installing OpenStack on CentOS7.

The documentation says:

pcs resource create openstack-keystone systemd:openstack-keystone --clone interleave=true

But there is no service named openstack-keystone. Is there something that I'm missing that needs to be done? Or is the HA for Keyston in Newton release done with haproxy?

As far as I can see the Keystone serverice is running under httpd service.

Regards, Zarko

edit retag flag offensive close merge delete
add a comment

3 answers

Sort by ยป oldest newest most voted
1

answered 2016-12-21 05:41:57 -0600

volenbovsky gravatar image

Hi, as I see this problem was/is discussed in: https://bugs.launchpad.net/keystone/+...

How do I see the problem is that from perspective of this CentOS delivery (=this RPM) it is not expected to install Keystone service' in systemd and well, yes that is because httpd.service is the one (=Apache) that Keystone now runs under.

That means you can replace openstack-keystone with httpd in command of 'pcs resource create' However, I think that it is not what is designed behaviour. Somehow I think that there is no use of Pacemaker for Keystone and having it just under systemd is OK. I do remember that recently RH OSP indicates control of most (/almost all) OpenStack services via systemd only.

Suggested way forward: -contact Scott W as submitter of bug above/RDO development via bugzilla as indicated by Steve Martinelli in bug discussion to confirm I do understand that you are not using RDO, but in the case of RDO is same. And https://www.rdoproject.org/ha/setting... also points to "pcs resource create keystone lsb:openstack-keystone --clone" -depending on outcome - write a bug against HA guide

edit flag offensive delete link more
add a comment
0

answered 2016-12-22 03:16:46 -0600

silently gravatar image

updated 2016-12-22 03:18:11 -0600

you can use the service as follows:

systemctl start pcsd.service
systemctl start corosync.service
systemctl start pacemaker.service

the configure them ,start them, know the inside story.

the backend service of keystone is mysql and rabbitmq, so mysql and rabbitmq is ha must .

edit flag offensive delete link more

Comments

1

It is not about Pacemaker/Corosync as systemd service, it is about Keystone as systemd service

volenbovsky gravatar imagevolenbovsky ( 2016-12-22 11:37:56 -0600 )edit

ps -ef|grep -i keystone

If you use apache, keystone as wsgi service in apache's configure file .

silently gravatar imagesilently ( 2016-12-25 20:25:31 -0600 )edit
add a comment
0

answered 2016-12-28 04:05:37 -0600

zarko gravatar image

Just to clarify what we did in the end. Keystone is published via HAProxy which is in Pacemaker. Keystone is made high- available by coping it's fernet keys form the key repository directory to each keystone instance and defining the right permissions.

Thanks for your help volebovsky.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-12-20 08:46:56 -0600

Seen: 519 times

Last updated: Dec 28 '16

Related questions

Upgrade Mitaka to Newton using Packstack got Python ascii error [closed]

Keystone installation problem

How to change keystone policy?

Create admin user within single tenant

Keystone authentication: Failed to contact the endpoint.

[Errno 111] Connection refused [closed]

deleted admin role by accident

Keystone-manage command not found.

Mystery -VIP not accessible Mirantis 9.2

ha-proxy and keepalived