Identity API keystone Newton HA

asked 2016-12-20 08:46:56 -0600

zarko gravatar image


I'm following the documentation from ( Im installing OpenStack on CentOS7.

The documentation says:

pcs resource create openstack-keystone systemd:openstack-keystone --clone interleave=true

But there is no service named openstack-keystone. Is there something that I'm missing that needs to be done? Or is the HA for Keyston in Newton release done with haproxy?

As far as I can see the Keystone serverice is running under httpd service.

Regards, Zarko

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2016-12-21 05:41:57 -0600

volenbovsky gravatar image

Hi, as I see this problem was/is discussed in:

How do I see the problem is that from perspective of this CentOS delivery (=this RPM) it is not expected to install Keystone service' in systemd and well, yes that is because httpd.service is the one (=Apache) that Keystone now runs under.

That means you can replace openstack-keystone with httpd in command of 'pcs resource create' However, I think that it is not what is designed behaviour. Somehow I think that there is no use of Pacemaker for Keystone and having it just under systemd is OK. I do remember that recently RH OSP indicates control of most (/almost all) OpenStack services via systemd only.

Suggested way forward: -contact Scott W as submitter of bug above/RDO development via bugzilla as indicated by Steve Martinelli in bug discussion to confirm I do understand that you are not using RDO, but in the case of RDO is same. And also points to "pcs resource create keystone lsb:openstack-keystone --clone" -depending on outcome - write a bug against HA guide

edit flag offensive delete link more

answered 2016-12-22 03:16:46 -0600

silently gravatar image

updated 2016-12-22 03:18:11 -0600

you can use the service as follows:

systemctl start pcsd.service
systemctl start corosync.service
systemctl start pacemaker.service

the configure them ,start them, know the inside story.

the backend service of keystone is mysql and rabbitmq, so mysql and rabbitmq is ha must .

edit flag offensive delete link more



It is not about Pacemaker/Corosync as systemd service, it is about Keystone as systemd service

volenbovsky gravatar imagevolenbovsky ( 2016-12-22 11:37:56 -0600 )edit

ps -ef|grep -i keystone

If you use apache, keystone as wsgi service in apache's configure file .

silently gravatar imagesilently ( 2016-12-25 20:25:31 -0600 )edit

answered 2016-12-28 04:05:37 -0600

zarko gravatar image

Just to clarify what we did in the end. Keystone is published via HAProxy which is in Pacemaker. Keystone is made high- available by coping it's fernet keys form the key repository directory to each keystone instance and defining the right permissions.

Thanks for your help volebovsky.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-12-20 08:46:56 -0600

Seen: 519 times

Last updated: Dec 28 '16