How to setup multiple authorization nodes (keystone HA)?
I am in charge of supplying a service utilizing swift, keystone, and a custom front end that needs to have High-Availability and security as its main function. This is my first development project of any kind so I may be missing some glaringly obvious things. I want to build a setup that spans 4 geographical locations, that will scale from there if need be. So far my plan is two of the nodes will include object storage and the other two nodes will supply authorization, identity v3, ssl termination, and load balancing services. I understand how to implement storage and proxy services, and I have all the goodies for a high-availability storage cluster; however, it is the load balancing and identity that I am stuck at. My questions are:
- is there a built in function for keystone to sync between two nodes? I have failed to find it anywhere
- is it even safe for me to terminate ssl at the auth node considering they will be colocated in different geographical regions?
- is there a better solution that does not leave me with an authorization bottleneck?