Ask Your Question

How can I setup an openstack keystone with multi region support

asked 2015-08-24 01:56:05 -0500

moku gravatar image

I mean one keystone instance as a master role to identify and the other keystone in different regions as a slave role that can take the token from the master keystone,and save the token themselves,and other services(e.g. nova,glance,neutron) can get the endpoints from the cache of the slaver keystone,how can I do that?Please.

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted

answered 2015-08-25 21:31:43 -0500

dasp gravatar image

A common way to configure a multi-region OpenStack cloud is to set up one Keystone. There is no easy/direct way to have more Keystones cache/store tokens, although there is a thing called "keystone federation", which basically lets you authenticate users to Keystone (and obtain a token) by "asking" another Keystone whether credentials are valid. I don't think tokens are shared in that case, every Keystone manages their own tokens.

Anyway, what you probably want to do is to have just one Keystone shared by all regions and add multiple services/endpoints with distinctive regions to its catalog. This question has also been answered a few times, e.g. take a look at:

edit flag offensive delete link more


This is only true if keystone isn't sharing a replicated database correct? It was my impression that keystone would act as true HA provided it shares a database server. Please correct me if im wrong.

visbits gravatar imagevisbits ( 2015-08-26 08:09:35 -0500 )edit

answered 2015-08-25 21:10:22 -0500

visbits gravatar image

I have the same configuration and am running into issues with tokens not being valid.

I'm using a galera cluster to replicate the database between each keystone, and i have each keystone setup as an endpoint in each region.

I've searched high an low on documentation.. not sure :\

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2015-08-24 01:54:32 -0500

Seen: 3,607 times

Last updated: Aug 25 '15