How can I setup an openstack keystone with multi region support

asked 2015-08-24 01:56:05 -0500

I mean one keystone instance as a master role to identify and the other keystone in different regions as a slave role that can take the token from the master keystone,and save the token themselves,and other services(e.g. nova,glance,neutron) can get the endpoints from the cache of the slaver keystone,how can I do that?Please.

answered 2015-08-25 21:31:43 -0500

A common way to configure a multi-region OpenStack cloud is to set up one Keystone. There is no easy/direct way to have more Keystones cache/store tokens, although there is a thing called "keystone federation", which basically lets you authenticate users to Keystone (and obtain a token) by "asking" another Keystone whether credentials are valid. I don't think tokens are shared in that case, every Keystone manages their own tokens.

Anyway, what you probably want to do is to have just one Keystone shared by all regions and add multiple services/endpoints with distinctive regions to its catalog. This question has also been answered a few times, e.g. take a look at:

This is only true if keystone isn't sharing a replicated database correct? It was my impression that keystone would act as true HA provided it shares a database server. Please correct me if im wrong.

answered 2015-08-25 21:10:22 -0500

I have the same configuration and am running into issues with tokens not being valid.

I'm using a galera cluster to replicate the database between each keystone, and i have each keystone setup as an endpoint in each region.

I've searched high an low on documentation.. not sure :\

