Ask Your Question
0

How can I setup an openstack keystone with multi region support

asked 2015-08-24 01:56:05 -0600

moku gravatar image

I mean one keystone instance as a master role to identify and the other keystone in different regions as a slave role that can take the token from the master keystone,and save the token themselves,and other services(e.g. nova,glance,neutron) can get the endpoints from the cache of the slaver keystone,how can I do that?Please.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
3

answered 2015-08-25 21:31:43 -0600

dasp gravatar image

A common way to configure a multi-region OpenStack cloud is to set up one Keystone. There is no easy/direct way to have more Keystones cache/store tokens, although there is a thing called "keystone federation", which basically lets you authenticate users to Keystone (and obtain a token) by "asking" another Keystone whether credentials are valid. I don't think tokens are shared in that case, every Keystone manages their own tokens.

Anyway, what you probably want to do is to have just one Keystone shared by all regions and add multiple services/endpoints with distinctive regions to its catalog. This question has also been answered a few times, e.g. take a look at: https://ask.openstack.org/en/question...

edit flag offensive delete link more

Comments

This is only true if keystone isn't sharing a replicated database correct? It was my impression that keystone would act as true HA provided it shares a database server. Please correct me if im wrong.

visbits gravatar imagevisbits ( 2015-08-26 08:09:35 -0600 )edit
0

answered 2015-08-25 21:10:22 -0600

visbits gravatar image

I have the same configuration and am running into issues with tokens not being valid.

I'm using a galera cluster to replicate the database between each keystone, and i have each keystone setup as an endpoint in each region.

I've searched high an low on documentation.. not sure :\

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

Stats

Asked: 2015-08-24 01:54:32 -0600

Seen: 2,973 times

Last updated: Aug 25 '15