Re: [opencontrail-dev] the mysql cfg in keystone.conf of openstack ha env set to localhost:3306, why not use vip:33306 ?

[Sanju Abraham]

Thanks Harshad.

Keyang, if you are using openstack from Mirantis provisioned and managed by 
Fuel, then it would be best to get an understanding of their setup from them. 
We can help you with questions on Contrail-HA.

Thanks,
Sanju

From: Harshad Nakil <hna...@gmail.com<mailto:hna...@gmail.com>>
Date: Thursday, August 27, 2015 at 3:02 AM
To: "l...@certusnet.com.cn<mailto:l...@certusnet.com.cn>" 
<l...@certusnet.com.cn<mailto:l...@certusnet.com.cn>>
Cc: dev <dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>>
Subject: Re: [opencontrail-dev] the mysql cfg in keystone.conf of openstack ha 
env set to localhost:3306, why not use vip:33306 ?

This is specific to how fuel does HA. If you are using Fuel then you will only 
follow HA for contrail bits.
Fuel 7.0 will have contrail HA support.

Regards
-Harshad


On Aug 27, 2015, at 2:00 AM, 
"l...@certusnet.com.cn<mailto:l...@certusnet.com.cn>" 
<l...@certusnet.com.cn<mailto:l...@certusnet.com.cn>> wrote:


hi Ranjeet

in this page :
https://docs.mirantis.com/openstack/fuel/fuel-6.1/reference-architecture.html#openstack-environment-architecture

it said that :
 OpenStack support for multi-node writing to MySQL/Galera nodes is not 
production ready 
yet<http://lists.openstack.org/pipermail/openstack-operators/2014-September/005166.html>.
 "The simplest way to overcome this issue from the operator’s point of view is 
to use only one writer node for these types of transactions". That is why Fuel 
configures 
HAProxy<https://docs.mirantis.com/openstack/fuel/fuel-6.1/terminology.html#haproxy-term>frontend
 for MySQL/Galera to use only one active node, while the other nodes in the 
cluster are retained standby (passive) state.

my env is centos6.5 and use MariaDB-Galera-server for db
I found that when keystone connected the local db,often encountered the 401 
issue.
the keystone.log show the msg:
Invalid user token. Keystone response: {u'error': {u'message': u'The request 
you have made requires authentication.', u'code': 401, u'title': 
u'Unauthorized'}}
so I changed the keystone's connection to vip:33306 it seems that the issue 
solved.

but the keystone connected the vip db,there is another iusse.
poweroff the controller node which hold vip and when poweron it again
it is said that when the vip back to the controller node again the keystone 
would lose the connection of db and it need about 10min to recovery
the keystone.log show the msg:
Database server has gone away: (2013, 'Lost connection to MySQL server during 
query')
and the cmd like 'nova list' would timeout
I changed the keystone's connection to local db this issue seems solved.

can anyone explain the two issues above ? and which should keystone connect 
to,local or vip?

thx.

Keyang Li
________________________________
l...@certusnet.com.cn<mailto:l...@certusnet.com.cn>

From: Ranjeet R<mailto:rranj...@juniper.net>
Date: 2015-08-27 01:18
To: l...@certusnet.com.cn<mailto:l...@certusnet.com.cn>; 
dev<mailto:dev@lists.opencontrail.org>
Subject: RE: [opencontrail-dev] the mysql cfg in keystone.conf of openstack ha 
env set to localhost:3306, why not use vip:33306 ?
Hello Keylang

Keystone being the auth endpoint for all the Openstack components, it accesses 
the DB(both reads/writes) more often than other components. Given that, we did 
not want to introduce another level of redirection for Keystone token 
creation/queries (VIP goes through HAProxy and load balances into a physical 
MySQL server) and hence used the localhost for MySQL connection.

It is a small optimization, but if you change the connection parameter to 
VIP:33306, it should still work.

Hope that helps!
Ranjeet

From: Dev [mailto:dev-boun...@lists.opencontrail.org] On Behalf Of 
l...@certusnet.com.cn<mailto:l...@certusnet.com.cn>
Sent: Wednesday, August 26, 2015 1:46 AM
To: dev <dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>>
Subject: [opencontrail-dev] the mysql cfg in keystone.conf of openstack ha env 
set to localhost:3306, why not use vip:33306 ?

in keystone-server-setup.sh, there are:

if [ "$INTERNAL_VIP" != "none" ]; then
# Openstack HA specific config
openstack-config --set /etc/keystone/keystone.conf sql connection 
mysql://keystone:keystone@$CONTROLLER:3306/keystone
else
openstack-config --set /etc/keystone/keystone.conf sql connection 
mysql://keystone:keystone@127.0.0.1/keystone<mailto:keystone@127.0.0.1/keystone>
fi




why not use vip:33306 like other component such as nova ?


any help will be appreciated
thx

Keyang Li
________________________________
l...@certusnet.com.cn<mailto:l...@certusnet.com.cn>
_______________________________________________
Dev mailing list
Dev@lists.opencontrail.org<mailto:Dev@lists.opencontrail.org>
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org

_______________________________________________
Dev mailing list
Dev@lists.opencontrail.org
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org