Excerpts from Alexandr Porunov's message of 2016-09-19 21:46:54 +0300:
> I am thinking about using the keystone as an authentication system but I am
> afraid about failures which can affect all the cluster. In fact if the
> keystone server dies then our full cluster will stop. It would be better if
> we could use HA with the keystone. Then if our primary keystone server dies
> we have to elect a new primary keystoe server. Are there some tools which
> can be used in HA deployment?
> Any piece of advice will be valuable
Keystone is a stateless application. It stores all of the state in
a SQL database, or in files that are immutable (for Fernet token key
files). So, what you really want is an HA SQL solution, and (if you're
using Fernet tokens) a key sync mechanism.
There are many such standard solutions. If you're fine with one server
worth of capacity, then DRBD+Pacemaker+Corosync are a pretty simple
option to keep MySQL HA. Once you do that, you can just use a load
balancer or something like UCARP/VRRP to make sure HTTP requests arrive
at a working keystone node.
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : firstname.lastname@example.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack