> I am thinking about using the keystone as an authentication system but I am
> afraid about failures which can affect all the cluster. In fact if the
> keystone server dies then our full cluster will stop. It would be better if
> we could use HA with the keystone. Then if > our primary keystone server dies
> we have to elect a new primary keystoe server. Are there some tools which can
> be used in HA deployment?
> Any piece of advice will be valuable
IMHO: get a proper ha load-balancer solution, make sure you install at least 2
of all APIS and load-balance in active-active mode
The OpenStack APIs are stateless so you can run multiple servers at the same
time as long as they can connect to the same database backend.
The load-balancer is usable for all APIs, you can use it as the HA-IP for mysql
and can also be used to offload SSL so you just have one place to configure
(for galera, make use of a “sorry-server” and not active-active load-balancing
The great thing about a load-balancer is that you remove all HA complexity out
of the OpenStack setup.
In my personal opinion the pacemaker setups can function OK but pacemaker is a
complex piece of software and it is not unlikely to cause downtime either to
misconfiguration or inexperienced people operating it.
Especially if pacemaker is also starting/stopping mysql/rabbit/openstack
services and not only moving around a few IPs.
If you are going the pacemaker way make sure you play around with it quite a
bit and do failure tests so you are comfortable with the commands and know what
to look for when things go wrong.
Do not forget: any other people operating the pacemaker cluster will need that
knowledge and a 2 node cluster is not a real cluster (split-brains).
Robert van Leeuwen
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : firstname.lastname@example.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack