> > Hello, > > I am thinking about using the keystone as an authentication system but I am > afraid about failures which can affect all the cluster. In fact if the > keystone server dies then our full cluster will stop. It would be better if > we could use HA with the keystone. Then if > our primary keystone server dies > we have to elect a new primary keystoe server. Are there some tools which can > be used in HA deployment? > > Any piece of advice will be valuable
IMHO: get a proper ha load-balancer solution, make sure you install at least 2 of all APIS and load-balance in active-active mode The OpenStack APIs are stateless so you can run multiple servers at the same time as long as they can connect to the same database backend. The load-balancer is usable for all APIs, you can use it as the HA-IP for mysql and can also be used to offload SSL so you just have one place to configure your certificates. (for galera, make use of a “sorry-server” and not active-active load-balancing for writes) The great thing about a load-balancer is that you remove all HA complexity out of the OpenStack setup. In my personal opinion the pacemaker setups can function OK but pacemaker is a complex piece of software and it is not unlikely to cause downtime either to misconfiguration or inexperienced people operating it. Especially if pacemaker is also starting/stopping mysql/rabbit/openstack services and not only moving around a few IPs. If you are going the pacemaker way make sure you play around with it quite a bit and do failure tests so you are comfortable with the commands and know what to look for when things go wrong. Do not forget: any other people operating the pacemaker cluster will need that knowledge and a 2 node cluster is not a real cluster (split-brains). Cheers, Robert van Leeuwen
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
