> Hello,
> I am thinking about using the keystone as an authentication system but I am 
> afraid about failures which can affect all the cluster. In fact if the 
> keystone server dies then our full cluster will stop. It would be better if 
> we could use HA with the keystone. Then if > our primary keystone server dies 
> we have to elect a new primary keystoe server. Are there some tools which can 
> be used in HA deployment?
> Any piece of advice will be valuable

IMHO: get a proper ha load-balancer solution, make sure you install at least 2 
of all APIS and load-balance in active-active mode
The OpenStack APIs are stateless so you can run multiple servers at the same 
time as long as they can connect to the same database backend.

The load-balancer is usable for all APIs, you can use it as the HA-IP for mysql 
and can also be used to offload SSL so you just have one place to configure 
your certificates.
(for galera, make use of a “sorry-server” and not active-active load-balancing 
for writes)

The great thing about a load-balancer is that you remove all HA complexity out 
of the OpenStack setup.
In my personal opinion the pacemaker setups can function OK but pacemaker is a 
complex piece of software and it is not unlikely to cause downtime either to 
misconfiguration or inexperienced people operating it.
Especially if pacemaker is also starting/stopping mysql/rabbit/openstack 
services and not only moving around a few IPs.
If you are going the pacemaker way make sure you play around with it quite a 
bit and do failure tests so you are comfortable with the commands and know what 
to look for when things go wrong.
Do not forget: any other people operating the pacemaker cluster will need that 
knowledge and a 2 node cluster is not a real cluster (split-brains).

Robert van Leeuwen
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to