I think that I haven't understood your situation correctly but I will try
to suggest something:

If you have a big load on your keystone server you can spread the load
between two or more servers by using load balancers like HAProxy. But it
wouldn't work if keystone instances not shared tokens with each other. For
it you have to share databse to store all tokens which are generated by
 your keystone servers. Personally I prefer MariaDB Galera Cluster because
it isn't hard to install and works very nice. To reach high availability
for load balancing you need to have one more load balancer managed by
(I am assuming that you don't have such a load)

If you care about high availability (as I do) then you need to have
additional keystone instance which will prevent your cluster from SPOF. For
it I use the same virtual IP address for both keystone instances managed by

Also you can use peacemaker and other stuff to reach high availability but
I can't give you advice for those tools because I haven't used them.

In your situation I would installed additional keystone instance in one of
your node and keepalived on both nodes to prevent SPOF.


On Tue, Sep 20, 2016 at 10:56 PM, Turbo Fredriksson <tu...@bayour.com>

> On Sep 20, 2016, at 3:09 PM, Alexandr Porunov wrote:
> > So, I decided just to use two keystone servers with the same virtual IP
> address.
> Now that you've made your decision, I'd like to ask some
> followup questions for my own decision if I may.
> Most everyone have talked about some kind of load balancer or
> HA solution.
> My setup is such that that wouldn't be .. "workable".
> My whole Openstack setup is installed on a HP Bladecenter
> with 16 half hight nodes so all communication etc is pretty
> much internal in the blade center. I.e, the only external
> link is the one to the rest of the flat and then to the
> gatway/firewall/NATbox.
> Also, having a LB in front of MySQL (and possibly one more
> in front of Keystone), that will introduce a "single point
> of failure" that I'd prefer not to have (even if it was
> practically possible - I don't want to dedicate a whole
> BC node just for that, they're to precious).
> What would be the impact and/or problem by using DNS round
> robin for MySQL and Keystone for example? And then have
> MySQL in a master-master setup. I've never done that either,
> so I'm not sure how good idea that would be.. Any pointers?
> The only DB I've ever had the .. "displeasure" to try to get
> to work in a master-master setup is OpenLDAP and I can remember
> (vividly!) the discussions that's been on the OpenLDAP lists
> about this over the years! In essence, "don't, for the love of
> whoever, do it!!".
> --
> Choose a job you love, and you will never have
> to work a day in your life.
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to     : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to