Hi folks,
I'm working on setting up keystone(identity API) high available function with Newton release on CentOS 7.2 . According to document http://docs.openstack.org/ha-guide/controller-ha-identity.html , I use pacemaker to achieve it.
Unfortunately, the document is out-of-date, such as:
1. the doc suggest to add "systemd:openstack-keystone" resource to pacemaker. However, as a separate service, openstack-keystone has already been deprecated/dropped in Newton release. It's integrated into httpd service as well as horizon.
2. modify conf file of keystone and other services, the parameter most are changed too.
After investigation, I made some progress by following steps:
1. use ocf instead of systemd: download keystone ocf file from https://git.openstack.org/cgit/openstack/openstack-resource-agents/plain/ocf/keystone, then add rx to it. Besides this, I also did more modification on ocf because some keystone commands used in it are deprecated/dropped too: such as change "keystone-all" to "keystone-manage", remove "keystone" etc.
2. after step 1# action, pcs can list out the openstack-keystone as ocf resource, then add it successfully.
3. add virtual IP resource to pcs successfully.
4. modify 'admin_bind_host/publid_bind_host" in keystone.conf to vip.
5. update 3 keystone endpoint values to vip in database.
6. modify auth_url/auth_uri in other OpenStack services conf files to vip.
7. modify the keystonerc_admin OS_AUTH_URL to vip.
8. restart all services.
But it doesn't work, the symptom is I can use curl commands to get the endpoints lists from vip url, but all openstack command line failed with error message 404 while getting tokens.
So want to know your points on the following questions:
1. is there any new document for keystone high available function on newton?
2. for Newton release, keystone is not a separate system service any more, it's integrated into httpd as sub-service, does pacemaker and OpenStack still support keystone HA function?
3. Does anyone setup keystone HA on newton release successfully?
BR & Thanks
HG.
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
