openstack/openstack-manuals
Code Issues Proposed changes
1d75d9ec43
openstack-manuals/doc/high-availability-guide/ap-keystone.txt
Shilla Saebi 83b49bf7c2 Grammatical Changes to documentation 
Changed datas to data
Changed IP to IP addresses since we are referring to possibly more than 1 IP
(not a single)

Change-Id: Ifc5bba547960ef50112a20ea256d93fad1408353
2013-12-03 16:45:10 -05:00

90 lines
3.3 KiB
Plaintext
Raw Blame History

[[s-keystone]]
==== Highly available OpenStack Identity
OpenStack Identity is the Identity Service in OpenStack and used by many services.
Making the OpenStack Identity service highly available in active / passive mode involves
* configuring OpenStack Identity to listen on the VIP address,
* managing OpenStack Identity daemon with the Pacemaker cluster manager,
* configuring OpenStack services to use this IP address.
NOTE: Here is the http://docs.openstack.org/trunk/install-guide/install/apt/content/ch_installing-openstack-identity-service.html[documentation] for installing OpenStack Identity service.
===== Adding OpenStack Identity resource to Pacemaker
First of all, you need to download the resource agent to your system :
----
cd /usr/lib/ocf/resource.d
mkdir openstack
cd openstack
wget https://raw.github.com/madkiss/openstack-resource-agents/master/ocf/keystone
chmod a+rx *
----
You may now proceed with adding the Pacemaker configuration for
OpenStack Identity resource. Connect to the Pacemaker cluster with +crm
configure+, and add the following cluster resources:
----
include::includes/pacemaker-keystone.crm[]
----
This configuration creates +p_keystone+, a resource for manage OpenStack Identity service.
+crm configure+ supports batch input, so you may copy and paste the
above into your live pacemaker configuration, and then make changes as
required. For example, you may enter +edit p_ip_keystone+ from the
+crm configure+ menu and edit the resource to match your preferred
virtual IP address.
Once completed, commit your configuration changes by entering +commit+
from the +crm configure+ menu. Pacemaker will then start the OpenStack Identity
service, and its dependent resources, on one of your nodes.
===== Configuring OpenStack Identity service
You need to edit your OpenStack Identity configuration file (+keystone.conf+) and change the bind parameter :
----
bind_host = 192.168.42.103
----
To be sure all data will be high available, you should be sure that you store everything in the MySQL database (which is also high available) :
----
[catalog]
driver = keystone.catalog.backends.sql.Catalog
...
[identity]
driver = keystone.identity.backends.sql.Identity
...
----
===== Configuring OpenStack Services to use High Available OpenStack Identity
Your OpenStack services must now point their OpenStack Identity configuration to
the highly available, virtual cluster IP address -- rather than a
OpenStack Identity server's physical IP address as you normally would.
For example with OpenStack Compute, if your OpenStack Identity service IP address is
192.168.42.103 as in the configuration explained here, you would use
the following line in your API configuration file
(+api-paste.ini+):
----
auth_host = 192.168.42.103
----
You need also to create the OpenStack Identity Endpoint with this IP.
NOTE : If you are using both private and public IP addresses, you should create two Virtual IP addresses and define your endpoint like this :
----
keystone endpoint-create --region $KEYSTONE_REGION --service-id $service-id --publicurl 'http://PUBLIC_VIP:5000/v2.0' --adminurl 'http://192.168.42.103:35357/v2.0' --internalurl 'http://192.168.42.103:5000/v2.0'
----
If you are using the Horizon Dashboard, you should edit +local_settings.py+ file :
----
OPENSTACK_HOST = 192.168.42.103
----
View Git Blame Copy Permalink