openstack/openstack-manuals
Code Issues Proposed changes
31c5ab2740
openstack-manuals/doc/high-availability-guide/ap-keystone.txt
Diane Fleming 64b6c9261e Folder rename, file rename, flattening of directories 
Current folder name	New folder name	        Book title
----------------------------------------------------------
basic-install 	        DELETE
cli-guide	        DELETE
common	                common
NEW	                admin-guide-cloud	Cloud Administrators Guide
docbkx-example	        DELETE
openstack-block-storage-admin 	DELETE
openstack-compute-admin 	DELETE
openstack-config 	config-reference	OpenStack Configuration Reference
openstack-ha 	        high-availability-guide	OpenStack High Availabilty Guide
openstack-image	        image-guide	OpenStack Virtual Machine Image Guide
openstack-install 	install-guide	OpenStack Installation Guide
openstack-network-connectivity-admin 	admin-guide-network 	OpenStack Networking Administration Guide
openstack-object-storage-admin 	DELETE
openstack-security 	security-guide	OpenStack Security Guide
openstack-training 	training-guide	OpenStack Training Guide
openstack-user 	        user-guide	OpenStack End User Guide
openstack-user-admin 	user-guide-admin	OpenStack Admin User Guide
glossary	        NEW        	OpenStack Glossary

bug: #1220407

Change-Id: Id5ffc774b966ba7b9a591743a877aa10ab3094c7
author: diane fleming
2013-09-08 15:15:50 -07:00

90 lines
3.3 KiB
Plaintext
Raw Blame History

[[s-keystone]]
==== Highly available OpenStack Identity
OpenStack Identity is the Identity Service in OpenStack and used by many services.
Making the OpenStack Identity service highly available in active / passive mode involves
* configuring OpenStack Identity to listen on the VIP address,
* managing OpenStack Identity daemon with the Pacemaker cluster manager,
* configuring OpenStack services to use this IP address.
NOTE: Here is the http://docs.openstack.org/trunk/openstack-compute/install/apt/content/ch_installing-openstack-identity-service.html[documentation] for installing OpenStack Identity service.
===== Adding OpenStack Identity resource to Pacemaker
First of all, you need to download the resource agent to your system :
----
cd /usr/lib/ocf/resource.d
mkdir openstack
cd openstack
wget https://raw.github.com/madkiss/openstack-resource-agents/master/ocf/keystone
chmod a+rx *
----
You may now proceed with adding the Pacemaker configuration for
OpenStack Identity resource. Connect to the Pacemaker cluster with +crm
configure+, and add the following cluster resources:
----
include::includes/pacemaker-keystone.crm[]
----
This configuration creates +p_keystone+, a resource for manage OpenStack Identity service.
+crm configure+ supports batch input, so you may copy and paste the
above into your live pacemaker configuration, and then make changes as
required. For example, you may enter +edit p_ip_keystone+ from the
+crm configure+ menu and edit the resource to match your preferred
virtual IP address.
Once completed, commit your configuration changes by entering +commit+
from the +crm configure+ menu. Pacemaker will then start the OpenStack Identity
service, and its dependent resources, on one of your nodes.
===== Configuring OpenStack Identity service
You need to edit your OpenStack Identity configuration file (+keystone.conf+) and change the bind parameter :
----
bind_host = 192.168.42.103
----
To be sure all datas will be high available, you should to be sure that you store everything in the MySQL database (which is also high available) :
----
[catalog]
driver = keystone.catalog.backends.sql.Catalog
...
[identity]
driver = keystone.identity.backends.sql.Identity
...
----
===== Configuring OpenStack Services to use High Available OpenStack Identity
Your OpenStack services must now point their OpenStack Identity configuration to
the highly available, virtual cluster IP address -- rather than a
OpenStack Identity server's physical IP address as you normally would.
For example with OpenStack Compute, if your OpenStack Identity service IP address is
192.168.42.103 as in the configuration explained here, you would use
the following line in your API configuration file
(+api-paste.ini+):
----
auth_host = 192.168.42.103
----
You need also to create the OpenStack Identity Endpoint with this IP.
NOTE : If you are using both private and public IP, you should create two Virtual IP and define your endpoint like this :
----
keystone endpoint-create --region $KEYSTONE_REGION --service-id $service-id --publicurl 'http://PUBLIC_VIP:5000/v2.0' --adminurl 'http://192.168.42.103:35357/v2.0' --internalurl 'http://192.168.42.103:5000/v2.0'
----
If you are using the Horizon Dashboard, you should edit +local_settings.py+ file :
----
OPENSTACK_HOST = 192.168.42.103
----
View Git Blame Copy Permalink