Excerpts from Alexandr Porunov's message of 2016-09-19 21:46:54 +0300: > Hello, > > I am thinking about using the keystone as an authentication system but I am > afraid about failures which can affect all the cluster. In fact if the > keystone server dies then our full cluster will stop. It would be better if > we could use HA with the keystone. Then if our primary keystone server dies > we have to elect a new primary keystoe server. Are there some tools which > can be used in HA deployment? > > Any piece of advice will be valuable
Hi Alexandr. Keystone is a stateless application. It stores all of the state in a SQL database, or in files that are immutable (for Fernet token key files). So, what you really want is an HA SQL solution, and (if you're using Fernet tokens) a key sync mechanism. There are many such standard solutions. If you're fine with one server worth of capacity, then DRBD+Pacemaker+Corosync are a pretty simple option to keep MySQL HA. Once you do that, you can just use a load balancer or something like UCARP/VRRP to make sure HTTP requests arrive at a working keystone node. Good luck. _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
