Hello, I have next nodes: swift_proxy1 - 192.168.0.11 swift_proxy2 - 192.168.0.12 keystone1 - 192.168.0.21 keystone2 - 192.168.0.22
I wonder to know if it is possible to use two keystone servers if we use "uuid" or "fernet" tokens. With uuid I can use Galera Cluster to use the same database. The problem is I don't know what to write in endpoints. We can create an endpoint only for one the keystone server as I understand. i.e. : openstack endpoint create --region RegionOne identity public http://192.168.0.11:5000/v3 openstack endpoint create --region RegionOne identity internal http://192.168.0.11:5000/v3 openstack endpoint create --region RegionOne identity admin http://192.168.0.11:35357/v3 Also what should I use when I create a swift endpoints? Does he have to point on itself or on the keystone server? openstack endpoint create --region RegionOne \ object-store public http://192.168.0.11:8080/v1/AUTH_%\(tenant_id\)s openstack endpoint create --region RegionOne \ object-store internal http://192.168.0.11:8080/v1/AUTH_%\(tenant_id\)s openstack endpoint create --region RegionOne \ object-store admin http://192.168.0.11:8080/v1 i.e. if it points on the keystone then it is OK but if he point on itself then which proxy IP address I should use? Also when we use fernet tokens, how to synchronize tokens between nodes (they should always use the same tokens). My aim is to connect the keystone 1 to the proxy 1 and the keystone 2 to the proxy 2 to. i.e. : Proxy 1 should always check tokens only in the keystone1 server and the proxy 2 should always check tokens only in the keystone 2 server. But I want to be able to receive tokens from any keystone server (a user can receive a token from the keystone 1 and be authenticated in the proxy 2 with that token). Sincerely, Alexandr
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
