Open Stack

>
> Hello,
>
> I am thinking about using the keystone as an authentication system but I am afraid about failures which can affect all the cluster. In fact if the keystone server dies then our full cluster will stop. It would be better if we could use HA with the keystone. Then if > our primary keystone server dies we have to elect a new primary keystoe server. Are there some tools which can be used in HA deployment?
>
> Any piece of advice will be valuable

IMHO: get a proper ha load-balancer solution, make sure you install at least 2 of all APIS and load-balance in active-active mode
The OpenStack APIs are stateless so you can run multiple servers at the same time as long as they can connect to the same database backend.

The load-balancer is usable for all APIs, you can use it as the HA-IP for mysql and can also be used to offload SSL so you just have one place to configure your certificates.
(for galera, make use of a “sorry-server” and not active-active load-balancing for writes)

The great thing about a load-balancer is that you remove all HA complexity out of the OpenStack setup.
In my personal opinion the pacemaker setups can function OK but pacemaker is a complex piece of software and it is not unlikely to cause downtime either to misconfiguration or inexperienced people operating it.
Especially if pacemaker is also starting/stopping mysql/rabbit/openstack services and not only moving around a few IPs.
If you are going the pacemaker way make sure you play around with it quite a bit and do failure tests so you are comfortable with the commands and know what to look for when things go wrong.
Do not forget: any other people operating the pacemaker cluster will need that knowledge and a 2 node cluster is not a real cluster (split-brains).

Cheers,
Robert van Leeuwen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160920/075f59c5/attachment.html>