<div dir="ltr"><div class="gmail_default" style="font-family:'courier new',monospace">I may have found a solution to my problem, but I am not sure it will help you much. </div><div class="gmail_default" style="font-family:'courier new',monospace">
<br></div><div class="gmail_default" style="font-family:'courier new',monospace">I created an entry in hosts that named my internal ip "local-internal" and then I bound keystone to that ip. Next I configured the pacemaker resource agent to check "local-internal" which will, of course, be different on each node. It seems to work quite well.</div>
<div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">Sorry that this probably doesn't help you,</div><div class="gmail_default" style="font-family:'courier new',monospace">
Sam</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jun 13, 2013 at 10:19 AM, Aaron Knister <span dir="ltr"><<a href="mailto:aaron.knister@gmail.com" target="_blank">aaron.knister@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Hi Sam</div><div><br></div><div>I don't have a fix but I actually had the same problem but for a different reason. I was trying to run keystone via apache and listen on multiple ports to support regular auth and external auth. I couldn't figure out how to map additional ports within keytstone. I'm very much interested in the solution here. <br>
<br>Sent from my iPhone</div><div><div class="h5"><div><br>On Jun 13, 2013, at 9:27 AM, Samuel Winchenbach <<a href="mailto:swinchen@gmail.com" target="_blank">swinchen@gmail.com</a>> wrote:<br><br></div><blockquote type="cite">
<div><div dir="ltr"><div class="gmail_default" style="font-family:'courier new',monospace">Hi All,</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">
I am attempting to set up a high availability openstack cluster. Currently, using pacemaker, I create a Virtual IP for all the highly available service, launch haproxy to proxy all the requests and clone keystone to all the nodes. The idea being that the requests come into haproxy and are load balanced across all the nodes.</div>
<div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">
To do this I have keystone listen on 26000 for admin, and 26001 for public. haproxy listens on 35357 and 5000 respectively (these ports are bound to the VIP). The problem with setup is that my log is filling (MB/min) with this warning:</div>
<div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default"><div class="gmail_default"><font face="courier new, monospace">2013-06-13 09:20:18 INFO [access] 127.0.0.1 - - [13/Jun/2013:13:20:18 +0000] "GET <a href="http://10.80.255.1:35357/v2.0/users" target="_blank">http://10.80.255.1:35357/v2.0/users</a> HTTP/1.0" 200 915</font></div>
<div class="gmail_default"><span style="font-family:'courier new',monospace">2013-06-13 09:20:18 WARNING [keystone.contrib.stats.core] Unable to resolve API as either public or admin: <a href="http://10.80.255.1:35357" target="_blank">10.80.255.1:35357</a></span><br>
</div><div class="gmail_default"><font face="courier new, monospace">...</font></div><div class="gmail_default"><font face="courier new, monospace">...</font></div><div class="gmail_default"><font face="courier new, monospace"><br>
</font></div><div class="gmail_default"><font face="courier new, monospace">where 10.80.255.1 is my VIP for highly available services. I traced down that module and added a few lines of code for debugging and it turns out that if checks to see if the incoming connection matches a port in the config file. In my case it does not.</font></div>
<div class="gmail_default"><font face="courier new, monospace"><br></font></div><div class="gmail_default"><font face="courier new, monospace">I can not just bind keystone to the internal ip and leave the port as their defaults because the way pacemaker checks to see if services are alive is by sending requests to service it is monitoring, and I do not want to send requests to the VIP because any instance of keystone could respond. Basically I would I have to write a pacemaker rule for each node and it would become messy quite quickly.</font></div>
<div class="gmail_default"><font face="courier new, monospace"><br></font></div><div class="gmail_default"><font face="courier new, monospace">Does anyone see something I could do differently, or a fix for my current situation? </font></div>
<div class="gmail_default"><font face="courier new, monospace"><br></font></div><div class="gmail_default"><font face="courier new, monospace">Thanks,</font></div><div class="gmail_default"><font face="courier new, monospace">Sam</font></div>
</div></div>
</div></blockquote></div></div><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a></span><br>
<span>Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a></span><br><span>Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a></span><br>
<span>More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a></span><br></div></blockquote></div></blockquote></div><br></div>