<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 09/23/2016 11:03 AM, Alexandr
Porunov wrote:<br>
</div>
<blockquote
cite="mid:CAB-_WnHMz3susp8hCYAwSCaytX9LVA-AxdUNo_9xRGARgsPLVQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hello,<br>
</div>
<div><br>
</div>
<div>I have next nodes:</div>
<div>swift_proxy1 - 192.168.0.11</div>
<div>swift_proxy2 - 192.168.0.12</div>
<div>keystone1 - 192.168.0.21</div>
<div>keystone2 - 192.168.0.22</div>
<div><br>
</div>
<div>
<div>I wonder to know if it is possible to use two keystone
servers if we use "uuid" or "fernet" tokens.</div>
</div>
<div><br>
</div>
</div>
</blockquote>
Yes, you want to use Fernet. Make sure the same keys are on both
servers.<br>
<br>
<br>
<blockquote
cite="mid:CAB-_WnHMz3susp8hCYAwSCaytX9LVA-AxdUNo_9xRGARgsPLVQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>With uuid I can use Galera Cluster to use the same
database. The problem is I don't know what to write in
endpoints. We can create an endpoint only for one the keystone
server as I understand. i.e. :</div>
<div><br>
</div>
<div>openstack endpoint create --region RegionOne identity
public <a moz-do-not-send="true"
href="http://192.168.0.11:5000/v3">http://192.168.0.11:5000/v3</a></div>
<div><br>
</div>
<div>openstack endpoint create --region RegionOne identity
internal <a moz-do-not-send="true"
href="http://192.168.0.11:5000/v3">http://192.168.0.11:5000/v3</a></div>
<div> </div>
<div>openstack endpoint create --region RegionOne identity admin
<a moz-do-not-send="true" href="http://192.168.0.11:35357/v3">http://192.168.0.11:35357/v3</a></div>
<div><br>
</div>
<div>Also what should I use when I create a swift endpoints?
Does he have to point on itself or on the keystone server?</div>
<div><br>
</div>
<div>openstack endpoint create --region RegionOne \</div>
<div> object-store public <a moz-do-not-send="true"
href="http://192.168.0.11:8080/v1/AUTH_%%5C%28tenant_id%5C%29s">http://192.168.0.11:8080/v1/AUTH_%\(tenant_id\)s</a></div>
<div> </div>
<div>openstack endpoint create --region RegionOne \</div>
<div> object-store internal <a moz-do-not-send="true"
href="http://192.168.0.11:8080/v1/AUTH_%%5C%28tenant_id%5C%29s">http://192.168.0.11:8080/v1/AUTH_%\(tenant_id\)s</a></div>
<div> </div>
<div>openstack endpoint create --region RegionOne \</div>
<div> object-store admin <a moz-do-not-send="true"
href="http://192.168.0.11:8080/v1">http://192.168.0.11:8080/v1</a></div>
<div><br>
</div>
<div>i.e. if it points on the keystone then it is OK but if he
point on itself then which proxy IP address I should use?</div>
<div><br>
</div>
<div>Also when we use fernet tokens, how to synchronize tokens
between nodes (they should always use the same tokens).</div>
<div><br>
</div>
<div>My aim is to connect the keystone 1 to the proxy 1 and the
keystone 2 to the proxy 2 to. i.e. : Proxy 1 should always
check tokens only in the keystone1 server and the proxy 2
should always check tokens only in the keystone 2 server. But
I want to be able to receive tokens from any keystone server
(a user can receive a token from the keystone 1 and be
authenticated in the proxy 2 with that token).</div>
<div><br>
</div>
<div>Sincerely,</div>
<div>Alexandr</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>