[Openstack] HAProxy -MySQL Galera not connecting to keystone

Janki Chhatbar jankihchhatbar at gmail.com
Fri May 8 12:30:13 UTC 2015 

This issue is now solved. I reinstalled mysql galera.

keystone user-list returns users on node1. Then I stop keystone service in
node1 and try to get user list on node2. This should not be the case I
think.

Error is Authorization failed: Unable to establish connection to
http;//<VIP>:35357/v2.0/tokens

I have copied /etc/keystone/ssl from node1 to node2 and given keystone
ownership to it on node2.

Stopping keystone on node2 and retrieving users on node1 works fine.

Janki Chhatbar
M.Tech (Embedded Systems)
Nirma University
(+91) 9409239106

On Fri, May 8, 2015 at 2:37 PM, Janki Chhatbar <jankihchhatbar at gmail.com>
wrote:

> Keystone user-list replies for few seconds after restarting mysql in both
> nodes. Attaching haproxy.cnf here.
>
> Janki Chhatbar
> M.Tech (Embedded Systems)
> Nirma University
> (+91) 9409239106
>
> On Thu, May 7, 2015 at 9:05 PM, Joe Topjian <joe at topjian.net> wrote:
>
>> Hello,
>>
>> Do you have HAProxy configured to round-robin the MySQL traffic? If so,
>> change the balance config to something where the source connection will
>> always hit the same mysql node.
>>
>> Or just make one of the mysql nodes a designated "write" node by setting
>> the opposite node as "backup". This will then send all traffic to the
>> writing node and resolve any deadlock errors that you might encounter:
>>
>>
>> https://www.percona.com/blog/2014/09/11/openstack-users-shed-light-on-percona-xtradb-cluster-deadlock-issues/
>>
>> http://www.joinfu.com/2015/01/understanding-reservations-concurrency-locking-in-nova/
>>
>> So you'll end up killing two birds with one stone.
>>
>> Hope that helps,
>> Joe
>>
>>
>> On Thu, May 7, 2015 at 6:55 AM, Janki Chhatbar <jankihchhatbar at gmail.com>
>> wrote:
>>
>>> Hi
>>>
>>> I have 2 nodes with HAProxy, MySQL-Galera and keystone each.
>>>
>>> node1: IP1 = HAproxy, Galera and keystone
>>> node2: IP2 = HAproxy, Galera and keystone
>>> 1 VIP
>>>
>>> I have created keystone users, endpoints, tenants. These are updated in
>>> keystone DB as well. Galera cluster is also working fine.
>>>
>>> Keystone user-list
>>> gives error. The error is at http://paste.openstack.org/show/216095/
>>>
>>> Mysql users:
>>>
>>> mysql> select user,host from mysql.user; +------------------+--------------+ | user             | host         | +------------------+--------------+ | keystone         | %            | | root             | %            | | keystone         | IP1 | | keystone         | IP2 | | keystone         | VIP | | root             | 127.0.0.1    | | root             | ::1          | | debian-sys-maint | localhost    | | keystone         | localhost    | | root             | localhost    | +------------------+--------------+ 10 rows in set (0.00 sec)
>>>
>>> Telnet to MYSQL:
>>>
>>> root at server2:/var/log/keystone# telnet VIP 3308 Trying 10.107.0.180... Connected to 10.107.0.180. Escape character is '^]'.
>>> R 5.6.23-1trustyZ#v'[wcjl# �#tMb%/\c^,^vYmysql_native_passwordConnection closed by foreign host.
>>>
>>>
>>> I have installed mysql-galera wsrep-5.6 from its official site. After
>>> installing MySQL didnot start. I had to manually start with command
>>>
>>> mysqld --console
>>>
>>> What could be the possible error and its solution? I have tried
>>> reinstalled and yet I get the same error.
>>>
>>> Janki Chhatbar
>>> M.Tech (Embedded Systems)
>>> Nirma University
>>> (+91) 9409239106
>>>
>>> _______________________________________________
>>> Mailing list:
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to     : openstack at lists.openstack.org
>>> Unsubscribe :
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150508/abe9deb9/attachment.html>

More information about the Openstack mailing list