Open Stack

Excerpts from Alexandr Porunov's message of 2016-09-19 21:46:54 +0300:
> Hello,
> 
> I am thinking about using the keystone as an authentication system but I am
> afraid about failures which can affect all the cluster. In fact if the
> keystone server dies then our full cluster will stop. It would be better if
> we could use HA with the keystone. Then if our primary keystone server dies
> we have to elect a new primary keystoe server. Are there some tools which
> can be used in HA deployment?
> 
> Any piece of advice will be valuable

Hi Alexandr.

Keystone is a stateless application. It stores all of the state in
a SQL database, or in files that are immutable (for Fernet token key
files). So, what you really want is an HA SQL solution, and (if you're
using Fernet tokens) a key sync mechanism.

There are many such standard solutions. If you're fine with one server
worth of capacity, then DRBD+Pacemaker+Corosync are a pretty simple
option to keep MySQL HA. Once you do that, you can just use a load
balancer or something like UCARP/VRRP to make sure HTTP requests arrive
at a working keystone node.

Good luck.