Open Stack

Hello everyone,

Thank you all for your advice!
In my case one keystone server can easily hold a load. I don't need to
balance a load between two or more keystone servers. However I need two
keystone servers for high availability. So, I decided just to use two
keystone servers with the same virtual IP address.
Pros:
- I can easily configure HA
- I don't need to use a master/master replication for a database.
- I don't need to use load balancers.
- I don't need to learn peacemaker
Cons:
- It will not increase the overall throughput
- One of the keystone servers will always be at a cold state

However. We can rid of cons by using two virtual IP adresses. So, we can
use a half proxy servers with keystone1 and another half of proxy servers
with keystone2. If one of the keystone servers will be dead then keepalived
will assign both virtual ip addresses to the alive node. After node will be
brought back to live keepalived will reassign IP addresses back (It isn't
the load balancing but our throughput will increase). If our clients will
use proxy servers with both keystone1 and keystone 2 then we have to use
master/master replication for the database.

Best regards,
Alexandr

On Tue, Sep 20, 2016 at 8:49 AM, Van Leeuwen, Robert <rovanleeuwen at ebay.com>
wrote:

> >
>
> > Hello,
>
> >
>
> > I am thinking about using the keystone as an authentication system but I
> am afraid about failures which can affect all the cluster. In fact if the
> keystone server dies then our full cluster will stop. It would be better if
> we could use HA with the keystone. Then if > our primary keystone server
> dies we have to elect a new primary keystoe server. Are there some tools
> which can be used in HA deployment?
>
> >
>
> > Any piece of advice will be valuable
>
>
>
> IMHO: get a proper ha load-balancer solution, make sure you install at
> least 2 of all APIS and load-balance in active-active mode
>
> The OpenStack APIs are stateless so you can run multiple servers at the
> same time as long as they can connect to the same database backend.
>
>
>
> The load-balancer is usable for all APIs, you can use it as the HA-IP for
> mysql and can also be used to offload SSL so you just have one place to
> configure your certificates.
>
> (for galera, make use of a “sorry-server” and not active-active
> load-balancing for writes)
>
>
>
> The great thing about a load-balancer is that you remove all HA complexity
> out of the OpenStack setup.
>
> In my personal opinion the pacemaker setups can function OK but pacemaker
> is a complex piece of software and it is not unlikely to cause downtime
> either to misconfiguration or inexperienced people operating it.
>
> Especially if pacemaker is also starting/stopping mysql/rabbit/openstack
> services and not only moving around a few IPs.
>
> If you are going the pacemaker way make sure you play around with it quite
> a bit and do failure tests so you are comfortable with the commands and
> know what to look for when things go wrong.
>
> Do not forget: any other people operating the pacemaker cluster will need
> that knowledge and a 2 node cluster is not a real cluster (split-brains).
>
>
>
> Cheers,
>
> Robert van Leeuwen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160920/61f45cbb/attachment.html>