Open Stack

Hello,

I have next nodes:
swift_proxy1 - 192.168.0.11
swift_proxy2 - 192.168.0.12
keystone1 - 192.168.0.21
keystone2 - 192.168.0.22

I wonder to know if it is possible to use two keystone servers if we use
"uuid" or "fernet" tokens.

With uuid I can use Galera Cluster to use the same database. The problem is
I don't know what to write in endpoints. We can create an endpoint only for
one the keystone server as I understand. i.e. :

openstack endpoint create --region RegionOne identity public
http://192.168.0.11:5000/v3

openstack endpoint create --region RegionOne identity internal
http://192.168.0.11:5000/v3

openstack endpoint create --region RegionOne identity admin
http://192.168.0.11:35357/v3

Also what should I use when I create a swift endpoints? Does he have to
point on itself or on the keystone server?

openstack endpoint create --region RegionOne \
  object-store public http://192.168.0.11:8080/v1/AUTH_%\(tenant_id\)s

openstack endpoint create --region RegionOne \
  object-store internal http://192.168.0.11:8080/v1/AUTH_%\(tenant_id\)s

openstack endpoint create --region RegionOne \
  object-store admin http://192.168.0.11:8080/v1

i.e. if it points on the keystone then it is OK but if he point on itself
then which proxy IP address I should use?

Also when we use fernet tokens, how to synchronize tokens between nodes
(they should always use the same tokens).

My aim is to connect the keystone 1 to the proxy 1 and the keystone 2 to
the proxy 2 to. i.e. : Proxy 1 should always check tokens only in the
keystone1 server and the proxy 2 should always check tokens only in the
keystone 2 server. But I want to be able to receive tokens from any
keystone server (a user can receive a token from the keystone 1 and be
authenticated in the proxy 2 with that token).

Sincerely,
Alexandr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160923/d40f7fbd/attachment.html>