Identity services (keystone) in High Availability Guide
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Going through this setup for Keystone using Pacemaker with Kilo this fails checks. In the Kilo install, the actual Keystone process is not handled by the Keystone service but rather Apache now using WSGI. This should be updated to either not include Keystone as being monitored by Pacemaker, an updated method on Keystone monitoring or setting up Pacemaker monitoring of Apache for Keystone services.
-------
Release: 0.0.1 on 2015-11-14 13:19
SHA: e3fbcff38a4bad9
Source: http://
URL: http://
Changed in openstack-manuals: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in openstack-manuals: | |
assignee: | nobody → foundjem (foundjem-devops) |
Changed in openstack-manuals: | |
assignee: | foundjem (foundjem-devops) → nobody |
http:// docs.openstack. org/developer/ keystone/ apache- httpd.html
basically create 2 WSGI configurations for Apache, admin and public.
Admin example for CentOS/RHEL:
Listen 35357
<VirtualHost *:35357> cgi-bin/ keystone"
DocumentRoot "/var/www/
<Directory "/var/www/ cgi-bin/ keystone" >
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
ErrorLog "/var/log/ httpd/keystone_ wsgi_admin_ error.log" httpd/keystone_ wsgi_admin_ access. log" combined
ServerSignature Off
CustomLog "/var/log/
WSGIApplicati onGroup %{GLOBAL} name=keystone- admin group=keystone processes=1 threads=12 user=keystone cgi-bin/ keystone/ keystone- admin" rization On
WSGIDaemonProcess keystone_admin display-
WSGIProcessGroup keystone_admin
WSGIScriptAlias / "/var/www/
WSGIPassAutho
</VirtualHost>
Public Example for CentOS/RHEL:
Listen 5000
<VirtualHost *:5000>> cgi-bin/ keystone"
DocumentRoot "/var/www/
<Directory "/var/www/ cgi-bin/ keystone" >
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
ErrorLog "/var/log/ httpd/keystone_ wsgi_public_ error.log" httpd/keystone_ wsgi_public_ access. log" combined
ServerSignature Off
CustomLog "/var/log/
WSGIApplicati onGroup %{GLOBAL} name=keystone- public group=keystone processes=1 threads=12 user=keystone cgi-bin/ keystone/ keystone- public" rization On
WSGIDaemonProcess keystone_public display-
WSGIProcessGroup keystone_public
WSGIScriptAlias / "/var/www/
WSGIPassAutho
</VirtualHost>
Then, if pacemaker is not monitoring Apache/httpd, add it to pacemaker.
Something similar to this(or elsewhere in install guide, not sure)
https:/ /www.server- world.info/ en/note? os=CentOS_ 7&p=pacemaker& f=2