| 2017-11-30 14:13:31 |
netproducts |
description |
The HA guide over at
https://docs.openstack.org/ha-guide/controller-ha-identity.html
recommends downloading an OCF resource agent from git. This OCF resource agent is now about 18 months old, dating from early 2016. It still uses the commands 'keystone-all' and 'keystone'. Both executables no longer exist, so the resource agent does not work as-is.
The newer commands are 'keystone-manage' and 'openstack'
In addition, 'keystone user-list' is wrong syntax, it should now be 'openstack user list'
Here's a diff of the changes I made;
38c38
< OCF_RESKEY_binary_default="keystone-manage"
---
> OCF_RESKEY_binary_default="keystone-all"
42c42
< OCF_RESKEY_client_binary_default="openstack"
---
> OCF_RESKEY_client_binary_default="keystone"
250c250
< user list > /dev/null 2>&1
---
> user-list > /dev/null 2>&1
While this fixes errors in the resource agent, It's still impossible for me to run keystone via the OCF, simply because, since those commands were removed, there's no way for me to stop keystone from running via whatever weird mechanism my debian installed it to run as.
It's not systemd, it's not sysv, it's not ocf either. But keystone is running and working, and I can't seem to stop it. Which I need to do to turn my keystone that runs on each node induvidually into a cloned pacemaker/corosync resource as instructed by the HA guide.
In addition, I can't help but notice the HA guide only speaks about RHEL and SUSE. Where's the Ubuntu section for Keystone HA? It's there for the other components...
ps aux | grep keystone
returns 10 lines like these;
keystone 10173 0.0 1.8 409096 111612 ? Sl 06:25 0:17 (wsgi:keystone-pu -k start
The real problem the deprecation of the keystone management tools is; How do I add whatever-this-weird-process-method-is to be managed by corosync? I'm not writing my own OCF scripts, turns out this is hard to get it right. |
The HA guide over at
https://docs.openstack.org/ha-guide/controller-ha-identity.html
recommends downloading an OCF resource agent from git. This OCF resource agent is now about 18 months old, dating from early 2016. It still uses the commands 'keystone-all' and 'keystone'. Both executables no longer exist, so the resource agent does not work as-is.
The newer commands are 'keystone-manage' and 'openstack'
In addition, 'keystone user-list' is wrong syntax, it should now be 'openstack user list'
Here's a diff of the changes I made;
<code>
38c38
< OCF_RESKEY_binary_default="keystone-manage"
---
> OCF_RESKEY_binary_default="keystone-all"
42c42
< OCF_RESKEY_client_binary_default="openstack"
---
> OCF_RESKEY_client_binary_default="keystone"
250c250
< user list > /dev/null 2>&1
---
> user-list > /dev/null 2>&1
</code>
While this fixes errors in the resource agent, It's still impossible for me to run keystone via the OCF, simply because, since those commands were removed, there's no way for me to stop keystone from running directly.
In addition, I can't help but notice the HA guide only speaks about RHEL and SUSE. Where's the Ubuntu section for Keystone HA? It's there for the other components...
ps aux | grep keystone
returns 10 lines like these;
keystone 10173 0.0 1.8 409096 111612 ? Sl 06:25 0:17 (wsgi:keystone-pu -k start
This means keystone runs under the apache2 web server.
Thus if we add the apache2 systemd script ('systemctl start apache2') to the pacemaker cluster as a cloned service, then it should be able to manage keystone.
Why would you want this, instead of just running systemd on separate hosts? Well, other services kind of 'depend' on keystone, as such you can create hooks in crmsh to ensure that the active/passive services, which actually require crmsh, only start after keystone is available.
E.g. this code suffices to switch keystone from the default 'systemd' managed setup to a crm-managed setup on ubuntu or debian with N nodes;
<code>
node1> systemctl stop apache2
node1> systemctl disable apache2
node2> systemctl stop apache2
node2> systemctl disable apache2
....
nodeN> systemctl stop apache2
nodeN> systemctl disable apache2
node1> crm
crm$ configure primitive p_keystone systemd:apache2 op monitor interval="30s" timeout="30s"
crm$ configure clone keystone_clone p_keystone
</code> |
|
