This looks like a bug in the HA guide, which should be in the openstack-
manuals project. Adding openstack-manuals to this report for further
clarification.
** Also affects: openstack-manuals
Importance: Undecided
Status: New
** No longer affects: keystone
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1735192
Title:
OCF resource agent out of date or HA guide incorrect.
Status in openstack-manuals:
New
Bug description:
The HA guide over at
https://docs.openstack.org/ha-guide/controller-ha-identity.html
recommends downloading an OCF resource agent from git. This OCF
resource agent is now about 18 months old, dating from early 2016. It
still uses the commands 'keystone-all' and 'keystone'. Both
executables no longer exist, so the resource agent does not work as-
is.
The newer commands are 'keystone-manage' and 'openstack'
In addition, 'keystone user-list' is wrong syntax, it should now be
'openstack user list'
Here's a diff of the changes I made;
<code>
38c38
< OCF_RESKEY_binary_default="keystone-manage"
---
> OCF_RESKEY_binary_default="keystone-all"
42c42
< OCF_RESKEY_client_binary_default="openstack"
---
> OCF_RESKEY_client_binary_default="keystone"
250c250
< user list > /dev/null 2>&1
---
> user-list > /dev/null 2>&1
</code>
While this fixes errors in the resource agent, It's still impossible
for me to run keystone via the OCF, simply because, since those
commands were removed, there's no way for me to stop keystone from
running directly.
In addition, I can't help but notice the HA guide only speaks about
RHEL and SUSE. Where's the Ubuntu section for Keystone HA? It's there
for the other components...
ps aux | grep keystone
returns 10 lines like these;
keystone 10173 0.0 1.8 409096 111612 ? Sl 06:25 0:17 (wsgi
:keystone-pu -k start
This means keystone runs under the apache2 web server.
Thus if we add the apache2 systemd script ('systemctl start apache2') to the
pacemaker cluster as a cloned service, then it should be able to manage
keystone.
Why would you want this, instead of just running systemd on separate
hosts? Well, other services kind of 'depend' on keystone, as such you
can create hooks in crmsh to ensure that the active/passive services,
which actually require crmsh, only start after keystone is available.
E.g. this code suffices to switch keystone from the default 'systemd' managed
setup to a crm-managed setup on ubuntu or debian with N nodes;
<code>
node1> systemctl stop apache2
node1> systemctl disable apache2
node2> systemctl stop apache2
node2> systemctl disable apache2
....
nodeN> systemctl stop apache2
nodeN> systemctl disable apache2
node1> crm
crm$ configure primitive p_keystone systemd:apache2 op monitor interval="30s"
timeout="30s"
crm$ configure clone keystone_clone p_keystone
</code>
To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-manuals/+bug/1735192/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
