OpenStack API section (Keystone) haproxy configuration (i)

Source: Internet
Author: User
Tags gpg haproxy

Recently sorted out the previously deployed OpenStack HA documentation!

PACEMAKER+COROSYNC+CRMSH Installation

I. Pre-conditions

Node1:

(1) The host names are resolved between each node

Uname-n

>node1.test.com

Vim/etc/hosts

>127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

>::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

>192.168.18.201 node1.test.com Node1

>192.168.18.202 node2.test.com Node2

Ping Node1

Ping Node2

(2). Time synchronization between nodes

Ntpdate 210.72.145.44

(3). SSH trust between the nodes

Ssh-keygen-t rsa-f ~/.ssh/id_rsa-p "

Ssh-copy-id-i. ssh/id_rsa.pub [Email protected]

Node2:

(1). Host names are parsed between nodes

Uname-n

>node2.test.com

Vim/etc/hosts

>127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

>::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

>192.168.18.201 node1.test.com Node1

>192.168.18.202 node2.test.com Node2

Ping Node1

Ping Node2

(2). Time synchronization between nodes

Ntpdate 210.72.145.44

(3). SSH trust between the nodes

Ssh-keygen-t rsa-f ~/.ssh/id_rsa-p "

Ssh-copy-id-i. ssh/id_rsa.pub [Email protected]

Configuring the Yum Source (Epel source)

Node1:

wget http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

RPM-IVH epel-release-5-4.noarch.rpm

RPM--import/etc/pki/rpm-gpg/rpm-gpg-key-centos-5

Yum List

Node2:

wget http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

RPM-IVH epel-release-5-4.noarch.rpm

RPM--import/etc/pki/rpm-gpg/rpm-gpg-key-centos-5

Yum List

Shutting down firewalls and SELinux

Node1:

Service Iptables Stop

Vim/etc/selinux/config

># This file controls the state of the SELinux on the system.

># selinux= can take one of the these three values:

># Enforcing-selinux security policy is enforced.

># Permissive-selinux prints warnings instead of enforcing.

># Disabled-selinux is fully disabled.

>selinux=disabled

># selinuxtype= type of policy in use. Possible values are:

># targeted-only targeted Network daemons is protected.

># Strict-full SELinux Protection.

>selinuxtype=targeted

Node2:

Service Iptables Stop

Vim/etc/selinux/config

>selinux=disabled

>selinuxtype=targeted

Second, installation Pacemaker+corosync+crmsh

Node1+node2:

Installing Pacemaker+corosync

Yum Install-y corosync*

Yum Install-y pacemaker*

Installing CRMSH

1) CRMSH official website

https://savannah.nongnu.org/forum/forum.php?forum_id=7672

2) Crmsh

http://download.opensuse.org/repositories/network:/ha-clustering:/Stable/

3) Install Crmsh "If the dependency package is missing and install the dependent package"

RPM-IVH crmsh-1.2.6-0.rc2.2.1.x86_64.rpm

4) Verify the configuration:

Crm

Three, Corosync detailed configuration

Node1:

Modifying a configuration file

Vim/etc/corosync/corosync.conf

>>>

Totem {

Version:2

# time (in MS) to wait for a token 1

token:10000

# How many token retransmits before forming a new

# Configuration

Token_retransmits_before_loss_const:10

# Turn off the virtual synchrony filter

Vsftype:none

# Enable Encryption 2

Secauth:on

# How many threads to use for encryption/decryption

threads:0

# This specifies the redundant ring protocol, which could be

# None, active, or passive. 3

Rrp_mode:active

# The following is a two-ring multicast configuration. 4

interface {

Ringnumber:1

bindnetaddr:10.0.42.0# Heart Line Network segment

mcastaddr:239.255.42.2

mcastport:5405

}

}

AMF {

Mode:disabled

}

Service {

# Load The Pacemaker Cluster Resource Manager 5

Ver:1

Name:pacemaker

}

aisexec {

User:root

Group:root

}

Logging {

Fileline:off

To_stderr:yes

To_logfile:yes

To_syslog:yes

LogFile:/var/log/cluster/corosync.log #日志位置

Syslog_facility:daemon

Debug:off

Timestamp:on

Logger_subsys {

Subsys:amf

Debug:off

}

}

>>>

Generate Key File

Note: The Corosync generated key file will call the/dev/random random number device by default, and once the system interrupts the random number of IRQs, there will be a lot of waiting time, so in order to save time, we say random replace the urandom before generating the key, To save time.

Mv/dev/{random,random.bak}

Ln-s/dev/urandom/dev/random

Corosync-keygen

View the generated key file

ll

Total amount of > 24

>-r--------1 root root 128 August 14:16 Authkey

>-rw-r--r--1 root root 521 August 11:11 corosync.conf

>-rw-r--r--1 root root 445 May 05:09 corosync.conf.example

>-rw-r--r--1 root root 1084 May 05:09 Corosync.conf.example.udpu

>drwxr-xr-x 2 root root 4096 May 05:09 SERVICE.D

>drwxr-xr-x 2 root root 4096 May 05:09 Uidgid.d

Copy the key file Authkey with the configuration file corosync.conf to Node2

Scp-p Authkey corosync.conf node2:/etc/corosync/

Check Configuration

Node1+node2:

Corosync-cfgtool-s

Start Corosync

Node1+node2:

Service Corosync Start

Four, Pacemaker detailed configuration

Start pacemaker

Node1+node2:

Service Pacemaker Start

Node1 or Node2:

Configure cluster Basic properties

CRM Configure

> pe-input-series-max= "1000" \
> pe-error-series-max= "1000" \

"Configuration of specific resources is another matter"

OpenStack API section (Keystone) haproxy configuration (i)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.