Image Description

The image is a diagram that illustrates how high availability is configured for the Keystone public API. The diagram contains two large boxes representing two controller nodes, the one on the left is labeled control1 and the one on the right is labeled control2.

Both controller node boxes contain four boxes representing the em3 and em1 network interfaces, Keepalived, and HAProxy. The text inside the boxes shows the configuration of each of these components, as follows:

  • The box for interface em3 on control1 contains the external virtual IP (VIP) address 203.0.113.10. The box for interface em3 on control2 contains no VIP address.

  • The box for interface em1 on control1 contains the internal VIP address 192.0.2.100, and the real IP address for control1 192.0.2.21. The box for interface em1 on control2 contains only the IP address for control2 192.0.2.21.

  • The box for Keepalived on both controller nodes shows that Keepalived is configured to manage two VIP addresses, 203.0.113.10 on the em3 network interface, and 192.0.2.100 and on the em1 network interface. The box on the control1 is labeled Master because it is the active instance of Keepalived, the box on control2 is labeled Backup because it will take over if the instance on control1 fails. There is an arrow between the Keepalived boxes on the controller nodes. The arrow is labeled VRRP to show that the Keepalived instances use the Virtual Router Redundancy Protocol to decide which instance of Keepalived is the master.

  • The box for HAProxy on both controller nodes contains two sets of configuration rules labeled keystone_external for the external VIP address, and keystone_internal for the internal VIP address. The rules show the VIP addresses that HAProxy binds to which includes the Keystone public port 500, and that HAProxy load balances and forwards the network traffic destined for either VIP address to the IP address of either of the controller nodes.

Both controller node boxes also have a box representing the Keystone public API.

Above the controller node boxes, there is an image of a cloud representing the public network. Below the controller node boxes, there is a box representing the internal management/API network.

The diagram contains a series of arrows which connects the em3 and em1 network interfaces, Keepalived, HAProxy and Keystone public API boxes with the public and internal management/API networks. The direction of the arrows shows the flow of network traffic from the public network and the internal management/API networks, as follows:

  • Traffic from the public network to the external VIP address arrives at the em3 interface on control1 at port 5000. This traffic is handled by the HAProxy keystone_external configuration rules and forwarded on the em1 network interface to the IP address of one of the controller nodes. Traffic sent to the IP address of either control node on the em1 network interface arrives at the Keystone public API box.

  • Traffic from the internal management/API network to the internal VIP address arrives at the em1 interface on control1 at port 5000. This traffic is handled by the HAProxy keystone_internal configuration rules and forwarded on the em1 network interface to the IP address of one of the controller nodes. Traffic sent to the IP address of either control node on the em1 network interface arrives at the Keystone public API box.

Copyright © 2016, 2017 Oracle and/or its affiliates. All rights reserved. Legal Notices