Excerpts from Ajay Kalambur (akalambu)'s message of 2015-12-17 22:48:24 -0800: > Hi > If we deploy Keystone using memcached as token backend we see that bringing > down 1 of 3 memcache servers results in some tokens getting invalidated. Does > memcached not support replication of tokens > So if we wanted HA w.r.t keystone tokens should we use SQL backend for tokens? >
I'd recommend using Fernet + SQL (for revocation events). Not having to store all of the tokens is worth the extra CPU to validate/generate. If you do use SQL as the backend for UUID, make sure you're cleaning up expired tokens aggressively. _______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
