Hi all, While doing scale tests on our infrastructure, we observed some increase in the response times of our keystone servers. After further investigation we observed that we have a hot key in our cache configuration (this means than all keystone servers are checking this key quite frequently) We are using a pool of memcache servers for hosting the cache and the solution does not seem ideal at this scale.
The key turns out to be the revocation tree, that is evaluated in every token validation. If the revocation tree object stored is big enough it can kill the network connectivity on the cache server affecting the whole infrastructure as the identity servers needs to check the key before validating a token. On our scale tests after the cleanup, we have 250 requests/second for an object of 500KB that is a throughput of 1Gbit/sec that saturate the network link of the cache server. We are checking other strategies like redis or mongo, but we would like to know if you have already seen this before? If so what you have done? Kind regards, Jose Jose Castro Leon CERN IT-CM-RPS tel: +41.22.76.74272 mob: +41.75.41.19222 fax: +41.22.76.67955 Office: 31-1-026 CH-1211 Geneve 23 email: jose.castro.l...@cern.ch<mailto:jose.castro.l...@cern.ch>
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators