Hi all,
While doing scale tests on our infrastructure, we observed some increase in the
response times of our keystone servers.
After further investigation we observed that we have a hot key in our cache
configuration (this means than all keystone servers are checking this key quite
frequently)
We are using a pool of memcache servers for hosting the cache and the solution
does not seem ideal at this scale.
The key turns out to be the revocation tree, that is evaluated in every token
validation. If the revocation tree object stored is big enough it can kill the
network connectivity
on the cache server affecting the whole infrastructure as the identity servers
needs to check the key before validating a token.
On our scale tests after the cleanup, we have 250 requests/second for an object
of 500KB that is a throughput of 1Gbit/sec that saturate the network link of
the cache server.
We are checking other strategies like redis or mongo, but we would like to know
if you have already seen this before? If so what you have done?
Kind regards,
Jose
Jose Castro Leon
CERN IT-CM-RPS tel: +41.22.76.74272
mob: +41.75.41.19222
fax: +41.22.76.67955
Office: 31-1-026 CH-1211 Geneve 23
email: jose.castro.l...@cern.ch<mailto:jose.castro.l...@cern.ch>
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
