> > On 22 Jun 2016, at 1:45 AM, Matt Fischer <[email protected]> wrote: > > I don't have a solution for you, but I will concur that adding revocations > kills performance especially as that tree grows. I'm curious what you guys > are doing revocations on, anything other than logging out of Horizon? >
Is there a way to disable revocations? Sam > On Tue, Jun 21, 2016 at 5:45 AM, Jose Castro Leon <[email protected] > <mailto:[email protected]>> wrote: > Hi all, > > While doing scale tests on our infrastructure, we observed some increase in > the response times of our keystone servers. > > After further investigation we observed that we have a hot key in our cache > configuration (this means than all keystone servers are checking this key > quite frequently) > > We are using a pool of memcache servers for hosting the cache and the > solution does not seem ideal at this scale. > > > > The key turns out to be the revocation tree, that is evaluated in every token > validation. If the revocation tree object stored is big enough it can kill > the network connectivity > > on the cache server affecting the whole infrastructure as the identity > servers needs to check the key before validating a token. > > > > On our scale tests after the cleanup, we have 250 requests/second for an > object of 500KB that is a throughput of 1Gbit/sec that saturate the network > link of the cache server. > > > > We are checking other strategies like redis or mongo, but we would like to > know if you have already seen this before? If so what you have done? > > > > Kind regards, > > Jose > > > > Jose Castro Leon > > CERN IT-CM-RPS tel: +41.22.76.74272 > > mob: +41.75.41.19222 > > fax: +41.22.76.67955 > > Office: 31-1-026 CH-1211 Geneve 23 > > email: [email protected] <mailto:[email protected]> > > > > _______________________________________________ > OpenStack-operators mailing list > [email protected] > <mailto:[email protected]> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators> > > > _______________________________________________ > OpenStack-operators mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
