Public bug reported: Keystone provides multiple configuration options for operators to setup LDAP connection pooling [0]. Connection pooling has the ability to increase performance by keeping LDAP connection open and available for use across threads within a single keystone process. It's not clear that these connections are shared only between threads and not processes. In a deployment with a multiple processes defined that are all using a single thread per process, it's confusing to query LDAP connections but less than the configured values in keystone.conf.
We could either improve the documentation to explain this relationship more clearly, elude to this behavior in the configuration help text, or both. [0] https://opendev.org/openstack/keystone/src/commit/fe39838f712880c336e18eadf320e7c9e2007448/keystone/conf/ldap.py#L392-L407 ** Affects: keystone Importance: Low Status: New ** Tags: documentation ldap low-hanging-fruit ** Changed in: keystone Importance: Undecided => Low ** Tags added: docu ldap ** Tags removed: docu ** Tags added: documentation low-hanging-fruit -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1842496 Title: Relationship between keystone performance backed by ldap and using ldappool is confusing Status in OpenStack Identity (keystone): New Bug description: Keystone provides multiple configuration options for operators to setup LDAP connection pooling [0]. Connection pooling has the ability to increase performance by keeping LDAP connection open and available for use across threads within a single keystone process. It's not clear that these connections are shared only between threads and not processes. In a deployment with a multiple processes defined that are all using a single thread per process, it's confusing to query LDAP connections but less than the configured values in keystone.conf. We could either improve the documentation to explain this relationship more clearly, elude to this behavior in the configuration help text, or both. [0] https://opendev.org/openstack/keystone/src/commit/fe39838f712880c336e18eadf320e7c9e2007448/keystone/conf/ldap.py#L392-L407 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1842496/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
