[Openstack-operators] Request for Load data for Keystone

Adam Young ayoung at redhat.com
Wed Feb 5 20:13:53 UTC 2014


On 02/04/2014 09:42 PM, Sam Morrison wrote:
> Hi Adam,
>
> Here are some stats from the NeCTAR cloud inline:
>
>
> On 29 Jan 2014, at 8:33 am, Adam Young <ayoung at redhat.com> wrote:
>
>> I'm a Keystone core dev.  I often find myself in the position of thinking about Keystone Performance  without real numbers to back it up.
>>
>> Can people with "real live clouds" provide some insight?  Here's what I'd like to know?
>>
>> How big is your Keystone data set?  How many
>> users
> ~3000
>
>> projects
> ~3500
>
>> domains
> 0 (or 1 which is the default domain)
>
>> active tokens
> ~200,000
>
>> 1.  UUID vs PKI tokens?
> PKI
>
>> 2.  Apache HTTPD vs Eventlet:
>> Which do you run?  Do you see performance issues with either?
> Eventlet, we have 36 keystone user api servers and 36 admin api servers behind a LB
> In terms of performance it seems pretty good although we’ve never run anything to get any real numbers. If you had any we can run and give you numbers.
>
>> How many token revocation events are you seeing?  How long is your token revocation list getting?  Which events dominate (change password, revoke roles?)
> We currently have 3, all from change password.
>
>> Do you run the SQL token backend?  If so, how often do you clean out the expired tokens?
> We run the memcache backend.
>
>> Non performance related questions:
>>
>> Are you using the V3 API?  If not, what is keeping you on V2?
> V2, haven’t looked into the V3 API yet, nothing stopping us moving to it but there hasn’t been any reason for us to
>
>> Do you use trusts?  Do you even understand what they provide?
> No, haven’t looked into this either but we may have a need to soon.
>
>> Do you use SSL or Kerberos?  Do you want to, but find something is keeping you from doing so?
> We have SSL termination on our Hardware LBs
>
> Happy to answer more questions.
>
> Cheers,
> Sam
>
> --
> Sam Morrison
> Technical Lead
> NeCTAR Research Cloud Lead Node
> The University of Melbourne
Fantastic, Sam,  thanks for the feedback.



More information about the OpenStack-operators mailing list