[Openstack-operators] Fwd: Re: Request for Load data for Keystone
ayoung at redhat.com
Wed Jan 29 21:08:25 UTC 2014
making this exchange public.
-------- Original Message --------
Subject: Re: [Openstack-operators] Request for Load data for Keystone
Date: Tue, 28 Jan 2014 23:37:11 +0100
From: Joe Topjian <joe at topjian.net>
To: Adam Young <ayoung at redhat.com>
On Tue, Jan 28, 2014 at 10:33 PM, Adam Young <ayoung at redhat.com
<mailto:ayoung at redhat.com>> wrote:
I'm a Keystone core dev. I often find myself in the position of
thinking about Keystone Performance without real numbers to back it up.
Can people with "real live clouds" provide some insight? Here's
what I'd like to know?
How big is your Keystone data set? How many
memcdump is showing approximately 22,000
1. UUID vs PKI tokens?
2. Apache HTTPD vs Eventlet:
Which do you run? Do you see performance issues with either?
Eventlet. No performance issues. I might move to Apache, but I have no
How many token revocation events are you seeing? How long is your
token revocation list getting? Which events dominate (change
password, revoke roles?)
Revocation list is currently 74. I'm not keeping track of event metrics
such as these.
Do you run the SQL token backend? If so, how often do you clean out
the expired tokens?
Non performance related questions:
Are you using the V3 API? If not, what is keeping you on V2?
Our production clouds are running Grizzly. If v3 is available in
Grizzly, then we haven't found a need to move to v3. To be honest,
dealing with OpenStack upgrades takes enough time to plan, unless new
api versions are automatically enabled during the upgrade, I don't have
time to bother.
Do you use trusts? Do you even understand what they provide?
No and no. Google isn't returning any non-developer docs from
docs.openstack.org <http://docs.openstack.org> on trusts.
Do you use SSL or Kerberos? Do you want to, but find something is
keeping you from doing so?
I'd love to utilize more features of Keystone, but there's little
documentation about what is possible:
Your blog posts are great and informative, but I think there needs to be
more practical official OpenStack Identity documentation.
If you have answers to these questions, but feel uncomfortable
posting them publically, please send them to me directly and I will
anonymize the answers. Don't feel like you need to answer
everything if you have something to contribute in just one topic.
P.S. We know about the shortcomings of the Identity operations (list
users in particular). Those will be addressed separately.
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org
<mailto:OpenStack-operators at lists.openstack.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-operators