[Openstack-operators] Keystone token HA

Bajin, Joseph jbajin at verisign.com
Fri Dec 18 16:55:08 UTC 2015

That was me.. 

We are using McRouter which then speaks to memcached to talk to all the memcache servers that you have up and running. It keeps track of what is up and down so it knows where to send traffic.  You can get pretty complicated with it and we have started to do more complex operations such as warming up cache’s, going across regions to look in that cache for things like tokens, and a few others. 

To start off, you can simple use this configuration [1] which will get you the latest token and update/delete/create to the fastest location.  

I’ve started to write a small blog post about it, but I haven’t finished out the pictures yet. 

Let me know if you have questions though.  I’m happy to share more information. 


[1] https://gist.github.com/RaginBajin/0339436c17e814e16e99

From:  Pedro Sousa <pgsousa at gmail.com>
Date:  Friday, December 18, 2015 at 7:36 AM
To:  "Ajay Kalambur (akalambu)" <akalambu at cisco.com>
Cc:  "openstack-operators at lists.openstack.org" <openstack-operators at lists.openstack.org>
Subject:  Re: [Openstack-operators] Keystone token HA

Hi Ajay, 

someone in this mailing list mentioned mcrouter + memcached to achieve that, I'm also looking to test it soon on my lab.

Pedro Sousa

On Fri, Dec 18, 2015 at 6:48 AM, Ajay Kalambur (akalambu) <akalambu at cisco.com> wrote:
If we deploy Keystone using memcached as token backend we see that bringing down 1 of 3 memcache servers results in some tokens getting invalidated. Does memcached not support replication of tokens
So if we wanted HA w.r.t keystone tokens should we use SQL backend for tokens?


OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151218/dfac952b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5296 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151218/dfac952b/attachment.bin>

More information about the OpenStack-operators mailing list