[Openstack-operators] Keystone token HA
serverascode at gmail.com
Fri Dec 18 17:02:20 UTC 2015
On Fri, Dec 18, 2015 at 9:55 AM, Bajin, Joseph <jbajin at verisign.com> wrote:
> That was me..
> We are using McRouter which then speaks to memcached to talk to all the
> memcache servers that you have up and running. It keeps track of what is up
> and down so it knows where to send traffic. You can get pretty complicated
> with it and we have started to do more complex operations such as warming up
> cache’s, going across regions to look in that cache for things like tokens,
> and a few others.
> To start off, you can simple use this configuration  which will get you
> the latest token and update/delete/create to the fastest location.
> I’ve started to write a small blog post about it, but I haven’t finished out
> the pictures yet.
That's great, looking forward to the post. :)
I didn't have much time to experiment, but I did find in my limited
testing that it was a bit slower than I thought it would be to have
mcrouter in place. But as you say it's very configurable and perhaps I
was using a poor config. If you have any performance information to
share in the post that'd be great too.
> Let me know if you have questions though. I’m happy to share more
>  https://gist.github.com/RaginBajin/0339436c17e814e16e99
> From: Pedro Sousa <pgsousa at gmail.com>
> Date: Friday, December 18, 2015 at 7:36 AM
> To: "Ajay Kalambur (akalambu)" <akalambu at cisco.com>
> Cc: "openstack-operators at lists.openstack.org"
> <openstack-operators at lists.openstack.org>
> Subject: Re: [Openstack-operators] Keystone token HA
> Hi Ajay,
> someone in this mailing list mentioned mcrouter + memcached to achieve that,
> I'm also looking to test it soon on my lab.
> Pedro Sousa
> On Fri, Dec 18, 2015 at 6:48 AM, Ajay Kalambur (akalambu)
> <akalambu at cisco.com> wrote:
>> If we deploy Keystone using memcached as token backend we see that
>> bringing down 1 of 3 memcache servers results in some tokens getting
>> invalidated. Does memcached not support replication of tokens
>> So if we wanted HA w.r.t keystone tokens should we use SQL backend for
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
More information about the OpenStack-operators