<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
making this exchange public.<br>
<div class="moz-forward-container"><br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>Re: [Openstack-operators] Request for Load data for
Keystone</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Tue, 28 Jan 2014 23:37:11 +0100</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>Joe Topjian <a class="moz-txt-link-rfc2396E" href="mailto:joe@topjian.net"><joe@topjian.net></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td>Adam Young <a class="moz-txt-link-rfc2396E" href="mailto:ayoung@redhat.com"><ayoung@redhat.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<div dir="ltr">Hi Adam,
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Jan 28, 2014 at 10:33 PM,
Adam Young <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">I'm
a Keystone core dev. I often find myself in the position
of thinking about Keystone Performance without real
numbers to back it up.<br>
<br>
Can people with "real live clouds" provide some insight?
Here's what I'd like to know?<br>
<br>
How big is your Keystone data set? How many<br>
users<br>
</blockquote>
<div><br>
</div>
<div>Approximately 150</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">projects<br>
</blockquote>
<div><br>
</div>
<div>Approximately 100</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">domains<br>
</blockquote>
<div><br>
</div>
<div>0</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">active
tokens<br>
</blockquote>
<div><br>
</div>
<div>memcdump is showing approximately 22,000 </div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">1.
UUID vs PKI tokens?<br>
</blockquote>
<div><br>
</div>
<div>uuid</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">2.
Apache HTTPD vs Eventlet:<br>
<br>
Which do you run? Do you see performance issues with
either?<br>
</blockquote>
<div><br>
</div>
<div>Eventlet. No performance issues. I might move to
Apache, but I have no real reason.</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">How
many token revocation events are you seeing? How long is
your token revocation list getting? Which events dominate
(change password, revoke roles?)<br>
</blockquote>
<div><br>
</div>
<div>Revocation list is currently 74. I'm not keeping track
of event metrics such as these.</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Do
you run the SQL token backend? If so, how often do you
clean out the expired tokens?<br>
</blockquote>
<div><br>
</div>
<div>memcache</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Non
performance related questions:<br>
<br>
Are you using the V3 API? If not, what is keeping you on
V2?<br>
</blockquote>
<div><br>
</div>
<div>Our production clouds are running Grizzly. If v3 is
available in Grizzly, then we haven't found a need to move
to v3. To be honest, dealing with OpenStack upgrades takes
enough time to plan, unless new api versions are
automatically enabled during the upgrade, I don't have
time to bother.</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Do
you use trusts? Do you even understand what they provide?<br>
</blockquote>
<div><br>
</div>
<div>No and no. Google isn't returning any non-developer
docs from <a moz-do-not-send="true"
href="http://docs.openstack.org" target="_blank">docs.openstack.org</a>
on trusts.</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Do
you use SSL or Kerberos? Do you want to, but find
something is keeping you from doing so?<br>
</blockquote>
<div><br>
</div>
<div>I'd love to utilize more features of Keystone, but
there's little documentation about what is possible:</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="http://docs.openstack.org/admin-guide-cloud/content/ch-identity-mgmt-config.html"
target="_blank">http://docs.openstack.org/admin-guide-cloud/content/ch-identity-mgmt-config.html</a><br>
</div>
<div><br>
</div>
<div>Your blog posts are great and informative, but I think
there needs to be more practical official OpenStack
Identity documentation. </div>
<div><br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><br>
<br>
<br>
If you have answers to these questions, but feel
uncomfortable posting them publically, please send them to
me directly and I will anonymize the answers. Don't feel
like you need to answer everything if you have something
to contribute in just one topic.<br>
<br>
<br>
P.S. We know about the shortcomings of the Identity
operations (list users in particular). Those will be
addressed separately.<br>
<br>
<br>
_______________________________________________<br>
OpenStack-operators mailing list<br>
<a moz-do-not-send="true"
href="mailto:OpenStack-operators@lists.openstack.org"
target="_blank">OpenStack-operators@lists.openstack.org</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators"
target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
</div>
<br>
</body>
</html>