[openstack-dev] [keystone] Need a solution for large catalog in PKI tokens

Ved Lad vedlad at gmail.com
Thu Sep 25 19:21:28 UTC 2014


The Openstack installation (Havana) at our company has a large number of
service endpoints in the catalog. As a consequence, when using PKI tokens,
my HTTP request header gets too big to handle for services like neutron. Im
evaluating different options for reducing the size of the catalog in the
PKI token. Some that I have found are:

1. Using the per tenant endpoint filtering extension: This could break if
the per tenant endpoint list gets too big

2. Using PKIZ Tokens(In Juno): Were using Havana, so I cant use this
feature, but it still doesnt look scalable

3. Using the ?nocatalog option. This is the best option for scalability but
isnt the catalog a required component for authorization?

Are there any other solutions that i am unaware of, that scale with number
of endpoints?

Thanks,
Ved
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140925/7be7390c/attachment.html>


More information about the OpenStack-dev mailing list