[openstack-dev] [Openstack-operators] [keystone] Removing functionality that was deprecated in Kilo and upcoming deprecated functionality in Mitaka
Dolph Mathews
dolph.mathews at gmail.com
Wed Dec 9 13:42:18 UTC 2015
Benchmarks always appreciated!
But, these types of benchmarks are *entirely* useless unless you can
provide the exact configuration you used for each scenario so that others
can scrutinize the test method and reproduce your results. So, off the top
of my head, I'm looking for:
* keystone.conf
* distro used for testing, in case they override the project's defaults
* all nginx config files
* all uwsgi config files
* apache config, including virtual hosts and mods
* your test client and it's configuration
* server & client architecture, and at least some idea of what lies in
between (networking, etc)
* whatever else I'm forgetting
A mailing list is probably not the best method to provide anything other
than a summary; so I'd suggest publishing the details in a gist, blog post,
or both.
And to comment on the results themselves: you shouldn't be seeing that big
of a performance gap between httpd and everything else; something is
fundamentally different about that configuration. These are just web
servers, after all. Choosing between them should not be a matter of
performance, but it should be a choice of documentation, licensing,
community, operability, supportability, reliability, etc. Performance
should be relatively similar, and thus a much lower priority in making your
selection.
On Tue, Dec 8, 2015 at 10:09 PM, Ginwala, Aliasgar <aginwala at ebay.com>
wrote:
>
>
> Hi All:
>
> Just to inform Steve and all the folks who brought up this talk ;We did
> some benchmarking using wsgi, apache and nginx for keystone with mysql as
> token backend and we got following results on Juno version. Hence I am just
> giving you brief highlight about the results we got.
>
> spawning 100 users per sec for create token, below are the results:
>
> *Using nginx with uwsgi: *
> rps *32* —(reqests/sec)
> median time ~ 3.3 sec
> no of processes 20
>
> *using apache *
> rps *75*
> median time ~ 1.3 sec
> avg time - 1.5 sec
> no of processes 20
>
> *using wsgi *
> rps *28*
> median time ~ 3.4
> avg 3.5
> no of processes 20
>
>
> We are planning to switch to apache since we are not seeing good results
> using nginx with uwsgi. May be some more added support is required for
> nginx performance.We did not encounter this auto restart issue in test
> yet and hence are open to more inputs.
>
> Any other suggestions are welcome too. Let us know in case of queries.
>
> Regards,
> Aliasgar
>
> On 8 December 2015 at 07:53, Thomas Goirand <zigo at debian.org> wrote:
>
>> On 12/01/2015 07:57 AM, Steve Martinelli wrote:
>> > Trying to summarize here...
>> >
>> > - There isn't much interest in keeping eventlet around.
>> > - Folks are OK with running keystone in a WSGI server, but feel they are
>> > constrained by Apache.
>> > - uWSGI could help to support multiple web servers.
>> >
>> > My opinion:
>> >
>> > - Adding support for uWSGI definitely sounds like it's worth
>> > investigating, but not achievable in this release (unless someone
>> > already has something cooked up).
>> > - I'm tempted to let eventlet stick around another release, since it's
>> > causing pain on some of our operators.
>> > - Other folks have managed to run keystone in a web server (and
>> > hopefully not feel pain when doing so!), so it might be worth getting
>> > technical details on just how it was accomplished. If we get an OK from
>> > the operator community later on in mitaka, I'd still be OK with removing
>> > eventlet, but I don't want to break folks.
>> >
>> > stevemar
>> >
>> > From: John Dewey <john at dewey.ws>
>> > 100% agree.
>> >
>> > We should look at uwsgi as the reference architecture. Nginx/Apache/etc
>> > should be interchangeable, and up to the operator which they choose to
>> > use. Hell, with tcp load balancing now in opensource Nginx, I could get
>> > rid of Apache and HAProxy by utilizing uwsgi.
>> >
>> > John
>>
>> The main problem I see with running Keystone (or any other service) in a
>> web server, is that *I* (as a package maintainer) will loose the control
>> over when the service is started. Let me explain why that is important
>> for me.
>>
>> In Debian, many services/daemons are run, then their API is used by the
>> package. In the case of Keystone, for example, it is possible to ask,
>> via Debconf, that Keystone registers itself in the service catalog. If
>> we get Keystone within Apache, it becomes at least harder to do so.
>>
>
> I was going to leave this up to others to comment on here, but IMO -
> excellent. Anyone that is doing an even semi serious deployment of
> OpenStack is going to require puppet/chef/ansible or some form of
> orchestration layer for deployment. Even for test deployments it seems to
> me that it's crazy for this sort of functionality be handled from debconf.
> The deployers of the system are going to understand if they want to use
> eventlet or apache and should therefore understand what restarting apache
> on a system implies.
>
>
>>
>> The other issue is that if all services are sharing the same web server,
>> restarting the web server restarts all services. Or, said otherwise: if
>> I need to change a configuration value of any of the services served by
>> Apache, I will need to restart them all, which is very annoying: I very
>> much prefer to just restart *ONE* service if I need.
>>
>> Also, something which we learned the hard way at Mirantis: it is *very*
>> annoying that Apache restarts every Sunday morning by default in
>> distributions like Ubuntu and Debian (I'm not sure for the other
>> distros). No, the default config of logrotate and Apache can't be
>> changed in distros just to satisfy OpenStack users: there's other users
>> of Apache in these distros.
>>
>
> :O
>
>
>>
>> Then, yes, uWSGI becomes a nice option. I used it for the Barbican
>> package, and it worked well. Though the uwsgi package in Debian isn't
>> very well maintained, and multiple times, Barbican could have been
>> removed from Debian testing because of RC bugs against uWSGI.
>>
>> So, all together, I'm a bit reluctant to see the Eventlet based servers
>> going away. If it's done, then yes, I'll work around it. Though I'd
>> prefer if it didn't.
>>
>> It is also my view that it's up to the deployers to decide how they want
>> to implement things. For many small use cases, Eventlet performs well
>> enough.
>>
>> Finally, one thing which I never understood: if Eventlet is bad as an
>> HTTP server, can't we use anything else written in Python? Isn't it
>> possible to write a decent HTTP server in Python? Why are we forced into
>> just Eventlet for doing the job? I haven't searched around, but there
>> must be loads of alternatives, no?
>>
>> Cheers,
>>
>> Thomas Goirand (zigo)
>>
>
> So I'd be ok with keeping eventlet around until after we can figure out
> something for multiple virtual envs (i think you'd replace virtualenvs with
> containers) , but i don't think the packaging should have anything to do
> with this.
>
>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151209/7bc5cad5/attachment.html>
More information about the OpenStack-dev
mailing list