[openstack-dev] [opnfv-tech-discuss] [Keystone][Multisite] Huge token size

joehuang joehuang at huawei.com
Mon Mar 16 09:33:59 UTC 2015


[Topic]: Huge token size

Hello,

As you may or may not be aware of, a requirement project proposal Multisite[1] was started in OPNFV in order to identify gaps in implementing OpenStack across multiple sites.

Although the proposal has not been approved yet, we've started to run some experiments to try out different methods. One of the problem we identify in those experiments is that, when we want  to use a shared KeyStone for 101 Regions ( including ~500 endpoints ). The token size is huge (The token format is PKI), please see details in the attachments:

token_catalog.txt, 162KB: catalog list included in the token
token_pki.txt, 536KB: non-compressed token size
token_pkiz.txt, 40KB: compressed token size

I understand that KeyStone has a way like endpoint_filter to reduce the size of token, however this requires to manage many (hard to id the exact number) endpoints can be seen by a project, and the size is not easy to exactly controlled.

Do you guys have any insights in how to reduce the token size if PKI token used? Is there any BP relates to this issue? Or should we fire one to tackle this?

[1]https://wiki.opnfv.org/requirements_projects/multisite

Best Regards
Chaoyi Huang ( Joe Huang )


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150316/d2845b8f/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: token_pkiz.txt
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150316/d2845b8f/attachment-0003.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: token_pki.txt
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150316/d2845b8f/attachment-0004.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: token_catalog.txt
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150316/d2845b8f/attachment-0005.txt>


More information about the OpenStack-dev mailing list