yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1188370] Re: kvs driver for tokens is not a production quality default

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 17 Jul 2013 12:15:09 -0000
Reply-to: Bug 1188370 <1188370@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => havana-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1188370

Title:
  kvs driver for tokens is not a production quality default

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  The default storage method for tokens is kvs. This has several
  drawbacks that make it unsuitable for production:

  * Requires load balancer to persist connections to a single keystone server by token.
  * Memory will grow out of control until token_flush is run.
  * At some point kvs lookups get very slow because there are millions of keys in the dict.
  * Process restart invalidates all tokens.

  A much more production friendly default would be sql. SQL index lookup
  times will be nearly O(1) for even the largest table, and the flush is
  only needed to preserve disk space, which is far more abundant and
  affordable than RAM. Also we already default to SQL for catalog,
  policy, identity, trust, and credential.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1188370/+subscriptions