yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1842496] [NEW] Relationship between keystone performance backed by ldap and using ldappool is confusing

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Lance Bragstad <lbragstad@xxxxxxxxx>
Date: Tue, 03 Sep 2019 18:54:10 -0000
Reply-to: Bug 1842496 <1842496@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Keystone provides multiple configuration options for operators to setup
LDAP connection pooling [0]. Connection pooling has the ability to
increase performance by keeping LDAP connection open and available for
use across threads within a single keystone process. It's not clear that
these connections are shared only between threads and not processes. In
a deployment with a multiple processes defined that are all using a
single thread per process, it's confusing to query LDAP connections but
less than the configured values in keystone.conf.

We could either improve the documentation to explain this relationship
more clearly, elude to this behavior in the configuration help text, or
both.


[0] https://opendev.org/openstack/keystone/src/commit/fe39838f712880c336e18eadf320e7c9e2007448/keystone/conf/ldap.py#L392-L407

** Affects: keystone
     Importance: Low
         Status: New


** Tags: documentation ldap low-hanging-fruit

** Changed in: keystone
   Importance: Undecided => Low

** Tags added: docu ldap

** Tags removed: docu
** Tags added: documentation low-hanging-fruit

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1842496

Title:
  Relationship between keystone performance backed by ldap and using
  ldappool is confusing

Status in OpenStack Identity (keystone):
  New

Bug description:
  Keystone provides multiple configuration options for operators to
  setup LDAP connection pooling [0]. Connection pooling has the ability
  to increase performance by keeping LDAP connection open and available
  for use across threads within a single keystone process. It's not
  clear that these connections are shared only between threads and not
  processes. In a deployment with a multiple processes defined that are
  all using a single thread per process, it's confusing to query LDAP
  connections but less than the configured values in keystone.conf.

  We could either improve the documentation to explain this relationship
  more clearly, elude to this behavior in the configuration help text,
  or both.

  
  [0] https://opendev.org/openstack/keystone/src/commit/fe39838f712880c336e18eadf320e7c9e2007448/keystone/conf/ldap.py#L392-L407

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1842496/+subscriptions