We have been using RadosGW with Keystone integration for a couple of years, to allow users of our OpenStack-based IaaS to create their own credentials for our object store. This has caused us a fair amount of performance headaches. Last year, Jjames Weaver (BBC) has contributed a patch (PR #26095) that changes the handling of S3 authentication when Keystone is used as a backend for credentials. It was merged to master in March 2019. We run Nautilus on our production clusters, which doesn't include the patch. A few weeks ago, we decided to cherry-pick PR #26095 on top of Nautilus (12.4.5/6/7) and deploy that in production. So far we haven't noticed any issues. Load on our Keystone system has decreased significantly, response times for small requests are now consistently low, and we don't have to re-provision S3 credentials locally anymore to fix performance emergencies. Thanks a lot! Blog post with a few performance graphs: https://cloudblog.switch.ch/2020/02/10/radosgw-keystone-integration-performance-issues-finally-solved/ -- Simon. _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |