Description of problem: With commit#3580c2af1bd8a8c6574cf4cb7b63bd75b8effad7 in upstream, keystone now supports running multiple keystone-all worker processes. I have taken some performance numbers with Devstack with following scenarios:- 1. default keystone settings (single threaded keystone_all process) 2. by setting public_workers=4 in keytone.conf file, which enable 4 keystone_all worker processes. with 2nd scenario performance I see ~4X performance gain. Additional info: It looks upstream is now leaning towards running keystone under httpd https://bugzilla.redhat.com/show_bug.cgi?id=1111274#c3 but having multiple threads of keystone_all increases the performance significantly. I would like to explore the possibility to back port that patch with RHEL-OSP5 until we don't default to run keystone inside httpd.
I would like for the changes to be proven out more upstream. There were concerns by the Keystone team upstream that this change could expose some parallelism bugs. These sorts of bugs would most likely be found in real deployment under heavy load as opposed to the gate tests. This change is also something that would not be backported in Icehouse upstream, so we would have to carry this patch long term for RHEL OSP 5. This is certainly possible, but it's not ideal.
We are also leaning towards defaulting to deploy Keystone under httpd in downstream via OSP-Installer. I think we should close WONTFIX this BZ, given the maintenance effort needed for the backport throughout OSP5 life cycle, and that direction upstream.