2024602 – Failover mechanisms for keystone LDAP backend are causing huge delays for some Horizon operations if one LDAP server is down

Bug 2024602 - Failover mechanisms for keystone LDAP backend are causing huge delays for some Horizon operations if one LDAP server is down

Summary: Failover mechanisms for keystone LDAP backend are causing huge delays for som...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-keystone
Sub Component:
Version:	16.2 (Train)
Hardware:	All
OS:	All
Priority:	high
Severity:	high
Target Milestone:	zstream
Target Release:	16.2 (Train on RHEL 8.4)
Assignee:	Grzegorz Grasza
QA Contact:	Jeremy Agee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1899127
TreeView+	depends on / blocked

Reported:	2021-11-18 12:46 UTC by Grzegorz Grasza
Modified:	2024-12-04 20:25 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1899127
Environment:
Last Closed:	2024-12-04 20:25:19 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1953622	None	None	None	2021-12-08 14:11:37 UTC
OpenStack gerrit	824140	None	MERGED	Change the min value of pool_retry_max to 1	2022-03-29 07:03:43 UTC
OpenStack gerrit	860118	None	NEW	LDAP connection error handling	2023-10-23 11:31:35 UTC
OpenStack gerrit	892863	None	NEW	Add an option to randomize LDAP urls list	2023-10-23 11:33:26 UTC
Red Hat Issue Tracker	OSP-10856	None	None	None	2021-11-18 12:48:08 UTC

Internal Links: 2128990

Comment 3 Grzegorz Grasza 2021-11-30 09:50:32 UTC

I'm working on a fix

Comment 6 Grzegorz Grasza 2021-12-16 11:33:42 UTC

While discussing this upstream, it was proposed that a better solution would be to set up a load balancer for LDAP (which I agree with). A load balancer is better placed to determine if a server is down and act appropriately, whereas keystone doesn't have any inter-process communication or place to hold such state.

Comment 25 Grzegorz Grasza 2023-08-24 08:04:01 UTC

The documentation has been revised and published: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html/integrate_openstack_identity_with_external_user_management_services/assembly-integrating-identity-with-idm_rhosp#con-planning-identity-idm-integration_identity-idm

Note You need to log in before you can comment on or make changes to this bug.