Bug 2024602 - Failover mechanisms for keystone LDAP backend are causing huge delays for some Horizon operations if one LDAP server is down [NEEDINFO]
Summary: Failover mechanisms for keystone LDAP backend are causing huge delays for som...
Keywords:
Status: ON_DEV
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone
Version: 16.2 (Train)
Hardware: All
OS: All
high
high
Target Milestone: zstream
: 16.2 (Train on RHEL 8.4)
Assignee: Grzegorz Grasza
QA Contact: Jeremy Agee
URL:
Whiteboard:
Depends On:
Blocks: 1899127
TreeView+ depends on / blocked
 
Reported: 2021-11-18 12:46 UTC by Grzegorz Grasza
Modified: 2023-08-15 09:18 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1899127
Environment:
Last Closed:
Target Upstream Version:
Embargoed:
bshephar: needinfo? (ggrasza)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1953622 0 None None None 2021-12-08 14:11:37 UTC
OpenStack gerrit 821086 0 None NEW Add an option to randomize LDAP urls list 2023-07-19 15:49:01 UTC
OpenStack gerrit 824140 0 None MERGED Change the min value of pool_retry_max to 1 2022-03-29 07:03:43 UTC
OpenStack gerrit 860118 0 None NEW LDAP connection error handling 2023-07-19 15:48:58 UTC
Red Hat Issue Tracker OSP-10856 0 None None None 2021-11-18 12:48:08 UTC

Internal Links: 2128990

Comment 3 Grzegorz Grasza 2021-11-30 09:50:32 UTC 
I'm working on a fix
Comment 6 Grzegorz Grasza 2021-12-16 11:33:42 UTC 
While discussing this upstream, it was proposed that a better solution would be to set up a load balancer for LDAP (which I agree with). A load balancer is better placed to determine if a server is down and act appropriately, whereas keystone doesn't have any inter-process communication or place to hold such state.
Note You need to log in before you can comment on or make changes to this bug.