Openstack Keystone identification service drop-in replacement

The paper is dedicated to architecture and scalability principles for developed service intended to be a drop-in replace for Openstack Keystone. Openstack Keystone is the central identification and service catalogue service for clouds based on Openstack. Previous papers indicated problems of this service: it uses RDBMS (MariaDB/MySQL/PostgreSQL) as a data storage. Since each service and each user gets a token to have access to Openstack cloud and tokens are periodically revoked by the system, token generation is a critical function for the whole cloud. As soon as Keystone queries DBMS for getting user or service identification hashes and recomputes this hash upon the user-provided data, there is a bottleneck based on Keystone architecture. Each Keystone process has separate session with DBMS and since the recommended way is to use Galera cluster thus the DBMS part is limited to the slowest DBMS node since Galera provides High-Availability not the performance scale. Our approach is based on API Gateway Kong and its scalability through Apache Cassandra usage as a data store. Drop-in replacement is implemented as Lua plugin inside Kong API Gateway and implements Keystone V3 API.

Openstack Keystone, Apache Cassandra, Kong, API Gateway, Lua, cloud platform

1. Moreno-Vozmediano R., Montero R.S., Llorente I.M. Iaas cloud architecture: From virtualized datacenters to federated cloud infrastructures. Computer, vol. 45, no. 12, 2012, pp. 65-72.

2. Amazon Elastic Compute Cloud official page. Available at: https://aws.amazon.com/ec2/.

3. Microsoft Azure official page. Available at: https://azure.microsoft.com/en-us/.

4. Google Compute Engine official page. Available at: https://cloud.google.com/compute/.

5. OpenStack project official page. Available at: https://www.openstack.org/.

6. Eucalyptus project official page. Available at: https://www.eucalyptus.com/.

7. OpenNebula project official page. Available at: https://opennebula.org.

8. Luo J.Z. et al. Cloud computing: architecture and key technologies. Journal of China Institute of Communications, vol. 32, no. 7, 2011. pp. 3-21.

9. Freet D. et al. Open source cloud management platforms and hypervisor technologies: A review and comparison. SoutheastCon, 2016. IEEE, 2016, pp. 1-8.

10. Lynn T. et al. A Comparative Study of Current Open-source Infrastructure as a Service Frameworks. CLOSER, 2015, pp. 95-104.

11. Openstack Keystone architecture description. Available at: http://docs.openstack.org/developer/ keystone/architecture.html.

12. Bogomolov I.V., Aleksiyants., Borisenko O.D., Avetisyan A.I. Scalability problems in cloud environments and reasons for performance degradation on identity service Openstack Keystone. Izvestiya SFedU. Engineering Sciences, №12 (185), 2016, pp. 130-140.

13. Bogomolov I.V., Aleksiyants A.V., Sher A.V., Borisenko O.D., Avetisyan A.I. A performance testing and stress testing of cloud platform central identity: OpenStack Keystone case study. Trudy ISP RAN / Proc. ISP RAS, vol. 27, issue 5, 2015, pp. 49-58. DOI: 10.15514/ISPRAS-2015-27(5)-4

14. Tarantool project official page. Available at: https://tarantool.org/.

15. Abramova V., Bernardino J., Furtado P. Experimental evaluation of NoSQL databases, International Journal of Database Management Systems, No. 3, 2014, pp. 1-16.

16. Dmitry Namiot, Manfred Sneps-Sneppe. On Micro-services Architecture. International Journal of Open Information Technologies, vol. 2, no. 9, 2014, pp. 24-27.

17. Anton Fagerberg. Optimising clients with API Gateways. Department of Computer Science Faculty of Engineering LTH, 2015.

18. Kong project official page. Available at: https://getkong.org.

19. Cassandra project official page. Available at: http://cassandra.apache.org.

20. Redis project official page. Available at: https://redis.io.

21. Nginx project official page. Available at: http://nginx.org.

22. Lakshman A., Prashant M. Cassandra: a decentralized structured storage system. ACM SIGOPS Operating Systems Review, vol. 4, issue 2, 2010, pp. 35-40.