Comment 8 for bug 1771114

We've been looking into this some more today and see little evidence to suggest that configuring multiple servers is the right way to go. The behaviour today is that by default the charms set a default expiration_time of 600s and while modules can set their own cache_time to override this, the charms do not configure this for [role]. This means that when you add/remove a role assignment, the cache local to the api host processed the request will be up-to-date and the peer hosts will not be for up to 600s. See
https://bugs.launchpad.net/charm-keystone/+bug/1899117 for a similar discussion and the solution there was to make the global expiration_time configurable such that if set to something low, the role cache_time will also use it. That should drastically reduce the impact of the problem but since reducing the global cache time could have performance side effects I suggest we make role cache_time configurable via the charm (similar to how catalog cache_time is already configurable).