OpenStack Identity (keystone)

Use single connection in get_all function for getting "enabled" values for all ldap users.

Bug #1451910 reported by Min Song
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Min Song
OpenStack Identity (keystone) 8.0.0 "liberty"

Bug Description

LDAP being enabled, any keystone commands that use get_all takes a lot of time, especially if there are many LDAP users (like ~3000), due to the fact that _get_enabled makes a new connection for each user. Instead, I thought it would be better if a connection is made before the for loop in get_all, get all "enabled" values from all users, and then close the connection. I actually tested this code change on mine, and it actually speeds up many keystone commands (user-list, user-role-add, user-delete, user-get). Before it took about 50 seconds, but now, it takes about 4 seconds.

Min Song (ms2597)
Changed in keystone:
assignee: nobody → Min Song (ms2597)
Min Song (ms2597)
Changed in keystone:
status: New → In Progress
status: In Progress → New
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/180247

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/180247
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c4945a9bbcd58748d85b845273af6db6a1753f67
Submitter: Jenkins
Branch: master

commit c4945a9bbcd58748d85b845273af6db6a1753f67
Author: Min Song <email address hidden>
Date: Tue May 5 10:02:13 2015 -0700

    Use single connection in get_all function

    As the number of LDAP users increase, any keystone commands that
    need to look through all of the LDAP users tend to slow down.
    After some investigation, I figured out that the cause of this
    is making a new connection for each user in get_all.

    In get_all, it calls _get_enabled function for each LDAP user.
    In _get_enabled function, a new connection from get_connection()
    is created, an then "enabled" value for a user is obtained.
    Therefore, the more LDAP users you have, the slower the response
    will be.

    If a connection is made before the for loop in get_all, get all
    "enabled" values from all users, and then close the connection,
    then the response from keystone commands would be faster.

    This code change was tested on a VM, and it actually speeded up
    many keystone commands (user-list, user-role-add, user-delete,
    user-get) from 50 seconds to 4 seconds.

    Closes-Bug: #1451910
    Change-Id: I3f5131c9eefa066f0d8ee5127322d686e09308df

Changed in keystone:
status: In Progress → Fix Committed
Doug Hellmann (doug-hellmann)
Changed in keystone:
milestone: none → liberty-1
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to keystone (master)

Reviewed: https://review.openstack.org/209768
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=dda973ff8cede3a4d4265e0919ad2ab2b0f4c407
Submitter: Jenkins
Branch: master

commit dda973ff8cede3a4d4265e0919ad2ab2b0f4c407
Author: Edgar Magana <email address hidden>
Date: Wed Aug 5 23:16:56 2015 -0700

    Fix explicit line joining with backslash

    In the original fix this bug one reviewed suggested to replace
    backslash but the code was merge before that.

    Change-Id: I1850ccbb63f7bf640adfbb06b0f98567c035067f
    Related-bug: #1451910

Dolph Mathews (dolph)
tags: added: ldap
tags: added: performance
Changed in keystone:
importance: Undecided → Medium
Thierry Carrez (ttx)
Changed in keystone:
milestone: liberty-1 → 8.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.