Validation of tokens degraded after upgrade to Rocky
Bug #1796887 reported by
Jose Castro Leon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Jose Castro Leon |
Bug Description
Recently we have upgraded Keystone to the Rocky release and we saw a quite noticiable increase of the response on validation of certain types of tokens. Specifically tokens that are created from trusts.
On the new token model (keystone/
Since we are using heat and magnum, that are heavily using trusts, we were impacted by this change of validation response.
description: | updated |
Changed in keystone: | |
assignee: | nobody → Jose Castro Leon (jose-castro-leon) |
Changed in keystone: | |
status: | New → In Progress |
tags: | added: performance |
tags: | added: rocky-backport-potential |
Changed in keystone: | |
importance: | Undecided → High |
Changed in keystone: | |
milestone: | none → stein-1 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/608963 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=d465a58f02f 134086d6322c5b8 58c056a3aea025
Committed: https:/
Submitter: Zuul
Branch: master
commit d465a58f02f1340 86d6322c5b858c0 56a3aea025
Author: Jose Castro Leon <email address hidden>
Date: Tue Oct 9 15:11:48 2018 +0200
Add caching on trust role validation to improve performance
In the token model, the trust roles are not cached. This behavior
impacts services that are using trusts heavily like heat or magnum.
It introduces new cache data to improve the performance on token
validation requests on trusts.
Change-Id: I974907b427c34f d5db3228b6139d9 3bbcdc38df5
Closes-Bug: #1796887