neutron

Make DB migration "Add indexes to RBACs" conditional

Bug #2020802 reported by Rodolfo Alonso
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Rodolfo Alonso

Bug Description

This bug is related to [1] and the patch [2] (added in Yoga).

Some administrators, using older versions, are experiencing the issue reported in [1]. For example, one user has an environment that has several external networks with multiple projects (1K) and multiple network RBACs (around 2.5K). The CLI command "openstack network list", executed by a project member (not an admin), is timing out.

I've manually tested in a lab environments, based in stable/train (RH OSP16). I've manually backported [2] and added the indexes to the database. The network list API command improves from 2.5 seconds to 0.4 seconds [3]. In a loaded environment where the API times are slower, that improvement (5x) could be critical.

This is why I'm proposing this bug, to make the DB migration in [2] conditional. That means adding a check before adding any index. If the index is already present in the DB, that means the admin has manually added it. If not, the migration will add it.

The change I'm proposing **does NOT affect** any new deployment or any upgrade from a system without the indexes manually added.

[1]https://bugs.launchpad.net/neutron/+bug/1918145
[2]https://review.opendev.org/c/openstack/neutron/+/810072
[3]https://paste.opendev.org/show/bTNKOkxldBrY1V4F9Ioj/

yatin (yatinkarel)
tags: added: db
Changed in neutron:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/884617

Changed in neutron:
status: Triaged → In Progress
Rodolfo Alonso (rodolfo-alonso-hernandez)
Changed in neutron:
assignee: nobody → Rodolfo Alonso (rodolfo-alonso-hernandez)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/884617
Committed: https://opendev.org/openstack/neutron/commit/e8cd39b3d75cbc10f69bb99aed449b751f067940
Submitter: "Zuul (22348)"
Branch: master

commit e8cd39b3d75cbc10f69bb99aed449b751f067940
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Fri May 26 17:48:57 2023 +0200

    Make DB migration creating indexes in RBACs conditional

    This patch makes conditional the existing DB migration that adds
    the new indexes "target_tenant" and "action" in the "*rbacs" tables.
    The rationale of this patch is to be able to manually improve older
    systems by just manually creating the indexes in the database.
    Once these indexes are added, those operations including RBACs
    checks (all these called from non-admin user to RBAC administrated
    resourced) will be improved.

    This patch is avoiding the migration issue a system could find if
    these indexes have been manually added and then the system is
    upgraded. The new check added will first retrieve the table indexes;
    if the index is already present, the index addition is skipped.

    Closes-Bug: #2020802
    Change-Id: I1962fbc844bb67180e9071bcee01f8e95853bdda

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/neutron/+/885733

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/neutron/+/885734

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/neutron/+/885735

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/885735
Committed: https://opendev.org/openstack/neutron/commit/d541ee97317b5830d1e057ecc7e58a5b5063c130
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit d541ee97317b5830d1e057ecc7e58a5b5063c130
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Fri May 26 17:48:57 2023 +0200

    Make DB migration creating indexes in RBACs conditional

    This patch makes conditional the existing DB migration that adds
    the new indexes "target_tenant" and "action" in the "*rbacs" tables.
    The rationale of this patch is to be able to manually improve older
    systems by just manually creating the indexes in the database.
    Once these indexes are added, those operations including RBACs
    checks (all these called from non-admin user to RBAC administrated
    resourced) will be improved.

    This patch is avoiding the migration issue a system could find if
    these indexes have been manually added and then the system is
    upgraded. The new check added will first retrieve the table indexes;
    if the index is already present, the index addition is skipped.

    Closes-Bug: #2020802
    Change-Id: I1962fbc844bb67180e9071bcee01f8e95853bdda
    (cherry picked from commit e8cd39b3d75cbc10f69bb99aed449b751f067940)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/885733
Committed: https://opendev.org/openstack/neutron/commit/c063ad1106368e1e228fd20734ea3d4010d02643
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit c063ad1106368e1e228fd20734ea3d4010d02643
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Fri May 26 17:48:57 2023 +0200

    Make DB migration creating indexes in RBACs conditional

    This patch makes conditional the existing DB migration that adds
    the new indexes "target_tenant" and "action" in the "*rbacs" tables.
    The rationale of this patch is to be able to manually improve older
    systems by just manually creating the indexes in the database.
    Once these indexes are added, those operations including RBACs
    checks (all these called from non-admin user to RBAC administrated
    resourced) will be improved.

    This patch is avoiding the migration issue a system could find if
    these indexes have been manually added and then the system is
    upgraded. The new check added will first retrieve the table indexes;
    if the index is already present, the index addition is skipped.

    Closes-Bug: #2020802
    Change-Id: I1962fbc844bb67180e9071bcee01f8e95853bdda
    (cherry picked from commit e8cd39b3d75cbc10f69bb99aed449b751f067940)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 22.0.2

This issue was fixed in the openstack/neutron 22.0.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 21.1.2

This issue was fixed in the openstack/neutron 21.1.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 20.4.0

This issue was fixed in the openstack/neutron 20.4.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 23.0.0.0b3

This issue was fixed in the openstack/neutron 23.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.