Keystone overwhelms Ceilometer with Identity Events
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ceilometer |
Invalid
|
Low
|
Adam Young |
Bug Description
Description of problem:
When configuring OpenStack from OSP director, keystone is enabled to produce ceilometer events. These events spam Ceilometer, and any CloudForms instance managing the Overcloud with "identity.
Version-Release number of selected component (if applicable):
openstack-
python-
How reproducible:
100%
Steps to Reproduce:
1. Deploy Overcloud with ceilometer Events
parameter_defaults:
CeilometerSto
2. login to controller
3. sudo openstack-config --get /etc/keystone/
messagin
Actual results:
literally nearly 100,000 identity events get created per day. Here is a sample of about 22 hours from an unused Cloud.
grep /ManageIQ/
...
86317 [/ManageIQ/
473 [/ManageIQ/
2 [/ManageIQ/
54 [/ManageIQ/
23 [/ManageIQ/
21 [/ManageIQ/
29 [/ManageIQ/
21 [/ManageIQ/
2 [/ManageIQ/
473 [/ManageIQ/
8 [/ManageIQ/
18 [/ManageIQ/
467 [/ManageIQ/
404 [/ManageIQ/
...
NOTE: the 86,317 identity.
Expected results:
identity events need not be produced by default for CloudForms to do its thing. these are essentially SPAM events that use valuable resources
Additional info:
Suggest setting notification_driver to either log or noop in /etc/keystone/
affects: | keystone → ceilometer |
Note that you can reduce the number events produced by Keystone using a configuration option. According to the Keystone documentation,
http:// git.openstack. org/cgit/ openstack/ keystone/ tree/etc/ keystone. conf.sample? h=9.0.2# n105
[DEFAULT] opt_out= identity. authenticate. success
notification_
This would prevent keystone from sending notifications out on successful authentications.
Successful authentications and validations of user tokens are probably redundant: the creation alone does not mean anything, only the use on the remote system. One or the other should be removed.