OpenStack Identity (keystone)

"Too many open files" with PKI + sqlite + v3 auth

Bug #1162857 reported by Dolph Mathews
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Dolph Mathews
OpenStack Identity (keystone) 2013.1 "grizzly"

Bug Description

I found this while investigating bug 1162845, but discovered a different symptom. These two bugs may be dupes.

Rapidly generating PKI tokens on v3 eventually results in a stream of "OSError: Too many open files"

I've found two workarounds:
1. Revert to token_format = UUID in keystone.conf
1. Revert to using v2 auth instead of v3 auth

$ ulimit -n
64
$ cat auth-v3.json
{"auth": {"identity": {"methods": ["password"], "password": {"user": {"name": "admin", "password": "admin", "domain": {"id": "default"}}}}, "scope": {"project": {"name": "admin", "domain": {"id": "default"}}}}}
$ ab -n 1000 -c 10 -p auth-v3.json -T application/json http://localhost:5000/v3/auth/tokens
This is ApacheBench, Version 2.3 <$Revision: 1373084 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking localhost (be patient)
Completed 100 requests
Completed 200 requests
apr_socket_recv: Connection reset by peer (54)
Total of 201 requests complete

Backtrace from keystone's logs:

ERROR [keystone.auth.controllers] [Errno 24] Too many open files
Traceback (most recent call last):
  File "/Users/dolph/Projects/keystone/keystone/auth/controllers.py", line 290, in authenticate_for_token
    context, auth_context, auth_info)
  File "/Users/dolph/Projects/keystone/keystone/auth/token_factory.py", line 304, in create_token
    trust)
  File "/Users/dolph/Projects/keystone/keystone/auth/token_factory.py", line 211, in get_token_data
    self._populate_scope(token_data, domain_id, project_id)
  File "/Users/dolph/Projects/keystone/keystone/auth/token_factory.py", line 63, in _populate_scope
    self.context, project_id)
  File "/Users/dolph/Projects/keystone/keystone/common/manager.py", line 47, in _wrapper
  File "/Users/dolph/Projects/keystone/keystone/identity/backends/sql.py", line 208, in get_project
  File "/Users/dolph/Projects/keystone/keystone/common/sql/core.py", line 219, in get_session
  File "/Users/dolph/Projects/keystone/keystone/common/sql/core.py", line 248, in get_engine
  File "/Users/dolph/Projects/keystone/keystone/common/sql/core.py", line 246, in new_engine
  File "/Users/dolph/Environments/os/lib/python2.7/site-packages/sqlalchemy/engine/__init__.py", line 338, in create_engine
  File "/Users/dolph/Environments/os/lib/python2.7/site-packages/sqlalchemy/engine/strategies.py", line 72, in create
  File "/Users/dolph/Environments/os/lib/python2.7/site-packages/sqlalchemy/dialects/sqlite/pysqlite.py", line 309, in create_connect_args
  File "/Users/dolph/Environments/os/bin/../lib/python2.7/posixpath.py", line 347, in abspath
OSError: [Errno 24] Too many open files

Dolph Mathews (dolph)
Changed in keystone:
importance: Undecided → High
tags: added: grizzly-rc-potential
Revision history for this message
Dolph Mathews (dolph) wrote :

This issue appears to be unreproducible after switching to the sql connection to mysql.

Changed in keystone:
importance: High → Medium
Revision history for this message
Dolph Mathews (dolph) wrote :

Amendment to the above: switching to mysql also required increasing the file descriptor limit to 256 instead of 64 -- but it was able to handle 10,000 requests without issue.

Revision history for this message
Dolph Mathews (dolph) wrote :

This is also reproducible with token_format = UUID if you also set [token] driver to the sql-based one.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/25831

Changed in keystone:
assignee: nobody → Dolph Mathews (dolph)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/25833

Thierry Carrez (ttx)
no longer affects: keystone/grizzly
Changed in keystone:
milestone: none → grizzly-rc3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/25831
Committed: http://github.com/openstack/keystone/commit/a2e3a9228afe5bc0a42bb168b728caf29e394b3d
Submitter: Jenkins
Branch: master

commit a2e3a9228afe5bc0a42bb168b728caf29e394b3d
Author: Dolph Mathews <email address hidden>
Date: Mon Apr 1 14:41:26 2013 -0500

    Share one engine for more than just sqlite in-memory

    This fixes both bug 1162857 and bug 1162845.

    Change-Id: Ica5155d3ac03779693d2d54d8e02c2a413c3d3ac

Changed in keystone:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (milestone-proposed)

Reviewed: https://review.openstack.org/25833
Committed: http://github.com/openstack/keystone/commit/93b8f2ddf7f00747d7ccace8401b2b68a11bf98f
Submitter: Jenkins
Branch: milestone-proposed

commit 93b8f2ddf7f00747d7ccace8401b2b68a11bf98f
Author: Dolph Mathews <email address hidden>
Date: Mon Apr 1 14:41:26 2013 -0500

    Share one engine for more than just sqlite in-memory

    This fixes both bug 1162857 and bug 1162845.

    Change-Id: Ica5155d3ac03779693d2d54d8e02c2a413c3d3ac

Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: grizzly-rc3 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.