keystone.token.backends.sql list_revoked_tokens performs very poorly
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Clint Byrum | ||
Havana |
Fix Released
|
Medium
|
Dirk Mueller |
Bug Description
The query that it makes use of is extremely inefficient, as it must retrieve the massive 'extra' field when it does not need it. Also there is no index that covers both expires and valid, so we can only do a range query on expires and then filter for valid.
Test situation is a poorly tuned mysql that has a token table with 865000 rows, 35000 of which are revoked (2000 of which are unexpired).
Adding an index on token+valid did speed the query up some, but it still took on average 2 seconds to return all ~2000 revoked token rows. Also changing the query to only query the id and expires columns resulted in the query taking 0.02 seconds to run, leading to a much more responsive experience throughout the cloud.
Changed in keystone: | |
importance: | Undecided → Medium |
Changed in keystone: | |
milestone: | none → icehouse-2 |
status: | Fix Committed → Fix Released |
tags: | removed: havana-backport-potential |
Changed in keystone: | |
milestone: | icehouse-2 → 2014.1 |
Fix proposed to branch: master /review. openstack. org/57975
Review: https:/