OpenStack Identity (keystone)

LDAP Failover behavior is unexpected and random, depending on which server on the configured list fails

Bug #1953622 reported by Grzegorz Grasza
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Undecided
Unassigned

Bug Description

When the user specifies a list of LDAP servers to connect, both ldappool and ldap try these in order. Depending on which server fails, this causes a waiting period of the set timeout. If the first servers on the list are down, this results in a delay of all requests.

This behavior would be expected, if LDAP is run in HA and keyston writing to it, but since LDAP is readonly, this shouldn't be the default.

Grzegorz Grasza (xek)
tags: added: ldap
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/keystone/+/821086

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/821086
Committed: https://opendev.org/openstack/keystone/commit/36d57d2a83a2a4a905337239d1a57d2e6a61c842
Submitter: "Zuul (22348)"
Branch: master

commit 36d57d2a83a2a4a905337239d1a57d2e6a61c842
Author: Grzegorz Grasza <email address hidden>
Date: Wed Dec 8 14:52:35 2021 +0100

    Add an option to randomize LDAP urls list

    Since LDAP is now readonly, the current behavior might be
    unexpected. By randomizing the list, we assure a more gradual
    failure scenario if the first server on the list (as specified
    by the user) fails.

    Change-Id: I23f31bd85443784013a6aa158d80c7aeeb343993
    Closes-Bug: #1953622
    Resolves: rhbz#2024602

Changed in keystone:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/keystone/+/892756

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/keystone/+/892757

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/keystone/+/892758

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/keystone/+/892759

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/keystone/+/892760

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/keystone/+/892861

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/keystone/+/892862

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/keystone/+/892863

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 24.0.0.0rc1

This issue was fixed in the openstack/keystone 24.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/892756
Committed: https://opendev.org/openstack/keystone/commit/a9d5e7eeae82354d64bdd55926242156c3fcfaa5
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit a9d5e7eeae82354d64bdd55926242156c3fcfaa5
Author: Grzegorz Grasza <email address hidden>
Date: Wed Dec 8 14:52:35 2021 +0100

    Add an option to randomize LDAP urls list

    Since LDAP is now readonly, the current behavior might be
    unexpected. By randomizing the list, we assure a more gradual
    failure scenario if the first server on the list (as specified
    by the user) fails.

    Change-Id: I23f31bd85443784013a6aa158d80c7aeeb343993
    Closes-Bug: #1953622
    Resolves: rhbz#2024602
    (cherry picked from commit 36d57d2a83a2a4a905337239d1a57d2e6a61c842)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/892757
Committed: https://opendev.org/openstack/keystone/commit/72a4fc0f3ccf7a5ca9fc40e5364e14f881ec27b2
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 72a4fc0f3ccf7a5ca9fc40e5364e14f881ec27b2
Author: Grzegorz Grasza <email address hidden>
Date: Wed Dec 8 14:52:35 2021 +0100

    Add an option to randomize LDAP urls list

    Since LDAP is now readonly, the current behavior might be
    unexpected. By randomizing the list, we assure a more gradual
    failure scenario if the first server on the list (as specified
    by the user) fails.

    Change-Id: I23f31bd85443784013a6aa158d80c7aeeb343993
    Closes-Bug: #1953622
    Resolves: rhbz#2024602
    (cherry picked from commit 36d57d2a83a2a4a905337239d1a57d2e6a61c842)

tags: added: in-stable-zed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/892758
Committed: https://opendev.org/openstack/keystone/commit/0a318bef48bc43b35f9fb1476af466382c0b76f9
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 0a318bef48bc43b35f9fb1476af466382c0b76f9
Author: Grzegorz Grasza <email address hidden>
Date: Wed Dec 8 14:52:35 2021 +0100

    Add an option to randomize LDAP urls list

    Since LDAP is now readonly, the current behavior might be
    unexpected. By randomizing the list, we assure a more gradual
    failure scenario if the first server on the list (as specified
    by the user) fails.

    Change-Id: I23f31bd85443784013a6aa158d80c7aeeb343993
    Closes-Bug: #1953622
    Resolves: rhbz#2024602
    (cherry picked from commit 36d57d2a83a2a4a905337239d1a57d2e6a61c842)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/892759
Committed: https://opendev.org/openstack/keystone/commit/23cdf114b38e83684073e2d9d232c63938cd0c33
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 23cdf114b38e83684073e2d9d232c63938cd0c33
Author: Grzegorz Grasza <email address hidden>
Date: Wed Dec 8 14:52:35 2021 +0100

    Add an option to randomize LDAP urls list

    Since LDAP is now readonly, the current behavior might be
    unexpected. By randomizing the list, we assure a more gradual
    failure scenario if the first server on the list (as specified
    by the user) fails.

    Change-Id: I23f31bd85443784013a6aa158d80c7aeeb343993
    Closes-Bug: #1953622
    Resolves: rhbz#2024602
    (cherry picked from commit 36d57d2a83a2a4a905337239d1a57d2e6a61c842)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/892760
Committed: https://opendev.org/openstack/keystone/commit/5a1f367550f1b7fd1d3296956f4bc56fd19dfda1
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 5a1f367550f1b7fd1d3296956f4bc56fd19dfda1
Author: Grzegorz Grasza <email address hidden>
Date: Wed Dec 8 14:52:35 2021 +0100

    Add an option to randomize LDAP urls list

    Since LDAP is now readonly, the current behavior might be
    unexpected. By randomizing the list, we assure a more gradual
    failure scenario if the first server on the list (as specified
    by the user) fails.

    Change-Id: I23f31bd85443784013a6aa158d80c7aeeb343993
    Closes-Bug: #1953622
    Resolves: rhbz#2024602
    (cherry picked from commit 36d57d2a83a2a4a905337239d1a57d2e6a61c842)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/892861
Committed: https://opendev.org/openstack/keystone/commit/6e70b4940c6fea85d4de25f6c560d610e3b15929
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit 6e70b4940c6fea85d4de25f6c560d610e3b15929
Author: Grzegorz Grasza <email address hidden>
Date: Wed Dec 8 14:52:35 2021 +0100

    Add an option to randomize LDAP urls list

    Since LDAP is now readonly, the current behavior might be
    unexpected. By randomizing the list, we assure a more gradual
    failure scenario if the first server on the list (as specified
    by the user) fails.

    Change-Id: I23f31bd85443784013a6aa158d80c7aeeb343993
    Closes-Bug: #1953622
    Resolves: rhbz#2024602
    (cherry picked from commit 36d57d2a83a2a4a905337239d1a57d2e6a61c842)

tags: added: in-stable-victoria
tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/892862
Committed: https://opendev.org/openstack/keystone/commit/377a9bb071c834bf3cb3e83bc0a173127cb9bb71
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit 377a9bb071c834bf3cb3e83bc0a173127cb9bb71
Author: Grzegorz Grasza <email address hidden>
Date: Wed Dec 8 14:52:35 2021 +0100

    Add an option to randomize LDAP urls list

    Since LDAP is now readonly, the current behavior might be
    unexpected. By randomizing the list, we assure a more gradual
    failure scenario if the first server on the list (as specified
    by the user) fails.

    Change-Id: I23f31bd85443784013a6aa158d80c7aeeb343993
    Closes-Bug: #1953622
    Resolves: rhbz#2024602
    (cherry picked from commit 36d57d2a83a2a4a905337239d1a57d2e6a61c842)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (stable/train)

Change abandoned by "Elod Illes <email address hidden>" on branch: stable/train
Review: https://review.opendev.org/c/openstack/keystone/+/892863
Reason: Train is about to transition to End of Life. Open patches needs to be abandoned before branch deletion.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone ussuri-eol

This issue was fixed in the openstack/keystone ussuri-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone yoga-eom

This issue was fixed in the openstack/keystone yoga-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone victoria-eom

This issue was fixed in the openstack/keystone victoria-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone wallaby-eom

This issue was fixed in the openstack/keystone wallaby-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone xena-eom

This issue was fixed in the openstack/keystone xena-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 22.0.2

This issue was fixed in the openstack/keystone 22.0.2 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.