neutron-metadata-agent incorrectly passes keystone token to neutronclient

Bug #1274487 reported by Ihar Hrachyshka
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Ihar Hrachyshka
Havana
Fix Released
High
Ihar Hrachyshka

Bug Description

When instantiating a neutron client, the agent passes keystone token to object __init__ as auth_token= keyword argument, while neutronclient expects token=. This results in extensive interaction with keystone on cloud-init service startup because each request from an instance to metadata agent results in new token request.

Changed in neutron:
assignee: nobody → Ihar Hrachyshka (ihar-hrachyshka)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/70178

Changed in neutron:
status: New → In Progress
Maru Newby (maru)
tags: added: havana-backport-potential
Maru Newby (maru)
Changed in neutron:
importance: Undecided → High
milestone: none → icehouse-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/70178
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=3799efe792700e7736666c40cc42c265eee09230
Submitter: Jenkins
Branch: master

commit 3799efe792700e7736666c40cc42c265eee09230
Author: Ihar Hrachyshka <email address hidden>
Date: Thu Jan 30 13:42:29 2014 +0100

    Fix passing keystone token to neutronclient instance

    Neutron client expects token to be passed as token= argument, while
    neutron-metadata-agent passes auth_token= instead. This effectively makes the
    client to authenticate against keystone each time it's instantiated. In
    neutron-metadata-agent case, it means 'each time a client sends a metadata
    request.'

    The issue results in high cpu utilization on keystone side when simultaneously
    invoking multiple nova instances with cloud-init.

    Change-Id: I2a31f9c0c3cfa915975ecc53d71168a3895528d8
    Closes-Bug: 1274487

Changed in neutron:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/havana)

Fix proposed to branch: stable/havana
Review: https://review.openstack.org/72754

tags: removed: havana-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/havana)

Reviewed: https://review.openstack.org/72754
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=15a912b1ca3c24ba8851b8b77d6de8027e120d78
Submitter: Jenkins
Branch: stable/havana

commit 15a912b1ca3c24ba8851b8b77d6de8027e120d78
Author: Ihar Hrachyshka <email address hidden>
Date: Thu Jan 30 13:42:29 2014 +0100

    Fix passing keystone token to neutronclient instance

    Neutron client expects token to be passed as token= argument, while
    neutron-metadata-agent passes auth_token= instead. This effectively makes the
    client to authenticate against keystone each time it's instantiated. In
    neutron-metadata-agent case, it means 'each time a client sends a metadata
    request.'

    The issue results in high cpu utilization on keystone side when simultaneously
    invoking multiple nova instances with cloud-init.

    Change-Id: I2a31f9c0c3cfa915975ecc53d71168a3895528d8
    Closes-Bug: 1274487
    (cherry picked from commit 3799efe792700e7736666c40cc42c265eee09230)

Thierry Carrez (ttx)
Changed in neutron:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in neutron:
milestone: icehouse-3 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.