slow port creation with a large amount of networkrbacs
Bug #2037107 reported by
Max
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
In Progress
|
Medium
|
Rodolfo Alonso |
Bug Description
In our environment we have an external network with few subnets(20). We
use network rbacs to restrict access to it. Currently we have
networkrbacs for around 2500 projects for that network.
We noticed that the neutron api needs about 25 seconds for a POST request
to the /v2.0/floatingips endpoint. We traced it down to the neutron
find_candidate_
parse ~50000 results into subnet objects.
We use the latest stable/yoga version.
I attached the mysql query and the neutron profiling for the neutron.
tags: | added: db loadimpact |
Changed in neutron: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in neutron: | |
status: | Incomplete → Confirmed |
assignee: | nobody → Rodolfo Alonso (rodolfo-alonso-hernandez) |
To post a comment you must log in.
Hi,
After ralonsoh´s hint to the following patch-series [1], I started to debug these queries and found a few things:
For me it seems like the change [2] from lazy='subquery' to 'joined' makes queries much slower because sqlalchemy always joins the model to networkrbacs with all fields in the SELECT statement. /paste. opendev. org/show/ 821796/
This creates a huge amount of results which results in huge response times(see first post)
=> query: https:/
The group by patch[4] that was introduced for project scoped queries will not help for admin/elevated queries like for example when creating a fip. by(model. id)) (like introduced in [4]), I can see the following query which makes no sense in my eyes. /paste. opendev. org/show/ 821798/
It seems like that patch is also not helping for project scoped requests. At least in my setup when executing -> query.group_
=> query: https:/
Sqlalchemy is doing a subquery for the group_by which will not group the amount of networkrbacs in the outer query. Not sure why sqlalchemy is doing that :D
[1] https:/ /review. opendev. org/q/topic: bug%252F1918145 /review. opendev. org/c/openstack /neutron/ +/884877/ 4/neutron/ db/models_ v2.py /docs.sqlalchem y.org/en/ 14/orm/ loading_ relationships. html /review. opendev. org/c/openstack /neutron- lib/+/884878/ 1/neutron_ lib/db/ model_query. py
[2] https:/
[3] https:/
[4] https:/
Steps to reproduce the issue: ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------+ ------- ----+ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------+ ------- ----+ 10.1.0. 70/identity | 0.019584 | 10.1.0. 70/identity/ v3/auth/ tokens | 0.188901 | 10.1.0. 70:9696/ networking/ v2.0/networks/ 64a06492- c675-418b- 8b6d-9f5a875795 e9 | 12.323395 | 10.1.0. 70:9696/ networking/ v2.0/floatingip s | 48.035449 | ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------+ ------- ----+
1. create a fresh devstack(with master branches)
2. create a few subnets and rbacs
=> for i in $(seq 0 15); do openstack subnet create --network public --subnet-range 10.0.$i.0/24 test$i; done
=> for i in $(seq 0 2500); do openstack network rbac create --target-project $(openstack project create test$i -c id -f value) --action access_as_shared --type network public; done
3. create a fip (--network public)
+------
| URL | Seconds |
+------
| GET http://
| POST http://
| GET http://
| POST http://
| Total | 60.567329 |
+------