Under certain conditions check_rules is very sluggish

Fix proposed to branch: master
Review: https://review.openstack.org/511426

Reviewed: https://review.openstack.org/511426
Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=909a1ea3a7aceb6e0637058b9c6a53d14043d6d1
Submitter: Zuul
Branch: master

commit 909a1ea3a7aceb6e0637058b9c6a53d14043d6d1
Author: Mateusz Kowalski <email address hidden>
Date: Tue Oct 24 09:32:45 2017 +0200

    Avoid redundant policy syntax checks

    Introduce a private variable inside Enforcer class to remember
    status of the last policy syntax checks in order to avoid
    redundant calls to the check_rules() method.

    Having this flag makes the whole rules mechanism faster, as under
    certain conditions check_rules() method was being executed
    multiple times even when not needed.

    Change-Id: Id3992fc0cb567451049a12ebdc6851e737573bb8
    Closes-bug: #1723030
    Co-Authored-By: Ben Nemec <email address hidden>

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/583968

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/584082

This issue was fixed in the openstack/oslo.policy 1.38.1 release.

Reviewed: https://review.openstack.org/583968
Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=77d30c3b5e06a4cc90195ca6f352b26c4bf2d2d8
Submitter: Zuul
Branch: stable/queens

commit 77d30c3b5e06a4cc90195ca6f352b26c4bf2d2d8
Author: Mateusz Kowalski <email address hidden>
Date: Tue Oct 24 09:32:45 2017 +0200

    Avoid redundant policy syntax checks

    Introduce a private variable inside Enforcer class to remember
    status of the last policy syntax checks in order to avoid
    redundant calls to the check_rules() method.

    Having this flag makes the whole rules mechanism faster, as under
    certain conditions check_rules() method was being executed
    multiple times even when not needed.

    Change-Id: Id3992fc0cb567451049a12ebdc6851e737573bb8
    Closes-bug: #1723030
    Co-Authored-By: Ben Nemec <email address hidden>
    (cherry picked from commit 909a1ea3a7aceb6e0637058b9c6a53d14043d6d1)

Reviewed: https://review.openstack.org/584082
Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=3e3820600174a67933cc1dd986066354bf3c25d3
Submitter: Zuul
Branch: stable/pike

commit 3e3820600174a67933cc1dd986066354bf3c25d3
Author: Mateusz Kowalski <email address hidden>
Date: Tue Oct 24 09:32:45 2017 +0200

    Avoid redundant policy syntax checks

    Introduce a private variable inside Enforcer class to remember
    status of the last policy syntax checks in order to avoid
    redundant calls to the check_rules() method.

    Having this flag makes the whole rules mechanism faster, as under
    certain conditions check_rules() method was being executed
    multiple times even when not needed.

    Change-Id: Id3992fc0cb567451049a12ebdc6851e737573bb8
    Closes-bug: #1723030
    Co-Authored-By: Ben Nemec <email address hidden>
    (cherry picked from commit 909a1ea3a7aceb6e0637058b9c6a53d14043d6d1)

This issue was fixed in the openstack/oslo.policy 1.33.2 release.

This issue was fixed in the openstack/oslo.policy 1.25.3 release.

Why is the 1.33.2 release not in the UCA for quees?

Debdiff for xenial attached

Attached debdiffs for xenial

This is fixed in Ubuntu as of Rocky. Needs fixing prior to Rocky.

@Hemanth, that debdiff unfortunately doesn't map to the version of python-oslo.policy that we have in xenial.

I've uploaded new versions of python-oslo.policy to the bionic unapproved queue [1] where it is awaiting review by the SRU team, and have uploaded to ocata-staging [2] where it will build and be promoted to ocata-proposed for testing.

[1] https://launchpad.net/ubuntu/bionic/+queue?queue_state=1&queue_text=python-oslo.policy
[2] https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/ocata-staging/+packages?field.name_filter=python-oslo.policy&field.status_filter=published&field.series_filter=

If someone wants to help get a xenial patch working that would be very much appreciated. 'pull-lp-source python-oslo.policy xenial' will get the package version for xenial.

@Corey, Attached debdiff in #11 is UCA queens not xenial, sorry for the confusion.

@Corey SRU is required only for UCA queens

Hello Mateusz, or anyone else affected,

Accepted python-oslo.policy into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Verified the test case on ocata and is successful.

/admin/networks took 11s-14s without the fix and took 10s-11s after the fix is applied. (The environment is built with stsstack-bundle with series xenial and release ocata).

Hello Mateusz, or anyone else affected,

Accepted python-oslo.policy into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-oslo.policy/1.33.1-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted python-oslo.policy (1.33.1-0ubuntu2) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

cinder/2:12.0.9-0ubuntu1 (armhf)
gnocchi/4.2.5-0ubuntu1 (armhf)
manila/1:6.0.0-0ubuntu1 (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#python-oslo.policy

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Verified the test case on Bionic and is successful.

/admin/networks took 17.5-19.5 seconds without the fix and 16.5-17.5 seconds with the fix. (Admin->Network->Networks page is clicked 10 times in each case to get better average)
The test environment is built with stsstack-bundle with series Bionic

Hello Mateusz, or anyone else affected,

Accepted python-oslo.policy into queens-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:queens-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-queens-needed to verification-queens-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-queens-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Verified the test case on xenial queens and is successful.

/admin/networks took 16-17.5 seconds without the fix and 14.7-16 seconds with the fix. (Admin->Network->Networks page is clicked 10 times in each case to get better average)
The test environment is built with stsstack-bundle with series xenial and release queens.

This bug was fixed in the package python-oslo.policy - 1.33.1-0ubuntu2

---------------
python-oslo.policy (1.33.1-0ubuntu2) bionic; urgency=medium

  * d/gbp.conf: Create stable/queens branch.
  * d/p/avoid-redundant-policy-syntax-checks.patch: Cherry-picked from
    upstream to avoid redundant policy checks and improve dashboard
    performance (LP: #1723030).

 -- Corey Bryant <email address hidden> Thu, 26 Apr 2018 13:35:31 -0400

The verification of the Stable Release Update for python-oslo.policy has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

The verification of the Stable Release Update for python-oslo.policy has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package python-oslo.policy - 1.33.1-0ubuntu2~cloud0
---------------

 python-oslo.policy (1.33.1-0ubuntu2~cloud0) xenial-queens; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-oslo.policy (1.33.1-0ubuntu2) bionic; urgency=medium
 .
   * d/gbp.conf: Create stable/queens branch.
   * d/p/avoid-redundant-policy-syntax-checks.patch: Cherry-picked from
     upstream to avoid redundant policy checks and improve dashboard
     performance (LP: #1723030).

The verification of the Stable Release Update for python-oslo.policy has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package python-oslo.policy - 1.18.0-0ubuntu1~cloud1
---------------

 python-oslo.policy (1.18.0-0ubuntu1~cloud1) xenial-ocata; urgency=medium
 .
   * d/p/avoid-redundant-policy-syntax-checks.patch: Cherry-picked from
     upstream to avoid redundant policy checks and improve dashboard
     performance (LP: #1723030).