Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2209754

Summary: Neutron very long when lot of RBAC are used
Product: Red Hat OpenStack Reporter: Cyril Lopez <cylopez>
Component: openstack-neutronAssignee: Rodolfo Alonso <ralonsoh>
Status: CLOSED ERRATA QA Contact: Candido Campos <ccamposr>
Severity: medium Docs Contact:
Priority: high    
Version: 16.2 (Train)CC: bcafarel, chrisw, ekuris, eolivare, jraju, mariel, pgrist, ralonsoh, scohen, svigan, twilson, ykarel
Target Milestone: z6Keywords: Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: python-neutron-lib-1.29.1-2.20230606095035.4ef4b71.el8ost openstack-neutron-15.3.5-2.20230711185017.63bac0f.el8ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2218183 (view as bug list) Environment:
Last Closed: 2023-11-08 19:18:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2218183    

Description Cyril Lopez 2023-05-24 16:03:50 UTC 
Description of problem:

On a platform with more than 2k RBAC, `openstack network list` as member (not as admin) is hiting timeout in httpd proxy module and in galera SQL request on ovs_neutron are long.

Version-Release number of selected component (if applicable):
openstack-neutron-server-ovn                     16.2.2

How reproducible:
Create lot's of tenant and for each create a dedicated RBAC for external network

Actual results:
With a timeout set at 900 it fail anyway. It create issue on horizon and neutron cli.

Expected results:


Additional info:
Comment 1 Cyril Lopez 2023-05-24 16:07:09 UTC 
neutron-api-proxy_error_ssl.log
[Wed May 24 07:49:26.278376 2023] [proxy:error] [pid 7013] [client xxxxx:50380] AH00898: Error reading from remote server returned by /v2.0/ports/xxxxx
[Wed May 24 09:08:29.372202 2023] [proxy_http:error] [pid 7376] (70007)The timeout specified has expired: [client xxxxx:36508] AH01102: error reading status line from remote server localhost:9696
[Wed May 24 09:08:29.372241 2023] [proxy:error] [pid 7376] [client xxxxx:36508] AH00898: Error reading from remote server returned by /v2.0/ports/xxxxx
[Wed May 24 09:24:10.320881 2023] [proxy_http:error] [pid 7516] (70007)The timeout specified has expired: [client xxxx:44360] AH01102: error reading status line from remote server localhost:9696
Comment 13 Cyril Lopez 2023-05-26 13:24:50 UTC 
Many thanks, I will share this and advise to do this next week and not a Friday afternoon. I keep the needinfo until we finish this with the customer
Comment 51 errata-xmlrpc 2023-11-08 19:18:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.2.6 (Train) bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6307