Bug 2209754

Summary: Neutron very long when lot of RBAC are used
Product: Red Hat OpenStack Reporter: Cyril Lopez <cylopez>
Component: openstack-neutronAssignee: Rodolfo Alonso <ralonsoh>
Status: ON_QA --- QA Contact: Candido Campos <ccamposr>
Severity: medium Docs Contact:
Priority: high    
Version: 16.2 (Train)CC: bcafarel, chrisw, ekuris, eolivare, jraju, pgrist, ralonsoh, scohen, svigan, twilson, ykarel
Target Milestone: z6Keywords: Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: python-neutron-lib-1.29.1-2.20230606095035.4ef4b71.el8ost openstack-neutron-15.3.5-2.20230711185017.63bac0f.el8ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2218183 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2218183    

Description Cyril Lopez 2023-05-24 16:03:50 UTC
Description of problem:

On a platform with more than 2k RBAC, `openstack network list` as member (not as admin) is hiting timeout in httpd proxy module and in galera SQL request on ovs_neutron are long.

Version-Release number of selected component (if applicable):
openstack-neutron-server-ovn                     16.2.2

How reproducible:
Create lot's of tenant and for each create a dedicated RBAC for external network

Actual results:
With a timeout set at 900 it fail anyway. It create issue on horizon and neutron cli.

Expected results:


Additional info:

Comment 1 Cyril Lopez 2023-05-24 16:07:09 UTC
neutron-api-proxy_error_ssl.log
[Wed May 24 07:49:26.278376 2023] [proxy:error] [pid 7013] [client xxxxx:50380] AH00898: Error reading from remote server returned by /v2.0/ports/xxxxx
[Wed May 24 09:08:29.372202 2023] [proxy_http:error] [pid 7376] (70007)The timeout specified has expired: [client xxxxx:36508] AH01102: error reading status line from remote server localhost:9696
[Wed May 24 09:08:29.372241 2023] [proxy:error] [pid 7376] [client xxxxx:36508] AH00898: Error reading from remote server returned by /v2.0/ports/xxxxx
[Wed May 24 09:24:10.320881 2023] [proxy_http:error] [pid 7516] (70007)The timeout specified has expired: [client xxxx:44360] AH01102: error reading status line from remote server localhost:9696

Comment 13 Cyril Lopez 2023-05-26 13:24:50 UTC
Many thanks, I will share this and advise to do this next week and not a Friday afternoon. I keep the needinfo until we finish this with the customer