Description of problem: If you're using page_size [0] and are integrating keystone with an LDAP server that supports paging (like Active Directory), it's possible to see keystone memory footprint slowly increase over time. The problem isn't as noticable with large page sizes (e.g., page_size = 10000). But it's noticable when you use small page sizes (e.g., page_size = 5). I hit this issue using Active Directory with 10,000 users. I set my page_size to 5 and listed users continuously for an hour. During that time I noticed keystone's total memory consumption on the host increase from 5% to 14%. Additionally, the problem is exacerbated using page_size = 1. I was unsuccessful in reproducing this issue with FreeIPA, which is another LDAP implementation, but it doesn't support paging. Keystone automatically disables paging if the LDAP server doesn't support it. It seems there is a memory leak somewhere in keystone's LDAP paging implementation. [0] https://docs.openstack.org/keystone/latest/configuration/config-options.html#ldap.page_size Version-Release number of selected component (if applicable): OSP16.1 How reproducible: 100% If you're using page_size [0] and are integrating keystone with an LDAP server that supports paging (like Active Directory) but it doesn't affect OSP if you're using FreeIPA Steps to Reproduce: 1. Configure Keystone with a LDAP backend (live Active Directory) with paging enabled. 2. Creates a good amout of users (10,000 users on this example) 3. Keystone memory consumption will start to increase when you perform actions like list users. Actual results: Keystone's total memory consumption on the host increase from 5% to 14%. Expected results: Keyston's total memore consumption should be similar without using paging for LDAP backend Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenStack Platform 16.1.3 bug fix and enhancement advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:5413