This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2087115 - Foreman inventory sync with Ansible Tower is five times slower when non-admin user with custom role\permission is used and Reports API is enabled
Summary: Foreman inventory sync with Ansible Tower is five times slower when non-admin...
Keywords:
Status: CLOSED MIGRATED
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Reporting
Version: 6.9.9
Hardware: All
OS: All
medium
high
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Lukáš Hellebrandt
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-17 11:12 UTC by Sayan Das
Modified: 2024-06-06 12:21 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-06-06 12:21:45 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker   SAT-20107 0 None Migrated None 2024-06-06 12:21:44 UTC

Description Sayan Das 2022-05-17 11:12:49 UTC 
Description of problem:

Following these resources, we can configure Ansible Tower to Talk to satellite and use the satellite data as the Inventory source to create dynamic inventory.

Satellite and Ansible Tower integration part 1: Inventory integration
https://www.redhat.com/en/blog/satellite-and-ansible-tower-integration-part-1-inventory-integration

Use Satellite 6 as an Inventory Source in Ansible Tower
https://www.ansible.com/blog/use-satellite-6-as-an-inventory-source-in-ansible-tower

Now, if I configure everything and set up a non-admin user in Satellite with correct roles and permissions, then Ansible Tower will be able to use that user in the Source of Foreman Inventory but will take a huge amount of time to Load and Import all Host and Hostgroups information from Satellite.

The same thing can be done with "admin" or an Administrator-level user of Satellite within five times less amount of time.

This is a significant decrease in performance and It seems the non-admin user is taking a huge amount of time to generate the report from the "Ansible - Ansible Inventory" template


Version-Release number of selected component (if applicable):

Satellite 6.9.9 

How reproducible:

Always with Customer DB restored 

Steps to Reproduce:

Check internal comments for the reproducer details.


Actual results:

With non-admin user:

** Default i.e. Same config as the customer where batch_size is set to 250

~~~
 1489.542 INFO     Processing JSON output...
 1489.999 INFO     Loaded 306 groups, 3565 hosts
 1529.132 INFO     Inventory import completed for sat69_inventory_source in 1524.8s
~~~
 
 i.e. 25.4 minutes


** the same config as the customer but the batch_size is increased to 500

~~~
 1464.983 INFO     Loaded 306 groups, 3565 hosts
 1497.332 INFO     Inventory import completed for sat69_inventory_source in 1492.6s
~~~
 
 i.e. 24.87 minutes

Obviously, the batch_size is irrelevant in the case of Reports API but the duration stays between 25 - 27 mins to complete the sync.


Now, With the "admin" user of the satellite:

~~~
  241.946 INFO     Processing JSON output...
  242.422 INFO     Loaded 306 groups, 3565 hosts
  275.385 INFO     Inventory import completed for sat69_inventory_source in 271.1s
~~~

4.5 mins which are five times less than what it took for the non-admin user. 



Expected results:

Non-Admin users with correct roles\permissions should be able to get the Inventory Report generated within 4 - 5 mins


Additional info:

NA
Comment 3 Evgeni Golov 2022-05-17 14:51:49 UTC 
Here is a slightly simpler reproducer, even if with way lower times (most probably due to less data attached to the generated hosts).

1. Deploy a Satellite (duh!)
2. Install ansible-collection-redhat-satelite (this is not installed by default on older setups)
3. Create an "ansible" user for pulling the report
   hammer user create --login ansible --password ansible --location 'Default Location' --organization 'Default Organization' --auth-source Internal --mail ansible@localhost
   hammer user add-role --login ansible --role 'Ansible Tower Inventory Reader'
   hammer user add-role --login ansible --role 'View hosts'
   hammer user add-role --login ansible --role 'Viewer'
4. Create 2000 fake hosts
   foreman-rake console

os = Operatingsystem.first
arch = os.architectures.first
domain = Domain.first
org = Organization.first
loc = Location.first
owner = User.anonymous_admin

2000.times.each do |_|
  h = Host::Managed.new(operatingsystem: os, architecture: arch, domain: domain, organization: org, location: loc, owner: owner)
  h.save
end

5. Create an inventory configuration my.foreman.yml (or similar, needs to end in "foreman.yaml")
plugin: redhat.satellite.foreman
url: https://satellite.example.com
validate_certs: false
user: ansible
password: ansible

use_reports_api: true
max_timeout: 3600 
group_prefix: hg_
want_hostcollections: true
want_params: true
legacy_hostvars: true

6. Call "time ansible-inventory -i my.foreman.yaml --list"

On my setup, I get ~45sec for requesting this with "admin" and ~95sec with "ansible" users.
It seems to be stable across 6.9, 6.10 and 6.11 that I have tested here.
Comment 4 Evgeni Golov 2022-05-17 14:54:56 UTC 
> It seems to be stable across 6.9, 6.10 and 6.11 that I have tested here.

6.11 on EL8 does perform better (26s/47s), but it does run on different (albeit actually less performant) HW.
Comment 6 Evgeni Golov 2022-05-19 13:50:58 UTC 
I've merged a small improvement in https://github.com/theforeman/foreman/pull/9223 for the "as admin, it still feels slow"
Comment 16 Eric Helms 2024-06-06 12:21:45 UTC 
This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

Due to differences in account names between systems, some fields were not replicated.  Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "SAT-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. You can also visit https://access.redhat.com/articles/7032570 for general account information.
Note You need to log in before you can comment on or make changes to this bug.