2209754 – Neutron very long when lot of RBAC are used

Bug 2209754 - Neutron very long when lot of RBAC are used

Summary: Neutron very long when lot of RBAC are used

Keywords:
Status:	ON_QA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron
Sub Component:
Version:	16.2 (Train)
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	z6
Target Release:	16.2 (Train on RHEL 8.4)
Assignee:	Rodolfo Alonso
QA Contact:	Candido Campos
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2218183
TreeView+	depends on / blocked

Reported:	2023-05-24 16:03 UTC by Cyril Lopez
Modified:	2023-08-02 17:45 UTC (History)
CC List:	11 users (show)
Fixed In Version:	python-neutron-lib-1.29.1-2.20230606095035.4ef4b71.el8ost openstack-neutron-15.3.5-2.20230711185017.63bac0f.el8ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2218183 (view as bug list)
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1918145	None	None	None	2023-06-28 13:17:18 UTC
Launchpad	2020802	None	None	None	2023-05-25 16:30:55 UTC
OpenStack gerrit	884877	None	MERGED	Change RBAC relationship loading method to "joined"	2023-06-05 16:28:14 UTC
OpenStack gerrit	884878	None	MERGED	Add a "GROUP BY" clause on queries with RBAC entries	2023-06-05 16:28:14 UTC
Red Hat Issue Tracker	OSP-25366	None	None	None	2023-05-24 16:05:37 UTC

Description Cyril Lopez 2023-05-24 16:03:50 UTC

Description of problem:

On a platform with more than 2k RBAC, `openstack network list` as member (not as admin) is hiting timeout in httpd proxy module and in galera SQL request on ovs_neutron are long.

Version-Release number of selected component (if applicable):
openstack-neutron-server-ovn                     16.2.2

How reproducible:
Create lot's of tenant and for each create a dedicated RBAC for external network

Actual results:
With a timeout set at 900 it fail anyway. It create issue on horizon and neutron cli.

Expected results:


Additional info:

Comment 1 Cyril Lopez 2023-05-24 16:07:09 UTC

neutron-api-proxy_error_ssl.log
[Wed May 24 07:49:26.278376 2023] [proxy:error] [pid 7013] [client xxxxx:50380] AH00898: Error reading from remote server returned by /v2.0/ports/xxxxx
[Wed May 24 09:08:29.372202 2023] [proxy_http:error] [pid 7376] (70007)The timeout specified has expired: [client xxxxx:36508] AH01102: error reading status line from remote server localhost:9696
[Wed May 24 09:08:29.372241 2023] [proxy:error] [pid 7376] [client xxxxx:36508] AH00898: Error reading from remote server returned by /v2.0/ports/xxxxx
[Wed May 24 09:24:10.320881 2023] [proxy_http:error] [pid 7516] (70007)The timeout specified has expired: [client xxxx:44360] AH01102: error reading status line from remote server localhost:9696

Comment 13 Cyril Lopez 2023-05-26 13:24:50 UTC

Many thanks, I will share this and advise to do this next week and not a Friday afternoon. I keep the needinfo until we finish this with the customer

Note You need to log in before you can comment on or make changes to this bug.