Reviewed: https://review.opendev.org/c/openstack/neutron/+/884617
Committed:
https://opendev.org/openstack/neutron/commit/e8cd39b3d75cbc10f69bb99aed449b751f067940
Submitter: "Zuul (22348)"
Branch: master
commit e8cd39b3d75cbc10f69bb99aed449b751f067940
Author: Rodolfo Alonso Hernandez <ralon...@redhat.com>
Date: Fri May 26 17:48:57 2023 +0200
Make DB migration creating indexes in RBACs conditional
This patch makes conditional the existing DB migration that adds
the new indexes "target_tenant" and "action" in the "*rbacs" tables.
The rationale of this patch is to be able to manually improve older
systems by just manually creating the indexes in the database.
Once these indexes are added, those operations including RBACs
checks (all these called from non-admin user to RBAC administrated
resourced) will be improved.
This patch is avoiding the migration issue a system could find if
these indexes have been manually added and then the system is
upgraded. The new check added will first retrieve the table indexes;
if the index is already present, the index addition is skipped.
Closes-Bug: #2020802
Change-Id: I1962fbc844bb67180e9071bcee01f8e95853bdda
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2020802
Title:
Make DB migration "Add indexes to RBACs" conditional
Status in neutron:
Fix Released
Bug description:
This bug is related to [1] and the patch [2] (added in Yoga).
Some administrators, using older versions, are experiencing the issue
reported in [1]. For example, one user has an environment that has
several external networks with multiple projects (1K) and multiple
network RBACs (around 2.5K). The CLI command "openstack network list",
executed by a project member (not an admin), is timing out.
I've manually tested in a lab environments, based in stable/train (RH
OSP16). I've manually backported [2] and added the indexes to the
database. The network list API command improves from 2.5 seconds to
0.4 seconds [3]. In a loaded environment where the API times are
slower, that improvement (5x) could be critical.
This is why I'm proposing this bug, to make the DB migration in [2]
conditional. That means adding a check before adding any index. If the
index is already present in the DB, that means the admin has manually
added it. If not, the migration will add it.
The change I'm proposing **does NOT affect** any new deployment or any
upgrade from a system without the indexes manually added.
[1]https://bugs.launchpad.net/neutron/+bug/1918145
[2]https://review.opendev.org/c/openstack/neutron/+/810072
[3]https://paste.opendev.org/show/bTNKOkxldBrY1V4F9Ioj/
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2020802/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
