← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #14933

[Bug 1325143] [NEW] Eliminate use of with_lockmode('update')

  Thread PreviousDate PreviousThread Next 
Public bug reported:

As discussed here: http://lists.openstack.org/pipermail/openstack-
dev/2014-May/035264.htm the use of "with_lockmode('update')" can cause a
number of issues when run on top of MySQL+Galera because galera does not
support the 'SELECT ... FOR UPDATE' SQL call.

We currently only use with_lockmode('update') for coordinating consuming
trusts (limited use trusts).

We should eliminate this and handle the coordination of consumption to
ensure only the specified number of tokens can be issued from a trust.
Unfortunately, this is not as straightforward as it could be, we need to
handle the following deployment scenarios:

* Eventlet
* Multiple Keystone Processes (same physical server) [same issue as mod_wsgi]
* Multiple Keystone Processes (different physical servers)

The first and second ones could be handled with the lockutils (external
file-based) locking decorator. The last scenario will take more thought.

** Affects: keystone
     Importance: Medium
         Status: Triaged


** Tags: icehouse-backport-potential

** Changed in: keystone
   Importance: Undecided => High

** Changed in: keystone
       Status: New => Triaged

** Tags added: icehouse-backport-potential

** Changed in: keystone
   Importance: High => Medium

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1325143

Title:
  Eliminate use of with_lockmode('update')

Status in OpenStack Identity (Keystone):
  Triaged

Bug description:
  As discussed here: http://lists.openstack.org/pipermail/openstack-
  dev/2014-May/035264.htm the use of "with_lockmode('update')" can cause
  a number of issues when run on top of MySQL+Galera because galera does
  not support the 'SELECT ... FOR UPDATE' SQL call.

  We currently only use with_lockmode('update') for coordinating
  consuming trusts (limited use trusts).

  We should eliminate this and handle the coordination of consumption to
  ensure only the specified number of tokens can be issued from a trust.
  Unfortunately, this is not as straightforward as it could be, we need
  to handle the following deployment scenarios:

  * Eventlet
  * Multiple Keystone Processes (same physical server) [same issue as mod_wsgi]
  * Multiple Keystone Processes (different physical servers)

  The first and second ones could be handled with the lockutils
  (external file-based) locking decorator. The last scenario will take
  more thought.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1325143/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next