yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2020802] Re: Make DB migration "Add indexes to RBACs" conditional

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <2020802@xxxxxxxxxxxxxxxxxx>
Date: Wed, 07 Jun 2023 21:37:09 -0000
Reply-to: Bug 2020802 <2020802@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/neutron/+/884617
Committed: https://opendev.org/openstack/neutron/commit/e8cd39b3d75cbc10f69bb99aed449b751f067940
Submitter: "Zuul (22348)"
Branch:    master

commit e8cd39b3d75cbc10f69bb99aed449b751f067940
Author: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
Date:   Fri May 26 17:48:57 2023 +0200

    Make DB migration creating indexes in RBACs conditional
    
    This patch makes conditional the existing DB migration that adds
    the new indexes "target_tenant" and "action" in the "*rbacs" tables.
    The rationale of this patch is to be able to manually improve older
    systems by just manually creating the indexes in the database.
    Once these indexes are added, those operations including RBACs
    checks (all these called from non-admin user to RBAC administrated
    resourced) will be improved.
    
    This patch is avoiding the migration issue a system could find if
    these indexes have been manually added and then the system is
    upgraded. The new check added will first retrieve the table indexes;
    if the index is already present, the index addition is skipped.
    
    Closes-Bug: #2020802
    Change-Id: I1962fbc844bb67180e9071bcee01f8e95853bdda


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2020802

Title:
  Make DB migration "Add indexes to RBACs" conditional

Status in neutron:
  Fix Released

Bug description:
  This bug is related to [1] and the patch [2] (added in Yoga).

  Some administrators, using older versions, are experiencing the issue
  reported in [1]. For example, one user has an environment that has
  several external networks with multiple projects (1K) and multiple
  network RBACs (around 2.5K). The CLI command "openstack network list",
  executed by a project member (not an admin), is timing out.

  I've manually tested in a lab environments, based in stable/train (RH
  OSP16). I've manually backported [2] and added the indexes to the
  database. The network list API command improves from 2.5 seconds to
  0.4 seconds [3]. In a loaded environment where the API times are
  slower, that improvement (5x) could be critical.

  This is why I'm proposing this bug, to make the DB migration in [2]
  conditional. That means adding a check before adding any index. If the
  index is already present in the DB, that means the admin has manually
  added it. If not, the migration will add it.

  The change I'm proposing **does NOT affect** any new deployment or any
  upgrade from a system without the indexes manually added.

  [1]https://bugs.launchpad.net/neutron/+bug/1918145
  [2]https://review.opendev.org/c/openstack/neutron/+/810072
  [3]https://paste.opendev.org/show/bTNKOkxldBrY1V4F9Ioj/

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2020802/+subscriptions

References

[Bug 2020802] [NEW] Make DB migration "Add indexes to RBACs" conditional
From: Rodolfo Alonso, 2023-05-25