Re: [openstack-dev] What should be Neutron behavior with scoped token?
I raised a bug with my findings https://bugs.launchpad.net/neutron/+bug/1236704 On Fri, Oct 4, 2013 at 10:16 AM, Ravi Chunduru wrote: > Does the described behavior qualify as a bug? > > Thanks, > -Ravi. > > > On Thu, Oct 3, 2013 at 5:21 PM, Ravi Chunduru wrote: > >> Hi, >> In my tests, I observed that when an admin of a tenant runs 'nova list' >> to list down all the servers of the tenant - nova-api makes a call to >> quantum to get_ports with filter set to device owner. This operation is >> taking about 1m 30s in our setup(almost having 100 VMs i.e > 100 ports) >> >> While a user of a tenant runs the same command, the response is immediate. >> >> Going into details - the only difference between those two operations is >> the 'role'. >> >> Looking into the code, I have the following questions >> 1) Scoped Admin token returned all entries of a resource. Any reason not >> filtered per tenant? >> Comparing with Nova - it always honored tenant from the scoped token and >> returns values specific to tenant. >> >> 2) In the above described test, the DB access should not take much time >> with or with out tenant-id in filter. Why change in response time for >> tenant admin or a member user? >> >> Thanks, >> -Ravi. >> >> >> >> >> > > > -- > Ravi > -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] What should be Neutron behavior with scoped token?
Does the described behavior qualify as a bug? Thanks, -Ravi. On Thu, Oct 3, 2013 at 5:21 PM, Ravi Chunduru wrote: > Hi, > In my tests, I observed that when an admin of a tenant runs 'nova list' > to list down all the servers of the tenant - nova-api makes a call to > quantum to get_ports with filter set to device owner. This operation is > taking about 1m 30s in our setup(almost having 100 VMs i.e > 100 ports) > > While a user of a tenant runs the same command, the response is immediate. > > Going into details - the only difference between those two operations is > the 'role'. > > Looking into the code, I have the following questions > 1) Scoped Admin token returned all entries of a resource. Any reason not > filtered per tenant? > Comparing with Nova - it always honored tenant from the scoped token and > returns values specific to tenant. > > 2) In the above described test, the DB access should not take much time > with or with out tenant-id in filter. Why change in response time for > tenant admin or a member user? > > Thanks, > -Ravi. > > > > > -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] What should be Neutron behavior with scoped token?
Hi, In my tests, I observed that when an admin of a tenant runs 'nova list' to list down all the servers of the tenant - nova-api makes a call to quantum to get_ports with filter set to device owner. This operation is taking about 1m 30s in our setup(almost having 100 VMs i.e > 100 ports) While a user of a tenant runs the same command, the response is immediate. Going into details - the only difference between those two operations is the 'role'. Looking into the code, I have the following questions 1) Scoped Admin token returned all entries of a resource. Any reason not filtered per tenant? Comparing with Nova - it always honored tenant from the scoped token and returns values specific to tenant. 2) In the above described test, the DB access should not take much time with or with out tenant-id in filter. Why change in response time for tenant admin or a member user? Thanks, -Ravi. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev