We replaced the tree with a linear search: https://review.openstack.org/#/c/311652/ - closing this one as invalid now, don't expect the patch to be backported to Mitaka or Liberty, it's too complex to introduce into our stable branches.
** Changed in: keystone Status: In Progress => Invalid ** Changed in: keystone Assignee: Navid Pustchi (npustchi) => (unassigned) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1503312 Title: Optimization: Don't rebuild revoke-tree in each validate-token call Status in OpenStack Identity (keystone): Invalid Bug description: For checking an entry in revocation_event table, keystone builds a tree comprising all the entries in the table and searches for a matching token by traversing the tree. Every validate token call rebuilds the tree - this includes getting all entries from the db, converting them into dict objects for manipulation and then building the tree. We observed that the conversion of db entries to objects is what causes the increase in latency and not the building of the tree or the tree traversal. This conversion and subsequent rebuilds are unnecessary and can be avoided. With this patch, the first call to the get_revoke_tree method will build the tree and subsequent calls will not rebuild the tree unless the tree has been invalidated by a new addition to the revocation_event table. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1503312/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp