[openstack-dev] What should be Neutron behavior with scoped token?

Ravi Chunduru ravivsn at gmail.com
Fri Oct 4 00:21:51 UTC 2013


Hi,
  In my tests, I observed that when an admin of a tenant runs 'nova list'
to list down all the servers of the tenant - nova-api makes a call to
quantum to get_ports with filter set to device owner. This operation is
taking about 1m 30s in our setup(almost having 100 VMs i.e > 100 ports)

While a user of a tenant runs the same command, the response is immediate.

Going into details - the only difference between those two operations is
the 'role'.

Looking into the code, I have the following questions
1) Scoped Admin token returned all entries of a resource. Any reason not
filtered per tenant?
Comparing with Nova - it always honored tenant from the scoped token and
returns values specific to tenant.

2) In the above described test, the DB access should not take much time
with or with out tenant-id in filter. Why change in response time for
tenant admin or a member user?

Thanks,
-Ravi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131003/e5ff87b7/attachment.html>


More information about the OpenStack-dev mailing list