[openstack-dev] What should be Neutron behavior with scoped token?
Ravi Chunduru
ravivsn at gmail.com
Tue Oct 8 05:42:53 UTC 2013
I raised a bug with my findings
https://bugs.launchpad.net/neutron/+bug/1236704
On Fri, Oct 4, 2013 at 10:16 AM, Ravi Chunduru <ravivsn at gmail.com> wrote:
> Does the described behavior qualify as a bug?
>
> Thanks,
> -Ravi.
>
>
> On Thu, Oct 3, 2013 at 5:21 PM, Ravi Chunduru <ravivsn at gmail.com> wrote:
>
>> Hi,
>> In my tests, I observed that when an admin of a tenant runs 'nova list'
>> to list down all the servers of the tenant - nova-api makes a call to
>> quantum to get_ports with filter set to device owner. This operation is
>> taking about 1m 30s in our setup(almost having 100 VMs i.e > 100 ports)
>>
>> While a user of a tenant runs the same command, the response is immediate.
>>
>> Going into details - the only difference between those two operations is
>> the 'role'.
>>
>> Looking into the code, I have the following questions
>> 1) Scoped Admin token returned all entries of a resource. Any reason not
>> filtered per tenant?
>> Comparing with Nova - it always honored tenant from the scoped token and
>> returns values specific to tenant.
>>
>> 2) In the above described test, the DB access should not take much time
>> with or with out tenant-id in filter. Why change in response time for
>> tenant admin or a member user?
>>
>> Thanks,
>> -Ravi.
>>
>>
>>
>>
>>
>
>
> --
> Ravi
>
--
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131007/87b364b9/attachment.html>
More information about the OpenStack-dev
mailing list