Ask Your Question

Why keystone execute SQL statments so many times? [closed]

asked 2013-12-10 20:05:59 -0500

nethawk gravatar image

updated 2013-12-10 20:22:25 -0500

When I login horizon,I found keystone query database tables many times.

From keystone.log,I can see the steps like this: step1:keystone recieve request like this :{"auth": {"passwordCredentials":{"username": "admin", "password":"*"}}} step2:keystone query user table by username and domain id stpe3:keystone query user table by user id step4:keystone query user table by user id step5:keystone query user_group_membership table step6:keystone query domain table step7:keystone create a new token and insert it into token table

My question is why keystone execute sql statments so many times? From above steps,we can see keystone query the user table tree times,I think once is enough. Especially the step3 and step4 are repeated.

So many sql statments will reduce the performance of database.Is it a bug?And I want to know why?

The attach file is the keystone logs of above steps.


edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by nethawk
close date 2016-01-22 03:32:52.936771

2 answers

Sort by ยป oldest newest most voted

answered 2013-12-11 23:54:04 -0500

jamielennox gravatar image

The problem is essentially that with the number of backends and backend combinations that keystone has that have to be isolated from each other we can't simply do a join across a whole bunch of tables.

For example a common situation is to have users stored in LDAP, but in might be SAML or some completely external mechanism, then have group membership and roles (the assignments backend) in SQL but again maybe not.

Having said that there are definetly some redundant look ups and it could be improved. There is some caching work going on that will reduce this impact.

edit flag offensive delete link more

answered 2013-12-10 22:12:40 -0500

jaybuff gravatar image

I've noticed similar unnecessary queries with the LDAP backend. The abstractions used for the storage backend make this kind of bugs easy to create. You can file a bug at

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2013-12-10 20:05:59 -0500

Seen: 162 times

Last updated: Dec 11 '13