Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make identities less unique to improve performance #88

Closed
wants to merge 1 commit into from

Conversation

dustin-decker
Copy link

Signed-off-by: Dustin Decker [email protected]

Overview

This change removes instance display names and metadata from GCP auth login responses. This increase performance at the expense of tracability.

When an alias is unique, Vault has to read a StoragePacker bucket, decompress it, unmarshal the protobuf, modify it, marshal it back to a protobuf, compress it, and write the bucket back. During any StoragePacker operation, a lock is put on that key which means that only one operation on the bucket can happen at any time. These operations are very expensive and get more expensive as the entity count grows.

Our entity count from the GCP auth backend is around 5 million currently, so each login results in processing ~22,300 entities in one of the StoragePacker buckets with an exclusive storage lock on that bucket. This results Vault failing if more than ~10 GCP authentications are being performed at a given time. We need to be able to do thousands per minute.

Related Issues/Pull Requests

hashicorp/vault#8761

Contributor Checklist

[ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
My Docs PR Link
Example
[ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
[ ] Backwards compatible

@hashicorp-cla
Copy link

hashicorp-cla commented Apr 20, 2020

CLA assistant check
All committers have signed the CLA.

@dustin-decker dustin-decker changed the title Make identies less unique to improve performance Make identities less unique to improve performance Apr 20, 2020
@dustin-decker
Copy link
Author

Closing in favor of #89

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants