I think the issue here is that nova.virt.firewall.py IptablesFirewallDriver.instance_rules() is calling get_instance_nw_info() which is causing rpcs to be fired off _while_still_holding_the_iptables_lock. I suspect that the rpcs need to happen outside the lock.
>From yet more instrumented code: A synchronous RPC call is being made while a lock is held. This is probably a bug. Please report it. Include lines following this that start with ** please. ** multicall ** call ** call ** call ** get_instance_nw_info ** instance_rules ** add_filters_for_instance ** do_refresh_security_group_rules ** inner_while_holding_lock ** refresh_security_group_members ** refresh_security_group_members ** refresh_security_group_members ** wrapped ** _process_data ** wrapped ** _spawn_n_impl ** end of stack trace -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1062314 Title: do_refresh_security_group_rules in nova.virt.firewall is very slow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1062314/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs