Reviewed: https://review.openstack.org/517648 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=dc658dbdcf2325cf6f27d9ae61d85b835f8410f8 Submitter: Zuul Branch: master
commit dc658dbdcf2325cf6f27d9ae61d85b835f8410f8 Author: Matt Riedemann <mriedem...@gmail.com> Date: Fri Nov 3 12:26:03 2017 -0400 Avoid redundant security group queries in GET /servers/{id}/os-security-groups The GET /servers/{server_id}/os-security-groups API code can perform poorly if the instance has several security groups and each security group has several rules. This is because when processing the output, we loop over the groups, and loop over the rules per group, and then for each rule, if it has a group_id specified, we query the security group details (from Neutron in most cases). If more than one rule points at the same group_id, we're doing a redundant group lookup and sending more traffic to the security group API (aka Neutron) than needed. This change optimizes that single API to load the rule group details up front so that we only do at most one lookup per group_id. This could be extended to GET /os-security-groups but that API is deprecated so any optimization there is lower priority. Change-Id: Ia451429f61b15526fade6838386e562c17591d36 Closes-Bug: #1729741 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1729741 Title: os-security-groups api call creates api call explosion to neutron Status in OpenStack Compute (nova): Fix Released Status in OpenStack Compute (nova) pike series: Confirmed Bug description: 1) create a security group 2) create a bunch of security group rules which reference a security group instead of a CIDR e.g. openstack security group rule create --remote-group xxxxx-1123-xxxx-xxx-xxxxx When querying nova api /os-security-groups there will be an API call to neutron for each rule that has a remote group attached. In the logs you will seee GET /v2.0/security-groups/xxxxx-1123-xxxx-xxx-xxxxx Creating rules with a CIDR do not have this issue. As you can imagine this will quickly get very slow. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1729741/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp