Reviewed: https://review.opendev.org/656084 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=eaf16fdde59a14fb38df669b21a911a0c2d2576f Submitter: Zuul Branch: master
commit eaf16fdde59a14fb38df669b21a911a0c2d2576f Author: Doug Wiegley <[email protected]> Date: Tue Nov 5 17:29:11 2019 -0500 Improve metadata server performance with large security groups Don't include the rules in the SG fetch in the metadata server, since we don't need them there, and with >1000 rules, it starts to get really slow, especially in Pike and later. Closes-Bug: #1851430 Co-Authored-By: Doug Wiegley <[email protected]> Co-Authored-By: Matt Riedemann <[email protected]> Change-Id: I7de14456d04370c842b4c35597dca3a628a826a2 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1851430 Title: Slow metadata API performance with security groups that have a lot of rules Status in OpenStack Compute (nova): Fix Released Status in OpenStack Compute (nova) pike series: Confirmed Status in OpenStack Compute (nova) queens series: Confirmed Status in OpenStack Compute (nova) rocky series: Confirmed Status in OpenStack Compute (nova) stein series: Confirmed Status in OpenStack Compute (nova) train series: Confirmed Bug description: This was reported here without a bug: https://review.opendev.org/#/c/656084/ The EC2 metadata API response includes a 'security-groups' key that is a list of security group names attached to the instance. The problem is for each security group attached to the instance, if the group has a lot of rules on it, it can be expensive to query (join) that information from neutron, especially if we don't care about the rules. By default, listing security groups includes the rules in the response: https://docs.openstack.org/api-ref/network/v2/index.html?expanded =list-security-groups-detail#list-security-groups For the purpose of the EC2 metadata API, we should just query security groups for their names. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1851430/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
