yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1228384] Re: Security Group extension reads all Neutron ports for anything other that a single server

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Alan Pevec <1228384@xxxxxxxxxxxxxxxxxx>
Date: Thu, 13 Feb 2014 19:18:29 -0000
Reply-to: Bug 1228384 <1228384@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova/havana
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1228384

Title:
  Security Group extension reads all Neutron ports for anything other
  that a single server

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) havana series:
  Fix Released
Status in Tempest:
  Confirmed

Bug description:
  Although https://review.openstack.org/#/c/30048/ optimized the 
  SecurityGroupsOutputController for the case where the server
  list only contains one server, but in all other cases the current
  code calls the Neutron driver in a way that makes it retrieve
  all ports and security groups visible to the user.  

  For users with a Neutron admin role this retrieves all ports 
  and SecGroups in the system, which on a large system is a
  major performance issue and often leads to client timeouts.
  Normally these users have further qualified their query to a
  specific tenant or host, or maybe just trying to get their own
  list of servers.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1228384/+subscriptions