yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #09738
[Bug 1228384] Re: Security Group extension reads all Neutron ports for anything other that a single server
** Changed in: nova/havana
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1228384
Title:
Security Group extension reads all Neutron ports for anything other
that a single server
Status in OpenStack Compute (Nova):
Fix Released
Status in OpenStack Compute (nova) havana series:
Fix Released
Status in Tempest:
Confirmed
Bug description:
Although https://review.openstack.org/#/c/30048/ optimized the
SecurityGroupsOutputController for the case where the server
list only contains one server, but in all other cases the current
code calls the Neutron driver in a way that makes it retrieve
all ports and security groups visible to the user.
For users with a Neutron admin role this retrieves all ports
and SecGroups in the system, which on a large system is a
major performance issue and often leads to client timeouts.
Normally these users have further qualified their query to a
specific tenant or host, or maybe just trying to get their own
list of servers.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1228384/+subscriptions