← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1228384] Re: Security Group extension reads all Neutron ports for anything other that a single server

 

** Changed in: nova/havana
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1228384

Title:
  Security Group extension reads all Neutron ports for anything other
  that a single server

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) havana series:
  Fix Released
Status in Tempest:
  Confirmed

Bug description:
  Although https://review.openstack.org/#/c/30048/ optimized the 
  SecurityGroupsOutputController for the case where the server
  list only contains one server, but in all other cases the current
  code calls the Neutron driver in a way that makes it retrieve
  all ports and security groups visible to the user.  

  For users with a Neutron admin role this retrieves all ports 
  and SecGroups in the system, which on a large system is a
  major performance issue and often leads to client timeouts.
  Normally these users have further qualified their query to a
  specific tenant or host, or maybe just trying to get their own
  list of servers.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1228384/+subscriptions