yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #33949
[Bug 1466921] [NEW] IptablesFirewallDriver making extra unnecessary calls to IpsetManager.set_members()
Public bug reported:
Currently, IptablesFirewallDriver iterates over a list of security group
IDs and makes calls to IpsetManager.set_members() passing each security
group ID. The problem is that this list of security group IDs can
contain duplicates, which causes IpsetManager.set_members() to be
repeatedly called with the same arguments. This method is idempotent, so
there is nothing different happening after the first time it's called
with a certain set of arguments; it should only be called once per set
of arguments.
IpsetManager.set_members() acquires an external file lock on ipset to
perform its operations, so eliminating these unnecessary file lock
acquisitions will have a positive effect on the performance of this
code.
** Affects: neutron
Importance: Undecided
Assignee: Rawlin Peters (rawlin-peters)
Status: New
** Tags: driver firewall ipset ipsetmanager iptables iptablesfirewalldriver
** Changed in: neutron
Assignee: (unassigned) => Rawlin Peters (rawlin-peters)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1466921
Title:
IptablesFirewallDriver making extra unnecessary calls to
IpsetManager.set_members()
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Currently, IptablesFirewallDriver iterates over a list of security
group IDs and makes calls to IpsetManager.set_members() passing each
security group ID. The problem is that this list of security group IDs
can contain duplicates, which causes IpsetManager.set_members() to be
repeatedly called with the same arguments. This method is idempotent,
so there is nothing different happening after the first time it's
called with a certain set of arguments; it should only be called once
per set of arguments.
IpsetManager.set_members() acquires an external file lock on ipset to
perform its operations, so eliminating these unnecessary file lock
acquisitions will have a positive effect on the performance of this
code.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1466921/+subscriptions
Follow ups
References