yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1466921] Re: IptablesFirewallDriver making extra unnecessary calls to IpsetManager.set_members()

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Alan Pevec <1466921@xxxxxxxxxxxxxxxxxx>
Date: Thu, 23 Jul 2015 21:31:09 -0000
Reply-to: Bug 1466921 <1466921@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: neutron/kilo
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1466921

Title:
  IptablesFirewallDriver making extra unnecessary calls to
  IpsetManager.set_members()

Status in neutron:
  Fix Released
Status in neutron kilo series:
  New

Bug description:
  Currently, IptablesFirewallDriver iterates over a list of security
  group IDs and makes calls to IpsetManager.set_members() passing each
  security group ID. The problem is that this list of security group IDs
  can contain duplicates, which causes IpsetManager.set_members() to be
  repeatedly called with the same arguments. This method is idempotent,
  so there is nothing different happening after the first time it's
  called with a certain set of arguments; it should only be called once
  per set of arguments.

  IpsetManager.set_members() acquires an external file lock on ipset to
  perform its operations, so eliminating these unnecessary file lock
  acquisitions will have a positive effect on the performance of this
  code.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1466921/+subscriptions

References

[Bug 1466921] [NEW] IptablesFirewallDriver making extra unnecessary calls to IpsetManager.set_members()
From: Rawlin Peters, 2015-06-19