yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1228384] Re: Security Group extension reads all Neutron ports for anything other that a single server

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Luz Cazares <luz.cazares@xxxxxxxxx>
Date: Tue, 09 Aug 2016 04:23:49 -0000
Reply-to: Bug 1228384 <1228384@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Invalidating Tempest bug since scenario
"tempest/scenario/test_large_ops.py" was removed from tempest (related
to performance instead of scenario). See:
https://github.com/openstack/tempest/commit/1976da83a5bdb35a61d1659bb5ece1b5d248bacd

** Changed in: tempest
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1228384

Title:
  Security Group extension reads all Neutron ports for anything other
  that a single server

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) havana series:
  Fix Released
Status in tempest:
  Invalid

Bug description:
  Although https://review.openstack.org/#/c/30048/ optimized the 
  SecurityGroupsOutputController for the case where the server
  list only contains one server, but in all other cases the current
  code calls the Neutron driver in a way that makes it retrieve
  all ports and security groups visible to the user.  

  For users with a Neutron admin role this retrieves all ports 
  and SecGroups in the system, which on a large system is a
  major performance issue and often leads to client timeouts.
  Normally these users have further qualified their query to a
  specific tenant or host, or maybe just trying to get their own
  list of servers.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1228384/+subscriptions