yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1851430] Re: slow metadata performance with security groups that have a lot of rules

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Matt Riedemann <mriedem.os@xxxxxxxxx>
Date: Tue, 05 Nov 2019 22:32:47 -0000
Reply-to: Bug 1851430 <1851430@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
     Assignee: Matt Riedemann (mriedem) => Doug Wiegley (dougwig)

** Also affects: nova/train
   Importance: Undecided
       Status: New

** Also affects: nova/pike
   Importance: Undecided
       Status: New

** Also affects: nova/queens
   Importance: Undecided
       Status: New

** Also affects: nova/stein
   Importance: Undecided
       Status: New

** Also affects: nova/rocky
   Importance: Undecided
       Status: New

** Changed in: nova/pike
       Status: New => Confirmed

** Changed in: nova/queens
       Status: New => Confirmed

** Changed in: nova/rocky
       Status: New => Confirmed

** Changed in: nova/stein
       Status: New => Confirmed

** Changed in: nova/train
       Status: New => Confirmed

** Summary changed:

- slow metadata performance with security groups that have a lot of rules
+ Slow metadata API performance with security groups that have a lot of rules

** Changed in: nova/pike
   Importance: Undecided => Medium

** Changed in: nova/stein
   Importance: Undecided => Medium

** Changed in: nova/queens
   Importance: Undecided => Medium

** Changed in: nova/rocky
   Importance: Undecided => Medium

** Changed in: nova/train
   Importance: Undecided => Medium

** Changed in: nova/pike
   Importance: Medium => Low

** Changed in: nova/queens
   Importance: Medium => Low

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1851430

Title:
  Slow metadata API performance with security groups that have a lot of
  rules

Status in OpenStack Compute (nova):
  In Progress
Status in OpenStack Compute (nova) pike series:
  Confirmed
Status in OpenStack Compute (nova) queens series:
  Confirmed
Status in OpenStack Compute (nova) rocky series:
  Confirmed
Status in OpenStack Compute (nova) stein series:
  Confirmed
Status in OpenStack Compute (nova) train series:
  Confirmed

Bug description:
  This was reported here without a bug:

  https://review.opendev.org/#/c/656084/

  The EC2 metadata API response includes a 'security-groups' key that is
  a list of security group names attached to the instance.

  The problem is for each security group attached to the instance, if
  the group has a lot of rules on it, it can be expensive to query
  (join) that information from neutron, especially if we don't care
  about the rules.

  By default, listing security groups includes the rules in the
  response:

  https://docs.openstack.org/api-ref/network/v2/index.html?expanded
  =list-security-groups-detail#list-security-groups

  For the purpose of the EC2 metadata API, we should just query security
  groups for their names.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1851430/+subscriptions

References

[Bug 1851430] [NEW] slow metadata performance with security groups that have a lot of rules
From: Matt Riedemann, 2019-11-05