yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #89410
[Bug 1851430] Fix included in openstack/nova pike-eol
This issue was fixed in the openstack/nova pike-eol release.
** Changed in: nova/pike
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1851430
Title:
Slow metadata API performance with security groups that have a lot of
rules
Status in OpenStack Compute (nova):
Fix Released
Status in OpenStack Compute (nova) pike series:
Fix Released
Status in OpenStack Compute (nova) queens series:
Fix Committed
Status in OpenStack Compute (nova) rocky series:
Fix Committed
Status in OpenStack Compute (nova) stein series:
Fix Committed
Status in OpenStack Compute (nova) train series:
Fix Committed
Bug description:
This was reported here without a bug:
https://review.opendev.org/#/c/656084/
The EC2 metadata API response includes a 'security-groups' key that is
a list of security group names attached to the instance.
The problem is for each security group attached to the instance, if
the group has a lot of rules on it, it can be expensive to query
(join) that information from neutron, especially if we don't care
about the rules.
By default, listing security groups includes the rules in the
response:
https://docs.openstack.org/api-
ref/network/v2/index.html?expanded=list-security-groups-detail#list-
security-groups
For the purpose of the EC2 metadata API, we should just query security
groups for their names.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1851430/+subscriptions
References
