yahoo-eng-team team mailing list archive

[OpenStack Infra <1851430@xxxxxxxxxxxxxxxxxx>]

This issue was fixed in the openstack/nova queens-eol  release.

** Changed in: nova/queens
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1851430

Title:
  Slow metadata API performance with security groups that have a lot of
  rules

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) pike series:
  Fix Released
Status in OpenStack Compute (nova) queens series:
  Fix Released
Status in OpenStack Compute (nova) rocky series:
  Fix Committed
Status in OpenStack Compute (nova) stein series:
  Fix Committed
Status in OpenStack Compute (nova) train series:
  Fix Committed

Bug description:
  This was reported here without a bug:

  https://review.opendev.org/#/c/656084/

  The EC2 metadata API response includes a 'security-groups' key that is
  a list of security group names attached to the instance.

  The problem is for each security group attached to the instance, if
  the group has a lot of rules on it, it can be expensive to query
  (join) that information from neutron, especially if we don't care
  about the rules.

  By default, listing security groups includes the rules in the
  response:

  https://docs.openstack.org/api-
  ref/network/v2/index.html?expanded=list-security-groups-detail#list-
  security-groups

  For the purpose of the EC2 metadata API, we should just query security
  groups for their names.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1851430/+subscriptions