** Changed in: nova
Assignee: Matt Riedemann (mriedem) => Doug Wiegley (dougwig)
** Also affects: nova/train
Importance: Undecided
Status: New
** Also affects: nova/pike
Importance: Undecided
Status: New
** Also affects: nova/queens
Importance: Undecided
Status: New
** Also affects: nova/stein
Importance: Undecided
Status: New
** Also affects: nova/rocky
Importance: Undecided
Status: New
** Changed in: nova/pike
Status: New => Confirmed
** Changed in: nova/queens
Status: New => Confirmed
** Changed in: nova/rocky
Status: New => Confirmed
** Changed in: nova/stein
Status: New => Confirmed
** Changed in: nova/train
Status: New => Confirmed
** Summary changed:
- slow metadata performance with security groups that have a lot of rules
+ Slow metadata API performance with security groups that have a lot of rules
** Changed in: nova/pike
Importance: Undecided => Medium
** Changed in: nova/stein
Importance: Undecided => Medium
** Changed in: nova/queens
Importance: Undecided => Medium
** Changed in: nova/rocky
Importance: Undecided => Medium
** Changed in: nova/train
Importance: Undecided => Medium
** Changed in: nova/pike
Importance: Medium => Low
** Changed in: nova/queens
Importance: Medium => Low
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1851430
Title:
Slow metadata API performance with security groups that have a lot of
rules
Status in OpenStack Compute (nova):
In Progress
Status in OpenStack Compute (nova) pike series:
Confirmed
Status in OpenStack Compute (nova) queens series:
Confirmed
Status in OpenStack Compute (nova) rocky series:
Confirmed
Status in OpenStack Compute (nova) stein series:
Confirmed
Status in OpenStack Compute (nova) train series:
Confirmed
Bug description:
This was reported here without a bug:
https://review.opendev.org/#/c/656084/
The EC2 metadata API response includes a 'security-groups' key that is
a list of security group names attached to the instance.
The problem is for each security group attached to the instance, if
the group has a lot of rules on it, it can be expensive to query
(join) that information from neutron, especially if we don't care
about the rules.
By default, listing security groups includes the rules in the
response:
https://docs.openstack.org/api-ref/network/v2/index.html?expanded
=list-security-groups-detail#list-security-groups
For the purpose of the EC2 metadata API, we should just query security
groups for their names.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1851430/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
