diff options
| author | Slawek Kaplonski <skaplons@redhat.com> | 2021-03-26 12:18:37 +0100 |
|---|---|---|
| committer | melanie witt <melwittt@gmail.com> | 2021-07-09 22:39:28 +0000 |
| commit | 9b24ff384e336d3369b796427d34787872d9a08e (patch) | |
| tree | 62b7aed854f8436af9feb87476fe9f72cef10093 | |
| parent | ec621fdc0264f9b364fa1605819794103c545d74 (diff) | |
| download | nova-9b24ff384e336d3369b796427d34787872d9a08e.tar.gz | |
[neutron] Get only ID and name of the SGs from Neutron
During the VM booting process Nova asks Neutron for the security groups
of the project. If there are no any fields specified, Neutron will
prepare list of security groups with all fields, including rules.
In case if project got many SGs, it may take long time as rules needs to
be loaded separately for each SG on Neutron's side.
During booting of the VM, Nova really needs only "id" and "name" of the
security groups so this patch limits request to only those 2 fields.
This lazy loading of the SG rules was introduced in Neutron in [1] and
[2].
[1] https://review.opendev.org/#/c/630401/
[2] https://review.opendev.org/#/c/637407/
Related-Bug: #1865223
Change-Id: I15c3119857970c38541f4de270bd561166334548
(cherry picked from commit 388498ac5fa15ed8deef06ec061ea47e4a1b7377)
(cherry picked from commit 4f49545afaf3cd453796d48ba96b9a82d11c01bf)
(cherry picked from commit f7d84db5876b30d6849877799c08ebc65ac077ca)
(cherry picked from commit be4a514c8aea073a9188cfc878c9afcc9b03cb28)
(cherry picked from commit 1aa571103f90228ddf3dc27386486196ad58ba0e)
| -rw-r--r-- | nova/network/neutronv2/api.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/nova/network/neutronv2/api.py b/nova/network/neutronv2/api.py index 8a60291910..2f4e39b1cb 100644 --- a/nova/network/neutronv2/api.py +++ b/nova/network/neutronv2/api.py @@ -828,9 +828,15 @@ class API(base_api.NetworkAPI): # TODO(arosen) Should optimize more to do direct query for security # group if len(security_groups) == 1 if len(security_groups): + # NOTE(slaweq): fields other than name and id aren't really needed + # so asking only about those fields will allow Neutron to not + # prepare list of rules for each found security group. That may + # speed processing of this request a lot in case when tenant has + # got many security groups + sg_fields = ['id', 'name'] search_opts = {'tenant_id': instance.project_id} user_security_groups = neutron.list_security_groups( - **search_opts).get('security_groups') + fields=sg_fields, **search_opts).get('security_groups') for security_group in security_groups: name_match = None |