Currently, IptablesFirewallDriver iterates over a list of security group IDs and makes calls to IpsetManager.set_members() passing each security group ID. The problem is that this list of security group IDs can contain duplicates, which causes IpsetManager.set_members() to be repeatedly called with the same arguments. This method is idempotent, so there is nothing different happening after the first time it's called with a certain set of arguments; it should only be called once per set of arguments.
IpsetManager.set_members() acquires an external file lock on ipset to perform its operations, so eliminating these unnecessary file lock acquisitions will have a positive effect on the performance of this code.
Fix proposed to branch: stable/kilo /review. openstack. org/195034
Review: https:/