OpenStack Compute (nova)

Avoid looking up a source security group twice when creating new rules

Bug #1580621 reported by Matt Riedemann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Low
Sean Dague

Bug Description

When passing a source group_id for creating a new security group rule, the code is looking up that group twice, once here:

https://github.com/openstack/nova/blob/f8a01ccdffc13403df77148867ef3821100b5edb/nova/api/openstack/compute/security_groups.py#L246

->

https://github.com/openstack/nova/blob/f8a01ccdffc13403df77148867ef3821100b5edb/nova/api/openstack/compute/security_groups.py#L299

And then once again before creating the rule:

https://github.com/openstack/nova/blob/f8a01ccdffc13403df77148867ef3821100b5edb/nova/api/openstack/compute/security_groups.py#L272

We should just look that up once at the beginning and reuse it so we don't have to hit the nova db (nova-net) or neutron twice for the same thing.

This is a low severity performance optimization.

Liyingjun (liyingjun)
Changed in nova:
assignee: nobody → Liyingjun (liyingjun)
Revision history for this message
Matt Riedemann (mriedem) wrote :

Another thing, we get the source group again here when formatting the security group rules:

https://github.com/openstack/nova/blob/f8a01ccdffc13403df77148867ef3821100b5edb/nova/api/openstack/compute/security_groups.py#L71

But if we had the group_id already, then we have group_rule_data in that code and it has what we need, so that should change to either:

if group_rule_data:
  sg_rule['group'] = group_rule_data
elif rule['group_id']:
  ...
else
  sg_rule['ip_range'] = {'cidr': rule['cidr']}

Or:

if rule['group_id'] and not group_rule_data:
  ...
elif group_rule_data:
  ...
else:
  ...

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/315311

Changed in nova:
status: Triaged → In Progress
OpenStack Infra (hudson-openstack)
Changed in nova:
assignee: Liyingjun (liyingjun) → Maciej Szankin (mszankin)
Maciej Szankin (mszankin)
Changed in nova:
assignee: Maciej Szankin (mszankin) → Liyingjun (liyingjun)
OpenStack Infra (hudson-openstack)
Changed in nova:
assignee: Liyingjun (liyingjun) → Stephen Finucane (stephenfinucane)
OpenStack Infra (hudson-openstack)
Changed in nova:
assignee: Stephen Finucane (stephenfinucane) → Sean Dague (sdague)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/315311
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=f726163977367251b7466a3fbf351f5e128004b3
Submitter: Jenkins
Branch: master

commit f726163977367251b7466a3fbf351f5e128004b3
Author: liyingjun <email address hidden>
Date: Wed Apr 20 22:09:30 2016 +0800

    Optimize creating security_group

    When passing a source group_id for creating a new security group rule,
    the code is looking up that group twice. We should just look that up
    once at the beginning and reuse it so we don't have to hit the nova db
    or neutron twice for the same thing.

    Change-Id: I3ea4586d11b14da5f6d93e8d20f05171e7e6f0e8
    Closes-bug: #1580621

Changed in nova:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 16.0.0.0b2

This issue was fixed in the openstack/nova 16.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.