NWfilter rules not removed upon instance termination
Bug #783705 reported by
Anthony Young
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Fix Released
|
High
|
Anthony Young | ||
Bug Description
Upon instance termination, the libvirt driver does not clean up nwfilter rules for the instance. As a result, these rules stay resident both on disk and in memory, causing a steady performance degradation that makes several critical operations very slow over time, including:
* instance launching
* nova-compute startup
* security group modifications
As a result of this, on Nebula it can take 30+ minutes for compute hosts to restart after upgrades, and many minutes for instances to launch.
Related branches
lp:~sleepsonthefloor/nova/lp783705
- Devin Carlen (community): Approve
- Vish Ishaya (community): Approve
-
Diff: 179 lines (+131/-2)2 files modifiednova/tests/test_libvirt.py (+107/-0)
nova/virt/libvirt/firewall.py (+24/-2)
| Changed in nova: | |
| assignee: | nobody → sleepsonthefloor (sleepsonthefloor) |
| importance: | Undecided → High |
| status: | New → In Progress |
| Changed in nova: | |
| status: | In Progress → Fix Committed |
| Changed in nova: | |
| milestone: | none → diablo-2 |
| Changed in nova: | |
| milestone: | diablo-2 → 2011.3 |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
