commit 0dbd35df1bdaea7dec97fd976b6990f4b79a6b77
Author: Brian Haley <email address hidden>
Date: Wed Jan 24 15:55:56 2018 -0500
Process conntrack updates in worker threads
With a large number of instances and/or security group rules,
conntrack updates when ports are removed or rules are changed
can take a long time to process. By enqueuing these to a set
or worker threads, the agent can continue with other work while
they are processed in the background.
This is a change in behavior in the agent since it could
program a new set of security group rules before all existing
conntrack entries are deleted, but since the iptables or OVSfw
NAT rules will have been removed, it should not pose a
security issue.
Change-Id: Ibf858c7fdf7a822a30e4a0c4722d70fd272741b6
Closes-bug: #1745468
(cherry picked from commit 65a81623fc0377b26d2d5800607f7c3acc08c45a)
Reviewed: https:/ /review. openstack. org/545612 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=0dbd35df1bd aea7dec97fd976b 6990f4b79a6b77
Committed: https:/
Submitter: Zuul
Branch: stable/queens
commit 0dbd35df1bdaea7 dec97fd976b6990 f4b79a6b77
Author: Brian Haley <email address hidden>
Date: Wed Jan 24 15:55:56 2018 -0500
Process conntrack updates in worker threads
With a large number of instances and/or security group rules,
conntrack updates when ports are removed or rules are changed
can take a long time to process. By enqueuing these to a set
or worker threads, the agent can continue with other work while
they are processed in the background.
This is a change in behavior in the agent since it could
program a new set of security group rules before all existing
conntrack entries are deleted, but since the iptables or OVSfw
NAT rules will have been removed, it should not pose a
security issue.
Change-Id: Ibf858c7fdf7a82 2a30e4a0c4722d7 0fd272741b6 26d2d5800607f7c 3acc08c45a)
Closes-bug: #1745468
(cherry picked from commit 65a81623fc0377b