Inefficient Security Group listing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Undecided
|
Unassigned |
Bug Description
Issue:
Fetching a large Security Group list takes relatively long as several database queries are made for each Security Group.
Context:
Listing SG's takes around 9 seconds with ~500 existing SG's, 16 seconds with ~1000 SG's and around 30 seconds with ~1500 existing SG's, so this time seems to grow at least linearly with number of SG's.
We've looked at flamegraphs of the neutron controller which show that the stack frame `/usr/lib/
```python
103 @classmethod
104 def get_objects(cls, context, _pager=None, validate_
105 **kwargs):
106 # We want to get the policy regardless of its tenant id. We'll make
107 # sure the tenant has permission to access the policy later on.
108 admin_context = context.elevated()
109 with cls.db_
110 objs = super(RbacNeutr
111 cls).get_
112 validate_filters, **kwargs)
113 result = []
114 for obj in objs:
115 if not cls.is_
116 continue
117 result.append(obj)
118 return result
```
We've also seen that the number of database queries also seems to grow linearly:
* Listing ~500 SG's performs ~2100 queries
* Listing ~1000 SG's performs ~3500 queries
* Listing ~1500 SG's performs ~5200 queries
This does not scale well, we're expecting a neglectable increase in listing time.
Reproduction:
* Create 1000 SG's
* Execute `time openstack security group list`
* Create 500 more SG's
* Execute `time openstack security group list`
Version:
We're using neutron 14.0.2-1 on CentOS 7.7.1908.
Perceived Severity:
MEDIUM
This was fixed in https:/ /review. opendev. org/#/c/ 665566/ and backported to stable/stein (15.0.0), it wasn't backported further.
Closing as a duplicate of https:/ /bugs.launchpad .net/neutron/ +bug/1830679