OpenStack Compute (nova)

IP filtering is not accurate when used with limit

Bug #1417649 reported by Steven Kaufer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Undecided
Steven Kaufer
OpenStack Compute (nova) 2015.1.0 "kilo"

Bug Description

When applying an IP address filter to a servers query, the IP address
filtering is manually applied in the compute API against the servers that are
retrieved from the DB.

The problem is when a limit is supplied; in this case, the IP address filter
is only applied to the page of servers that are returned from the DB. For
example, assume that you have 3 instances that match a given IP address filter
and that those instances are returned from the DB in the 5th, 20th, and 100th
positions. If you supply this IP address filter with a limit of 10, then only
a single server is returned (the one in the 5th position). In this case, all
3 instances should have been returned.

A simple example (note that I manually added --limit to the CLI):

* List all 3 serves:

 $ nova list --sort display_name:asc
 +--------------------------------------+-----------+------------------+
 | ID | Name | Networks |
 +--------------------------------------+-----------+------------------+
 | 65515d56-6103-43dd-ac58-238baabda422 | Instance1 | private=10.0.0.2 |
 | c9ab681f-e930-4e4e-814d-d6f1cf084480 | Instance2 | private=10.0.0.3 |
 | f1d6d9ef-e31d-46b5-86a2-da34b45007b0 | Instance3 | private=10.0.0.4 |
 +--------------------------------------+-----------+------------------+

* Limit the list to a page size of 1:

 $ nova list --sort display_name:asc --limit 1
 +--------------------------------------+-----------+------------------+
 | ID | Name | Networks |
 +--------------------------------------+-----------+------------------+
 | 65515d56-6103-43dd-ac58-238baabda422 | Instance1 | private=10.0.0.2 |
 +--------------------------------------+-----------+------------------+

* Supply only an IP address filter:

 $ nova list --sort display_name:asc --ip 10.0.0.3
 +--------------------------------------+-----------+------------------+
 | ID | Name | Networks |
 +--------------------------------------+-----------+------------------+
 | c9ab681f-e930-4e4e-814d-d6f1cf084480 | Instance2 | private=10.0.0.3 |
 +--------------------------------------+-----------+------------------+

* Supply both an IP address filter and a limit (should show a single server):

 $ nova list --sort display_name:asc --ip 10.0.0.3 --limit 1
 +----+------+----------+
 | ID | Name | Networks |
 +----+------+----------+
 +----+------+----------+

Steven Kaufer (kaufer)
Changed in nova:
assignee: nobody → Steven Kaufer (kaufer)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/152614

Changed in nova:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/152614
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=b6970bbaf786fe0610eb78c1063fc952d48e1a1c
Submitter: Jenkins
Branch: master

commit b6970bbaf786fe0610eb78c1063fc952d48e1a1c
Author: Steven Kaufer <email address hidden>
Date: Tue Feb 3 16:27:46 2015 +0000

    IP filtering is not accurate when used with limit

    When applying an IP address filter to a servers query, the IP address
    filtering is manually applied in the compute API against the servers that are
    retrieved from the DB.

    The problem is when a limit is supplied; in this case, the IP address filter
    is only applied to the page of servers that are returned from the DB. For
    example, assume that you have 3 instances that match a given IP address filter
    and that those instances are returned from the DB in the 5th, 20th, and 100th
    positions. If you supply this IP address filter with a limit of 10, then only
    a single server is returned (the one in the 5th position). In this case, all
    3 instances should have been returned.

    This patch set fixes this by removing the limit from the DB query (if an IP
    address filter is supplied) and manually limiting the servers as the IP
    address filter is being applied.

    Alternative solutions that were not chosen:
    * Moving the IP address filtering into the DB: Too complex since the network
      information is cached in the DB as a JSON object
    * Determining server UUIDs that match the IP address filter and then using
      those as a DB UUID filter: This solution was originally implemented but
      deemed to expensive, see commit I455f6ab4acdecacc5152b11a183027f933dc4475

    DocImpact
    Closes-bug: 1417649

    Change-Id: I6cb9feb77cf563d7aa7c3d4d2ce7e4a3e939a0bc

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → kilo-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: kilo-3 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.