[neutron] Get only ID and name of the SGs from Neutron

During the VM booting process Nova asks Neutron for the security groups of the project. If there are no any fields specified, Neutron will prepare list of security groups with all fields, including rules. In case if project got many SGs, it may take long time as rules needs to be loaded separately for each SG on Neutron's side. During booting of the VM, Nova really needs only "id" and "name" of the security groups so this patch limits request to only those 2 fields. This lazy loading of the SG rules was introduced in Neutron in [1] and [2]. [1] https://review.opendev.org/#/c/630401/ [2] https://review.opendev.org/#/c/637407/ Related-Bug: #1865223 Change-Id: I15c3119857970c38541f4de270bd561166334548
2021-03-26 12:18:37 +01:00 · 2021-03-26 12:18:37 +01:00 · 388498ac5f
parent ded25f33c7
commit 388498ac5f
1 changed files with 7 additions and 1 deletions
--- a/nova/network/neutron.py
+++ b/nova/network/neutron.py
@ -802,9 +802,15 @@ class API(base.Base):
        # TODO(arosen) Should optimize more to do direct query for security
        # group if len(security_groups) == 1
        if len(security_groups):
+            # NOTE(slaweq): fields other than name and id aren't really needed
+            # so asking only about those fields will allow Neutron to not
+            # prepare list of rules for each found security group. That may
+            # speed processing of this request a lot in case when tenant has
+            # got many security groups
+            sg_fields = ['id', 'name']
            search_opts = {'tenant_id': instance.project_id}
            user_security_groups = neutron.list_security_groups(
-                **search_opts).get('security_groups')
+                fields=sg_fields, **search_opts).get('security_groups')

            for security_group in security_groups:
                name_match = None