From 972805bc1d863c73b5bf0c586a2413cefa0e988c Mon Sep 17 00:00:00 2001 From: Hans Lindgren Date: Fri, 11 Dec 2015 11:19:07 +0100 Subject: [PATCH] Reduce the number of db/rpc calls to get instance rules When getting instance rules in virt/firewall.py a for loop is used to issue db queries for rules belonging to each individual security group in a list of security groups that itself is fetched using a separate query. This can be made much more efficient by querying all rules in a single db query joined by instance. Change-Id: I325f9c71fecde8297842fd608ac3cfd51ea9db71 Closes-Bug: #1528041 --- nova/db/api.py | 5 +++++ nova/db/sqlalchemy/api.py | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/nova/db/api.py b/nova/db/api.py index 88f72a386..a40f51ec9 100644 --- a/nova/db/api.py +++ b/nova/db/api.py @@ -1329,6 +1329,11 @@ def security_group_rule_get_by_security_group(context, security_group_id, context, security_group_id, columns_to_join=columns_to_join) +def security_group_rule_get_by_instance(context, instance_uuid): + """Get all rules for a given instance.""" + return IMPL.security_group_rule_get_by_instance(context, instance_uuid) + + def security_group_rule_destroy(context, security_group_rule_id): """Deletes a security group rule.""" return IMPL.security_group_rule_destroy(context, security_group_rule_id) diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index 1802f05e6..f44824297 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -4356,6 +4356,15 @@ def security_group_rule_get_by_security_group(context, security_group_id, return query.all() +@require_context +def security_group_rule_get_by_instance(context, instance_uuid): + return (_security_group_rule_get_query(context). + join('parent_group', 'instances'). + filter_by(uuid=instance_uuid). + options(joinedload('grantee_group')). + all()) + + @require_context def security_group_rule_create(context, values): return _security_group_rule_create(context, values)