cache-neutron-security-groups
Nova-api should be able to work if neutron is down. Currently this is not
the case as we are going to neutron in order to obtain the security_groups on
an instance. In this blueprint we'll cache these security groups in nova
instead to avoid going to neutron.
Problem description
===================
Currently, whenever performing any GET options on nova for example nova list
nova-api calls out to neutron in order to get a list of security groups
attached to the instance. In addition, this is also done for most other
api operations due to how nova's extension framework is implemented. For
example, the nova interface-detach command will also cause nova-api to
query neutron for the security groups attached to the instance. The problem,
with this design is if neutron is down nova-api no longer works (as it fails
trying to talk to neutron) in addition we are quering neutron a lot more
then we need to be.
Proposed change
===============
In order to solve this issue I propose that we cache the security_groups
attached to each VIF in the instance_
security groups from there rather than from neutron.
see: https:/
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Aaron Rosen
- Direction:
- Needs approval
- Assignee:
- Aaron Rosen
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
