[openstack-dev] [neutron][rootwrap] Performance considerations, sudo?

Miguel Angel Ajo majopela at redhat.com
Thu Mar 6 08:31:43 UTC 2014

On 03/06/2014 07:57 AM, IWAMOTO Toshihiro wrote:
> At Wed, 05 Mar 2014 15:42:54 +0100,
> Miguel Angel Ajo wrote:
>> 3) I also find 10 minutes a long time to setup 192 networks/basic tenant
>> structures, I wonder if that time could be reduced by conversion
>> of system process calls into system library calls (I know we don't have
>> libraries for iproute, iptables?, and many other things... but it's a
>> problem that's probably worth looking at.)
> Try benchmarking
>     $ sudo ip netns exec qfoobar /bin/echo

You're totally right, that takes the same time as rootwrap itself. It's 
another point to think about from the performance point of view.

An interesting read:

ip netns does a lot of mounts around to simulate a normal environment,
where an netns-aware application could avoid all this.

> Network namespace switching costs almost as much as a rootwrap
> execution, IIRC.
> Execution coalesceing is not enough in this case and we would need to
> change how Neutron issues commands, IMO.

Yes, one option could be to coalesce all calls that go into
a namespace into a shell script and run this in the
ootwrap > ip netns exec

But we might find a mechanism to determine if some of the steps failed, 
and what was the result / output, something like failing line + result 
code. I'm not sure if we rely on stdout/stderr results at any time.

> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list