puppetlabs-firewall icon indicating copy to clipboard operation
puppetlabs-firewall copied to clipboard

Published 20 hours ago verified publisher icon puppetlabs

Performance degradation in resource_api version

Open 2fa opened this issue 10 months ago • 0 comments

Describe the Bug

After testing latest version of firewall module i've noticed that puppet applies catalog significantly longer compared to the previous version.

After a bit of strace it looks like new version makes several iptables-save calls every time it applies each rule.

Old version
~# grep -c "execve(\"/usr/sbin/iptables-save" strace1.out
60

New version
~# grep -c "execve(\"/usr/sbin/iptables-save" strace2.out
296

For some machines catalog application time increased more than 2x (from 50 to 120 seconds, for example).

Expected Behavior

Firewall resource should not make multiple iptables-save calls for each rule.

Environment

  • Version [3.1.0 and 8.0.1]
  • Platform [Ubuntu 20.04]

Additional Context

It is related to #1100

2fa avatar Apr 09 '24 14:04 2fa