From d2463afa17b9a7d3399cc005ea77d1296e62e812 Mon Sep 17 00:00:00 2001 From: Maysa Macedo Date: Tue, 17 Dec 2019 13:38:13 +0000 Subject: [PATCH] Protect from sg Not Found on multiple np enforcement When multiple Network policies deletion affecting the same pod happens at the same time, a Not Found exception can be raised causing a controller restart. This commit fixes the issue by ensuring the policy deletion is retried and the sgs list is updated. Change-Id: I55a0f81ab6e30ca672e3f3d4865aed3cd96a94d2 Closes-bug: 1856709 (cherry picked from commit ed6e9c1384b315c6e44b136d65a000911626dd6d) --- kuryr_kubernetes/controller/handlers/policy.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/kuryr_kubernetes/controller/handlers/policy.py b/kuryr_kubernetes/controller/handlers/policy.py index 5227011df..588fb799f 100644 --- a/kuryr_kubernetes/controller/handlers/policy.py +++ b/kuryr_kubernetes/controller/handlers/policy.py @@ -12,6 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from neutronclient.common import exceptions as n_exc +from openstack import exceptions as o_exc from oslo_cache import core as cache from oslo_config import cfg as oslo_cfg from oslo_log import log as logging @@ -116,7 +118,12 @@ class NetworkPolicyHandler(k8s_base.ResourceEventHandler): raise oslo_cfg.RequiredOptError( 'pod_security_groups', oslo_cfg.OptGroup('neutron_defaults')) - self._drv_vif_pool.update_vif_sgs(pod, pod_sgs) + try: + self._drv_vif_pool.update_vif_sgs(pod, pod_sgs) + except (n_exc.NotFound, o_exc.NotFoundException): + LOG.debug("Fail to update pod sgs." + " Retrying policy deletion.") + raise exceptions.ResourceNotReady(policy) # ensure ports at the pool don't have the NP sg associated net_id = self._get_policy_net_id(policy)