Browse Source

Avoid port group creation race

The neutron_pg_drop Porg Group is created with some ACLs to drop
all the traffic by default. This group doesn't match any Neutron
resource and it's created once the first Neutron port with
port_security enabled gets created.

A race condition exists whn the first two ports get created
simultaneously by different works as both may attempt to create
this Port Group. The result is that one of the port creations will
fail. Setting may_exist=True should avoid this race

Co-authored-by: Daniel Alvarez <dalvarez@redhat.com>
Closes-Bug: 1838969
Change-Id: I8c1174df562a7164d4a96ce2e733279723827dcd
(cherry picked from commit e946836b20)
changes/69/687569/1
Terry Wilson 2 years ago
committed by Maciej Józefczyk
parent
commit
528925bb20
  1. 4
      networking_ovn/common/ovn_client.py

4
networking_ovn/common/ovn_client.py

@ -1707,11 +1707,11 @@ class OVNClient(object):
with self._nb_idl.transaction(check_error=True) as txn:
if not self._nb_idl.get_port_group(pg_name):
# If drop Port Group doesn't exist yet, create it.
txn.add(self._nb_idl.pg_add(pg_name, acls=[]))
txn.add(self._nb_idl.pg_add(pg_name, acls=[], may_exist=True))
# Add ACLs to this Port Group so that all traffic is dropped.
acls = ovn_acl.add_acls_for_drop_port_group(pg_name)
for acl in acls:
txn.add(self._nb_idl.pg_acl_add(**acl))
txn.add(self._nb_idl.pg_acl_add(may_exist=True, **acl))
if ports:
ports_ids = [port['id'] for port in ports]

Loading…
Cancel
Save