Don't iterate updated_rule_sg_ids or updated_sg_members
updated_rule_sg_ids and updated_sg_members can be updated
concurrently by an RPC security_group_updated cast from the
server which will result in a RuntimeError due to set
size changing during iteration.
This adjusts the logic to just iterate over a copy of the set.
Change-Id: I0a7cf13157de256403cfd6196f64fafdfa65f180
Closes-Bug: #1696874
(cherry picked from commit e51ae07aec
)
This commit is contained in:
parent
b5b68b3752
commit
3c0f4b7390
@ -831,7 +831,7 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
|
||||
|
||||
def _clean_deleted_sg_rule_conntrack_entries(self):
|
||||
deleted_sg_ids = set()
|
||||
for sg_id in self.updated_rule_sg_ids:
|
||||
for sg_id in set(self.updated_rule_sg_ids):
|
||||
del_rules = self._find_deleted_sg_rules(sg_id)
|
||||
if not del_rules:
|
||||
continue
|
||||
@ -845,7 +845,7 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
|
||||
|
||||
def _clean_updated_sg_member_conntrack_entries(self):
|
||||
updated_device_ids = set()
|
||||
for device in self.updated_sg_members:
|
||||
for device in set(self.updated_sg_members):
|
||||
sec_group_change = False
|
||||
device_info = self.filtered_ports.get(device)
|
||||
pre_device_info = self._pre_defer_filtered_ports.get(device)
|
||||
|
Loading…
Reference in New Issue
Block a user