From a6f5160b6c20144db5293b615f3c9e35c8fc59c7 Mon Sep 17 00:00:00 2001
From: Miro Tomaska <mtomaska@redhat.com>
Date: Wed, 1 Mar 2023 16:32:50 -0600
Subject: [PATCH] Fix ACL sync when default sg group is created

Port group not being available in NB DB during ACL sync
is bit of a corner case but possible during the ML2/OVS
to ML2/OVN migration sync. It can also happen in ML2/OVN
only enviroment. See my detailed description of both
scenarios in the linked Bug.
The easiest fix is to just retry ALL port groups sync
one more time if ACL sync cant find a port group row. This
additional resync is really quick.

Conflicts:
  neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py

Closes-Bug: #2008943
Change-Id: Iac1472f7f896ea434deacb6d236ab469f4f6ed56
(cherry picked from commit 33cf2cdc83a8cee9ee075eb371f779c3d356cf48)
---
 .../ovn/mech_driver/ovsdb/ovn_db_sync.py      | 33 +++++++++++++++----
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py
index 6d8544180d1..08fee14d8c7 100644
--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py
+++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py
@@ -24,6 +24,7 @@ from neutron_lib.plugins import constants as plugin_constants
 from neutron_lib.plugins import directory
 from neutron_lib.utils import helpers
 from oslo_log import log
+from ovsdbapp.backend.ovs_idl import idlutils
 import six
 
 from neutron.common.ovn import acl as acl_utils
@@ -93,7 +94,6 @@ class OvnNbSynchronizer(OvnDbSynchronizer):
         LOG.debug("Starting OVN-Northbound DB sync process")
 
         ctx = context.get_admin_context()
-
         self.sync_port_groups(ctx)
         self.sync_networks_ports_and_dhcp_opts(ctx)
         self.sync_port_dns_records(ctx)
@@ -275,11 +275,32 @@ class OvnNbSynchronizer(OvnDbSynchronizer):
                          'remove': num_acls_to_remove})
 
         if self.mode == SYNC_MODE_REPAIR:
-            with self.ovn_api.transaction(check_error=True) as txn:
-                for acla in neutron_acls:
-                    LOG.warning('ACL found in Neutron but not in '
-                                'OVN DB for port group %s', acla['port_group'])
-                    txn.add(self.ovn_api.pg_acl_add(**acla, may_exist=True))
+            pg_resync_count = 0
+            while True:
+                try:
+                    with self.ovn_api.transaction(check_error=True) as txn:
+                        for acla in neutron_acls:
+                            LOG.warning('ACL found in Neutron but not in '
+                                        'OVN DB for port group %s',
+                                        acla['port_group'])
+                            txn.add(self.ovn_api.pg_acl_add(
+                                **acla, may_exist=True))
+                except idlutils.RowNotFound as row_err:
+                    if row_err.msg.startswith("Cannot find Port_Group"):
+                        if pg_resync_count < 1:
+                            LOG.warning('Port group row was not found during '
+                                        'ACLs sync. Will attempt to sync port '
+                                        'groups one more time. The caught '
+                                        'exception is: %s', row_err)
+                            self.sync_port_groups(ctx)
+                            pg_resync_count += 1
+                            continue
+                        LOG.error('Port group exception during ACL sync '
+                                  'even after one more port group resync. '
+                                  'The caught exception is: %s', row_err)
+                    else:
+                        raise
+                break
 
             with self.ovn_api.transaction(check_error=True) as txn:
                 for aclr in ovn_acls: