NSX|V: ensure that FW rule updates on edge are locked

If this opertaion happens concurrently then therecould be a exception on the edge. Change-Id: I33542ee956b35b3616748b8d44017eb74d439bfa
2017-01-16 22:14:01 -08:00 · 2017-01-16 22:14:01 -08:00 · 03d62f94e3
parent ca33b1bfcf
commit 03d62f94e3
3 changed files with 11 additions and 4 deletions
--- a/vmware_nsx/plugins/nsx_v/drivers/distributed_router_driver.py
+++ b/vmware_nsx/plugins/nsx_v/drivers/distributed_router_driver.py
@ -104,7 +104,10 @@ class RouterDistributedDriver(router_driver.RouterBaseDriver):
            router_db = self.plugin._get_router(context, router_id)
            nexthop = self.plugin._get_external_attachment_info(
                context, router_db)[2]
-            self.plugin._update_subnets_and_dnat_firewall(context, router_db)
+            with locking.LockManager.get_lock(self._get_edge_id(context,
+                                                                router_id)):
+                self.plugin._update_subnets_and_dnat_firewall(context,
+                                                              router_db)
            md_gw_data = self._get_metadata_gw_data(context, router_id)
            self._update_routes(context, router_id, nexthop, md_gw_data)
        if 'admin_state_up' in r:
--- a/vmware_nsx/plugins/nsx_v/drivers/exclusive_router_driver.py
+++ b/vmware_nsx/plugins/nsx_v/drivers/exclusive_router_driver.py
@ -60,7 +60,10 @@ class RouterExclusiveDriver(router_driver.RouterBaseDriver):
            router_db = self.plugin._get_router(context, router_id)
            nexthop = self.plugin._get_external_attachment_info(
                context, router_db)[2]
-            self.plugin._update_subnets_and_dnat_firewall(context, router_db)
+            with locking.LockManager.get_lock(
+                    self._get_router_edge_id(context, router_id)):
+                self.plugin._update_subnets_and_dnat_firewall(context,
+                                                              router_db)
            self.update_routes(context, router_id, nexthop)
        if 'admin_state_up' in r:
            self.plugin._update_router_admin_state(
--- a/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py
+++ b/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py
@ -1385,8 +1385,9 @@ class EdgeManager(object):

            self.plugin.metadata_proxy_handler.configure_router_edge(
                context, resource_id)
-            self.plugin.setup_dhcp_edge_fw_rules(
-                context, self.plugin, resource_id)
+            with locking.LockManager.get_lock(str(dhcp_edge_id)):
+                self.plugin.setup_dhcp_edge_fw_rules(
+                    context, self.plugin, resource_id)

            if not self.per_interface_rp_filter:
                with locking.LockManager.get_lock(str(dhcp_edge_id)):