Add lock for security group rules

In order to reduce concurrency exceptions, lock updates to remote IPs for security group rules. Change-Id: I2d662850e4b09afa43df4be6a9004e4776248cd8
2018-05-02 00:50:23 +00:00 · 2018-05-02 00:50:23 +00:00 · 6abc8435a2
parent d39bb434bb
commit 6abc8435a2
1 changed files with 21 additions and 17 deletions
--- a/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py
+++ b/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py
@ -54,6 +54,7 @@ from neutron_lib.plugins import directory
 from opflexagent import constants as ofcst
 from opflexagent import host_agent_rpc as arpc
 from opflexagent import rpc as ofrpc
+from oslo_concurrency import lockutils
 from oslo_config import cfg
 from oslo_db import exception as db_exc
 from oslo_log import log
@ -1785,23 +1786,26 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
                security_group_name=sg_rule['security_group_id'],
                security_group_subject_name='default',
                name=sg_rule['id'])
-            aim_sg_rule = self.aim.get(aim_ctx, sg_rule_aim)
-            if not aim_sg_rule:
-                continue
-            ip_version = 0
-            if sg_rule['ethertype'] == 'IPv4':
-                ip_version = 4
-            elif sg_rule['ethertype'] == 'IPv6':
-                ip_version = 6
-            for fixed_ip in fixed_ips:
-                if is_delete:
-                    if fixed_ip in aim_sg_rule.remote_ips:
-                        aim_sg_rule.remote_ips.remove(fixed_ip)
-                elif ip_version == netaddr.IPAddress(fixed_ip).version:
-                    if fixed_ip not in aim_sg_rule.remote_ips:
-                        aim_sg_rule.remote_ips.append(fixed_ip)
-            self.aim.update(aim_ctx, sg_rule_aim,
-                            remote_ips=aim_sg_rule.remote_ips)
+            # REVISIT: remove locking once a more robust solution
+            #          has been implemented
+            with lockutils.lock(sg_rule['id'], external=True):
+                aim_sg_rule = self.aim.get(aim_ctx, sg_rule_aim)
+                if not aim_sg_rule:
+                    continue
+                ip_version = 0
+                if sg_rule['ethertype'] == 'IPv4':
+                    ip_version = 4
+                elif sg_rule['ethertype'] == 'IPv6':
+                    ip_version = 6
+                for fixed_ip in fixed_ips:
+                    if is_delete:
+                        if fixed_ip in aim_sg_rule.remote_ips:
+                            aim_sg_rule.remote_ips.remove(fixed_ip)
+                    elif ip_version == netaddr.IPAddress(fixed_ip).version:
+                        if fixed_ip not in aim_sg_rule.remote_ips:
+                            aim_sg_rule.remote_ips.append(fixed_ip)
+                self.aim.update(aim_ctx, sg_rule_aim,
+                                remote_ips=aim_sg_rule.remote_ips)

    def create_port_precommit(self, context):
        port = context.current