NSX|V3: cleanup duplicate sections on startup

There may be an edge case where duplicate rules are not cleaned up at boot time. This will deal with that case by validating that the contents of the database matches what is defined on the NSX. In this case the database is the source of truth. Change-Id: I8249b946ffeeaf8bd682716a87fca0681ab29e37
2018-05-08 05:32:11 -07:00 · 2018-05-08 05:32:11 -07:00 · 8a54d7ef2e
parent fb26ed6474
commit 8a54d7ef2e
1 changed files with 22 additions and 7 deletions
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -349,6 +349,14 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                # Treat a race of multiple processing creating the seg group
                LOG.warning('Unable to create global security group')

+    def _cleanup_duplicates(self, default_ns_group_id):
+        LOG.warning("Duplicate rules created. Cleaning up!")
+        # Delete duplicates created
+        self.nsxlib.firewall_section.delete(self.default_section)
+        self.nsxlib.ns_group.delete(default_ns_group_id)
+        # Ensure global variables are updated
+        self._ensure_default_rules()
+
    def _prepare_default_rules(self):
        ctx = q_context.get_admin_context()
        # Need a global placeholder as the DB below has a foreign key to
@ -358,20 +366,27 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
        # Validate if there is a race between processes
        nsgroup_id, section_id = nsx_db.get_sg_mappings(
            ctx.session, NSX_V3_OS_DFW_UUID)
+        LOG.debug("Default NSGroup - %s, Section %s", nsgroup_id, section_id)
+        default_ns_group_id = self._default_section_nsgroup.get('id')
+        duplicates = False
        if nsgroup_id is None or section_id is None:
-            default_ns_group_id = self._default_section_nsgroup.get('id')
            try:
+                LOG.debug("Updating NSGroup - %s, Section %s",
+                          default_ns_group_id, self.default_section)
                nsx_db.save_sg_mappings(ctx,
                                        NSX_V3_OS_DFW_UUID,
                                        default_ns_group_id,
                                        self.default_section)
            except Exception:
-                LOG.warning("Duplicate rules created. Cleaning up!")
-                # Delete duplicates created
-                self.nsxlib.firewall_section.delete(self.default_section)
-                self.nsxlib.ns_group.delete(default_ns_group_id)
-                # Ensure global variables are updated
-                self._ensure_default_rules()
+                LOG.debug("Concurrent update! Duplicates exist")
+                duplicates = True
+        elif (section_id != self.default_section or
+              nsgroup_id != default_ns_group_id):
+            LOG.debug("NSGroup and Section don't match those in the DB. "
+                      "Duplicates exist")
+            duplicates = True
+        if duplicates:
+            self._cleanup_duplicates(default_ns_group_id)

    @staticmethod
    def plugin_type():