Don't iterate updated_rule_sg_ids or updated_sg_members
updated_rule_sg_ids and updated_sg_members can be updated
concurrently by an RPC security_group_updated cast from the
server which will result in a RuntimeError due to set
size changing during iteration.
This adjusts the logic to just iterate over a copy of the set.
Change-Id: I0a7cf13157de256403cfd6196f64fafdfa65f180
Closes-Bug: #1696874
(cherry picked from commit e51ae07aec
)
This commit is contained in:
parent
246fbe93f6
commit
96657be885
|
@ -842,7 +842,7 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
|
||||||
|
|
||||||
def _clean_deleted_sg_rule_conntrack_entries(self):
|
def _clean_deleted_sg_rule_conntrack_entries(self):
|
||||||
deleted_sg_ids = set()
|
deleted_sg_ids = set()
|
||||||
for sg_id in self.updated_rule_sg_ids:
|
for sg_id in set(self.updated_rule_sg_ids):
|
||||||
del_rules = self._find_deleted_sg_rules(sg_id)
|
del_rules = self._find_deleted_sg_rules(sg_id)
|
||||||
if not del_rules:
|
if not del_rules:
|
||||||
continue
|
continue
|
||||||
|
@ -856,7 +856,7 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
|
||||||
|
|
||||||
def _clean_updated_sg_member_conntrack_entries(self):
|
def _clean_updated_sg_member_conntrack_entries(self):
|
||||||
updated_device_ids = set()
|
updated_device_ids = set()
|
||||||
for device in self.updated_sg_members:
|
for device in set(self.updated_sg_members):
|
||||||
sec_group_change = False
|
sec_group_change = False
|
||||||
device_info = self.filtered_ports.get(device)
|
device_info = self.filtered_ports.get(device)
|
||||||
pre_device_info = self._pre_defer_filtered_ports.get(device)
|
pre_device_info = self._pre_defer_filtered_ports.get(device)
|
||||||
|
|
Loading…
Reference in New Issue