Add lock for security group rules
In order to reduce concurrency exceptions, lock updates to remote IPs for security group rules. Change-Id: I2d662850e4b09afa43df4be6a9004e4776248cd8
This commit is contained in:
parent
b8ca79879f
commit
da526e783e
|
@ -55,6 +55,7 @@ from neutron_lib.plugins import directory
|
|||
from opflexagent import constants as ofcst
|
||||
from opflexagent import host_agent_rpc as arpc
|
||||
from opflexagent import rpc as ofrpc
|
||||
from oslo_concurrency import lockutils
|
||||
from oslo_config import cfg
|
||||
from oslo_db import exception as db_exc
|
||||
from oslo_log import log
|
||||
|
@ -1785,23 +1786,26 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
|
|||
security_group_name=sg_rule['security_group_id'],
|
||||
security_group_subject_name='default',
|
||||
name=sg_rule['id'])
|
||||
aim_sg_rule = self.aim.get(aim_ctx, sg_rule_aim)
|
||||
if not aim_sg_rule:
|
||||
continue
|
||||
ip_version = 0
|
||||
if sg_rule['ethertype'] == 'IPv4':
|
||||
ip_version = 4
|
||||
elif sg_rule['ethertype'] == 'IPv6':
|
||||
ip_version = 6
|
||||
for fixed_ip in fixed_ips:
|
||||
if is_delete:
|
||||
if fixed_ip in aim_sg_rule.remote_ips:
|
||||
aim_sg_rule.remote_ips.remove(fixed_ip)
|
||||
elif ip_version == netaddr.IPAddress(fixed_ip).version:
|
||||
if fixed_ip not in aim_sg_rule.remote_ips:
|
||||
aim_sg_rule.remote_ips.append(fixed_ip)
|
||||
self.aim.update(aim_ctx, sg_rule_aim,
|
||||
remote_ips=aim_sg_rule.remote_ips)
|
||||
# REVISIT: remove locking once a more robust solution
|
||||
# has been implemented
|
||||
with lockutils.lock(sg_rule['id'], external=True):
|
||||
aim_sg_rule = self.aim.get(aim_ctx, sg_rule_aim)
|
||||
if not aim_sg_rule:
|
||||
continue
|
||||
ip_version = 0
|
||||
if sg_rule['ethertype'] == 'IPv4':
|
||||
ip_version = 4
|
||||
elif sg_rule['ethertype'] == 'IPv6':
|
||||
ip_version = 6
|
||||
for fixed_ip in fixed_ips:
|
||||
if is_delete:
|
||||
if fixed_ip in aim_sg_rule.remote_ips:
|
||||
aim_sg_rule.remote_ips.remove(fixed_ip)
|
||||
elif ip_version == netaddr.IPAddress(fixed_ip).version:
|
||||
if fixed_ip not in aim_sg_rule.remote_ips:
|
||||
aim_sg_rule.remote_ips.append(fixed_ip)
|
||||
self.aim.update(aim_ctx, sg_rule_aim,
|
||||
remote_ips=aim_sg_rule.remote_ips)
|
||||
|
||||
def create_port_precommit(self, context):
|
||||
port = context.current
|
||||
|
|
Loading…
Reference in New Issue