Thanks Slawek. I'm happy to do that, but I thought I should write here first in case it is some kind of user error, and not really a bug in the Neutron code. On Tue, Jun 16, 2020 at 1:12 PM Slawek Kaplonski <skaplons@redhat.com> wrote:
Hi,
Can You report a LP bug for that and attach full stack traces from the neutron server?
With Ussuri I'm hitting this in the neutron server:
Failed to create a duplicate DefaultSecurityGroup: for attribute(s) ['PRIMARY'] with value(s) 11447be9beda4bf78dab27cdb75058e2 pymysql.err.IntegrityError: (1062, "Duplicate entry '11447be9beda4bf78dab27cdb75058e2' for key 'PRIMARY'") oslo_db.exception.DBDuplicateEntry: (pymysql.err.IntegrityError) (1062, "Duplicate entry '11447be9beda4bf78dab27cdb75058e2' for key 'PRIMARY'") [SQL: INSERT INTO default_security_group (project_id, security_group_id) VALUES (%(project_id)s, %(security_group_id)s)] [parameters: {'project_id': '11447be9beda4bf78dab27cdb75058e2', 'security_group_id': '9f3a473c-b08a-4cf2-8327-10ecc8b87301'}] neutron_lib.objects.exceptions.NeutronDbObjectDuplicateEntry: Failed to create a duplicate DefaultSecurityGroup: for attribute(s) ['PRIMARY'] with value(s) 11447be9beda4bf78dab27cdb75058e2
(Those are all, I believe, reports of the same problem, at different levels of the stack.)
IIUC, this is triggered by my Neutron driver calling
rules = self.db.get_security_group_rules( context, filters={'security_group_id': sgids} )
where the context has project_id 11447be9beda4bf78dab27cdb75058e2. Deep down inside that call, Neutron tries to ensure that there is a default security group for that project, and somehow that hits the reported exception.
Here's the code in securitygroups_db.py:
def _ensure_default_security_group(self, context, tenant_id): """Create a default security group if one doesn't exist.
:returns: the default security group id for given tenant. """ default_group_id = self._get_default_sg_id(context, tenant_id) if default_group_id: return default_group_id
security_group = { 'security_group': {'name': 'default', 'tenant_id': tenant_id, 'description': _('Default security group')} } return self.create_security_group(context, security_group, default_sg=True)['id']
Obviously it checks first if the default SG already exists for the
On Tue, Jun 16, 2020 at 09:58:04AM +0100, Neil Jerram wrote: project,
before creating it if not. So why would that code hit the duplicate exception as shown above?
Any ideas welcome!
Best wishes, Neil
-- Slawek Kaplonski Senior software engineer Red Hat