Thanks Slawek.  I'm happy to do that, but I thought I should write here first in case it is some kind of user error, and not really a bug in the Neutron code.


On Tue, Jun 16, 2020 at 1:12 PM Slawek Kaplonski <skaplons@redhat.com> wrote:
Hi,

Can You report a LP bug for that and attach full stack traces from the neutron
server?

On Tue, Jun 16, 2020 at 09:58:04AM +0100, Neil Jerram wrote:
> With Ussuri I'm hitting this in the neutron server:
>
> Failed to create a duplicate DefaultSecurityGroup: for attribute(s)
> ['PRIMARY'] with value(s) 11447be9beda4bf78dab27cdb75058e2
> pymysql.err.IntegrityError: (1062, "Duplicate entry
> '11447be9beda4bf78dab27cdb75058e2' for key 'PRIMARY'")
> oslo_db.exception.DBDuplicateEntry: (pymysql.err.IntegrityError) (1062,
> "Duplicate entry '11447be9beda4bf78dab27cdb75058e2' for key 'PRIMARY'")
> [SQL: INSERT INTO default_security_group (project_id, security_group_id)
> VALUES (%(project_id)s, %(security_group_id)s)]
> [parameters: {'project_id': '11447be9beda4bf78dab27cdb75058e2',
> 'security_group_id': '9f3a473c-b08a-4cf2-8327-10ecc8b87301'}]
> neutron_lib.objects.exceptions.NeutronDbObjectDuplicateEntry: Failed to
> create a duplicate DefaultSecurityGroup: for attribute(s) ['PRIMARY'] with
> value(s) 11447be9beda4bf78dab27cdb75058e2
>
> (Those are all, I believe, reports of the same problem, at different levels
> of the stack.)
>
> IIUC, this is triggered by my Neutron driver calling
>
>         rules = self.db.get_security_group_rules(
>             context, filters={'security_group_id': sgids}
>         )
>
> where the context has project_id 11447be9beda4bf78dab27cdb75058e2.  Deep
> down inside that call, Neutron tries to ensure that there is a default
> security group for that project, and somehow that hits the reported
> exception.
>
> Here's the code in securitygroups_db.py:
>
>     def _ensure_default_security_group(self, context, tenant_id):
>         """Create a default security group if one doesn't exist.
>
>         :returns: the default security group id for given tenant.
>         """
>         default_group_id = self._get_default_sg_id(context, tenant_id)
>         if default_group_id:
>             return default_group_id
>
>         security_group = {
>             'security_group':
>                 {'name': 'default',
>                  'tenant_id': tenant_id,
>                  'description': _('Default security group')}
>         }
>         return self.create_security_group(context, security_group,
>                                           default_sg=True)['id']
>
> Obviously it checks first if the default SG already exists for the project,
> before creating it if not.  So why would that code hit the duplicate
> exception as shown above?
>
> Any ideas welcome!
>
> Best wishes,
>      Neil

--
Slawek Kaplonski
Senior software engineer
Red Hat