[neutron] Failed to create a duplicate DefaultSecurityGroup

Neil Jerram neil at tigera.io
Tue Jun 16 12:44:58 UTC 2020


Thanks Slawek.  I'm happy to do that, but I thought I should write here
first in case it is some kind of user error, and not really a bug in the
Neutron code.


On Tue, Jun 16, 2020 at 1:12 PM Slawek Kaplonski <skaplons at redhat.com>
wrote:

> Hi,
>
> Can You report a LP bug for that and attach full stack traces from the
> neutron
> server?
>
> On Tue, Jun 16, 2020 at 09:58:04AM +0100, Neil Jerram wrote:
> > With Ussuri I'm hitting this in the neutron server:
> >
> > Failed to create a duplicate DefaultSecurityGroup: for attribute(s)
> > ['PRIMARY'] with value(s) 11447be9beda4bf78dab27cdb75058e2
> > pymysql.err.IntegrityError: (1062, "Duplicate entry
> > '11447be9beda4bf78dab27cdb75058e2' for key 'PRIMARY'")
> > oslo_db.exception.DBDuplicateEntry: (pymysql.err.IntegrityError) (1062,
> > "Duplicate entry '11447be9beda4bf78dab27cdb75058e2' for key 'PRIMARY'")
> > [SQL: INSERT INTO default_security_group (project_id, security_group_id)
> > VALUES (%(project_id)s, %(security_group_id)s)]
> > [parameters: {'project_id': '11447be9beda4bf78dab27cdb75058e2',
> > 'security_group_id': '9f3a473c-b08a-4cf2-8327-10ecc8b87301'}]
> > neutron_lib.objects.exceptions.NeutronDbObjectDuplicateEntry: Failed to
> > create a duplicate DefaultSecurityGroup: for attribute(s) ['PRIMARY']
> with
> > value(s) 11447be9beda4bf78dab27cdb75058e2
> >
> > (Those are all, I believe, reports of the same problem, at different
> levels
> > of the stack.)
> >
> > IIUC, this is triggered by my Neutron driver calling
> >
> >         rules = self.db.get_security_group_rules(
> >             context, filters={'security_group_id': sgids}
> >         )
> >
> > where the context has project_id 11447be9beda4bf78dab27cdb75058e2.  Deep
> > down inside that call, Neutron tries to ensure that there is a default
> > security group for that project, and somehow that hits the reported
> > exception.
> >
> > Here's the code in securitygroups_db.py:
> >
> >     def _ensure_default_security_group(self, context, tenant_id):
> >         """Create a default security group if one doesn't exist.
> >
> >         :returns: the default security group id for given tenant.
> >         """
> >         default_group_id = self._get_default_sg_id(context, tenant_id)
> >         if default_group_id:
> >             return default_group_id
> >
> >         security_group = {
> >             'security_group':
> >                 {'name': 'default',
> >                  'tenant_id': tenant_id,
> >                  'description': _('Default security group')}
> >         }
> >         return self.create_security_group(context, security_group,
> >                                           default_sg=True)['id']
> >
> > Obviously it checks first if the default SG already exists for the
> project,
> > before creating it if not.  So why would that code hit the duplicate
> > exception as shown above?
> >
> > Any ideas welcome!
> >
> > Best wishes,
> >      Neil
>
> --
> Slawek Kaplonski
> Senior software engineer
> Red Hat
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200616/81c1f9ea/attachment.html>


More information about the openstack-discuss mailing list