[neutron] Failed to create a duplicate DefaultSecurityGroup

Neil Jerram neil at tigera.io
Tue Jun 16 15:34:26 UTC 2020 

https://bugs.launchpad.net/neutron/+bug/1883730

On Tue, Jun 16, 2020 at 1:44 PM Neil Jerram <neil at tigera.io> wrote:

> Thanks Slawek.  I'm happy to do that, but I thought I should write here
> first in case it is some kind of user error, and not really a bug in the
> Neutron code.
>
>
> On Tue, Jun 16, 2020 at 1:12 PM Slawek Kaplonski <skaplons at redhat.com>
> wrote:
>
>> Hi,
>>
>> Can You report a LP bug for that and attach full stack traces from the
>> neutron
>> server?
>>
>> On Tue, Jun 16, 2020 at 09:58:04AM +0100, Neil Jerram wrote:
>> > With Ussuri I'm hitting this in the neutron server:
>> >
>> > Failed to create a duplicate DefaultSecurityGroup: for attribute(s)
>> > ['PRIMARY'] with value(s) 11447be9beda4bf78dab27cdb75058e2
>> > pymysql.err.IntegrityError: (1062, "Duplicate entry
>> > '11447be9beda4bf78dab27cdb75058e2' for key 'PRIMARY'")
>> > oslo_db.exception.DBDuplicateEntry: (pymysql.err.IntegrityError) (1062,
>> > "Duplicate entry '11447be9beda4bf78dab27cdb75058e2' for key 'PRIMARY'")
>> > [SQL: INSERT INTO default_security_group (project_id, security_group_id)
>> > VALUES (%(project_id)s, %(security_group_id)s)]
>> > [parameters: {'project_id': '11447be9beda4bf78dab27cdb75058e2',
>> > 'security_group_id': '9f3a473c-b08a-4cf2-8327-10ecc8b87301'}]
>> > neutron_lib.objects.exceptions.NeutronDbObjectDuplicateEntry: Failed to
>> > create a duplicate DefaultSecurityGroup: for attribute(s) ['PRIMARY']
>> with
>> > value(s) 11447be9beda4bf78dab27cdb75058e2
>> >
>> > (Those are all, I believe, reports of the same problem, at different
>> levels
>> > of the stack.)
>> >
>> > IIUC, this is triggered by my Neutron driver calling
>> >
>> >         rules = self.db.get_security_group_rules(
>> >             context, filters={'security_group_id': sgids}
>> >         )
>> >
>> > where the context has project_id 11447be9beda4bf78dab27cdb75058e2.  Deep
>> > down inside that call, Neutron tries to ensure that there is a default
>> > security group for that project, and somehow that hits the reported
>> > exception.
>> >
>> > Here's the code in securitygroups_db.py:
>> >
>> >     def _ensure_default_security_group(self, context, tenant_id):
>> >         """Create a default security group if one doesn't exist.
>> >
>> >         :returns: the default security group id for given tenant.
>> >         """
>> >         default_group_id = self._get_default_sg_id(context, tenant_id)
>> >         if default_group_id:
>> >             return default_group_id
>> >
>> >         security_group = {
>> >             'security_group':
>> >                 {'name': 'default',
>> >                  'tenant_id': tenant_id,
>> >                  'description': _('Default security group')}
>> >         }
>> >         return self.create_security_group(context, security_group,
>> >                                           default_sg=True)['id']
>> >
>> > Obviously it checks first if the default SG already exists for the
>> project,
>> > before creating it if not.  So why would that code hit the duplicate
>> > exception as shown above?
>> >
>> > Any ideas welcome!
>> >
>> > Best wishes,
>> >      Neil
>>
>> --
>> Slawek Kaplonski
>> Senior software engineer
>> Red Hat
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200616/992091db/attachment.html>

More information about the openstack-discuss mailing list