On port update, default security group may be missing. In this case, port update will first create the group, then proceed to port object. The problem is that when it recreates the group, it uses AFTER_UPDATE event, which contradicts the transactional semantics of _ensure_default_security_group_handler.
Logs wise, we get this in neutron-server log:
Sep 14 12:03:03.604813 ubuntu-xenial-2-node-rax-dfw-10932230 neutron-server[30503]: WARNING neutron.plugins.ml2.ovo_rpc [None req-71600acd-c114-4dbd-a599-a9126fae14fb tempest-NetworkDefaultSecGroupTest-1846858447 tempest-NetworkDefaultSecGroupTest-1846858447] This handler is supposed to handle AFTER events, as in 'AFTER it's committed', not BEFORE. Offending resource event: security_group, after_create. Location:
And then later:
Sep 14 12:03:04.038599 ubuntu-xenial-2-node-rax-dfw-10932230 neutron-server[30503]: ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/new/neutron/neutron/plugins/ml2/plugin.py", line 1332, in update_port
Sep 14 12:03:04.038761 ubuntu-xenial-2-node-rax-dfw-10932230 neutron-server[30503]: ERROR neutron.pecan_wsgi.hooks.translation context.session.expire(port_db)
Sep 14 12:03:04.038924 ubuntu-xenial-2-node-rax-dfw-10932230 neutron-server[30503]: ERROR neutron.pecan_wsgi.hooks.translation File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1533, in expire
Sep 14 12:03:04.039083 ubuntu-xenial-2-node-rax-dfw-10932230 neutron-server[30503]: ERROR neutron.pecan_wsgi.hooks.translation self._expire_state(state, attribute_names)
Sep 14 12:03:04.039243 ubuntu-xenial-2-node-rax-dfw-10932230 neutron-server[30503]: ERROR neutron.pecan_wsgi.hooks.translation File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1536, in _expire_state
Sep 14 12:03:04.039406 ubuntu-xenial-2-node-rax-dfw-10932230 neutron-server[30503]: ERROR neutron.pecan_wsgi.hooks.translation self._validate_persistent(state)
Sep 14 12:03:04.041280 ubuntu-xenial-2-node-rax-dfw-10932230 neutron-server[30503]: ERROR neutron.pecan_wsgi.hooks.translation File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1976, in _validate_persistent
Sep 14 12:03:04.041453 ubuntu-xenial-2-node-rax-dfw-10932230 neutron-server[30503]: ERROR neutron.pecan_wsgi.hooks.translation state_str(state))
Sep 14 12:03:04.041658 ubuntu-xenial-2-node-rax-dfw-10932230 neutron-server[30503]: ERROR neutron.pecan_wsgi.hooks.translation InvalidRequestError: Instance '<Port at 0x7fec2d31a190>' is not persistent within this Session
Logs can be found in: http://logs.openstack.org/21/504021/1/check/gate-tempest-dsvm-neutron-dvr-multinode-scenario-ubuntu-xenial-nv/c6647c4/logs/screen-q-svc.txt.gz#_Sep_14_12_03_04_041658
For the record, this bug was originally reported in Red Hat Bugzilla: https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1493175