neutron

Duplicate default SG error when new system scopes are used

Bug #1938910 reported by Slawek Kaplonski on 2021-08-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Slawek Kaplonski

Bug Description

When new system scopes are enforced, after fix for https://bugs.launchpad.net/neutron/+bug/1934115 is merged, there is another problem. When project admin creates SG for some tenant it tries to get default SG for that tenant to ensure that there is such default SG. But as project admin can't get resources which belongs to other tenant default SG is not found even if it actually is in DB. So that ends up with error like:

Aug 04 16:11:26 devstack-ubuntu-ovs neutron-server[308908]: ERROR oslo_db.api oslo_db.exception.DBDuplicateEntry: (pymysql.err.IntegrityError) (1062, "Duplicate entry 'c8b4c762cac744da9b442bf12140c70a' for key 'default_security_group.PRIM>
Aug 04 16:11:26 devstack-ubuntu-ovs neutron-server[308908]: ERROR oslo_db.api [SQL: INSERT INTO default_security_group (project_id, security_group_id) VALUES (%(project_id)s, %(security_group_id)s)]
Aug 04 16:11:26 devstack-ubuntu-ovs neutron-server[308908]: ERROR oslo_db.api [parameters: {'project_id': 'c8b4c762cac744da9b442bf12140c70a', 'security_group_id': 'b88530f8-46a8-4190-96f1-bbfd9ddac83c'}]
Aug 04 16:11:26 devstack-ubuntu-ovs neutron-server[308908]: ERROR oslo_db.api (Background on this error at: http://sqlalche.me/e/14/gkpj)

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-08-04: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/803489

Changed in neutron:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-08-09: Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/803489
Committed: https://opendev.org/openstack/neutron/commit/e6c3686cd8f863c49b363504dacdb7641604a102
Submitter: "Zuul (22348)"
Branch: master

commit e6c3686cd8f863c49b363504dacdb7641604a102
Author: Slawek Kaplonski <email address hidden>
Date: Wed Aug 4 17:02:14 2021 +0200

Use elevated context when getting default SG for tenant

    With new scopes, when e.g. project admin context is used to ensure
    default SG for different tenant, elevated context needs to be used
    to make db query. Otherwise default SG will not be found and attempt to
    create it in DB may fail with DuplicateDbEntry error.

Closes-Bug: #1938910
Change-Id: Ib884be6aa12bd0d3faf83f3e753f8e7aad503b68

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-08-09: Fix proposed to neutron (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/neutron/+/803848

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-08-25: Fix merged to neutron (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/803848
Committed: https://opendev.org/openstack/neutron/commit/6d6a27bd5e13b46da6755292775fe41581428a6e
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 6d6a27bd5e13b46da6755292775fe41581428a6e
Author: Slawek Kaplonski <email address hidden>
Date: Wed Aug 4 17:02:14 2021 +0200

Use elevated context when getting default SG for tenant

    Closes-Bug: #1938910
    Change-Id: Ib884be6aa12bd0d3faf83f3e753f8e7aad503b68
    (cherry picked from commit e6c3686cd8f863c49b363504dacdb7641604a102)