Comment 2 for bug 1992161

Revision history for this message
Rodolfo Alonso (rodolfo-alonso-hernandez) wrote :

Hello:

Since [1], the SG DB mixin checks the available SG rule has enough quota. This patch was tested in an environment where the RPC worker was spawned along with the API workers. In this case, the extensions (including the SG and the SG rules) are loaded and the resources are registered [2]

In the case you are presenting, the RPC worker runs in a single service and the quota resources are not loaded. This is indeed a legit issue that affects to any deployment, regardless of the backend.

Since [3] (from Xena) this issue is not present anymore because we no longer make a reservation but just check the quota limit. If the method does not find the tracked resource, it just returns without raising any exception.

This is, with not doubt, my fault when implementing this patch. However I would say that having a CI with two independent workers, API and RPC, would have catch this issue. But I don't know if this is feasible currently.

I'll push a patch for stable releases.

Regards.

[1]https://review.opendev.org/c/openstack/neutron/+/701565
[2]https://github.com/openstack/neutron/blob/91decc9514494fa691cdf5ffceb86b775b729164/neutron/extensions/securitygroup.py#L330
[3]https://review.opendev.org/q/Id73368576a948f78a043d7cf0be16661a65626a9