From 03d62f94e333e28dc88a820e47b893c8f8842d71 Mon Sep 17 00:00:00 2001
From: Gary Kotton <gkotton@vmware.com>
Date: Mon, 16 Jan 2017 22:14:01 -0800
Subject: [PATCH] NSX|V: ensure that FW rule updates on edge are locked

If this opertaion happens concurrently then therecould be a
exception on the edge.

Change-Id: I33542ee956b35b3616748b8d44017eb74d439bfa
---
 .../plugins/nsx_v/drivers/distributed_router_driver.py       | 5 ++++-
 vmware_nsx/plugins/nsx_v/drivers/exclusive_router_driver.py  | 5 ++++-
 vmware_nsx/plugins/nsx_v/vshield/edge_utils.py               | 5 +++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/vmware_nsx/plugins/nsx_v/drivers/distributed_router_driver.py b/vmware_nsx/plugins/nsx_v/drivers/distributed_router_driver.py
index 905c228427..82ceee2944 100644
--- a/vmware_nsx/plugins/nsx_v/drivers/distributed_router_driver.py
+++ b/vmware_nsx/plugins/nsx_v/drivers/distributed_router_driver.py
@@ -104,7 +104,10 @@ class RouterDistributedDriver(router_driver.RouterBaseDriver):
             router_db = self.plugin._get_router(context, router_id)
             nexthop = self.plugin._get_external_attachment_info(
                 context, router_db)[2]
-            self.plugin._update_subnets_and_dnat_firewall(context, router_db)
+            with locking.LockManager.get_lock(self._get_edge_id(context,
+                                                                router_id)):
+                self.plugin._update_subnets_and_dnat_firewall(context,
+                                                              router_db)
             md_gw_data = self._get_metadata_gw_data(context, router_id)
             self._update_routes(context, router_id, nexthop, md_gw_data)
         if 'admin_state_up' in r:
diff --git a/vmware_nsx/plugins/nsx_v/drivers/exclusive_router_driver.py b/vmware_nsx/plugins/nsx_v/drivers/exclusive_router_driver.py
index 69d007b5ff..04935302be 100644
--- a/vmware_nsx/plugins/nsx_v/drivers/exclusive_router_driver.py
+++ b/vmware_nsx/plugins/nsx_v/drivers/exclusive_router_driver.py
@@ -60,7 +60,10 @@ class RouterExclusiveDriver(router_driver.RouterBaseDriver):
             router_db = self.plugin._get_router(context, router_id)
             nexthop = self.plugin._get_external_attachment_info(
                 context, router_db)[2]
-            self.plugin._update_subnets_and_dnat_firewall(context, router_db)
+            with locking.LockManager.get_lock(
+                    self._get_router_edge_id(context, router_id)):
+                self.plugin._update_subnets_and_dnat_firewall(context,
+                                                              router_db)
             self.update_routes(context, router_id, nexthop)
         if 'admin_state_up' in r:
             self.plugin._update_router_admin_state(
diff --git a/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py b/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py
index 399be10bcc..e0e935bf1e 100644
--- a/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py
+++ b/vmware_nsx/plugins/nsx_v/vshield/edge_utils.py
@@ -1385,8 +1385,9 @@ class EdgeManager(object):
 
             self.plugin.metadata_proxy_handler.configure_router_edge(
                 context, resource_id)
-            self.plugin.setup_dhcp_edge_fw_rules(
-                context, self.plugin, resource_id)
+            with locking.LockManager.get_lock(str(dhcp_edge_id)):
+                self.plugin.setup_dhcp_edge_fw_rules(
+                    context, self.plugin, resource_id)
 
             if not self.per_interface_rp_filter:
                 with locking.LockManager.get_lock(str(dhcp_edge_id)):