NSX|V: serialize rule creation

Ensure that rules creation under load does not cause exceptions on
the NSX

Change-Id: I349b2f221fe9b7ecda09cb9f56d43ae3d7f1b39e

vmware_nsx/plugins/nsx_v/plugin.py

@@ -3699,6 +3699,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                 context, sg_data, s)
             return sg_data
 
+        with locking.LockManager.get_lock('rule-update-%s' % id):
             # Get the backend section matching this security group
             h, c = self.nsx_v.vcns.get_section(section_uri)
             section = self.nsx_sg_utils.parse_section(c)
@@ -3708,12 +3709,14 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                 section.attrib['name'] = section_name
                 section_needs_update = True
 
-        # Update the dfw section if security-group logging option has changed.
+            # Update the dfw section if security-group logging option has
+            # changed.
             log_all_rules = cfg.CONF.nsxv.log_security_groups_allowed_traffic
             self._process_security_group_properties_update(context, sg_data, s)
             if not log_all_rules and context.is_admin:
-            section_needs_update |= self.nsx_sg_utils.set_rules_logged_option(
-                section, sg_data[sg_logging.LOGGING])
+                section_needs_update |= (
+                    self.nsx_sg_utils.set_rules_logged_option(
+                        section, sg_data[sg_logging.LOGGING]))
 
             if section_needs_update:
                 # update the section with all the modifications
@@ -3840,6 +3843,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                      ' a policy') % sg_id)
             raise n_exc.InvalidInput(error_message=msg)
 
+        with locking.LockManager.get_lock('rule-update-%s' % sg_id):
             # Querying DB for associated dfw section id
             section_uri = self._get_section_uri(context.session, sg_id)
             logging = self._is_security_group_logged(context, sg_id)