From c2e762762568c8b8cef86c28c130a7a040152f26 Mon Sep 17 00:00:00 2001
From: Roey Chen <roeyc@vmware.com>
Date: Sun, 14 Feb 2016 08:23:23 -0800
Subject: [PATCH] NSX|V3: Remove Neutron port if failed to add port to
 security-groups

During create_port, a Neutron port is created before updating the
security-groups on the backend, if update fails (e.g - an
SecurityGroupMaximumCapacityReached is raised) then we need to delete
the Neutron port from the DB.
Change-Id: Id07fc4a988b58ca2aec5c372c3c3cb597e8760a8
---
 vmware_nsx/plugins/nsx_v3/plugin.py | 31 +++++++++++++++--------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py
index 2f2a257426..b801f5a0ef 100644
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@@ -780,26 +780,27 @@ class NsxV3Plugin(addr_pair_db.AllowedAddressPairsMixin,
                 lport = self._create_port_at_the_backend(
                     context, neutron_db, port_data,
                     l2gw_port_check, is_psec_on)
+
+                if sgids:
+                    security.update_lport_with_security_groups(
+                        context, lport['id'], [], sgids)
+
+            except nsx_exc.SecurityGroupMaximumCapacityReached:
+                with excutils.save_and_reraise_exception():
+                    LOG.debug("Couldn't associate port %s with "
+                              "one or more security-groups, reverting "
+                              "reverting logical-port creation (%s).",
+                              port_data['id'], lport['id'])
+                    super(NsxV3Plugin, self).delete_port(context,
+                                                         neutron_db['id'])
+                    self._port_client.delete(lport['id'])
             except Exception:
                 with excutils.save_and_reraise_exception():
                     LOG.exception(
                         _LE('Failed to create port %s on NSX backend'),
                         neutron_db['id'])
-                    with context.session.begin(subtransactions=True):
-                        super(NsxV3Plugin, self).delete_port(context,
-                                                             neutron_db['id'])
-
-            if sgids:
-                try:
-                    security.update_lport_with_security_groups(
-                        context, lport['id'], [], sgids)
-                except nsx_exc.SecurityGroupMaximumCapacityReached:
-                    with excutils.save_and_reraise_exception():
-                        LOG.debug("Couldn't associate port %s with "
-                                  "one or more security-groups, reverting "
-                                  "reverting logical-port creation (%s).",
-                                  port_data['id'], lport['id'])
-                        self._port_client.delete(lport['id'])
+                    super(NsxV3Plugin, self).delete_port(context,
+                                                         neutron_db['id'])
 
         nsx_rpc.handle_port_metadata_access(self, context, neutron_db)
         return port_data