Most instance actions can be called concurrently

I intend to fix this by changing instance.save() such that it will:

1. return the expected InstanceUpdateConflict directly without hitting the db if instance.task_state doesn't match expected_task_state.

2. assert that task state is being changed if expected_task_state is set (this would be a programming error).

3. ditto for vm_state.

I believe unit test coverage in test_instance will be sufficient for this change.

When writing tests for the above I discovered that this is not the issue. Specifically, OVO doesn't check the previous value when setting an attribute, so when we do:

  instance.task_state = SHELVING

this always makes the object dirty, regardless of the previous value of task_state. Therefore in the above case we always hit the DB, and this isn't the problem.

The root cause of this issue appears to be in sqlalchemy.api._instance_update. This method modifies the contents of the values dict when called, including popping the value of expected_task_state. If this results in db conflict due a concurrent update and it is retried, the second invocation is called without expected_task_state in values, and therefore it isn't checked.

Fix proposed to branch: master
Review: https://review.opendev.org/658845

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/659317

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/659318

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/659320

Reviewed: https://review.opendev.org/658845
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=aae5c7aa3819ad9161fd2effed3872d540099230
Submitter: Zuul
Branch: master

commit aae5c7aa3819ad9161fd2effed3872d540099230
Author: Matthew Booth <email address hidden>
Date: Mon May 13 16:04:39 2019 +0100

    Fix retry of instance_update_and_get_original

    _instance_update modifies its 'values' argument. Consequently if it is
    retried due to an update conflict, the second invocation has the wrong
    arguments.

    A specific issue this causes is that if we called it with
    expected_task_state a concurrent modification to task_state will cause
    us to fail and retry. However, expected_task_state will have been popped
    from values on the first invocation and will not be present for the
    second. Consequently the second invocation will fail to perform the
    task_state check and therefore succeed, resulting in a race.

    We rewrite the old race unit test which wasn't testing the correct
    thing for 2 reasons:

    1. Due to the bug fixed in this patch, although we were calling
       update_on_match() twice, the second call didn't check the task state.
    2. side_effect=iterable returns function items without executing them,
       but we weren't hitting this due to the bug fixed in this patch.

    Closes-Bug: #1821373
    Change-Id: I01c63e685113bf30e687ccb14a4d18e344b306f6

Reviewed: https://review.opendev.org/659317
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=61fef49b1555c6509398fc47c21319c1b5e50505
Submitter: Zuul
Branch: stable/stein

commit 61fef49b1555c6509398fc47c21319c1b5e50505
Author: Matthew Booth <email address hidden>
Date: Mon May 13 16:04:39 2019 +0100

    Fix retry of instance_update_and_get_original

    _instance_update modifies its 'values' argument. Consequently if it is
    retried due to an update conflict, the second invocation has the wrong
    arguments.

    A specific issue this causes is that if we called it with
    expected_task_state a concurrent modification to task_state will cause
    us to fail and retry. However, expected_task_state will have been popped
    from values on the first invocation and will not be present for the
    second. Consequently the second invocation will fail to perform the
    task_state check and therefore succeed, resulting in a race.

    We rewrite the old race unit test which wasn't testing the correct
    thing for 2 reasons:

    1. Due to the bug fixed in this patch, although we were calling
       update_on_match() twice, the second call didn't check the task state.
    2. side_effect=iterable returns function items without executing them,
       but we weren't hitting this due to the bug fixed in this patch.

    Closes-Bug: #1821373
    Change-Id: I01c63e685113bf30e687ccb14a4d18e344b306f6
    (cherry picked from commit aae5c7aa3819ad9161fd2effed3872d540099230)

Reviewed: https://review.opendev.org/659318
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=4540cd6ef9731837cf4ed1e56850bcfa3512ae1c
Submitter: Zuul
Branch: stable/rocky

commit 4540cd6ef9731837cf4ed1e56850bcfa3512ae1c
Author: Matthew Booth <email address hidden>
Date: Mon May 13 16:04:39 2019 +0100

    Fix retry of instance_update_and_get_original

    _instance_update modifies its 'values' argument. Consequently if it is
    retried due to an update conflict, the second invocation has the wrong
    arguments.

    A specific issue this causes is that if we called it with
    expected_task_state a concurrent modification to task_state will cause
    us to fail and retry. However, expected_task_state will have been popped
    from values on the first invocation and will not be present for the
    second. Consequently the second invocation will fail to perform the
    task_state check and therefore succeed, resulting in a race.

    We rewrite the old race unit test which wasn't testing the correct
    thing for 2 reasons:

    1. Due to the bug fixed in this patch, although we were calling
       update_on_match() twice, the second call didn't check the task state.
    2. side_effect=iterable returns function items without executing them,
       but we weren't hitting this due to the bug fixed in this patch.

    Closes-Bug: #1821373
    Change-Id: I01c63e685113bf30e687ccb14a4d18e344b306f6
    (cherry picked from commit aae5c7aa3819ad9161fd2effed3872d540099230)
    (cherry picked from commit 61fef49b1555c6509398fc47c21319c1b5e50505)

This issue was fixed in the openstack/nova 19.0.1 release.

This issue was fixed in the openstack/nova 18.2.1 release.

Reviewed: https://review.opendev.org/659320
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=f9c2503609bfad0b871d9e87227aa2bb5c137467
Submitter: Zuul
Branch: stable/queens

commit f9c2503609bfad0b871d9e87227aa2bb5c137467
Author: Matthew Booth <email address hidden>
Date: Mon May 13 16:04:39 2019 +0100

    Fix retry of instance_update_and_get_original

    _instance_update modifies its 'values' argument. Consequently if it is
    retried due to an update conflict, the second invocation has the wrong
    arguments.

    A specific issue this causes is that if we called it with
    expected_task_state a concurrent modification to task_state will cause
    us to fail and retry. However, expected_task_state will have been popped
    from values on the first invocation and will not be present for the
    second. Consequently the second invocation will fail to perform the
    task_state check and therefore succeed, resulting in a race.

    We rewrite the old race unit test which wasn't testing the correct
    thing for 2 reasons:

    1. Due to the bug fixed in this patch, although we were calling
       update_on_match() twice, the second call didn't check the task state.
    2. side_effect=iterable returns function items without executing them,
       but we weren't hitting this due to the bug fixed in this patch.

    Closes-Bug: #1821373
    Change-Id: I01c63e685113bf30e687ccb14a4d18e344b306f6
    (cherry picked from commit aae5c7aa3819ad9161fd2effed3872d540099230)
    (cherry picked from commit 61fef49b1555c6509398fc47c21319c1b5e50505)
    (cherry picked from commit 4540cd6ef9731837cf4ed1e56850bcfa3512ae1c)

This issue was fixed in the openstack/nova 17.0.11 release.

This issue was fixed in the openstack/nova 20.0.0.0rc1 release candidate.