Virtual Interface creation failed due to duplicate entry

As mentioned in the other bug, we likely just need to keep track of the VirtualInterface objects we create and if something fails we clean them up here:

https://github.com/openstack/nova/blob/92a388a1e34559b2ce69d31fdef996ff029495a6/nova/network/neutronv2/api.py#L847

Hmm, this cleanup was added in newton:

https://review.opendev.org/#/c/342416/

So why isn't that handling the issue? Is it because _unbind_ports or _delete_ports fails so we don't get to that vif deletion loop?

I'm not seeing the error in logstash so this must be super rare if you're hitting it in Heat's CI testing.

http://logstash.openstack.org/#dashboard/file/logstash.json?query=message%3A%5C%22Duplicate%20entry%5C%22%20AND%20message%3A%5C%22for%20key%20'uniq_virtual_interfaces0address0deleted'%5C%5C%5C%22%5C%22%20AND%20(tags%3A%5C%22screen-n-cond-cell1.txt%5C%22%20OR%20tags%3A%5C%22screen-n-api.txt%5C%22)&from=7d

Bug 1847408 might be a duplicate of this.

This is pretty easy to reproduce. You need to create a server a specify the same port twice. For example:

  $ openstack port create --network private test-port
  $ openstack server create --flavor m1.small --image fedora-iso --port test-port --port test-port --wait test-server
  Error creating server: test-server
  Error creating server

Here's the request that OSC sends for the above command. Note the duplicate port ID.

REQ: curl -g -i -X POST http://192.168.50.23/compute/v2.1/servers -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -H "X-Auth-Token: {SHA256}c90e6681b5e681213c816ea7f0747201c4c4acbc950943cfabefc2bf3109b923" -H "X-OpenStack-Nova-API-Version: 2.1" -d '{"server": {"name": "test-server", "imageRef": "5a696736-805e-42af-bb8a-9344cee1b5c3", "flavorRef": "2", "min_count": 1, "max_count": 1, "networks": [{"port": "e3caceae-2c74-4114-9f3f-262a37fc1971"}, {"port": "e3caceae-2c74-4114-9f3f-262a37fc1971"}]}}'

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/nova/+/827070

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/nova/+/827120

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/nova/+/827121

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/nova/+/827122

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/nova/+/827123

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/nova/+/827126

Reviewed: https://review.opendev.org/c/openstack/nova/+/827070
Committed: https://opendev.org/openstack/nova/commit/9fe465427310f8215890d26bf169617653605e23
Submitter: "Zuul (22348)"
Branch: master

commit 9fe465427310f8215890d26bf169617653605e23
Author: Stephen Finucane <email address hidden>
Date: Mon Jan 31 12:56:57 2022 +0000

    api: Reject duplicate port IDs in server create

    Specifying a duplicate port ID is currently "allowed" but results in an
    integrity error when nova attempts to create a duplicate
    'VirtualInterface' entry. Start rejecting these requests by checking for
    duplicate IDs and rejecting offending requests. This is arguably an API
    change because there isn't a HTTP 5xx error (server create is an async
    operation), however, users shouldn't have to opt in to non-broken
    behavior and the underlying instance was never actually created
    previously, meaning automation that relied on this "feature" was always
    going to fail in a later step. We're also silently failing to do what
    the user asked (per flow chart at [1]).

    [1] https://docs.openstack.org/nova/latest/contributor/microversions.html#when-do-i-need-a-new-microversion

    Change-Id: Ie90fb83662dd06e7188f042fc6340596f93c5ef9
    Signed-off-by: Stephen Finucane <email address hidden>
    Closes-Bug: #1821088

Reviewed: https://review.opendev.org/c/openstack/nova/+/827120
Committed: https://opendev.org/openstack/nova/commit/d4c92bc2314c6402c4e3464a5aa61a94293eaf91
Submitter: "Zuul (22348)"
Branch: stable/xena

commit d4c92bc2314c6402c4e3464a5aa61a94293eaf91
Author: Stephen Finucane <email address hidden>
Date: Mon Jan 31 12:56:57 2022 +0000

    api: Reject duplicate port IDs in server create

    Specifying a duplicate port ID is currently "allowed" but results in an
    integrity error when nova attempts to create a duplicate
    'VirtualInterface' entry. Start rejecting these requests by checking for
    duplicate IDs and rejecting offending requests. This is arguably an API
    change because there isn't a HTTP 5xx error (server create is an async
    operation), however, users shouldn't have to opt in to non-broken
    behavior and the underlying instance was never actually created
    previously, meaning automation that relied on this "feature" was always
    going to fail in a later step. We're also silently failing to do what
    the user asked (per flow chart at [1]).

    [1] https://docs.openstack.org/nova/latest/contributor/microversions.html#when-do-i-need-a-new-microversion

    Change-Id: Ie90fb83662dd06e7188f042fc6340596f93c5ef9
    Signed-off-by: Stephen Finucane <email address hidden>
    Closes-Bug: #1821088
    (cherry picked from commit 9fe465427310f8215890d26bf169617653605e23)

This issue was fixed in the openstack/nova 24.1.0 release.

This issue was fixed in the openstack/nova 25.0.0.0rc1 release candidate.

Change abandoned by "Elod Illes <email address hidden>" on branch: stable/train
Review: https://review.opendev.org/c/openstack/nova/+/827126
Reason: stable/train branch of nova projects' have been tagged as End of Life. All open patches have to be abandoned in order to be able to delete the branch.