vm Expunge: check that securityGroup-Vm mappings exists before locking the row in userVm table

server/src/com/cloud/network/NetworkManagerImpl.java

@@ -4907,7 +4907,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 
         //get provider for the service and check if all of them are supported
         String provider = _ntwkSrvcDao.getProviderForServiceInNetwork(networkId, service);
-
         if (!isProviderEnabledInPhysicalNetwork(physicalNetworkId, provider)) {
             s_logger.debug("Provider " + provider + " is not enabled in physical network id=" + physicalNetworkId);
             return false;

server/src/com/cloud/network/security/SecurityGroupManager.java

@@ -40,7 +40,7 @@ public interface SecurityGroupManager {
 	
 	public boolean addInstanceToGroups(Long userVmId, List<Long> groups);
 
-	public void removeInstanceFromGroups(Long userVmId);
+	public void removeInstanceFromGroups(long userVmId);
 
 	public void fullSync(long agentId, HashMap<String, Pair<Long, Long>> newGroupStates);
 	

server/src/com/cloud/network/security/SecurityGroupManagerImpl.java

@@ -64,7 +64,6 @@ import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceInUseException;
 import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.network.Network;
-import com.cloud.network.Network.Service;
 import com.cloud.network.NetworkManager;
 import com.cloud.network.security.SecurityGroupWork.Step;
 import com.cloud.network.security.dao.IngressRuleDao;
@@ -958,10 +957,11 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
 
     @Override
     @DB
-    public void removeInstanceFromGroups(Long userVmId) {
-        if (!isVmSecurityGroupEnabled(userVmId)) {
-            return;
-        }
+    public void removeInstanceFromGroups(long userVmId) {
+    	if (_securityGroupVMMapDao.countSGForVm(userVmId) < 1) {
+    		s_logger.trace("No security groups found for vm id=" + userVmId + ", returning");
+    		return;
+    	}
         final Transaction txn = Transaction.currentTxn();
         txn.start();
         UserVm userVm = _userVMDao.acquireInLockTable(userVmId); // ensures that duplicate entries are not created in
@@ -973,6 +973,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
         s_logger.info("Disassociated " + n + " network groups " + " from uservm " + userVmId);
         _userVMDao.releaseFromLockTable(userVmId);
         txn.commit();
+        s_logger.debug("Security group mappings are removed successfully for vm id=" + userVmId);
     }
 
     @DB

server/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java

@@ -32,5 +32,6 @@ public interface SecurityGroupVMMapDao extends GenericDao<SecurityGroupVMMapVO,
     List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId, State ... vmStates);
     int deleteVM(long instanceid);
 	List<Long> listVmIdsBySecurityGroup(long securityGroupId);
-	SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId);
+	SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId);
+	long countSGForVm(long instanceId);
 }

server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java

@@ -22,11 +22,17 @@ import java.util.List;
 
 import javax.ejb.Local;
 
+import com.cloud.dc.VlanVO;
+import com.cloud.dc.Vlan.VlanType;
+import com.cloud.network.IPAddressVO;
 import com.cloud.network.security.SecurityGroupVMMapVO;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.GenericSearchBuilder;
+import com.cloud.utils.db.JoinBuilder;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Func;
+import com.cloud.utils.db.SearchCriteria.Op;
 import com.cloud.vm.VirtualMachine.State;
 
 @Local(value={SecurityGroupVMMapDao.class})
@@ -34,6 +40,7 @@ public class SecurityGroupVMMapDaoImpl extends GenericDaoBase<SecurityGroupVMMap
     private SearchBuilder<SecurityGroupVMMapVO> ListByIpAndVmId;
     private SearchBuilder<SecurityGroupVMMapVO> ListByVmId;
     private SearchBuilder<SecurityGroupVMMapVO> ListByVmIdGroupId;
+    protected GenericSearchBuilder<SecurityGroupVMMapVO, Long> CountSGForVm;
 
     private GenericSearchBuilder<SecurityGroupVMMapVO, Long> ListVmIdBySecurityGroup;
 
@@ -72,7 +79,12 @@ public class SecurityGroupVMMapDaoImpl extends GenericDaoBase<SecurityGroupVMMap
         ListByVmIdGroupId  = createSearchBuilder();
         ListByVmIdGroupId.and("instanceId", ListByVmIdGroupId.entity().getInstanceId(), SearchCriteria.Op.EQ);
         ListByVmIdGroupId.and("securityGroupId", ListByVmIdGroupId.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
-        ListByVmIdGroupId.done();
+        ListByVmIdGroupId.done();
+        
+        CountSGForVm = createSearchBuilder(Long.class);
+        CountSGForVm.select(null, Func.COUNT, null);
+        CountSGForVm.and("vmId", CountSGForVm.entity().getInstanceId(), SearchCriteria.Op.EQ);
+        CountSGForVm.done();
     }
 
     @Override
@@ -133,5 +145,12 @@ public class SecurityGroupVMMapDaoImpl extends GenericDaoBase<SecurityGroupVMMap
         sc.setParameters("instanceId", instanceId);
 		return findOneIncludingRemovedBy(sc);
 	}
+	
+	@Override
+	public long countSGForVm(long instanceId) {
+		SearchCriteria<Long> sc = CountSGForVm.create();
+    	sc.setParameters("vmId", instanceId);
+        return customSearch(sc, null).get(0);       
+	}
 	
 }