From abb0775c2a3cea00650c73080adfd003218a5273 Mon Sep 17 00:00:00 2001 From: Abhishek Raut Date: Fri, 8 Jul 2016 16:43:39 -0700 Subject: [PATCH] NSXv: do not fail on spoofgaurd policy error Commit I2e69466e76b3b7339c6854e5c04f1309ede19f56 added exception handling for spoofguard delete failures in delete port. This commit does the same during update port. Change-Id: Ideb808d68c4739ac48a0680885b10a708a737784 --- vmware_nsx/plugins/nsx_v/plugin.py | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/vmware_nsx/plugins/nsx_v/plugin.py b/vmware_nsx/plugins/nsx_v/plugin.py index fe170f85f4..5912de3c5b 100644 --- a/vmware_nsx/plugins/nsx_v/plugin.py +++ b/vmware_nsx/plugins/nsx_v/plugin.py @@ -1481,10 +1481,14 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, context.session, vnic_id, curr_sgids) if cfg.CONF.nsxv.spoofguard_enabled: if original_port[psec.PORTSECURITY]: - self._remove_vnic_from_spoofguard_policy( - context.session, - original_port['network_id'], - vnic_id) + try: + self._remove_vnic_from_spoofguard_policy( + context.session, + original_port['network_id'], + vnic_id) + except Exception as e: + LOG.error(_LE('Could not delete the spoofguard ' + 'policy. Exception %s'), e) # remove vm from the exclusion list when it is detached # from the device if it has no port security if not original_port[psec.PORTSECURITY]: @@ -1508,9 +1512,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, self._remove_vm_from_exclude_list(context, device_id, id) elif cfg.CONF.nsxv.spoofguard_enabled: - self._remove_vnic_from_spoofguard_policy( - context.session, original_port['network_id'], - vnic_id) + try: + self._remove_vnic_from_spoofguard_policy( + context.session, original_port['network_id'], + vnic_id) + except Exception as e: + LOG.error(_LE('Could not delete the spoofguard ' + 'policy. Exception %s'), e) # Add vm to the exclusion list, since it has no port # security now self._add_vm_to_exclude_list(context, device_id, id)