Merge "Set correct switch security profile when port sec disabled"
This commit is contained in:
Zuul
Gerrit Code Review
commit
3e63e06182
@ -579,16 +579,15 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
"profile: %(name)s. Reason: %(reason)s",
|
||||
{'name': NSX_V3_MAC_LEARNING_PROFILE_NAME,
|
||||
'reason': e})
|
||||
no_switch_security_prof = profile_client.find_by_display_name(
|
||||
NSX_V3_NON_VIF_PROFILE)[0]
|
||||
self._no_switch_security = profile_client.build_switch_profile_ids(
|
||||
profile_client, no_switch_security_prof)[0]
|
||||
if self._ens_psec_supported():
|
||||
no_switch_security_prof = profile_client.find_by_display_name(
|
||||
NSX_V3_NON_VIF_ENS_PROFILE)[0]
|
||||
self._no_switch_security_ens = (
|
||||
profile_client.build_switch_profile_ids(
|
||||
profile_client, no_switch_security_prof)[0])
|
||||
|
||||
no_switch_security_prof = profile_client.find_by_display_name(
|
||||
NSX_V3_NON_VIF_PROFILE)[0]
|
||||
self._no_switch_security = profile_client.build_switch_profile_ids(
|
||||
profile_client, no_switch_security_prof)[0]
|
||||
no_switch_security_prof = profile_client.find_by_display_name(
|
||||
NSX_V3_NON_VIF_ENS_PROFILE)[0]
|
||||
self._no_switch_security_ens = profile_client.build_switch_profile_ids(
|
||||
profile_client, no_switch_security_prof)[0]
|
||||
|
||||
self.server_ssl_profile = None
|
||||
self.client_ssl_profile = None
|
||||
@ -2079,6 +2078,11 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
if validators.is_attr_set(address_pairs) and address_pairs:
|
||||
mac_learning_profile_set = True
|
||||
profiles.append(self._get_port_security_profile_id())
|
||||
else:
|
||||
if is_ens_tz_port:
|
||||
profiles.append(self._no_switch_security_ens)
|
||||
else:
|
||||
profiles.append(self._no_switch_security)
|
||||
if device_owner == const.DEVICE_OWNER_DHCP:
|
||||
if ((not is_ens_tz_port or self._ens_psec_supported()) and
|
||||
not cfg.CONF.nsx_v3.native_dhcp_metadata):
|
||||
@ -2104,9 +2108,11 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
port_data.get(mac_ext.MAC_LEARNING) is True))):
|
||||
profiles.append(self._mac_learning_profile)
|
||||
if is_ens_tz_port:
|
||||
profiles.append(self._no_switch_security_ens)
|
||||
if self._no_switch_security_ens not in profiles:
|
||||
profiles.append(self._no_switch_security_ens)
|
||||
else:
|
||||
profiles.append(self._no_switch_security)
|
||||
if self._no_switch_security not in profiles:
|
||||
profiles.append(self._no_switch_security)
|
||||
|
||||
name = self._build_port_name(context, port_data)
|
||||
nsx_net_id = self._get_network_nsx_id(context, port_data['network_id'])
|
||||
@ -2920,9 +2926,11 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
updated_port.get(mac_ext.MAC_LEARNING) is True)):
|
||||
switch_profile_ids.append(self._mac_learning_profile)
|
||||
if is_ens_tz_port:
|
||||
switch_profile_ids.append(self._no_switch_security_ens)
|
||||
if self._no_switch_security_ens not in switch_profile_ids:
|
||||
switch_profile_ids.append(self._no_switch_security_ens)
|
||||
else:
|
||||
switch_profile_ids.append(self._no_switch_security)
|
||||
if self._no_switch_security not in switch_profile_ids:
|
||||
switch_profile_ids.append(self._no_switch_security)
|
||||
|
||||
try:
|
||||
self.nsxlib.logical_port.update(
|
||||
@ -3048,6 +3056,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
switch_profile_ids = [self._get_port_security_profile_id()]
|
||||
else:
|
||||
switch_profile_ids = [self._no_psec_profile_id]
|
||||
if is_ens_tz_port:
|
||||
switch_profile_ids.append(self._no_switch_security_ens)
|
||||
else:
|
||||
switch_profile_ids.append(self._no_switch_security)
|
||||
address_bindings = []
|
||||
|
||||
# update the port in the backend, only if it exists in the DB
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user