diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index d4ff5ac302..7bdef10eb6 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -579,16 +579,15 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, "profile: %(name)s. Reason: %(reason)s", {'name': NSX_V3_MAC_LEARNING_PROFILE_NAME, 'reason': e}) - no_switch_security_prof = profile_client.find_by_display_name( - NSX_V3_NON_VIF_PROFILE)[0] - self._no_switch_security = profile_client.build_switch_profile_ids( - profile_client, no_switch_security_prof)[0] - if self._ens_psec_supported(): - no_switch_security_prof = profile_client.find_by_display_name( - NSX_V3_NON_VIF_ENS_PROFILE)[0] - self._no_switch_security_ens = ( - profile_client.build_switch_profile_ids( - profile_client, no_switch_security_prof)[0]) + + no_switch_security_prof = profile_client.find_by_display_name( + NSX_V3_NON_VIF_PROFILE)[0] + self._no_switch_security = profile_client.build_switch_profile_ids( + profile_client, no_switch_security_prof)[0] + no_switch_security_prof = profile_client.find_by_display_name( + NSX_V3_NON_VIF_ENS_PROFILE)[0] + self._no_switch_security_ens = profile_client.build_switch_profile_ids( + profile_client, no_switch_security_prof)[0] self.server_ssl_profile = None self.client_ssl_profile = None @@ -2079,6 +2078,11 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, if validators.is_attr_set(address_pairs) and address_pairs: mac_learning_profile_set = True profiles.append(self._get_port_security_profile_id()) + else: + if is_ens_tz_port: + profiles.append(self._no_switch_security_ens) + else: + profiles.append(self._no_switch_security) if device_owner == const.DEVICE_OWNER_DHCP: if ((not is_ens_tz_port or self._ens_psec_supported()) and not cfg.CONF.nsx_v3.native_dhcp_metadata): @@ -2104,9 +2108,11 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, port_data.get(mac_ext.MAC_LEARNING) is True))): profiles.append(self._mac_learning_profile) if is_ens_tz_port: - profiles.append(self._no_switch_security_ens) + if self._no_switch_security_ens not in profiles: + profiles.append(self._no_switch_security_ens) else: - profiles.append(self._no_switch_security) + if self._no_switch_security not in profiles: + profiles.append(self._no_switch_security) name = self._build_port_name(context, port_data) nsx_net_id = self._get_network_nsx_id(context, port_data['network_id']) @@ -2920,9 +2926,11 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, updated_port.get(mac_ext.MAC_LEARNING) is True)): switch_profile_ids.append(self._mac_learning_profile) if is_ens_tz_port: - switch_profile_ids.append(self._no_switch_security_ens) + if self._no_switch_security_ens not in switch_profile_ids: + switch_profile_ids.append(self._no_switch_security_ens) else: - switch_profile_ids.append(self._no_switch_security) + if self._no_switch_security not in switch_profile_ids: + switch_profile_ids.append(self._no_switch_security) try: self.nsxlib.logical_port.update( @@ -3048,6 +3056,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, switch_profile_ids = [self._get_port_security_profile_id()] else: switch_profile_ids = [self._no_psec_profile_id] + if is_ens_tz_port: + switch_profile_ids.append(self._no_switch_security_ens) + else: + switch_profile_ids.append(self._no_switch_security) address_bindings = [] # update the port in the backend, only if it exists in the DB