From 90e5786f6e5bd3235e3d1c307782b8cae9d7b958 Mon Sep 17 00:00:00 2001 From: JingLu5 Date: Tue, 1 Aug 2017 08:24:01 +0000 Subject: Bugfix: port_security_enabled issue JIRA: YARDSTICK-765 When port_security_enabled is not set, VMs are assigned with security group 'default'. When using 'default' security group, all egress traffic and intercommunication in the default group are allowed and all ingress from outside of the default group is dropped by default (in the default security group). This causes yardstick cannot ssh into VMs. If port_security_enabled is not set, we should still add the security group that created by yardstick to the VMs. Change-Id: Ifd22fb452e0077581b6900f8f51c4e3c342a30aa Signed-off-by: JingLu5 --- yardstick/benchmark/contexts/model.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'yardstick') diff --git a/yardstick/benchmark/contexts/model.py b/yardstick/benchmark/contexts/model.py index aed1a3f60..2db96bade 100644 --- a/yardstick/benchmark/contexts/model.py +++ b/yardstick/benchmark/contexts/model.py @@ -257,10 +257,11 @@ class Server(Object): # pragma: no cover port_name = server_name + "-" + network.name + "-port" self.ports[network.name] = {"stack_name": port_name} # we can't use secgroups if port_security_enabled is False - if network.port_security_enabled: - sec_group_id = self.secgroup_name - else: + if network.port_security_enabled is False: sec_group_id = None + else: + # if port_security_enabled is None we still need to add to secgroup + sec_group_id = self.secgroup_name # don't refactor to pass in network object, that causes JSON # circular ref encode errors template.add_port(port_name, network.stack_name, network.subnet_stack_name, -- cgit 1.2.3-korg