From: JingLu5 <lvjing5@huawei.com>
Date: Tue, 1 Aug 2017 08:24:01 +0000 (+0000)
Subject: Bugfix: port_security_enabled issue
X-Git-Tag: opnfv-5.0.RC1~315
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=90e5786f6e5bd3235e3d1c307782b8cae9d7b958;p=yardstick.git

Bugfix: port_security_enabled issue

JIRA: YARDSTICK-765

When port_security_enabled is not set, VMs are assigned with security group 'default'.
When using 'default' security group, all egress traffic and intercommunication in the
default group are allowed and all ingress from outside of the default group is dropped
by default (in the default security group). This causes yardstick cannot ssh into VMs.

If port_security_enabled is not set, we should still add the security group that created
by yardstick to the VMs.

Change-Id: Ifd22fb452e0077581b6900f8f51c4e3c342a30aa
Signed-off-by: JingLu5 <lvjing5@huawei.com>
---

diff --git a/yardstick/benchmark/contexts/model.py b/yardstick/benchmark/contexts/model.py
index aed1a3f60..2db96bade 100644
--- a/yardstick/benchmark/contexts/model.py
+++ b/yardstick/benchmark/contexts/model.py
@@ -257,10 +257,11 @@ class Server(Object):     # pragma: no cover
             port_name = server_name + "-" + network.name + "-port"
             self.ports[network.name] = {"stack_name": port_name}
             # we can't use secgroups if port_security_enabled is False
-            if network.port_security_enabled:
-                sec_group_id = self.secgroup_name
-            else:
+            if network.port_security_enabled is False:
                 sec_group_id = None
+            else:
+                # if port_security_enabled is None we still need to add to secgroup
+                sec_group_id = self.secgroup_name
             # don't refactor to pass in network object, that causes JSON
             # circular ref encode errors
             template.add_port(port_name, network.stack_name, network.subnet_stack_name,