From a4d1498a06c47d7aa39b4869d31cdc7e8f07a8d2 Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Mon, 14 Nov 2016 16:33:44 +0200 Subject: [PATCH] NSX|V do not update SG logging if SG has a policy During the nsx|v plugin init, we try to update the security groups logging in case the configuration changed. We should not be doing that for security group with policies. Change-Id: Ib1db3f89883c61e92427c4c559c3fb42f195f813 --- vmware_nsx/plugins/nsx_v/plugin.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/vmware_nsx/plugins/nsx_v/plugin.py b/vmware_nsx/plugins/nsx_v/plugin.py index b762f21f4b..2b771d0a6d 100644 --- a/vmware_nsx/plugins/nsx_v/plugin.py +++ b/vmware_nsx/plugins/nsx_v/plugin.py @@ -421,6 +421,10 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, # required. for sg in [sg for sg in self.get_security_groups(context) if sg[sg_logging.LOGGING] is False]: + if sg.get(sg_policy.POLICY): + # Logging is not relevant with a policy + continue + section_uri = self._get_section_uri(context.session, sg['id']) if section_uri is None: @@ -440,8 +444,9 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, section_uri, self.nsx_sg_utils.to_xml_string(section), h) except Exception as exc: - LOG.error(_LE('Unable to update section for logging. ' - '%s'), exc) + LOG.error(_LE('Unable to update security group %(sg)s ' + 'section for logging. %(e)s'), + {'e': exc, 'sg': sg['id']}) c_utils.spawn_n(process_security_groups_rules_logging)