From b0cef88866db3d325974b1691ac3e1030144ee19 Mon Sep 17 00:00:00 2001 From: Huan Xie Date: Mon, 30 Nov 2015 08:26:23 +0000 Subject: [PATCH] XenAPI: Fix netwrap to support security group This implementation is to give support on neutron security group with XenServer as compute driver. When using openvswitch, the ovs agent on compute node cannot execute some linux commands correctly due to xenserver driver lacking of such support. This change will add some allowed commands which can be executed in dom0. Implements: blueprint xenserver-give-support-on-neutron-security-group Change-Id: I377f8ad51e1d2725c3e0153e64322055fcce7b54 --- .../openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap b/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap index 67dc111bd..ca5d1c244 100644 --- a/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap +++ b/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap @@ -34,6 +34,12 @@ import XenAPIPlugin ALLOWED_CMDS = [ 'ip', + 'ipset', + 'iptables-save', + 'iptables-restore', + 'ip6tables-save', + 'ip6tables-restore', + 'sysctl', # NOTE(yamamoto): of_interface=native doesn't use ovs-ofctl 'ovs-ofctl', 'ovs-vsctl', @@ -56,7 +62,7 @@ def _run_command(cmd, cmd_input): stderr=pipe, close_fds=True) (out, err) = proc.communicate(cmd_input) - if err: + if proc.returncode != 0: raise PluginError(err) return out -- 2.45.2