XenAPI: Fix netwrap to support security group
This implementation is to give support on neutron security group with XenServer as compute driver. When using openvswitch, the ovs agent on compute node cannot execute some linux commands correctly due to xenserver driver lacking of such support. This change will add some allowed commands which can be executed in dom0. Implements: blueprint xenserver-give-support-on-neutron-security-group Change-Id: I377f8ad51e1d2725c3e0153e64322055fcce7b54
This commit is contained in:
parent
21ca26e50a
commit
b0cef88866
|
@ -34,6 +34,12 @@ import XenAPIPlugin
|
|||
|
||||
ALLOWED_CMDS = [
|
||||
'ip',
|
||||
'ipset',
|
||||
'iptables-save',
|
||||
'iptables-restore',
|
||||
'ip6tables-save',
|
||||
'ip6tables-restore',
|
||||
'sysctl',
|
||||
# NOTE(yamamoto): of_interface=native doesn't use ovs-ofctl
|
||||
'ovs-ofctl',
|
||||
'ovs-vsctl',
|
||||
|
@ -56,7 +62,7 @@ def _run_command(cmd, cmd_input):
|
|||
stderr=pipe, close_fds=True)
|
||||
(out, err) = proc.communicate(cmd_input)
|
||||
|
||||
if err:
|
||||
if proc.returncode != 0:
|
||||
raise PluginError(err)
|
||||
return out
|
||||
|
||||
|
|
Loading…
Reference in New Issue