From 58de26288cc51af8caaaafa86588b2e488aa0ca4 Mon Sep 17 00:00:00 2001 From: Brent Eagles Date: Fri, 19 Aug 2016 14:51:26 -0230 Subject: [PATCH] Add bigswitch command to compute rootwrap filters 'ivs-ctl' is called from the libvirt vif driver. While the filter exists in network.filters, as the command is still used by nova compute it is consistent to include it in compute.filters. Change-Id: Icf61dba632fee26461ac18246ecf6a93f6bde346 --- etc/nova/rootwrap.d/compute.filters | 3 +++ .../notes/add-ivs-filter-to-compute-093734c1c5348e99.yaml | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 releasenotes/notes/add-ivs-filter-to-compute-093734c1c5348e99.yaml diff --git a/etc/nova/rootwrap.d/compute.filters b/etc/nova/rootwrap.d/compute.filters index 07f18eab3bcb..5a486a011fa5 100644 --- a/etc/nova/rootwrap.d/compute.filters +++ b/etc/nova/rootwrap.d/compute.filters @@ -86,6 +86,9 @@ tunctl: CommandFilter, tunctl, root # nova/network/linux_net.py: 'ovs-vsctl', .... ovs-vsctl: CommandFilter, ovs-vsctl, root +# nova/network/linux_net.py: 'ivs-ctl', .... +ivs-ctl: CommandFilter, ivs-ctl, root + # nova/virt/libvirt/vif.py: 'vrouter-port-control', ... vrouter-port-control: CommandFilter, vrouter-port-control, root diff --git a/releasenotes/notes/add-ivs-filter-to-compute-093734c1c5348e99.yaml b/releasenotes/notes/add-ivs-filter-to-compute-093734c1c5348e99.yaml new file mode 100644 index 000000000000..bd2197b92763 --- /dev/null +++ b/releasenotes/notes/add-ivs-filter-to-compute-093734c1c5348e99.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - The ivs-ctl command has been added to the rootwrap filters in + compute.filters. Deployments needing support for BigSwitch no longer need + to add the filters manually nor include network.filters at installation.