Skips enabling kernel bridge firewall in container
Calling enable_kernel_bridge_firewall inside a
container, devstack will crash because it tries to
load a kernel module by calling 'sudo modprobe' on
net.bridge.
Change-Id: Id4718c065d5a8c507d49f38e19c2796a64221aa4
Closes-Bug: #1662194
(cherry picked from commit 0bf75a471e
)
This commit is contained in:
parent
228f5c0755
commit
043141302c
10
functions
10
functions
|
@ -646,6 +646,16 @@ function set_mtu {
|
|||
}
|
||||
|
||||
|
||||
# running_in_container - Returns true otherwise false
|
||||
function running_in_container {
|
||||
if grep -q lxc /proc/1/cgroup; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
|
||||
# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling
|
||||
function enable_kernel_bridge_firewall {
|
||||
# Load bridge module. This module provides access to firewall for bridged
|
||||
|
|
|
@ -183,7 +183,9 @@ function configure_neutron_new {
|
|||
iniset $NEUTRON_PLUGIN_CONF ovs local_ip $HOST_IP
|
||||
fi
|
||||
|
||||
enable_kernel_bridge_firewall
|
||||
if ! running_in_container; then
|
||||
enable_kernel_bridge_firewall
|
||||
fi
|
||||
fi
|
||||
|
||||
# DHCP Agent
|
||||
|
|
|
@ -71,7 +71,9 @@ function neutron_plugin_configure_plugin_agent {
|
|||
fi
|
||||
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
|
||||
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
|
||||
enable_kernel_bridge_firewall
|
||||
if ! running_in_container; then
|
||||
enable_kernel_bridge_firewall
|
||||
fi
|
||||
else
|
||||
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
|
||||
fi
|
||||
|
|
|
@ -84,7 +84,9 @@ function _neutron_ovs_base_configure_debug_command {
|
|||
function _neutron_ovs_base_configure_firewall_driver {
|
||||
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
|
||||
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
|
||||
enable_kernel_bridge_firewall
|
||||
if ! running_in_container; then
|
||||
enable_kernel_bridge_firewall
|
||||
fi
|
||||
else
|
||||
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
|
||||
fi
|
||||
|
|
4
lib/nova
4
lib/nova
|
@ -871,7 +871,9 @@ function start_nova_rest {
|
|||
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf"
|
||||
|
||||
if is_service_enabled n-net; then
|
||||
enable_kernel_bridge_firewall
|
||||
if ! running_in_container; then
|
||||
enable_kernel_bridge_firewall
|
||||
fi
|
||||
fi
|
||||
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf"
|
||||
|
||||
|
|
Loading…
Reference in New Issue