Browse code
Merge "Skips enabling kernel bridge firewall in container"
Jenkins authored on 2017/03/04 01:20:20Showing 5 changed files
| ... | ... |
@@ -664,6 +664,16 @@ function set_mtu {
|
| 664 | 664 |
} |
| 665 | 665 |
|
| 666 | 666 |
|
| 667 |
+# running_in_container - Returns true otherwise false |
|
| 668 |
+function running_in_container {
|
|
| 669 |
+ if grep -q lxc /proc/1/cgroup; then |
|
| 670 |
+ return 0 |
|
| 671 |
+ fi |
|
| 672 |
+ |
|
| 673 |
+ return 1 |
|
| 674 |
+} |
|
| 675 |
+ |
|
| 676 |
+ |
|
| 667 | 677 |
# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling |
| 668 | 678 |
function enable_kernel_bridge_firewall {
|
| 669 | 679 |
# Load bridge module. This module provides access to firewall for bridged |
| ... | ... |
@@ -180,7 +180,9 @@ function configure_neutron_new {
|
| 180 | 180 |
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP |
| 181 | 181 |
fi |
| 182 | 182 |
|
| 183 |
- enable_kernel_bridge_firewall |
|
| 183 |
+ if ! running_in_container; then |
|
| 184 |
+ enable_kernel_bridge_firewall |
|
| 185 |
+ fi |
|
| 184 | 186 |
fi |
| 185 | 187 |
|
| 186 | 188 |
# DHCP Agent |
| ... | ... |
@@ -67,7 +67,9 @@ function neutron_plugin_configure_plugin_agent {
|
| 67 | 67 |
fi |
| 68 | 68 |
if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
| 69 | 69 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
| 70 |
- enable_kernel_bridge_firewall |
|
| 70 |
+ if ! running_in_container; then |
|
| 71 |
+ enable_kernel_bridge_firewall |
|
| 72 |
+ fi |
|
| 71 | 73 |
else |
| 72 | 74 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver |
| 73 | 75 |
fi |
| ... | ... |
@@ -80,7 +80,9 @@ function _neutron_ovs_base_install_agent_packages {
|
| 80 | 80 |
function _neutron_ovs_base_configure_firewall_driver {
|
| 81 | 81 |
if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
| 82 | 82 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid |
| 83 |
- enable_kernel_bridge_firewall |
|
| 83 |
+ if ! running_in_container; then |
|
| 84 |
+ enable_kernel_bridge_firewall |
|
| 85 |
+ fi |
|
| 84 | 86 |
else |
| 85 | 87 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop |
| 86 | 88 |
fi |
| ... | ... |
@@ -889,7 +889,9 @@ function start_nova_rest {
|
| 889 | 889 |
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf" |
| 890 | 890 |
|
| 891 | 891 |
if is_service_enabled n-net; then |
| 892 |
- enable_kernel_bridge_firewall |
|
| 892 |
+ if ! running_in_container; then |
|
| 893 |
+ enable_kernel_bridge_firewall |
|
| 894 |
+ fi |
|
| 893 | 895 |
fi |
| 894 | 896 |
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf" |
| 895 | 897 |
|