... | ... |
@@ -664,6 +664,16 @@ function set_mtu { |
664 | 664 |
} |
665 | 665 |
|
666 | 666 |
|
667 |
+# running_in_container - Returns true otherwise false |
|
668 |
+function running_in_container { |
|
669 |
+ if grep -q lxc /proc/1/cgroup; then |
|
670 |
+ return 0 |
|
671 |
+ fi |
|
672 |
+ |
|
673 |
+ return 1 |
|
674 |
+} |
|
675 |
+ |
|
676 |
+ |
|
667 | 677 |
# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling |
668 | 678 |
function enable_kernel_bridge_firewall { |
669 | 679 |
# Load bridge module. This module provides access to firewall for bridged |
... | ... |
@@ -180,7 +180,9 @@ function configure_neutron_new { |
180 | 180 |
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP |
181 | 181 |
fi |
182 | 182 |
|
183 |
- enable_kernel_bridge_firewall |
|
183 |
+ if ! running_in_container; then |
|
184 |
+ enable_kernel_bridge_firewall |
|
185 |
+ fi |
|
184 | 186 |
fi |
185 | 187 |
|
186 | 188 |
# DHCP Agent |
... | ... |
@@ -67,7 +67,9 @@ function neutron_plugin_configure_plugin_agent { |
67 | 67 |
fi |
68 | 68 |
if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
69 | 69 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
70 |
- enable_kernel_bridge_firewall |
|
70 |
+ if ! running_in_container; then |
|
71 |
+ enable_kernel_bridge_firewall |
|
72 |
+ fi |
|
71 | 73 |
else |
72 | 74 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver |
73 | 75 |
fi |
... | ... |
@@ -80,7 +80,9 @@ function _neutron_ovs_base_install_agent_packages { |
80 | 80 |
function _neutron_ovs_base_configure_firewall_driver { |
81 | 81 |
if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
82 | 82 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid |
83 |
- enable_kernel_bridge_firewall |
|
83 |
+ if ! running_in_container; then |
|
84 |
+ enable_kernel_bridge_firewall |
|
85 |
+ fi |
|
84 | 86 |
else |
85 | 87 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop |
86 | 88 |
fi |
... | ... |
@@ -889,7 +889,9 @@ function start_nova_rest { |
889 | 889 |
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf" |
890 | 890 |
|
891 | 891 |
if is_service_enabled n-net; then |
892 |
- enable_kernel_bridge_firewall |
|
892 |
+ if ! running_in_container; then |
|
893 |
+ enable_kernel_bridge_firewall |
|
894 |
+ fi |
|
893 | 895 |
fi |
894 | 896 |
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf" |
895 | 897 |
|