Calling enable_kernel_bridge_firewall inside a
container, devstack will crash because it tries to
load a kernel module by calling 'sudo modprobe' on
net.bridge.
Change-Id: Id4718c065d5a8c507d49f38e19c2796a64221aa4
Closes-Bug: #1662194
... | ... |
@@ -664,6 +664,16 @@ function set_mtu { |
664 | 664 |
} |
665 | 665 |
|
666 | 666 |
|
667 |
+# running_in_container - Returns true otherwise false |
|
668 |
+function running_in_container { |
|
669 |
+ if grep -q lxc /proc/1/cgroup; then |
|
670 |
+ return 0 |
|
671 |
+ fi |
|
672 |
+ |
|
673 |
+ return 1 |
|
674 |
+} |
|
675 |
+ |
|
676 |
+ |
|
667 | 677 |
# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling |
668 | 678 |
function enable_kernel_bridge_firewall { |
669 | 679 |
# Load bridge module. This module provides access to firewall for bridged |
... | ... |
@@ -188,7 +188,9 @@ function configure_neutron_new { |
188 | 188 |
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP |
189 | 189 |
fi |
190 | 190 |
|
191 |
- enable_kernel_bridge_firewall |
|
191 |
+ if ! running_in_container; then |
|
192 |
+ enable_kernel_bridge_firewall |
|
193 |
+ fi |
|
192 | 194 |
fi |
193 | 195 |
|
194 | 196 |
# DHCP Agent |
... | ... |
@@ -71,7 +71,9 @@ function neutron_plugin_configure_plugin_agent { |
71 | 71 |
fi |
72 | 72 |
if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
73 | 73 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
74 |
- enable_kernel_bridge_firewall |
|
74 |
+ if ! running_in_container; then |
|
75 |
+ enable_kernel_bridge_firewall |
|
76 |
+ fi |
|
75 | 77 |
else |
76 | 78 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver |
77 | 79 |
fi |
... | ... |
@@ -88,7 +88,9 @@ function _neutron_ovs_base_configure_debug_command { |
88 | 88 |
function _neutron_ovs_base_configure_firewall_driver { |
89 | 89 |
if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
90 | 90 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid |
91 |
- enable_kernel_bridge_firewall |
|
91 |
+ if ! running_in_container; then |
|
92 |
+ enable_kernel_bridge_firewall |
|
93 |
+ fi |
|
92 | 94 |
else |
93 | 95 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop |
94 | 96 |
fi |
... | ... |
@@ -864,7 +864,9 @@ function start_nova_rest { |
864 | 864 |
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf" |
865 | 865 |
|
866 | 866 |
if is_service_enabled n-net; then |
867 |
- enable_kernel_bridge_firewall |
|
867 |
+ if ! running_in_container; then |
|
868 |
+ enable_kernel_bridge_firewall |
|
869 |
+ fi |
|
868 | 870 |
fi |
869 | 871 |
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf" |
870 | 872 |
|