Browse code
Skips enabling kernel bridge firewall in container
Calling enable_kernel_bridge_firewall inside a
container, devstack will crash because it tries to
load a kernel module by calling 'sudo modprobe' on
net.bridge.
Change-Id: Id4718c065d5a8c507d49f38e19c2796a64221aa4
Closes-Bug: #1662194
Denis Buliga authored on 2017/02/06 23:56:46Showing 5 changed files
| ... | ... |
@@ -664,6 +664,16 @@ function set_mtu {
|
| 664 | 664 |
} |
| 665 | 665 |
|
| 666 | 666 |
|
| 667 |
+# running_in_container - Returns true otherwise false |
|
| 668 |
+function running_in_container {
|
|
| 669 |
+ if grep -q lxc /proc/1/cgroup; then |
|
| 670 |
+ return 0 |
|
| 671 |
+ fi |
|
| 672 |
+ |
|
| 673 |
+ return 1 |
|
| 674 |
+} |
|
| 675 |
+ |
|
| 676 |
+ |
|
| 667 | 677 |
# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling |
| 668 | 678 |
function enable_kernel_bridge_firewall {
|
| 669 | 679 |
# Load bridge module. This module provides access to firewall for bridged |
| ... | ... |
@@ -188,7 +188,9 @@ function configure_neutron_new {
|
| 188 | 188 |
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP |
| 189 | 189 |
fi |
| 190 | 190 |
|
| 191 |
- enable_kernel_bridge_firewall |
|
| 191 |
+ if ! running_in_container; then |
|
| 192 |
+ enable_kernel_bridge_firewall |
|
| 193 |
+ fi |
|
| 192 | 194 |
fi |
| 193 | 195 |
|
| 194 | 196 |
# DHCP Agent |
| ... | ... |
@@ -71,7 +71,9 @@ function neutron_plugin_configure_plugin_agent {
|
| 71 | 71 |
fi |
| 72 | 72 |
if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
| 73 | 73 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
| 74 |
- enable_kernel_bridge_firewall |
|
| 74 |
+ if ! running_in_container; then |
|
| 75 |
+ enable_kernel_bridge_firewall |
|
| 76 |
+ fi |
|
| 75 | 77 |
else |
| 76 | 78 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver |
| 77 | 79 |
fi |
| ... | ... |
@@ -88,7 +88,9 @@ function _neutron_ovs_base_configure_debug_command {
|
| 88 | 88 |
function _neutron_ovs_base_configure_firewall_driver {
|
| 89 | 89 |
if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
| 90 | 90 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid |
| 91 |
- enable_kernel_bridge_firewall |
|
| 91 |
+ if ! running_in_container; then |
|
| 92 |
+ enable_kernel_bridge_firewall |
|
| 93 |
+ fi |
|
| 92 | 94 |
else |
| 93 | 95 |
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop |
| 94 | 96 |
fi |
| ... | ... |
@@ -864,7 +864,9 @@ function start_nova_rest {
|
| 864 | 864 |
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf" |
| 865 | 865 |
|
| 866 | 866 |
if is_service_enabled n-net; then |
| 867 |
- enable_kernel_bridge_firewall |
|
| 867 |
+ if ! running_in_container; then |
|
| 868 |
+ enable_kernel_bridge_firewall |
|
| 869 |
+ fi |
|
| 868 | 870 |
fi |
| 869 | 871 |
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf" |
| 870 | 872 |
|