Skip to content

Commit 28b034f

Browse files
author
Denis Buliga
committed
Skips enabling kernel bridge firewall in container
Calling enable_kernel_bridge_firewall inside a container, devstack will crash because it tries to load a kernel module by calling 'sudo modprobe' on net.bridge. Change-Id: Id4718c065d5a8c507d49f38e19c2796a64221aa4 Closes-Bug: #1662194 (cherry picked from commit 0bf75a4)
1 parent 9379c95 commit 28b034f

File tree

5 files changed

+22
-4
lines changed

5 files changed

+22
-4
lines changed

functions

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -664,6 +664,16 @@ function set_mtu {
664664
}
665665

666666

667+
# running_in_container - Returns true otherwise false
668+
function running_in_container {
669+
if grep -q lxc /proc/1/cgroup; then
670+
return 0
671+
fi
672+
673+
return 1
674+
}
675+
676+
667677
# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling
668678
function enable_kernel_bridge_firewall {
669679
# Load bridge module. This module provides access to firewall for bridged

lib/neutron

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -188,7 +188,9 @@ function configure_neutron_new {
188188
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
189189
fi
190190

191-
enable_kernel_bridge_firewall
191+
if ! running_in_container; then
192+
enable_kernel_bridge_firewall
193+
fi
192194
fi
193195

194196
# DHCP Agent

lib/neutron_plugins/linuxbridge_agent

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,9 @@ function neutron_plugin_configure_plugin_agent {
7171
fi
7272
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
7373
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
74-
enable_kernel_bridge_firewall
74+
if ! running_in_container; then
75+
enable_kernel_bridge_firewall
76+
fi
7577
else
7678
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
7779
fi

lib/neutron_plugins/ovs_base

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,9 @@ function _neutron_ovs_base_configure_debug_command {
8888
function _neutron_ovs_base_configure_firewall_driver {
8989
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
9090
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid
91-
enable_kernel_bridge_firewall
91+
if ! running_in_container; then
92+
enable_kernel_bridge_firewall
93+
fi
9294
else
9395
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop
9496
fi

lib/nova

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -864,7 +864,9 @@ function start_nova_rest {
864864
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf"
865865

866866
if is_service_enabled n-net; then
867-
enable_kernel_bridge_firewall
867+
if ! running_in_container; then
868+
enable_kernel_bridge_firewall
869+
fi
868870
fi
869871
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf"
870872

0 commit comments

Comments
 (0)