Merge "Skips enabling kernel bridge firewall in container"
This commit is contained in:
commit
073c225257
10
functions
10
functions
@ -664,6 +664,16 @@ function set_mtu {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# running_in_container - Returns true otherwise false
|
||||||
|
function running_in_container {
|
||||||
|
if grep -q lxc /proc/1/cgroup; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling
|
# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling
|
||||||
function enable_kernel_bridge_firewall {
|
function enable_kernel_bridge_firewall {
|
||||||
# Load bridge module. This module provides access to firewall for bridged
|
# Load bridge module. This module provides access to firewall for bridged
|
||||||
|
@ -180,8 +180,10 @@ function configure_neutron_new {
|
|||||||
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
|
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if ! running_in_container; then
|
||||||
enable_kernel_bridge_firewall
|
enable_kernel_bridge_firewall
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# DHCP Agent
|
# DHCP Agent
|
||||||
if is_service_enabled neutron-dhcp; then
|
if is_service_enabled neutron-dhcp; then
|
||||||
|
@ -67,7 +67,9 @@ function neutron_plugin_configure_plugin_agent {
|
|||||||
fi
|
fi
|
||||||
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
|
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
|
||||||
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
|
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
|
||||||
|
if ! running_in_container; then
|
||||||
enable_kernel_bridge_firewall
|
enable_kernel_bridge_firewall
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
|
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
|
||||||
fi
|
fi
|
||||||
|
@ -80,7 +80,9 @@ function _neutron_ovs_base_install_agent_packages {
|
|||||||
function _neutron_ovs_base_configure_firewall_driver {
|
function _neutron_ovs_base_configure_firewall_driver {
|
||||||
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
|
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
|
||||||
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid
|
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid
|
||||||
|
if ! running_in_container; then
|
||||||
enable_kernel_bridge_firewall
|
enable_kernel_bridge_firewall
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop
|
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop
|
||||||
fi
|
fi
|
||||||
|
2
lib/nova
2
lib/nova
@ -889,8 +889,10 @@ function start_nova_rest {
|
|||||||
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf"
|
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf"
|
||||||
|
|
||||||
if is_service_enabled n-net; then
|
if is_service_enabled n-net; then
|
||||||
|
if ! running_in_container; then
|
||||||
enable_kernel_bridge_firewall
|
enable_kernel_bridge_firewall
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf"
|
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf"
|
||||||
|
|
||||||
run_process n-sch "$NOVA_BIN_DIR/nova-scheduler --config-file $compute_cell_conf"
|
run_process n-sch "$NOVA_BIN_DIR/nova-scheduler --config-file $compute_cell_conf"
|
||||||
|
Loading…
Reference in New Issue
Block a user