Merge "Skips enabling kernel bridge firewall in container"

This commit is contained in:
Jenkins 2017-03-03 16:20:20 +00:00 committed by Gerrit Code Review
commit 073c225257
5 changed files with 22 additions and 4 deletions

View File

@ -664,6 +664,16 @@ function set_mtu {
} }
# running_in_container - Returns true otherwise false
function running_in_container {
if grep -q lxc /proc/1/cgroup; then
return 0
fi
return 1
}
# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling # enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling
function enable_kernel_bridge_firewall { function enable_kernel_bridge_firewall {
# Load bridge module. This module provides access to firewall for bridged # Load bridge module. This module provides access to firewall for bridged

View File

@ -180,8 +180,10 @@ function configure_neutron_new {
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
fi fi
if ! running_in_container; then
enable_kernel_bridge_firewall enable_kernel_bridge_firewall
fi fi
fi
# DHCP Agent # DHCP Agent
if is_service_enabled neutron-dhcp; then if is_service_enabled neutron-dhcp; then

View File

@ -67,7 +67,9 @@ function neutron_plugin_configure_plugin_agent {
fi fi
if [[ "$Q_USE_SECGROUP" == "True" ]]; then if [[ "$Q_USE_SECGROUP" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
if ! running_in_container; then
enable_kernel_bridge_firewall enable_kernel_bridge_firewall
fi
else else
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
fi fi

View File

@ -80,7 +80,9 @@ function _neutron_ovs_base_install_agent_packages {
function _neutron_ovs_base_configure_firewall_driver { function _neutron_ovs_base_configure_firewall_driver {
if [[ "$Q_USE_SECGROUP" == "True" ]]; then if [[ "$Q_USE_SECGROUP" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid
if ! running_in_container; then
enable_kernel_bridge_firewall enable_kernel_bridge_firewall
fi
else else
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop
fi fi

View File

@ -889,8 +889,10 @@ function start_nova_rest {
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf" run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf"
if is_service_enabled n-net; then if is_service_enabled n-net; then
if ! running_in_container; then
enable_kernel_bridge_firewall enable_kernel_bridge_firewall
fi fi
fi
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf" run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf"
run_process n-sch "$NOVA_BIN_DIR/nova-scheduler --config-file $compute_cell_conf" run_process n-sch "$NOVA_BIN_DIR/nova-scheduler --config-file $compute_cell_conf"