commit 0bf75a471ecce8c05718644e7e070b4d5a8657d6
author Denis Buliga <dbuliga@cloudbasesolutions.com> Mon Feb 06 16:56:46 2017 +0200
committer Denis Buliga <dbuliga@cloudbasesolutions.com> Mon Feb 27 10:31:58 2017 +0200
tree d085135ccb42248ec62676940125e9eaeaa5fe17
parent bab8516a8503445af5582bc63493cb37098f57fb

Skips enabling kernel bridge firewall in container

Calling enable_kernel_bridge_firewall inside a
container, devstack will crash because it tries to
load a kernel module by calling 'sudo modprobe' on
net.bridge.

Change-Id: Id4718c065d5a8c507d49f38e19c2796a64221aa4
Closes-Bug: #1662194

lib/neutron_plugins/linuxbridge_agent

diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index 0c8ccb8..f031fc7 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -71,7 +71,9 @@
     fi
     if [[ "$Q_USE_SECGROUP" == "True" ]]; then
         iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
-        enable_kernel_bridge_firewall
+        if ! running_in_container; then
+            enable_kernel_bridge_firewall
+        fi
     else
         iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
     fi

lib/neutron_plugins/ovs_base

diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 62a4d00..733a5c1 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -88,7 +88,9 @@
 function _neutron_ovs_base_configure_firewall_driver {
     if [[ "$Q_USE_SECGROUP" == "True" ]]; then
         iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid
-        enable_kernel_bridge_firewall
+        if ! running_in_container; then
+            enable_kernel_bridge_firewall
+        fi
     else
         iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop
     fi