2 # Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
4 # Author: Emilien Macchi <emilien.macchi@enovance.com>
6 # Licensed under the Apache License, Version 2.0 (the "License"); you may
7 # not use this file except in compliance with the License. You may obtain
8 # a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15 # License for the specific language governing permissions and limitations
18 # == Class: neutron::agents::ml2::ovs
20 # Setups OVS neutron agent when using ML2 plugin
25 # (optional) The state of the package
26 # Defaults to 'present'
29 # (required) Whether or not to enable the OVS Agent
33 # (optional) List of interfaces to connect to the bridge when doing
35 # Defaults to empty list
38 # (optional) List of <physical_network>:<bridge>
39 # Defaults to empty list
41 # [*integration_bridge*]
42 # (optional) Integration bridge in OVS
43 # Defaults to 'br-int'
45 # [*enable_tunneling*]
46 # (optional) Enable or not tunneling
50 # (optional) List of types of tunnels to use when utilizing tunnels,
51 # either 'gre' or 'vxlan'.
55 # (optional) Local IP address of GRE tunnel endpoints.
56 # Required when enabling tunneling
60 # (optional) Bridge used to transport tunnels
61 # Defaults to 'br-tun'
64 # (optional) The UDP port to use for VXLAN tunnels.
67 # [*polling_interval*]
68 # (optional) The number of seconds the agent will wait between
69 # polling for local device changes.
73 # (optional) Extension to use alongside ml2 plugin's l2population
78 # (optional) Enable or not the ARP responder.
79 # Recommanded when using l2 population mechanism driver.
83 # (optional) Firewall driver for realizing neutron security group function.
84 # Defaults to 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'.
86 # [*enable_distributed_routing*]
87 # (optional) Set to True on L2 agents to enable support
88 # for distributed virtual routing.
91 class neutron::agents::ml2::ovs (
92 $package_ensure = 'present',
95 $bridge_mappings = [],
96 $integration_bridge = 'br-int',
97 $enable_tunneling = false,
100 $tunnel_bridge = 'br-tun',
101 $vxlan_udp_port = 4789,
102 $polling_interval = 2,
103 $l2_population = false,
104 $arp_responder = false,
105 $firewall_driver = 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
106 $enable_distributed_routing = false,
109 include neutron::params
112 if $enable_tunneling and ! $local_ip {
113 fail('Local ip for ovs agent must be set when tunneling is enabled')
116 if $enable_distributed_routing and ! $l2_population {
117 fail('L2 population must be enabled when DVR is enabled')
120 Neutron_plugin_ml2<||> ~> Service['neutron-ovs-agent-service']
122 if ($bridge_mappings != []) {
123 # bridge_mappings are used to describe external networks that are
124 # *directly* attached to this machine.
125 # (This has nothing to do with VM-VM comms over neutron virtual networks.)
126 # Typically, the network node - running L3 agent - will want one external
127 # network (often this is on the control node) and the other nodes (all the
128 # compute nodes) will want none at all. The only other reason you will
129 # want to add networks here is if you're using provider networks, in which
130 # case you will name the network with bridge_mappings and add the server's
131 # interfaces that are attached to that network with bridge_uplinks.
132 # (The bridge names can be nearly anything, they just have to match between
133 # mappings and uplinks; they're what the OVS switches will get named.)
135 # Set config for bridges that we're going to create
136 # The OVS neutron plugin will talk in terms of the networks in the bridge_mappings
137 $br_map_str = join($bridge_mappings, ',')
139 'ovs/bridge_mappings': value => $br_map_str;
141 neutron::plugins::ovs::bridge{ $bridge_mappings:
142 before => Service['neutron-ovs-agent-service'],
144 neutron::plugins::ovs::port{ $bridge_uplinks:
145 before => Service['neutron-ovs-agent-service'],
150 'agent/polling_interval': value => $polling_interval;
151 'agent/l2_population': value => $l2_population;
152 'agent/arp_responder': value => $arp_responder;
153 'agent/enable_distributed_routing': value => $enable_distributed_routing;
154 'ovs/integration_bridge': value => $integration_bridge;
157 if ($firewall_driver) {
158 neutron_plugin_ml2 { 'securitygroup/firewall_driver':
159 value => $firewall_driver
162 neutron_plugin_ml2 { 'securitygroup/firewall_driver': ensure => absent }
165 vs_bridge { $integration_bridge:
167 before => Service['neutron-ovs-agent-service'],
170 if $enable_tunneling {
171 vs_bridge { $tunnel_bridge:
173 before => Service['neutron-ovs-agent-service'],
176 'ovs/enable_tunneling': value => true;
177 'ovs/tunnel_bridge': value => $tunnel_bridge;
178 'ovs/local_ip': value => $local_ip;
181 if size($tunnel_types) > 0 {
183 'agent/tunnel_types': value => join($tunnel_types, ',');
186 if 'vxlan' in $tunnel_types {
187 validate_vxlan_udp_port($vxlan_udp_port)
189 'agent/vxlan_udp_port': value => $vxlan_udp_port;
194 'ovs/enable_tunneling': value => false;
195 'ovs/tunnel_bridge': ensure => absent;
196 'ovs/local_ip': ensure => absent;
201 if $::neutron::params::ovs_agent_package {
202 Package['neutron-ovs-agent'] -> Neutron_plugin_ml2<||>
203 package { 'neutron-ovs-agent':
204 ensure => $package_ensure,
205 name => $::neutron::params::ovs_agent_package,
208 # Some platforms (RedHat) do not provide a separate
209 # neutron plugin ovs agent package. The configuration file for
210 # the ovs agent is provided by the neutron ovs plugin package.
211 Package['neutron-ovs-agent'] -> Neutron_plugin_ml2<||>
212 Package['neutron-ovs-agent'] -> Service['ovs-cleanup-service']
214 if ! defined(Package['neutron-ovs-agent']) {
215 package { 'neutron-ovs-agent':
216 ensure => $package_ensure,
217 name => $::neutron::params::ovs_server_package,
219 # https://bugzilla.redhat.com/show_bug.cgi?id=1087647
220 # Causes init script for agent to load the old ovs file
221 # instead of the ml2 config file.
222 file { '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini':
224 target => '/etc/neutron/plugins/ml2/ml2_conf.ini'
225 } ~> Service<| title == 'neutron-ovs-agent-service' |>
230 $service_ensure = 'running'
232 $service_ensure = 'stopped'
235 service { 'neutron-ovs-agent-service':
236 ensure => $service_ensure,
237 name => $::neutron::params::ovs_agent_service,
239 require => Class['neutron'],
242 if $::neutron::params::ovs_cleanup_service {
243 Package['neutron-ovs-agent'] -> Service['ovs-cleanup-service']
244 service { 'ovs-cleanup-service':
245 name => $::neutron::params::ovs_cleanup_service,