1 # == Class: neutron::agents::ovs
3 # Setups OVS neutron agent.
8 # (optional) Firewall driver for realizing neutron security group function.
9 # Defaults to 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'.
11 class neutron::agents::ovs (
12 $package_ensure = 'present',
13 $manage_service = true,
16 $bridge_mappings = [],
17 $integration_bridge = 'br-int',
18 $enable_tunneling = false,
21 $tunnel_bridge = 'br-tun',
22 $vxlan_udp_port = 4789,
23 $polling_interval = 2,
24 $firewall_driver = 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
28 include neutron::params
31 if $enable_tunneling and ! $local_ip {
32 fail('Local ip for ovs agent must be set when tunneling is enabled')
37 Neutron_config<||> ~> Service['neutron-plugin-ovs-service']
38 Neutron_plugin_ovs<||> ~> Service['neutron-plugin-ovs-service']
39 Neutron::Plugins::Ovs::Bridge<||> -> Service['neutron-plugin-ovs-service']
40 Neutron::Plugins::Ovs::Port<||> -> Service['neutron-plugin-ovs-service']
41 Vs_bridge<||> -> Service['neutron-plugin-ovs-service']
44 if ($bridge_mappings != []) {
45 # bridge_mappings are used to describe external networks that are
46 # *directly* attached to this machine.
47 # (This has nothing to do with VM-VM comms over neutron virtual networks.)
48 # Typically, the network node - running L3 agent - will want one external
49 # network (often this is on the control node) and the other nodes (all the
50 # compute nodes) will want none at all. The only other reason you will
51 # want to add networks here is if you're using provider networks, in which
52 # case you will name the network with bridge_mappings and add the server's
53 # interfaces that are attached to that network with bridge_uplinks.
54 # (The bridge names can be nearly anything, they just have to match between
55 # mappings and uplinks; they're what the OVS switches will get named.)
57 # Set config for bridges that we're going to create
58 # The OVS neutron plugin will talk in terms of the networks in the bridge_mappings
59 $br_map_str = join($bridge_mappings, ',')
61 'OVS/bridge_mappings': value => $br_map_str;
63 neutron::plugins::ovs::bridge{ $bridge_mappings: }
64 neutron::plugins::ovs::port{ $bridge_uplinks: }
68 'AGENT/polling_interval': value => $polling_interval;
69 'OVS/integration_bridge': value => $integration_bridge;
72 if ($firewall_driver) {
73 neutron_plugin_ovs { 'SECURITYGROUP/firewall_driver':
74 value => $firewall_driver
77 neutron_plugin_ovs { 'SECURITYGROUP/firewall_driver': ensure => absent }
80 vs_bridge { $integration_bridge:
84 if $enable_tunneling {
85 vs_bridge { $tunnel_bridge:
87 before => Service['neutron-plugin-ovs-service'],
90 'OVS/enable_tunneling': value => true;
91 'OVS/tunnel_bridge': value => $tunnel_bridge;
92 'OVS/local_ip': value => $local_ip;
95 if size($tunnel_types) > 0 {
97 'agent/tunnel_types': value => join($tunnel_types, ',');
100 if 'vxlan' in $tunnel_types {
101 validate_vxlan_udp_port($vxlan_udp_port)
103 'agent/vxlan_udp_port': value => $vxlan_udp_port;
108 'OVS/enable_tunneling': value => false;
109 'OVS/tunnel_bridge': ensure => absent;
110 'OVS/local_ip': ensure => absent;
115 if $::neutron::params::ovs_agent_package {
116 Package['neutron-plugin-ovs-agent'] -> Neutron_plugin_ovs<||>
117 package { 'neutron-plugin-ovs-agent':
118 ensure => $package_ensure,
119 name => $::neutron::params::ovs_agent_package,
122 # Some platforms (RedHat) do not provide a separate
123 # neutron plugin ovs agent package. The configuration file for
124 # the ovs agent is provided by the neutron ovs plugin package.
125 Package['neutron-plugin-ovs'] -> Neutron_plugin_ovs<||>
126 Package['neutron-plugin-ovs'] -> Service['ovs-cleanup-service']
128 ensure_resource('package', 'neutron-plugin-ovs', {
129 ensure => $package_ensure,
130 name => $::neutron::params::ovs_server_package,
136 $service_ensure = 'running'
138 $service_ensure = 'stopped'
142 service { 'neutron-plugin-ovs-service':
143 ensure => $service_ensure,
144 name => $::neutron::params::ovs_agent_service,
146 require => Class['neutron'],
149 if $::neutron::params::ovs_cleanup_service {
150 service {'ovs-cleanup-service':
151 name => $::neutron::params::ovs_cleanup_service,
157 neutron_plugin_ovs { 'AGENT/veth_mtu': value => $veth_mtu }
159 neutron_plugin_ovs { 'AGENT/veth_mtu': ensure => absent }