--- /dev/null
+# == Class: neutron::agents::ovs
+#
+# Setups OVS neutron agent.
+#
+# === Parameters
+#
+# [*firewall_driver*]
+# (optional) Firewall driver for realizing neutron security group function.
+# Defaults to 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'.
+#
+class neutron::agents::ovs (
+ $package_ensure = 'present',
+ $manage_service = true,
+ $enabled = true,
+ $bridge_uplinks = [],
+ $bridge_mappings = [],
+ $integration_bridge = 'br-int',
+ $enable_tunneling = false,
+ $tunnel_types = [],
+ $local_ip = false,
+ $tunnel_bridge = 'br-tun',
+ $vxlan_udp_port = 4789,
+ $polling_interval = 2,
+ $firewall_driver = 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
+ $veth_mtu = undef
+) {
+
+ include neutron::params
+ require vswitch::ovs
+
+ if $enable_tunneling and ! $local_ip {
+ fail('Local ip for ovs agent must be set when tunneling is enabled')
+ }
+
+
+ if $enabled {
+ Neutron_config<||> ~> Service['neutron-plugin-ovs-service']
+ Neutron_plugin_ovs<||> ~> Service['neutron-plugin-ovs-service']
+ Neutron::Plugins::Ovs::Bridge<||> -> Service['neutron-plugin-ovs-service']
+ Neutron::Plugins::Ovs::Port<||> -> Service['neutron-plugin-ovs-service']
+ Vs_bridge<||> -> Service['neutron-plugin-ovs-service']
+ }
+
+ if ($bridge_mappings != []) {
+ # bridge_mappings are used to describe external networks that are
+ # *directly* attached to this machine.
+ # (This has nothing to do with VM-VM comms over neutron virtual networks.)
+ # Typically, the network node - running L3 agent - will want one external
+ # network (often this is on the control node) and the other nodes (all the
+ # compute nodes) will want none at all. The only other reason you will
+ # want to add networks here is if you're using provider networks, in which
+ # case you will name the network with bridge_mappings and add the server's
+ # interfaces that are attached to that network with bridge_uplinks.
+ # (The bridge names can be nearly anything, they just have to match between
+ # mappings and uplinks; they're what the OVS switches will get named.)
+
+ # Set config for bridges that we're going to create
+ # The OVS neutron plugin will talk in terms of the networks in the bridge_mappings
+ $br_map_str = join($bridge_mappings, ',')
+ neutron_plugin_ovs {
+ 'OVS/bridge_mappings': value => $br_map_str;
+ }
+ neutron::plugins::ovs::bridge{ $bridge_mappings: }
+ neutron::plugins::ovs::port{ $bridge_uplinks: }
+ }
+
+ neutron_plugin_ovs {
+ 'AGENT/polling_interval': value => $polling_interval;
+ 'OVS/integration_bridge': value => $integration_bridge;
+ }
+
+ if ($firewall_driver) {
+ neutron_plugin_ovs { 'SECURITYGROUP/firewall_driver':
+ value => $firewall_driver
+ }
+ } else {
+ neutron_plugin_ovs { 'SECURITYGROUP/firewall_driver': ensure => absent }
+ }
+
+ vs_bridge { $integration_bridge:
+ ensure => present,
+ }
+
+ if $enable_tunneling {
+ vs_bridge { $tunnel_bridge:
+ ensure => present,
+ before => Service['neutron-plugin-ovs-service'],
+ }
+ neutron_plugin_ovs {
+ 'OVS/enable_tunneling': value => true;
+ 'OVS/tunnel_bridge': value => $tunnel_bridge;
+ 'OVS/local_ip': value => $local_ip;
+ }
+
+ if size($tunnel_types) > 0 {
+ neutron_plugin_ovs {
+ 'agent/tunnel_types': value => join($tunnel_types, ',');
+ }
+ }
+ if 'vxlan' in $tunnel_types {
+ validate_vxlan_udp_port($vxlan_udp_port)
+ neutron_plugin_ovs {
+ 'agent/vxlan_udp_port': value => $vxlan_udp_port;
+ }
+ }
+ } else {
+ neutron_plugin_ovs {
+ 'OVS/enable_tunneling': value => false;
+ 'OVS/tunnel_bridge': ensure => absent;
+ 'OVS/local_ip': ensure => absent;
+ }
+ }
+
+
+ if $::neutron::params::ovs_agent_package {
+ Package['neutron-plugin-ovs-agent'] -> Neutron_plugin_ovs<||>
+ package { 'neutron-plugin-ovs-agent':
+ ensure => $package_ensure,
+ name => $::neutron::params::ovs_agent_package,
+ }
+ } else {
+ # Some platforms (RedHat) do not provide a separate
+ # neutron plugin ovs agent package. The configuration file for
+ # the ovs agent is provided by the neutron ovs plugin package.
+ Package['neutron-plugin-ovs'] -> Neutron_plugin_ovs<||>
+ Package['neutron-plugin-ovs'] -> Service['ovs-cleanup-service']
+
+ ensure_resource('package', 'neutron-plugin-ovs', {
+ ensure => $package_ensure,
+ name => $::neutron::params::ovs_server_package,
+ })
+ }
+
+ if $manage_service {
+ if $enabled {
+ $service_ensure = 'running'
+ } else {
+ $service_ensure = 'stopped'
+ }
+ }
+
+ service { 'neutron-plugin-ovs-service':
+ ensure => $service_ensure,
+ name => $::neutron::params::ovs_agent_service,
+ enable => $enabled,
+ require => Class['neutron'],
+ }
+
+ if $::neutron::params::ovs_cleanup_service {
+ service {'ovs-cleanup-service':
+ name => $::neutron::params::ovs_cleanup_service,
+ enable => $enabled,
+ }
+ }
+
+ if $veth_mtu {
+ neutron_plugin_ovs { 'AGENT/veth_mtu': value => $veth_mtu }
+ } else {
+ neutron_plugin_ovs { 'AGENT/veth_mtu': ensure => absent }
+ }
+}