Merge "OVN Support"

ansible/group_vars/all.yml

@@ -374,6 +374,11 @@ octavia_api_port: "9876"
 octavia_api_listen_port: "{{ octavia_api_port }}"
 octavia_health_manager_port: "5555"
 
+ovn_nb_db_port: "6641"
+ovn_sb_db_port: "6642"
+ovn_nb_connection: "{% for host in groups['ovn-nb-db'] %}tcp:{{ 'api' | kolla_address(host) }}:{{ ovn_nb_db_port }}{% if not loop.last %},{% endif %}{% endfor %}"
+ovn_sb_connection: "{% for host in groups['ovn-sb-db'] %}tcp:{{ 'api' | kolla_address(host) }}:{{ ovn_sb_db_port }}{% if not loop.last %},{% endif %}{% endfor %}"
+
 outward_rabbitmq_port: "5674"
 outward_rabbitmq_management_port: "15674"
 outward_rabbitmq_cluster_port: "25674"
@@ -634,6 +639,7 @@ enable_nova_serialconsole_proxy: "no"
 enable_nova_ssh: "yes"
 enable_octavia: "no"
 enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
+enable_ovn: "{{ enable_neutron | bool and neutron_plugin_agent == 'ovn' }}"
 enable_ovs_dpdk: "no"
 enable_osprofiler: "no"
 enable_panko: "no"
@@ -889,14 +895,14 @@ designate_coordination_backend: "{{ 'redis' if enable_redis|bool else '' }}"
 neutron_bgp_router_id: "1.1.1.1"
 neutron_bridge_name: "{{ 'br-dvs' if neutron_plugin_agent == 'vmware_dvs' else 'br-ex' }}"
 # Comma-separated type of enabled ml2 type drivers
-neutron_type_drivers: "flat,vlan,vxlan"
+neutron_type_drivers: "flat,vlan,vxlan{% if neutron_plugin_agent == 'ovn' %},geneve{% endif %}"
 # Comma-separated types of tenant networks (should be listed in 'neutron_type_drivers')
 # NOTE: for ironic this list should also contain 'flat'
-neutron_tenant_network_types: "vxlan"
+neutron_tenant_network_types: "{% if neutron_plugin_agent == 'ovn' %}geneve{% else %}vxlan{% endif %}"
 
 # valid values: ["dvr", "dvr_no_external"]
 neutron_compute_dvr_mode: "dvr"
-computes_need_external_bridge: "{{ (enable_neutron_dvr | bool and neutron_compute_dvr_mode == 'dvr') or enable_neutron_provider_networks | bool }}"
+computes_need_external_bridge: "{{ (enable_neutron_dvr | bool and neutron_compute_dvr_mode == 'dvr') or enable_neutron_provider_networks | bool or neutron_ovn_distributed_fip | bool }}"
 
 # Default DNS resolvers for virtual networks
 neutron_dnsmasq_dns_servers: "1.1.1.1,8.8.8.8,8.8.4.4"
@@ -904,6 +910,9 @@ neutron_dnsmasq_dns_servers: "1.1.1.1,8.8.8.8,8.8.4.4"
 # Set legacy iptables to allow kernels not supporting iptables-nft
 neutron_legacy_iptables: "no"
 
+# Enable distributed floating ip for OVN deployments
+neutron_ovn_distributed_fip: "no"
+
 #######################
 # Nova options
 #######################

ansible/inventory/all-in-one

@@ -302,6 +302,9 @@ neutron
 [neutron-metadata-agent:children]
 neutron
 
+[neutron-ovn-metadata-agent:children]
+compute
+
 [neutron-bgp-dragent:children]
 neutron
 
@@ -759,3 +762,25 @@ control
 
 [masakari-monitors:children]
 compute
+
+[ovn-controller:children]
+ovn-controller-compute
+ovn-controller-network
+
+[ovn-controller-compute:children]
+compute
+
+[ovn-controller-network:children]
+network
+
+[ovn-database:children]
+control
+
+[ovn-northd:children]
+ovn-database
+
+[ovn-nb-db:children]
+ovn-database
+
+[ovn-sb-db:children]
+ovn-database

ansible/inventory/multinode

@@ -321,6 +321,9 @@ neutron
 [neutron-metadata-agent:children]
 neutron
 
+[neutron-ovn-metadata-agent:children]
+compute
+
 [neutron-bgp-dragent:children]
 neutron
 
@@ -778,3 +781,25 @@ control
 
 [masakari-monitors:children]
 compute
+
+[ovn-controller:children]
+ovn-controller-compute
+ovn-controller-network
+
+[ovn-controller-compute:children]
+compute
+
+[ovn-controller-network:children]
+network
+
+[ovn-database:children]
+control
+
+[ovn-northd:children]
+ovn-database
+
+[ovn-nb-db:children]
+ovn-database
+
+[ovn-sb-db:children]
+ovn-database

ansible/roles/neutron/defaults/main.yml

@@ -81,7 +81,7 @@ neutron_services:
     container_name: "neutron_dhcp_agent"
     image: "{{ neutron_dhcp_agent_image_full }}"
     privileged: True
-    enabled: "{{ neutron_plugin_agent not in [ 'vmware_nsxv', 'vmware_nsxv3' ] }}"
+    enabled: "{{ neutron_plugin_agent not in ['ovn', 'vmware_nsxv', 'vmware_nsxv3'] }}"
     group: "neutron-dhcp-agent"
     host_in_groups: "{{ inventory_hostname in groups['neutron-dhcp-agent'] }}"
     volumes: "{{ neutron_dhcp_agent_default_volumes + neutron_dhcp_agent_extra_volumes }}"
@@ -90,7 +90,7 @@ neutron_services:
     container_name: "neutron_l3_agent"
     image: "{{ neutron_l3_agent_image_full }}"
     privileged: True
-    enabled: "{{ neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] }}"
+    enabled: "{{ neutron_plugin_agent not in ['ovn', 'vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] }}"
     environment:
       KOLLA_LEGACY_IPTABLES: "{{ neutron_legacy_iptables | bool | lower }}"
     host_in_groups: >-
@@ -112,19 +112,27 @@ neutron_services:
     container_name: "neutron_metadata_agent"
     image: "{{ neutron_metadata_agent_image_full }}"
     privileged: True
-    enabled: "{{ neutron_plugin_agent not in [ 'vmware_nsxv', 'vmware_nsxv3' ] }}"
+    enabled: "{{ neutron_plugin_agent not in [ 'ovn', 'vmware_nsxv', 'vmware_nsxv3' ] }}"
     host_in_groups: >-
       {{
       inventory_hostname in groups['neutron-metadata-agent']
-      or (inventory_hostname in groups['compute'] and enable_neutron_dvr | bool)
+      or (inventory_hostname in groups['compute'] and neutron_plugin_agent == 'openvswitch' and enable_neutron_dvr | bool)
       }}
     volumes: "{{ neutron_metadata_agent_default_volumes + neutron_metadata_agent_extra_volumes }}"
     dimensions: "{{ neutron_metadata_agent_dimensions }}"
+  neutron-ovn-metadata-agent:
+    container_name: "neutron_ovn_metadata_agent"
+    image: "{{ neutron_ovn_metadata_agent_image_full }}"
+    privileged: True
+    enabled: "{{ neutron_plugin_agent == 'ovn' }}"
+    host_in_groups: "{{ inventory_hostname in groups['neutron-ovn-metadata-agent'] }}"
+    volumes: "{{ neutron_ovn_metadata_agent_default_volumes + neutron_ovn_metadata_agent_extra_volumes }}"
+    dimensions: "{{ neutron_ovn_metadata_agent_dimensions }}"
   neutron-bgp-dragent:
     container_name: "neutron_bgp_dragent"
     image: "{{ neutron_bgp_dragent_image_full }}"
     privileged: True
-    enabled: "{{ enable_neutron_bgp_dragent | bool and neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] }}"
+    enabled: "{{ enable_neutron_bgp_dragent | bool and neutron_plugin_agent not in ['ovn', 'vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] }}"
     group: "neutron-bgp-dragent"
     host_in_groups: "{{ inventory_hostname in groups['neutron-bgp-dragent'] }}"
     volumes: "{{ neutron_bgp_dragent_default_volumes + neutron_bgp_dragent_extra_volumes }}"
@@ -191,6 +199,10 @@ neutron_metadata_agent_image: "{{ docker_registry ~ '/' if docker_registry else
 neutron_metadata_agent_tag: "{{ neutron_tag }}"
 neutron_metadata_agent_image_full: "{{ neutron_metadata_agent_image }}:{{ neutron_metadata_agent_tag }}"
 
+neutron_ovn_metadata_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-metadata-agent"
+neutron_ovn_metadata_agent_tag: "{{ neutron_tag }}"
+neutron_ovn_metadata_agent_image_full: "{{ neutron_ovn_metadata_agent_image }}:{{ neutron_ovn_metadata_agent_tag }}"
+
 neutron_openvswitch_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-openvswitch-agent"
 neutron_openvswitch_agent_tag: "{{ neutron_tag }}"
 neutron_openvswitch_agent_image_full: "{{ neutron_openvswitch_agent_image }}:{{ neutron_openvswitch_agent_tag }}"
@@ -232,6 +244,7 @@ neutron_l3_agent_dimensions: "{{ neutron_agent_dimensions }}"
 neutron_sriov_agent_dimensions: "{{ neutron_agent_dimensions }}"
 neutron_linuxbridge_agent_dimensions: "{{ neutron_agent_dimensions }}"
 neutron_metadata_agent_dimensions: "{{ neutron_agent_dimensions }}"
+neutron_ovn_metadata_agent_dimensions: "{{ neutron_agent_dimensions }}"
 neutron_openvswitch_agent_dimensions: "{{ neutron_agent_dimensions }}"
 neutron_server_dimensions: "{{ default_container_dimensions }}"
 neutron_bgp_dragent_dimensions: "{{ default_container_dimensions }}"
@@ -278,6 +291,14 @@ neutron_metadata_agent_default_volumes:
   - "neutron_metadata_socket:/var/lib/neutron/kolla/"
   - "kolla_logs:/var/log/kolla/"
   - "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
+neutron_ovn_metadata_agent_default_volumes:
+  - "{{ node_config_directory }}/neutron-ovn-metadata-agent/:{{ container_config_directory }}/:ro"
+  - "/etc/localtime:/etc/localtime:ro"
+  - "neutron_metadata_socket:/var/lib/neutron/kolla/"
+  - "/run/openvswitch:/run/openvswitch:shared"
+  - "/run/netns:/run/netns:shared"
+  - "kolla_logs:/var/log/kolla/"
+  - "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
 neutron_openvswitch_agent_default_volumes:
   - "{{ node_config_directory }}/neutron-openvswitch-agent/:{{ container_config_directory }}/:ro"
   - "/etc/localtime:/etc/localtime:ro"
@@ -328,6 +349,7 @@ neutron_l3_agent_extra_volumes: "{{ neutron_extra_volumes }}"
 neutron_sriov_agent_extra_volumes: "{{ neutron_extra_volumes }}"
 neutron_linuxbridge_agent_extra_volumes: "{{ neutron_extra_volumes }}"
 neutron_metadata_agent_extra_volumes: "{{ neutron_extra_volumes }}"
+neutron_ovn_metadata_agent_extra_volumes: "{{ neutron_extra_volumes }}"
 neutron_openvswitch_agent_extra_volumes: "{{ neutron_extra_volumes }}"
 neutron_server_extra_volumes: "{{ neutron_extra_volumes }}"
 neutron_bgp_dragent_extra_volumes: "{{ neutron_extra_volumes }}"
@@ -371,7 +393,9 @@ mechanism_drivers:
   - name: "baremetal"
     enabled: "{{ enable_ironic_neutron_agent | bool }}"
   - name: "l2population"
-    enabled: "{{ not enable_hyperv | bool }}"
+    enabled: "{{ not enable_hyperv | bool or neutron_plugin_agent != 'ovn' }}"
+  - name: "ovn"
+    enabled: "{{ neutron_plugin_agent == 'ovn' }}"
 
 neutron_mechanism_drivers: "{{ mechanism_drivers | selectattr('enabled', 'equalto', true) | list }}"
 
@@ -411,7 +435,7 @@ service_plugins:
   - name: "qos"
     enabled: "{{ enable_neutron_qos | bool }}"
   - name: "router"
-    enabled: true
+    enabled: "{{ neutron_plugin_agent != 'ovn' }}"
   - name: "segments"
     enabled: "{{ enable_neutron_segments | bool }}"
   - name: "sfc"
@@ -420,6 +444,8 @@ service_plugins:
     enabled: "{{ enable_neutron_vpnaas | bool }}"
   - name: "port_forwarding"
     enabled: "{{ enable_neutron_port_forwarding | bool }}"
+  - name: "ovn-router"
+    enabled: "{{ neutron_plugin_agent == 'ovn' }}"
 
 neutron_service_plugins: "{{ service_plugins | selectattr('enabled', 'equalto', true) | list }}"
 

ansible/roles/neutron/handlers/main.yml

@@ -147,6 +147,22 @@
   when:
     - kolla_action != "config"
 
+- name: Restart neutron-ovn-metadata-agent container
+  vars:
+    service_name: "neutron-ovn-metadata-agent"
+    service: "{{ neutron_services[service_name] }}"
+  become: true
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes|reject('equalto', '')|list }}"
+    dimensions: "{{ service.dimensions }}"
+    privileged: "{{ service.privileged | default(False) }}"
+  when:
+    - kolla_action != "config"
+
 - name: Restart neutron-bgp-dragent container
   vars:
     service_name: "neutron-bgp-dragent"

ansible/roles/neutron/tasks/config.yml

@@ -57,6 +57,7 @@
       - "neutron-l3-agent"
       - "neutron-linuxbridge-agent"
       - "neutron-metadata-agent"
+      - "neutron-ovn-metadata-agent"
       - "neutron-metering-agent"
       - "neutron-openvswitch-agent"
       - "neutron-openvswitch-agent-xenapi"
@@ -300,6 +301,23 @@
   notify:
     - "Restart {{ service_name }} container"
 
+- name: Copying over neutron_ovn_metadata_agent.ini
+  become: true
+  vars:
+    service_name: "neutron-ovn-metadata-agent"
+    neutron_ovn_metadata_agent: "{{ neutron_services[service_name] }}"
+  merge_configs:
+    sources:
+      - "{{ role_path }}/templates/neutron_ovn_metadata_agent.ini.j2"
+      - "{{ node_custom_config }}/neutron/neutron_ovn_metadata_agent.ini"
+    dest: "{{ node_config_directory }}/{{ service_name }}/neutron_ovn_metadata_agent.ini"
+    mode: "0660"
+  when:
+    - neutron_ovn_metadata_agent.enabled | bool
+    - neutron_ovn_metadata_agent.host_in_groups | bool
+  notify:
+    - "Restart {{ service_name }} container"
+
 - name: Copying over metering_agent.ini
   become: true
   vars:

ansible/roles/neutron/templates/ml2_conf.ini.j2

@@ -29,3 +29,15 @@ flat_networks = {% for bridge in neutron_bridge_name.split(',') %}physnet{{ loop
 
 [ml2_type_vxlan]
 vni_ranges = 1:1000
+
+{% if neutron_plugin_agent == 'ovn' %}
+[ml2_type_geneve]
+vni_ranges = 1001:2000
+max_header_size = 38
+
+[ovn]
+ovn_nb_connection = {{ ovn_nb_connection }}
+ovn_sb_connection = {{ ovn_sb_connection }}
+ovn_metadata_enabled = True
+enable_distributed_floating_ip = {{ neutron_ovn_distributed_fip | bool }}
+{% endif %}

ansible/roles/neutron/templates/neutron-ovn-metadata-agent.json.j2

+{
+    "command": "neutron-ovn-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/neutron_ovn_metadata_agent.ini",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/neutron.conf",
+            "dest": "/etc/neutron/neutron.conf",
+            "owner": "neutron",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/neutron_ovn_metadata_agent.ini",
+            "dest": "/etc/neutron/neutron_ovn_metadata_agent.ini",
+            "owner": "neutron",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/neutron/policy.json",
+            "owner": "neutron",
+            "perm": "0600",
+            "optional": true
+        }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/neutron",
+            "owner": "neutron:neutron",
+            "recurse": true
+        },
+        {
+            "path": "/var/lib/neutron/kolla",
+            "owner": "neutron:neutron",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/neutron/templates/neutron-server.json.j2

 {
-    "command": "neutron-server --config-file /etc/neutron/neutron.conf {% if neutron_plugin_agent in ['openvswitch', 'linuxbridge'] %} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_vpnaas.conf {% elif neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %} --config-file /etc/neutron/fwaas_driver.ini",
+    "command": "neutron-server --config-file /etc/neutron/neutron.conf {% if neutron_plugin_agent in ['openvswitch', 'linuxbridge', 'ovn'] %} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_vpnaas.conf {% elif neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %} --config-file /etc/neutron/fwaas_driver.ini",
     "config_files": [
         {
             "source": "{{ container_config_directory }}/neutron.conf",

ansible/roles/neutron/templates/neutron_ovn_metadata_agent.ini.j2

+[DEFAULT]
+auth_ca_cert = {{ openstack_cacert }}
+nova_metadata_protocol = {{ internal_protocol }}
+metadata_proxy_socket = /var/lib/neutron/kolla/metadata_proxy
+nova_metadata_host = {{ nova_internal_fqdn }}
+nova_metadata_port = {{ nova_metadata_port }}
+metadata_proxy_shared_secret = {{ metadata_secret }}
+log_file = neutron-ovn-metadata-agent.log
+log_dir = /var/log/kolla/neutron
+
+[ovs]
+ovsdb_connection = tcp:127.0.0.1:6640
+
+[ovn]
+ovn_nb_connection = {{ ovn_nb_connection }}
+ovn_sb_connection = {{ ovn_sb_connection }}
+ovn_metadata_enabled = true

ansible/roles/openvswitch/defaults/main.yml

@@ -70,3 +70,9 @@ openvswitch_vswitchd_default_volumes:
 openvswitch_extra_volumes: "{{ default_extra_volumes }}"
 openvswitch_db_extra_volumes: "{{ openvswitch_extra_volumes }}"
 openvswitch_vswitchd_extra_volumes: "{{ openvswitch_extra_volumes }}"
+
+#############
+# OpenvSwitch
+#############
+
+openvswitch_system_id: "{{ inventory_hostname_short }}"

ansible/roles/openvswitch/tasks/deploy.yml

@@ -6,4 +6,4 @@
 - name: Flush Handlers
   meta: flush_handlers
 
-- include_tasks: ensure-ovs-bridge.yml
+- include_tasks: post-config.yml

ansible/roles/openvswitch/tasks/ensure-ovs-bridge.yml → ansible/roles/openvswitch/tasks/post-config.yml

 ---
+# NOTE(mnasiadka): external_ids:system-id uniquely identifies a physical system, used by OVN and other controllers
+- name: Set system-id
+  become: true
+  command: docker exec openvswitch_vswitchd ovs-vsctl set Open_vSwitch . external_ids:system-id={{ openvswitch_system_id }}
+
 - name: Ensuring OVS bridge is properly setup
   become: true
   command: docker exec openvswitch_db /usr/local/bin/kolla_ensure_openvswitch_configured {{ item.0 }} {{ item.1 }}

ansible/roles/openvswitch/tasks/upgrade.yml

@@ -6,4 +6,4 @@
 - name: Flush Handlers
   meta: flush_handlers
 
-- include_tasks: ensure-ovs-bridge.yml
+- include_tasks: post-config.yml

ansible/roles/ovn/defaults/main.yml

+---
+project_name: "ovn"
+
+ovn_services:
+  ovn-controller:
+    container_name: ovn_controller
+    group: ovn-controller
+    enabled: true
+    image: "{{ ovn_controller_image_full }}"
+    volumes: "{{ ovn_controller_default_volumes + ovn_controller_extra_volumes }}"
+    dimensions: "{{ ovn_controller_dimensions }}"
+  ovn-northd:
+    container_name: ovn_northd
+    group: ovn-northd
+    enabled: true
+    image: "{{ ovn_northd_image_full }}"
+    volumes: "{{ ovn_northd_default_volumes + ovn_northd_extra_volumes }}"
+    dimensions: "{{ ovn_northd_dimensions }}"
+  ovn-nb-db:
+    container_name: ovn_nb_db
+    group: ovn-nb-db
+    enabled: true
+    image: "{{ ovn_nb_db_image_full }}"
+    volumes: "{{ ovn_nb_db_default_volumes + ovn_nb_db_extra_volumes }}"
+    dimensions: "{{ ovn_nb_db_dimensions }}"
+  ovn-sb-db:
+    container_name: ovn_sb_db
+    group: ovn-sb-db
+    enabled: true
+    image: "{{ ovn_sb_db_image_full }}"
+    volumes: "{{ ovn_sb_db_default_volumes + ovn_sb_db_extra_volumes }}"
+    dimensions: "{{ ovn_sb_db_dimensions }}"
+
+
+####################
+# Docker
+####################
+ovn_install_type: "{{ kolla_install_type }}"
+ovn_tag: "{{ openstack_tag }}"
+
+ovn_controller_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ovn_install_type }}-ovn-controller"
+ovn_controller_tag: "{{ ovn_tag }}"
+ovn_controller_image_full: "{{ ovn_controller_image }}:{{ ovn_controller_tag }}"
+
+ovn_northd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ovn_install_type }}-ovn-northd"
+ovn_northd_tag: "{{ ovn_tag }}"
+ovn_northd_image_full: "{{ ovn_northd_image }}:{{ ovn_northd_tag }}"
+
+ovn_nb_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ovn_install_type }}-ovn-nb-db-server"
+ovn_nb_db_tag: "{{ ovn_tag }}"
+ovn_nb_db_image_full: "{{ ovn_nb_db_image }}:{{ ovn_nb_db_tag }}"
+
+ovn_sb_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ovn_install_type }}-ovn-sb-db-server"
+ovn_sb_db_tag: "{{ ovn_tag }}"
+ovn_sb_db_image_full: "{{ ovn_sb_db_image }}:{{ ovn_sb_db_tag }}"
+
+ovn_controller_dimensions: "{{ default_container_dimensions }}"
+ovn_northd_dimensions: "{{ default_container_dimensions }}"
+ovn_nb_db_dimensions: "{{ default_container_dimensions }}"
+ovn_sb_db_dimensions: "{{ default_container_dimensions }}"
+
+ovn_controller_default_volumes:
+  - "{{ node_config_directory }}/ovn-controller/:{{ container_config_directory }}/:ro"
+  - "/run/openvswitch:/run/openvswitch:shared"
+  - "/etc/localtime:/etc/localtime:ro"
+  - "kolla_logs:/var/log/kolla/"
+ovn_northd_default_volumes:
+  - "{{ node_config_directory }}/ovn-northd/:{{ container_config_directory }}/:ro"
+  - "/etc/localtime:/etc/localtime:ro"
+  - "kolla_logs:/var/log/kolla/"
+ovn_nb_db_default_volumes:
+  - "{{ node_config_directory }}/ovn-nb-db/:{{ container_config_directory }}/:ro"
+  - "/etc/localtime:/etc/localtime:ro"
+  - "ovn_nb_db:/var/lib/openvswitch/ovn-nb/"
+  - "kolla_logs:/var/log/kolla/"
+ovn_sb_db_default_volumes:
+  - "{{ node_config_directory }}/ovn-sb-db/:{{ container_config_directory }}/:ro"
+  - "/etc/localtime:/etc/localtime:ro"
+  - "ovn_sb_db:/var/lib/openvswitch/ovn-sb/"
+  - "kolla_logs:/var/log/kolla/"
+
+ovn_extra_volumes: "{{ default_extra_volumes }}"
+ovn_controller_extra_volumes: "{{ ovn_extra_volumes }}"
+ovn_northd_extra_volumes: "{{ ovn_extra_volumes }}"
+ovn_nb_db_extra_volumes: "{{ ovn_extra_volumes }}"
+ovn_sb_db_extra_volumes: "{{ ovn_extra_volumes }}"
+
+#####
+# OVN
+#####
+# Configure OVN remote probe interval time in ms
+ovn_remote_probe_interval: "60000"

ansible/roles/ovn/handlers/main.yml

+---
+- name: Restart ovn-nb-db container
+  vars:
+    service_name: "ovn-nb-db"
+    service: "{{ ovn_services[service_name] }}"
+  become: true
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes|reject('equalto', '')|list }}"
+    dimensions: "{{ service.dimensions }}"
+  when:
+    - kolla_action != "config"
+
+- name: Restart ovn-sb-db container
+  vars:
+    service_name: "ovn-sb-db"
+    service: "{{ ovn_services[service_name] }}"
+  become: true
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes|reject('equalto', '')|list }}"
+    dimensions: "{{ service.dimensions }}"
+  when:
+    - kolla_action != "config"
+
+- name: Wait for ovn-nb-db
+  wait_for:
+    host: "{{ api_interface_address }}"
+    port: "{{ ovn_nb_db_port }}"
+    connect_timeout: 1
+    timeout: 60
+  register: check_ovn_nb_db_port
+  until: check_ovn_nb_db_port is success
+  retries: 10
+  delay: 6
+  listen: "Restart ovn-nb-db container"
+
+- name: Wait for ovn-sb-db
+  wait_for:
+    host: "{{ api_interface_address }}"
+    port: "{{ ovn_sb_db_port }}"
+    connect_timeout: 1
+    timeout: 60
+  register: check_ovn_sb_db_port
+  until: check_ovn_sb_db_port is success
+  retries: 10
+  delay: 6
+  listen: "Restart ovn-sb-db container"
+
+- name: Restart ovn-northd container
+  vars:
+    service_name: "ovn-northd"
+    service: "{{ ovn_services[service_name] }}"
+  become: true
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes|reject('equalto', '')|list }}"
+    dimensions: "{{ service.dimensions }}"
+  when:
+    - kolla_action != "config"
+
+- name: Restart ovn-controller container
+  vars:
+    service_name: "ovn-controller"
+    service: "{{ ovn_services[service_name] }}"
+  become: true
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes|reject('equalto', '')|list }}"
+    dimensions: "{{ service.dimensions }}"
+  when:
+    - kolla_action != "config"

ansible/roles/ovn/meta/main.yml

+---
+dependencies:
+  - { role: common }

ansible/roles/ovn/tasks/bootstrap.yml

+---
+- name: Create br-int bridge on OpenvSwitch
+  become: true
+  command: >
+    docker exec openvswitch_vswitchd ovs-vsctl --may-exist
+    add-br br-int -- set Bridge br-int fail-mode=secure
+  when: inventory_hostname in groups['ovn-controller']
+
+- name: Set OVN encapsulation settings
+  become: true
+  command: >
+    docker exec openvswitch_vswitchd ovs-vsctl set Open_vSwitch .
+    external_ids:ovn-encap-ip={{ tunnel_interface_address }}
+    external_ids:ovn-encap-type=geneve
+    external_ids:ovn-remote={{ ovn_sb_connection }}
+  when: inventory_hostname in groups['ovn-controller']
+
+- name: Set OVN bridge mappings
+  vars:
+    ovn_mappings: "{% for bridge in neutron_bridge_name.split(',') %}physnet{{ loop.index0 + 1 }}:{{ bridge }}{% if not loop.last %},{% endif %}{% endfor %}"
+  become: true
+  command: docker exec openvswitch_vswitchd ovs-vsctl set Open_vSwitch . external_ids:ovn-bridge-mappings={{ ovn_mappings }}
+  when:
+    - inventory_hostname in groups["ovn-controller-network"]
+      or (inventory_hostname in groups["ovn-controller-compute"] and computes_need_external_bridge | bool)
+
+- name: Enable chassis as gateway
+  become: true
+  command: docker exec openvswitch_vswitchd ovs-vsctl set Open_vSwitch . external-ids:ovn-cms-options="enable-chassis-as-gw"
+  when:
+    - inventory_hostname in groups["ovn-controller-network"]
+      or (inventory_hostname in groups["ovn-controller-compute"] and neutron_ovn_distributed_fip | bool)
+
+- name: Set OVN remote probe interval
+  become: true
+  command: >
+    docker exec openvswitch_vswitchd ovs-vsctl set Open_vSwitch .
+    external_ids:ovn-remote-probe-interval={{ ovn_remote_probe_interval }}
+  when:
+    - inventory_hostname in groups["ovn-controller"]

ansible/roles/ovn/tasks/check-containers.yml

+---
+- name: Check ovn containers
+  become: true
+  kolla_docker:
+    action: "compare_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ item.value.container_name }}"
+    image: "{{ item.value.image }}"
+    volumes: "{{ item.value.volumes|reject('equalto', '')|list }}"
+    dimensions: "{{ item.value.dimensions }}"
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ ovn_services }}"
+  notify:
+    - Restart {{ item.key }} container

ansible/roles/ovn/tasks/check.yml

+---