From ff89ff421591ad8a47c61d035914420461fa8e76 Mon Sep 17 00:00:00 2001
From: yong sheng gong <gong.yongsheng@99cloud.net>
Date: Sun, 8 Oct 2017 05:14:50 +0000
Subject: [PATCH] Add dvr_no_external l3 dvr agent mode

This patch introduces inner-compute and external-compute nodes
group to distinguish compute nodes which do not have external
reachability from compute nodes which can reach outside.

Co-Authored-By: jinke <jin.ke@99cloud.net>
Co-Authored-By: yong sheng gong <gong.yongsheng@99cloud.net>

Change-Id: I45b945f7885e8243b017cf8607cbd7f9827cb6e9
Closes-bug: #1722026
---
 ansible/inventory/all-in-one                         | 12 +++++++++++-
 ansible/inventory/multinode                          | 12 +++++++++++-
 ansible/roles/neutron/templates/l3_agent.ini.j2      |  4 +++-
 ...add-neutron-dvr-no-external-0a8e0f2d967cf078.yaml |  6 ++++++
 4 files changed, 31 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/add-neutron-dvr-no-external-0a8e0f2d967cf078.yaml

diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one
index 5b8ee842f..16d04f679 100644
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@@ -6,9 +6,19 @@ localhost       ansible_connection=local
 [network]
 localhost       ansible_connection=local
 
-[compute]
+# inner-compute is the groups of compute nodes which do not have
+# external reachability
+[inner-compute]
+
+# external-compute is the groups of compute nodes which can reach
+# outside
+[external-compute]
 localhost       ansible_connection=local
 
+[compute:children]
+inner-compute
+external-compute
+
 [storage]
 localhost       ansible_connection=local
 
diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode
index 19674ff22..9dd45d6bc 100644
--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@@ -15,9 +15,19 @@ control03
 network01
 network02
 
-[compute]
+# inner-compute is the groups of compute nodes which do not have
+# external reachability
+[inner-compute]
+
+# external-compute is the groups of compute nodes which can reach
+# outside
+[external-compute]
 compute01
 
+[compute:children]
+inner-compute
+external-compute
+
 [monitoring]
 monitoring01
 
diff --git a/ansible/roles/neutron/templates/l3_agent.ini.j2 b/ansible/roles/neutron/templates/l3_agent.ini.j2
index 99282dee7..6d99f2f0e 100644
--- a/ansible/roles/neutron/templates/l3_agent.ini.j2
+++ b/ansible/roles/neutron/templates/l3_agent.ini.j2
@@ -3,8 +3,10 @@
 {% if enable_neutron_dvr | bool %}
 {% if inventory_hostname in groups['network'] %}
 agent_mode = dvr_snat
-{% elif inventory_hostname in groups['compute'] %}
+{% elif inventory_hostname in groups['external-compute'] %}
 agent_mode = dvr
+{% elif inventory_hostname in groups['inner-compute'] %}
+agent_mode = dvr_no_external
 {% endif %}
 {% else %}
 agent_mode = legacy
diff --git a/releasenotes/notes/add-neutron-dvr-no-external-0a8e0f2d967cf078.yaml b/releasenotes/notes/add-neutron-dvr-no-external-0a8e0f2d967cf078.yaml
new file mode 100644
index 000000000..2d96c31b9
--- /dev/null
+++ b/releasenotes/notes/add-neutron-dvr-no-external-0a8e0f2d967cf078.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - Add dvr_no_external l3 dvr agent mode.
+    Introduce inner-compute and external-compute nodes group in inventory
+    file to distinguish compute nodes which do not have external reachability
+    from compute nodes which can reach outside.
-- 
GitLab