diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 1417d08975..cd12cec83f 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -371,6 +371,7 @@ enable_neutron_fwaas: "no" enable_neutron_qos: "no" enable_neutron_agent_ha: "no" enable_neutron_bgp_dragent: "no" +enable_neutron_provider_networks: "no" enable_nova_serialconsole_proxy: "no" enable_octavia: "no" enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}" @@ -519,6 +520,8 @@ designate_ns_record: "sample.openstack.org" neutron_bgp_router_id: "1.1.1.1" neutron_bridge_name: "br-ex" +computes_need_external_bridge: "{{ enable_neutron_dvr | bool or enable_neutron_provider_networks | bool }}" + ####################### # Nova options ####################### diff --git a/ansible/roles/neutron/templates/ml2_conf.ini.j2 b/ansible/roles/neutron/templates/ml2_conf.ini.j2 index ba7647deec..ea6862cdbe 100644 --- a/ansible/roles/neutron/templates/ml2_conf.ini.j2 +++ b/ansible/roles/neutron/templates/ml2_conf.ini.j2 @@ -72,7 +72,7 @@ extensions = qos {% endif %} [ovs] -{% if inventory_hostname in groups["network"] or (inventory_hostname in groups["compute"] and enable_neutron_dvr | bool) %} +{% if inventory_hostname in groups["network"] or (inventory_hostname in groups["compute"] and computes_need_external_bridge ) %} bridge_mappings = {% for bridge in neutron_bridge_name.split(',') %}physnet{{ loop.index0 + 1 }}:{{ bridge }}{% if not loop.last %},{% endif %}{% endfor %} {% endif %} diff --git a/ansible/roles/openvswitch/handlers/main.yml b/ansible/roles/openvswitch/handlers/main.yml index 7e4a720b87..155536d836 100644 --- a/ansible/roles/openvswitch/handlers/main.yml +++ b/ansible/roles/openvswitch/handlers/main.yml @@ -36,7 +36,7 @@ changed_when: status.stdout.find('changed') != -1 when: - inventory_hostname in groups["network"] - or (inventory_hostname in groups["compute"] and enable_neutron_dvr | bool) + or (inventory_hostname in groups["compute"] and computes_need_external_bridge) with_together: - "{{ neutron_bridge_name.split(',') }}" - "{{ neutron_external_interface.split(',') }}" diff --git a/doc/networking-guide.rst b/doc/networking-guide.rst index e9542725f3..e4db822f5c 100644 --- a/doc/networking-guide.rst +++ b/doc/networking-guide.rst @@ -1,5 +1,21 @@ .. _networking-guide: +============================ +Enabling Provider Networks +============================ +Provider networks allow to connect compute instances directly to physical networks avoiding tunnels. +This is necessary for example for some performance critical applications. Only administrators of +OpenStack can create such networks. For provider networks compute hosts must have external bridge +created and configured by Ansible tasks like it is already done for tenant DVR mode networking. +Normal tenant non-DVR networking does not need external bridge on compute hosts and therefore +operators don't need additional dedicated network interface. + +To enable provider networks modify the configuration file ``/etc/kolla/globals.yml``: + +:: + + enable_neutron_provider_networks: "yes" + ============================ Enabling Neutron Extensions ============================ diff --git a/releasenotes/notes/add-flag-for-provider-networks-3fb5de28ba89b128.yaml b/releasenotes/notes/add-flag-for-provider-networks-3fb5de28ba89b128.yaml new file mode 100644 index 0000000000..61b4c44553 --- /dev/null +++ b/releasenotes/notes/add-flag-for-provider-networks-3fb5de28ba89b128.yaml @@ -0,0 +1,13 @@ +--- +features: + - | + Add a new flag to explicitly enable provider networks, i.e. networks where + instances directly connect to the physical networks (flat,VLAN). In such + cases external bridges must be configured on compute nodes, like it is done + for self-service (tenant manageable) networks in DVR mode. Otherwise this flag + allows to avoid unnecessary interface and bridge setup on compute nodes + in case of tenant networks in non-DVR mode. +upgrade: + - | + By default this flag is disabled. If provider networks were used in previous + releases please set 'enable_neutron_provider_networks' property to 'yes'.