From 9e4b885595bf4dfab66f3c601484d0e8b4b5e7d3 Mon Sep 17 00:00:00 2001
From: Bernard Cafarelli <bcafarel@redhat.com>
Date: Tue, 29 Sep 2020 17:40:16 +0200
Subject: [PATCH] Add agent/explicitly_egress_direct support

This configuration parameter for the ML2/OVS agent was added in
I14fefe289a19b718b247bf0740ca9bc47f8903f4 and backported up to
stable/queens, preventing flooding on integration bridge in some cases.

It needs to be enabled on specific node types, so add option to
configure it.

Conflicts:
	manifests/agents/ml2/ovs.pp
	spec/classes/neutron_agents_ml2_ovs_spec.rb

Related-Bug: #1732067
Change-Id: Iff50d2d086c687ef9ec1ba878e24c06dfc8a7d99
(cherry picked from commit d0bc82d8427c43dac07a8118d2fe35ba5a9d9dce)
---
 manifests/agents/ml2/ovs.pp                           |  9 +++++++++
 ...ent_explicitly_egress_direct-a5989bd33844c0f4.yaml |  9 +++++++++
 spec/classes/neutron_agents_ml2_ovs_spec.rb           | 11 +++++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 releasenotes/notes/ovs_agent_explicitly_egress_direct-a5989bd33844c0f4.yaml

diff --git a/manifests/agents/ml2/ovs.pp b/manifests/agents/ml2/ovs.pp
index 6ddf6359b..3b5e4ef87 100644
--- a/manifests/agents/ml2/ovs.pp
+++ b/manifests/agents/ml2/ovs.pp
@@ -178,6 +178,12 @@
 #  outgoing IP packet carrying GRE/VXLAN tunnel.
 #  Defaults to $::os_service_default
 #
+# [*explicitly_egress_direct*]
+#  (optional) When set to True, the accepted egress unicast traffic will not
+#  use action NORMAL. The accepted egress packets will be taken care of in the
+#  final egress tables direct output flows for unicast traffic. (boolean value)
+#  Defaults to $::os_service_default
+#
 # [*igmp_snooping_enable*]
 #   (Optional) Enable IGMP snooping for integration bridge. If this
 #   option is set to True, support for Internet Group Management
@@ -189,6 +195,7 @@
 #   connected to multicast routers. This option is used by the ML2/OVS
 #   mechanism driver for Neutron.
 #   Defaults to $::os_service_default
+#
 # === Deprecated Parameters
 #
 # [*enable_tunneling*]
@@ -230,6 +237,7 @@ class neutron::agents::ml2::ovs (
   $permitted_ethertypes       = $::os_service_default,
   $minimize_polling           = $::os_service_default,
   $tunnel_csum                = $::os_service_default,
+  $explicitly_egress_direct   = $::os_service_default,
   $igmp_snooping_enable       = $::os_service_default,
   # DEPRECATED PARAMETERS
   $enable_tunneling           = false,
@@ -336,6 +344,7 @@ class neutron::agents::ml2::ovs (
     'agent/extensions':                     value => join(any2array($extensions), ',');
     'agent/minimize_polling':               value => $minimize_polling;
     'agent/tunnel_csum':                    value => $tunnel_csum;
+    'agent/explicitly_egress_direct':       value => $explicitly_egress_direct;
     'ovs/ovsdb_timeout':                    value => $ovsdb_timeout;
     'ovs/of_connect_timeout':               value => $of_connect_timeout;
     'ovs/of_request_timeout':               value => $of_request_timeout;
diff --git a/releasenotes/notes/ovs_agent_explicitly_egress_direct-a5989bd33844c0f4.yaml b/releasenotes/notes/ovs_agent_explicitly_egress_direct-a5989bd33844c0f4.yaml
new file mode 100644
index 000000000..c3e22818a
--- /dev/null
+++ b/releasenotes/notes/ovs_agent_explicitly_egress_direct-a5989bd33844c0f4.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Add new configuration parameter explicitly_egress_direct for ML2 OVS agent
+    When set to True, the accepted egress unicast traffic will not use action
+    NORMAL. The accepted egress packets will be taken care of in the final
+    egress tables direct output flows for unicast traffic so that operators can
+    set customized integration bridge name in l3 agent configuration.
+    This can be enabled on some nodes to prevent flooding on integration bridge.
diff --git a/spec/classes/neutron_agents_ml2_ovs_spec.rb b/spec/classes/neutron_agents_ml2_ovs_spec.rb
index 2c1643e4f..b1815b6a1 100644
--- a/spec/classes/neutron_agents_ml2_ovs_spec.rb
+++ b/spec/classes/neutron_agents_ml2_ovs_spec.rb
@@ -66,6 +66,7 @@ describe 'neutron::agents::ml2::ovs' do
       is_expected.to contain_neutron_agent_ovs('ovs/int_peer_patch_port').with_ensure('absent')
       is_expected.to contain_neutron_agent_ovs('ovs/tun_peer_patch_port').with_ensure('absent')
       is_expected.to contain_neutron_agent_ovs('agent/tunnel_types').with_ensure('absent')
+      is_expected.to contain_neutron_agent_ovs('agent/explicitly_egress_direct').with_value(['<SERVICE DEFAULT>'])
       is_expected.to contain_neutron_agent_ovs('ovs/igmp_snooping_enable').with_value(['<SERVICE DEFAULT>'])
     end
 
@@ -396,6 +397,16 @@ describe 'neutron::agents::ml2::ovs' do
       end
     end
 
+    context 'with direct output enabled for egress flows' do
+      before :each do
+        params.merge!(:explicitly_egress_direct => true)
+      end
+
+      it 'configure neutron/plugins/ml2/ml2_conf.ini' do
+        is_expected.to contain_neutron_agent_ovs('agent/explicitly_egress_direct').with_value(true)
+      end
+    end
+
     context 'with IGMP snooping enabled' do
       before :each do
         params.merge!(:igmp_snooping_enable => true)