From b1a89eb80be83fe8c47eeb0431d85a8452e3c70b Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Thu, 26 Aug 2021 21:42:32 +0200 Subject: [PATCH] Configure access to physical network also with ML2/OVN backend Neutron L3 module in Devstack has way to conigure access to physical network on the node. It can put physical interface to the physical bridge or, in case when such physical device isn't set, it creates NAT rule in iptables. There was missing the same operation for ML2/OVN backend as L3 agent is not used there at all. This patch adds the same to be done in both L3 agent and ovn_agent modules. Closes-Bug: #1939627 Change-Id: I9e558d1d5d3edbce9e7a025ba3c11267f1579820 --- lib/neutron-legacy | 21 +++++++++++++++++++++ lib/neutron_plugins/ovn_agent | 1 + lib/neutron_plugins/services/l3 | 16 +--------------- 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/lib/neutron-legacy b/lib/neutron-legacy index 791ff18b10..31968498de 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -663,6 +663,27 @@ function _move_neutron_addresses_route { fi } +# _configure_public_network_connectivity() - Configures connectivity to the +# external network using $PUBLIC_INTERFACE or NAT on the single interface +# machines +function _configure_public_network_connectivity { + # If we've given a PUBLIC_INTERFACE to take over, then we assume + # that we can own the whole thing, and privot it into the OVS + # bridge. If we are not, we're probably on a single interface + # machine, and we just setup NAT so that fixed guests can get out. + if [[ -n "$PUBLIC_INTERFACE" ]]; then + _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True False "inet" + + if [[ $(ip -f inet6 a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then + _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False False "inet6" + fi + else + for d in $default_v4_route_devs; do + sudo iptables -t nat -A POSTROUTING -o $d -s $FLOATING_RANGE -j MASQUERADE + done + fi +} + # cleanup_mutnauq() - Remove residual data files, anything left over from previous # runs that a clean run would need to clean up function cleanup_mutnauq { diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index cfcb01ee91..1f737fb58b 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -266,6 +266,7 @@ function create_public_bridge { # Create the public bridge that OVN will use sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE -- set bridge $PUBLIC_BRIDGE protocols=OpenFlow13,OpenFlow15 sudo ovs-vsctl set open . external-ids:ovn-bridge-mappings=$PHYSICAL_NETWORK:$PUBLIC_BRIDGE + _configure_public_network_connectivity } function _disable_libvirt_apparmor { diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3 index b6bc02818c..98b96ac06c 100644 --- a/lib/neutron_plugins/services/l3 +++ b/lib/neutron_plugins/services/l3 @@ -123,21 +123,7 @@ function _configure_neutron_l3_agent { neutron_plugin_configure_l3_agent $Q_L3_CONF_FILE - # If we've given a PUBLIC_INTERFACE to take over, then we assume - # that we can own the whole thing, and privot it into the OVS - # bridge. If we are not, we're probably on a single interface - # machine, and we just setup NAT so that fixed guests can get out. - if [[ -n "$PUBLIC_INTERFACE" ]]; then - _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True False "inet" - - if [[ $(ip -f inet6 a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then - _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False False "inet6" - fi - else - for d in $default_v4_route_devs; do - sudo iptables -t nat -A POSTROUTING -o $d -s $FLOATING_RANGE -j MASQUERADE - done - fi + _configure_public_network_connectivity } # Explicitly set router id in l3 agent configuration