From 5016b3efafcb9bc00eb1156ec11cdf79ab0da3ff Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 6 Feb 2024 17:40:12 +0100 Subject: [PATCH] openvswitch: Set fail_mode to standalone for external bridges MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That is the ovs-vsctl default but Ansible module is failing in reconfigure step - and secure breaks external connectivity in OVN. From OVS docs: fail_mode: optional string, either secure or standalone When a controller is configured, it is, ordinarily, responsible for setting up all flows on the switch. Thus, if the connection to the controller fails, no new network connections can be set up. If the connection to the controller stays down long enough, no packets can pass through the switch at all. This setting de‐ termines the switch’s response to such a situation. It may be set to one of the following: standalone If no message is received from the controller for three times the inactivity probe interval (see inactiv‐ ity_probe), then Open vSwitch will take over responsibil‐ ity for setting up flows. In this mode, Open vSwitch causes the bridge to act like an ordinary MAC-learning switch. Open vSwitch will continue to retry connecting to the controller in the background and, when the connection succeeds, it will discontinue its standalone behavior. secure Open vSwitch will not set up flows on its own when the controller connection fails or when no controllers are defined. The bridge will continue to retry connecting to any defined controllers forever. The default is standalone if the value is unset, but future ver‐ sions of Open vSwitch may change the default. Change-Id: Ica4dda2914113e8f8349e7227161cb81a02b33ee --- ansible/roles/openvswitch/tasks/post-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/openvswitch/tasks/post-config.yml b/ansible/roles/openvswitch/tasks/post-config.yml index 2c0b461065..68ad2b1450 100644 --- a/ansible/roles/openvswitch/tasks/post-config.yml +++ b/ansible/roles/openvswitch/tasks/post-config.yml @@ -26,7 +26,7 @@ module_name: openvswitch_bridge module_args: bridge: "{{ item.0 }}" - fail_mode: secure + fail_mode: standalone loop: - "{{ neutron_bridge_name.split(',') }}" when: