Merge "Provide support for network interface mappings without override"

doc/source/app-openvswitch-dvr.rst

@@ -14,6 +14,11 @@ outlines how to set it up in your environment.
 Recommended reading
 ~~~~~~~~~~~~~~~~~~~
 
+This guide is a variation of the standard Open vSwitch deployment guide
+available at:
+
+`<https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-openvswitch.html>`_
+
 We recommend that you read the following documents before proceeding:
 
  * Neutron documentation on Open vSwitch DVR OpenStack deployments:
@@ -42,39 +47,94 @@ Create a group var file for your network hosts
     - name: "openvswitch"
       pattern: "CONFIG_OPENVSWITCH"
 
+Specify provider network definitions in your
+``/etc/openstack_deploy/openstack_user_config.yml`` that define
+one or more Neutron provider bridges and related configuration:
+
+.. note::
+
+  Bridges specified here will be created automatically. If
+  ``network_interface`` is defined, the interface will be placed into
+  the bridge automatically.
+
+.. code-block:: yaml
+
+  - network:
+      container_bridge: "br-provider"
+      container_type: "veth"
+      type: "vlan"
+      range: "101:200,301:400"
+      net_name: "physnet1"
+      network_interface: "bond1"
+      group_binds:
+        - neutron_openvswitch_agent
+  - network:
+      container_bridge: "br-provider2"
+      container_type: "veth"
+      type: "vlan"
+      range: "203:203,467:500"
+      net_name: "physnet2"
+      network_interface: "bond2"
+      group_binds:
+        - neutron_openvswitch_agent
+
+When using ``flat`` provider networks, modify the network type accordingly:
+
+.. code-block:: yaml
+
+  - network:
+      container_bridge: "br-provider"
+      container_type: "veth"
+      type: "flat"
+      net_name: "flat"
+      group_binds:
+        - neutron_openvswitch_agent
+
+Specify an overlay network definition in your
+``/etc/openstack_deploy/openstack_user_config.yml`` that defines
+overlay network-related configuration:
+
+.. note::
+
+  The bridge name should correspond to a pre-created Linux bridge or
+  OVS bridge.
+
+.. code-block:: yaml
+
+  - network:
+      container_bridge: "br-vxlan"
+      container_type: "veth"
+      container_interface: "eth10"
+      ip_from_q: "tunnel"
+      type: "vxlan"
+      range: "1:1000"
+      net_name: "vxlan"
+      group_binds:
+        - neutron_openvswitch_agent
 
 Set the following user variables in your
 ``/etc/openstack_deploy/user_variables.yml``:
 
+.. note::
+
+  The only difference a DVR deployment and the standard Open vSwitch
+  deployment is the setting of the respective ``neutron_plugin_type``.
+
 .. code-block:: yaml
 
-  ### neutron specific config
   neutron_plugin_type: ml2.ovs.dvr
 
-  neutron_ml2_drivers_type: "flat,vlan"
+  neutron_ml2_drivers_type: "flat,vlan,vxlan"
 
-  # Typically this would be defined by the os-neutron-install
+The overrides are instructing Ansible to deploy the OVS mechanism driver and
-  # playbook. The provider_networks library would parse the
+associated OVS and DVR components. This is done by setting ``neutron_plugin_type``
-  # provider_networks list in openstack_user_config.yml and
+to ``ml2.ovs.dvr``.
-  # generate the values of network_types, network_vlan_ranges
-  # and network_mappings. network_mappings would have a
-  # different value for each host in the inventory based on
-  # whether or not the host was metal (typically a compute host)
-  # or a container (typically a neutron agent container)
-  #
-  # When using Open vSwitch, we override it to take into account
-  # the Open vSwitch bridge we are going to define outside of
-  # OpenStack-Ansible plays
-  neutron_provider_networks:
-    network_flat_networks: "*"
-    network_types: "vlan"
-    network_vlan_ranges: "physnet1:102:199"
-    network_mappings: "physnet1:br-provider"
 
-**Note:** The only difference to the Standard Open vSwitch configuration
+The ``neutron_ml2_drivers_type`` override provides support for all common type
-is the setting of the ``ml2_plugin_type``.
+drivers supported by OVS.
 
-Customization is needed to support additional network types such as vxlan,
+For additional information regarding provider network overrides and other
-GRE or Geneve. Refer to the `neutron agent configuration
+configuration options, please refer to the standard Open vSwitch deployment
-<https://docs.openstack.org/neutron/latest/configuration/#configuration-reference>`_ for
+available at:
-more information on these attributes.
+
+`<https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-openvswitch.html>`_

doc/source/app-openvswitch.rst

@@ -141,46 +141,220 @@ Create a group var file for your network hosts
     - name: "openvswitch"
       pattern: "CONFIG_OPENVSWITCH"
 
+Specify provider network definitions in your
+``/etc/openstack_deploy/openstack_user_config.yml`` that define
+one or more Neutron provider bridges and related configuration:
 
-Set the following user variables in your
+.. note::
-``/etc/openstack_deploy/user_variables.yml``: *
+
+  Bridges specified here will be created automatically. If
+  ``network_interface`` is defined, the interface will be placed into
+  the bridge automatically.
+
+.. code-block:: yaml
+
+  - network:
+      container_bridge: "br-provider"
+      container_type: "veth"
+      type: "vlan"
+      range: "101:200,301:400"
+      net_name: "physnet1"
+      network_interface: "bond1"
+      group_binds:
+        - neutron_openvswitch_agent
+  - network:
+      container_bridge: "br-provider2"
+      container_type: "veth"
+      type: "vlan"
+      range: "203:203,467:500"
+      net_name: "physnet2"
+      network_interface: "bond2"
+      group_binds:
+        - neutron_openvswitch_agent
+
+When using ``flat`` provider networks, modify the network type accordingly:
+
+.. code-block:: yaml
+
+  - network:
+      container_bridge: "br-publicnet"
+      container_type: "veth"
+      type: "flat"
+      net_name: "flat"
+      group_binds:
+        - neutron_openvswitch_agent
+
+Specify an overlay network definition in your
+``/etc/openstack_deploy/openstack_user_config.yml`` that defines
+overlay network-related configuration:
+
+.. note::
+
+  The bridge name should correspond to a pre-created Linux bridge or
+  OVS bridge.
+
+.. code-block:: yaml
+
+  - network:
+      container_bridge: "br-vxlan"
+      container_type: "veth"
+      container_interface: "eth10"
+      ip_from_q: "tunnel"
+      type: "vxlan"
+      range: "1:1000"
+      net_name: "vxlan"
+      group_binds:
+        - neutron_openvswitch_agent
+
+Set the following user variables in your
+``/etc/openstack_deploy/user_variables.yml``:
 
 .. code-block:: yaml
 
-  ### neutron specific config
   neutron_plugin_type: ml2.ovs
 
-  neutron_ml2_drivers_type: "flat,vlan"
+  neutron_ml2_drivers_type: "flat,vlan,vxlan"
 
-  # Typically this would be defined by the os-neutron-install
+The overrides are instructing Ansible to deploy the OVS mechanism driver and
-  # playbook. The provider_networks library would parse the
+associated OVS components. This is done by setting ``neutron_plugin_type``
-  # provider_networks list in openstack_user_config.yml and
+to ``ml2.ovs``.
-  # generate the values of network_types, network_vlan_ranges
+
-  # and network_mappings. network_mappings would have a
+The ``neutron_ml2_drivers_type`` override provides support for all common type
-  # different value for each host in the inventory based on
+drivers supported by OVS.
-  # whether or not the host was metal (typically a compute host)
+
-  # or a container (typically a neutron agent container)
+If provider network overrides are needed on a global or per-host basis,
-  #
+the following format can be used in ``user_variables.yml`` or per-host
-  # When using Open vSwitch, we override it to take into account
+in ``openstack_user_config.yml``.
-  # the Open vSwitch bridge we are going to define outside of
+
-  # OpenStack-Ansible plays
+.. note::
+
+  These overrides are not normally required when defining global provider
+  networks in the ``openstack_user_config.yml`` file.
+
+.. code-block:: yaml
+
+  # When configuring Neutron to support vxlan tenant networks and
+  # vlan provider networks the configuration may resemble the following:
+  neutron_provider_networks:
+    network_types: "vxlan"
+    network_vxlan_ranges: "1:1000"
+    network_vlan_ranges: "physnet1:102:199"
+    network_mappings: "physnet1:br-provider"
+    network_interface_mappings: "br-provider:bond1"
+
+  # When configuring Neutron to support only vlan tenant networks and
+  # vlan provider networks the configuration may resemble the following:
   neutron_provider_networks:
-    network_flat_networks: "*"
     network_types: "vlan"
     network_vlan_ranges: "physnet1:102:199"
     network_mappings: "physnet1:br-provider"
+    network_interface_mappings: "br-provider:bond1"
 
-  # When using Open vSwitch, Tenant network is of type vxlan and want
+  # When configuring Neutron to support multiple vlan provider networks
-  # to provide the external network connectivity over flat provider
+  # the configuration may resemble the following:
-  # network, then configure neutron_provider_networks like following.
+  neutron_provider_networks:
+    network_types: "vlan"
+    network_vlan_ranges: "physnet1:102:199,physnet2:2000:2999"
+    network_mappings: "physnet1:br-provider,physnet2:br-provider2"
+    network_interface_mappings: "br-provider:bond1,br-provider2:bond2"
+
+  # When configuring Neutron to support multiple vlan and flat provider
+  # networks the configuration may resemble the following:
   neutron_provider_networks:
     network_flat_networks: "*"
-    network_types: "vxlan"
+    network_types: "vlan"
-    network_vxlan_ranges: "1:1000"
+    network_vlan_ranges: "physnet1:102:199,physnet2:2000:2999"
-    network_mappings: "provider:br-provider"
+    network_mappings: "physnet1:br-provider,physnet2:br-provider2"
-    network_interface: eth12
+    network_interface_mappings: "br-provider:bond1,br-provider2:bond2"
 
-Customization is needed to support additional network types such as vxlan,
+Open Virtual Switch (OVS) commands
-GRE or Geneve. Refer to the `neutron agent configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-<https://docs.openstack.org/neutron/latest/configuration/#configuration-reference>`_ for
+
-more information on these attributes.
+The following commands can be used to provide useful information about the
+state of Open vSwitch networking and configurations.
+
+The ``ovs-vsctl show`` command provides information about the virtual switches
+and connected ports currently configured on the host:
+
+.. code-block:: console
+
+  root@infra01:~# ovs-vsctl show
+  4ef304ff-b803-4d09-95f5-59a076323949
+      Manager "ptcp:6640:127.0.0.1"
+          is_connected: true
+      Bridge br-int
+          Controller "tcp:127.0.0.1:6633"
+              is_connected: true
+          fail_mode: secure
+          Port "tap2e7e0507-e4"
+              tag: 2
+              Interface "tap2e7e0507-e4"
+                  type: internal
+          Port int-br-vlan
+              Interface int-br-vlan
+                  type: patch
+                  options: {peer=phy-br-provider}
+          Port br-int
+              Interface br-int
+                  type: internal
+          Port "tap7796ab3d-e9"
+              tag: 5
+              Interface "tap7796ab3d-e9"
+                  type: internal
+          Port patch-tun
+              Interface patch-tun
+                  type: patch
+                  options: {peer=patch-int}
+      Bridge br-tun
+          Controller "tcp:127.0.0.1:6633"
+              is_connected: true
+          fail_mode: secure
+          Port "vxlan-ac1df015"
+              Interface "vxlan-ac1df015"
+                  type: vxlan
+                  options: {df_default="true", in_key=flow, local_ip="172.29.240.20", out_key=flow, remote_ip="172.29.240.21"}
+          Port patch-int
+              Interface patch-int
+                  type: patch
+                  options: {peer=patch-tun}
+          Port "vxlan-ac1df017"
+              Interface "vxlan-ac1df017"
+                  type: vxlan
+                  options: {df_default="true", in_key=flow, local_ip="172.29.240.20", out_key=flow, remote_ip="172.29.240.23"}
+          Port br-tun
+              Interface br-tun
+                  type: internal
+      Bridge br-provider
+          Controller "tcp:127.0.0.1:6633"
+              is_connected: true
+          fail_mode: secure
+          Port "ens192"
+              Interface "ens192"
+          Port br-provider
+              Interface br-provider
+                  type: internal
+          Port phy-br-provider
+              Interface phy-br-provider
+                  type: patch
+                  options: {peer=int-br-provider}
+      ovs_version: "2.10.0"
+
+Additional commands can be found in upstream Open vSwitch documentation.
+
+Notes
+~~~~~
+
+The ``neutron-openvswitch-agent`` service will check in as an agent
+and can be observed using the ``openstack network agent list`` command:
+
+.. code-block:: console
+
+  root@infra01-utility-container-ce1509fd:~# openstack network agent list --agent-type open-vswitch
+  +--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
+  | ID                                   | Agent Type         | Host        | Availability Zone | Alive | State | Binary                    |
+  +--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
+  | 4dcef710-ec0c-4925-a940-dc319cd6849f | Open vSwitch agent | compute03   | None              | :-)   | UP    | neutron-openvswitch-agent |
+  | 5e1f8670-b90e-49c3-84ff-e981aeccb171 | Open vSwitch agent | compute02   | None              | :-)   | UP    | neutron-openvswitch-agent |
+  | 78746672-d77a-4d8a-bb48-f659251fa246 | Open vSwitch agent | compute01   | None              | :-)   | UP    | neutron-openvswitch-agent |
+  | eebab5da-3ef5-4582-84c5-f29e2472a44a | Open vSwitch agent | infra01     | None              | :-)   | UP    | neutron-openvswitch-agent |
+  +--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+

doc/source/app-ovn.rst

@@ -61,8 +61,8 @@ Create a group var file for your network hosts
       pattern: "CONFIG_OPENVSWITCH"
 
 Copy the neutron environment overrides to
-/etc/openstack_deploy/env.d/neutron.yml to disable the creation of the
+``/etc/openstack_deploy/env.d/neutron.yml`` to disable the creation of the
-neutron agents container and implement the neutron_ovn_northd_container
+neutron agents container and implement the ``neutron_ovn_northd_container``
 hosts group containing all network nodes:
 
 .. code-block:: yaml
@@ -85,8 +85,8 @@ hosts group containing all network nodes:
         - neutron_ovn_northd
 
 Copy the nova environment overrides to
-/etc/openstack_deploy/env.d/nova.yml to implement the
+``/etc/openstack_deploy/env.d/nova.yml`` to implement the
-neutron_ovn_controller hosts group containing all compute nodes:
+``neutron_ovn_controller`` hosts group containing all compute nodes:
 
 .. code-block:: yaml
 
@@ -109,8 +109,10 @@ one or more Neutron provider bridges and related configuration:
 
 .. note::
 
-  Bridges specified here will be created automatically. Only VLAN
+  Bridges specified here will be created automatically. If
-  network types are supported at this time.
+  ``network_interface`` is defined, the interface will be placed into
+  the bridge automatically. Only VLAN network types are supported at
+  this time.
 
 .. code-block:: yaml
 
@@ -120,6 +122,7 @@ one or more Neutron provider bridges and related configuration:
       type: "vlan"
       range: "101:200,301:400"
       net_name: "private"
+      network_interface: "bond2"
       group_binds:
         - neutron_ovn_controller
   - network:
@@ -128,6 +131,7 @@ one or more Neutron provider bridges and related configuration:
       type: "vlan"
       range: "203:203,467:500"
       net_name: "public"
+      network_interface: "bond1"
       group_binds:
         - neutron_ovn_controller
 
@@ -185,13 +189,14 @@ in ``openstack_user_config.yml``.
 
 .. code-block:: yaml
 
-  # When configuring Neutron to support only geneve tenant networks and
+  # When configuring Neutron to support geneve tenant networks and
   # vlan provider networks the configuration may resemble the following:
   neutron_provider_networks:
     network_types: "geneve"
     network_geneve_ranges: "1:1000"
     network_vlan_ranges: "public"
     network_mappings: "public:br-publicnet"
+    network_interface_mappings: "br-publicnet:bond1"
 
   # When configuring Neutron to support only vlan tenant networks and
   # vlan provider networks the configuration may resemble the following:
@@ -199,6 +204,7 @@ in ``openstack_user_config.yml``.
     network_types: "vlan"
     network_vlan_ranges: "public:203:203,467:500"
     network_mappings: "public:br-publicnet"
+    network_interface_mappings: "br-publicnet:bond1"
 
   # When configuring Neutron to support multiple vlan provider networks
   # the configuration may resemble the following:
@@ -206,16 +212,18 @@ in ``openstack_user_config.yml``.
     network_types: "vlan"
     network_vlan_ranges: "public:203:203,467:500,private:101:200,301:400"
     network_mappings: "public:br-publicnet,private:br-privatenet"
+    network_interface_mappings: "br-publicnet:bond1,br-privatenet:bond2"
 
 Open Virtual Network (OVN) commands
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The following commands can be used to provide useful information about...
+The following commands can be used to provide useful information about the
+state of Open vSwitch networking and configurations.
 
 The ``ovs-vsctl list open_vswitch`` command provides information about the
 ``open_vswitch`` table in the local Open vSwitch database:
 
-.. code-block::
+.. code-block:: console
 
   root@aio1:~# ovs-vsctl list open_vswitch
   _uuid               : 855c820b-c082-4d8f-9828-8cab01c6c9a0
@@ -238,7 +246,7 @@ The ``ovn-sbctl show`` command provides information related to southbound
 connections. If used outside the ovn_northd container, specify the
 connection details:
 
-.. code-block::
+.. code-block:: console
 
   root@aio1-neutron-ovn-northd-container-57a6f1a9:~# ovn-sbctl show
   Chassis "11af26c6-9ec1-4cf7-bf41-2af45bd59b03"
@@ -264,7 +272,7 @@ The ``ovn-nbctl show`` command provides information about networks known
 to OVN and demonstrates connectivity between the northbound database
 and neutron-server.
 
-.. code-block::
+.. code-block:: console
 
   root@aio1-neutron-ovn-northd-container-57a6f1a9:~# ovn-nbctl show
   switch 5e77f29e-5dd3-4875-984f-94bd30a12dc3 (neutron-87ec5a05-9abe-4c93-89bd-c6d40320db87) (aka testnet)
@@ -276,7 +284,7 @@ The ``ovn-nbctl list Address_Set`` command provides information related to
 security groups. If used outside the ovn_northd container, specify the
 connection details:
 
-.. code-block::
+.. code-block:: console
 
   root@aio1-neutron-ovn-northd-container-57a6f1a9:~# ovn-nbctl list Address_Set
   _uuid               : 575b3015-f83f-4bd6-a698-3fe67e43bec6
@@ -308,7 +316,7 @@ Notes
 The ``ovn-controller`` service on compute nodes will check in as an agent
 and can be observed using the ``openstack network agent list`` command:
 
-.. code-block::
+.. code-block:: console
 
   root@aio1-utility-container-35bebd2a:~# openstack network agent list
   +--------------------------------------+------------------------------+------+-------------------+-------+-------+----------------+
@@ -317,9 +325,6 @@ and can be observed using the ``openstack network agent list`` command:
   | 4db288a6-8f8a-4153-b4b7-7eaf44f9e881 | OVN Controller Gateway agent | aio1 | n/a               | :-)   | UP    | ovn-controller |
   +--------------------------------------+------------------------------+------+-------------------+-------+-------+----------------+
 
-The HAproxy client and server timeout values have been increased from
-50 seconds to 90 minutes for all load-balanced OVN-related services.
-
 The HAproxy implementation in use may not properly handle active/backup
 failover for ovsdb-server with OVN. Work may be done to implement
-pacemaker/corosync or wait for active/active support.
+pacemaker/corosync or wait for upstream active/active support.

releasenotes/notes/neutron-ovs-interface-mappings-789902128b82e721.yaml

@@ -0,0 +1,22 @@
+---
+features:
+  - |
+    The ``provider_networks`` library has been updated to support the
+    definition of network interfaces that can automatically be added as ports
+    to OVS provider bridges setup during a deployment. To activate this feature,
+    add the ``network_interface`` key to the respective flat and/or vlan provider
+    network definition in ``openstack_user_config.yml``. For more information,
+    refer to the latest Open vSwitch deployment guide.
+upgrade:
+  - |
+    The ``provider_networks`` library has been updated to support the
+    definition of network interfaces that can automatically be added as ports
+    to OVS provider bridges setup during a deployment. As a result, the
+    ``network_interface`` value applied to the ``neutron_provider_networks``
+    override in ``user_variables.yml``, as described in previous Open vSwitch
+    deployment guides, is no longer effective. If overrides are
+    necessary, use ``network_interface_mappings`` within the provider network
+    override and specify the respective bridge-to-interface mapping
+    (e.g. "br-provider:bond1"). For more information, refer to the latest Open
+    vSwitch deployment guide.
+

tasks/providers/ovn_config.yml

@@ -68,8 +68,6 @@
     name: "{{ neutron_ovs_service_name }}"
     state: started
     enabled: yes
-  tags:
-   - ovn-config
   when:
     - neutron_services['neutron-ovn-northd']['group'] in group_names
       or neutron_services['neutron-ovn-controller']['group'] in group_names
@@ -79,8 +77,6 @@
     name: "{{ neutron_ovn_northd_service_name }}"
     state: started
     enabled: yes
-  tags:
-   - ovn-config
   when:
     - neutron_services['neutron-ovn-northd']['group'] in group_names
 
@@ -89,8 +85,6 @@
     name: "{{ neutron_ovn_controller_service_name }}"
     state: started
     enabled: yes
-  tags:
-   - ovn-config
   when:
     - neutron_services['neutron-ovn-controller']['group'] in group_names
 

tasks/providers/ovs_config.yml

@@ -13,24 +13,28 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# This file is responsible for the L3 configuration
+- name: Setup Network Provider Bridges
-- name: Setup External Network Provider Bridge
   openvswitch_bridge:
-    bridge: "{{ neutron_provider_networks.network_mappings.split(':')[1] }}"
+    bridge: "{{ bridge_mapping.split(':')[1] }}"
     fail_mode: secure
     state: present
+  with_items: "{{ neutron_provider_networks.network_mappings.split(',') }}"
+  loop_control:
+    loop_var: bridge_mapping
   when:
     - neutron_services['neutron-openvswitch-agent']['group'] in group_names
     - neutron_plugin_type in ['ml2.ovs', 'ml2.ovs.dvr']
     - neutron_provider_networks.network_mappings is defined
 
-- name: Add port to External Network Provider Bridge
+- name: Add ports to Network Provider Bridges
   openvswitch_port:
-    bridge: "{{ neutron_provider_networks.network_mappings.split(':')[1] }}"
+    bridge: "{{ interface_mapping.split(':')[0] }}"
-    port: "{{ neutron_provider_networks.network_interface }}"
+    port: "{{ interface_mapping.split(':')[1] }}"
     state: present
+  with_items: "{{ neutron_provider_networks.network_interface_mappings.split(',') }}"
+  loop_control:
+    loop_var: interface_mapping
   when:
     - neutron_services['neutron-openvswitch-agent']['group'] in group_names
     - neutron_plugin_type in ['ml2.ovs', 'ml2.ovs.dvr']
-    - neutron_provider_networks.network_mappings is defined
+    - neutron_provider_networks.network_interface_mappings is defined and (neutron_provider_networks.network_interface_mappings|length > 0)
-    - neutron_provider_networks.network_interface is defined

tasks/providers/setup_ovs_ovn.yml

@@ -16,75 +16,73 @@
 
 - name: Set openvswitch hostname
   command: "ovs-vsctl set open_vswitch . external-ids:hostname='{{ ansible_hostname }}'"
-  tags:
-   - ovn-config
   when:
     - (neutron_services['neutron-ovn-northd']['group'] in group_names) or
       (neutron_services['neutron-ovn-controller']['group'] in group_names)
 
 - name: Create ovsdb-server Listener
   command: "ovs-vsctl set-manager ptcp:6640"
-  tags:
-   - ovn-config
   when:
     - neutron_services['neutron-ovn-northd']['group'] in group_names
 
 - name: Configure OVN Northbound Listener
   command: "ovn-nbctl set-connection ptcp:6641:0.0.0.0 -- set connection . inactivity_probe=60000"
-  tags:
-   - ovn-config
   when:
     - neutron_services['neutron-ovn-northd']['group'] in group_names
 
 - name: Configure OVN Southbound Listener
   command: "ovn-sbctl set-connection ptcp:6642:0.0.0.0 -- set connection . inactivity_probe=60000"
-  tags:
-   - ovn-config
   when:
     - neutron_services['neutron-ovn-northd']['group'] in group_names
 
 # (NOTE) This makes all computes eligible to be gateway nodes
 - name: Set CMS Options for Gateway Scheduling
   command: "ovs-vsctl set open . external-ids:ovn-cms-options=enable-chassis-as-gw"
-  tags:
-   - ovn-config
   when:
     - neutron_services['neutron-ovn-controller']['group'] in group_names
 
 - name: Configure OVN Southbound Connection
   command: "ovs-vsctl set open . external-ids:ovn-remote=tcp:{{ neutron_ovn_ip }}:6642"
-  tags:
-   - ovn-config
   when:
     - neutron_services['neutron-ovn-controller']['group'] in group_names
 
 # (todo) Dynamic encap type
 - name: Configure Supported OVN Overlay Protocols
   command: "ovs-vsctl set open . external-ids:ovn-encap-type=geneve,vxlan"
-  tags:
-   - ovn-config
   when:
     - neutron_services['neutron-ovn-controller']['group'] in group_names
 
 - name: Configure Encapsulation Address for Overlay Traffic
   command: "ovs-vsctl set open . external-ids:ovn-encap-ip={{ neutron_local_ip }}"
-  tags:
-   - ovn-config
   when:
     - neutron_services['neutron-ovn-controller']['group'] in group_names
 
-- name: Setup Network Provider Bridge
+- name: Setup Network Provider Bridges
   openvswitch_bridge:
-    bridge: "{{ neutron_provider_networks.network_mappings.split(':')[1] }}"
+    bridge: "{{ bridge_mapping.split(':')[1] }}"
     state: present
+  with_items: "{{ neutron_provider_networks.network_mappings.split(',') }}"
+  loop_control:
+    loop_var: bridge_mapping
   when:
     - neutron_services['neutron-ovn-controller']['group'] in group_names
     - neutron_provider_networks.network_mappings is defined
 
-- name: Set the Bridge Mappings
+- name: Add ports to Network Provider Bridges
+  openvswitch_port:
+    bridge: "{{ interface_mapping.split(':')[0] }}"
+    port: "{{ interface_mapping.split(':')[1] }}"
+    state: present
+  with_items: "{{ neutron_provider_networks.network_interface_mappings.split(',') }}"
+  loop_control:
+    loop_var: interface_mapping
+  when:
+    - neutron_services['neutron-ovn-controller']['group'] in group_names
+    - neutron_provider_networks.network_interface_mappings is defined and (neutron_provider_networks.network_interface_mappings|length > 0)
+
+- name: Set the OVN Bridge Mappings in OVS
   command: "ovs-vsctl set open . external-ids:ovn-bridge-mappings={{ neutron_provider_networks.network_mappings }}"
-  tags:
-  - ovn-config
   when:
     - neutron_provider_networks.network_mappings is defined
     - neutron_services['neutron-ovn-controller']['group'] in group_names
+