From f9ccc5c7095c53458014f099a2eb07dc1ef94220 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@citynetwork.eu>
Date: Fri, 23 Dec 2022 19:19:03 +0100
Subject: [PATCH] [doc] Add example on how to provision LXC bridges with OSA

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/868534
Change-Id: Ia05e327a70429b5e4d2947b8e0d08232f50152ac
---
 doc/source/user/network-arch/example.rst | 58 ++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

diff --git a/doc/source/user/network-arch/example.rst b/doc/source/user/network-arch/example.rst
index 417b3d8432..6d5497d1d7 100644
--- a/doc/source/user/network-arch/example.rst
+++ b/doc/source/user/network-arch/example.rst
@@ -70,6 +70,64 @@ the ``etc/network`` and ``etc/netplan`` for ubuntu systems, and it is
 expected that these will need adjustment for the specific requirements
 of each deployment.
 
+If you want to delegate management of network bridges and interfaces to
+OpenStack-Ansible, you can define variables
+``openstack_hosts_systemd_networkd_devices`` and
+``openstack_hosts_systemd_networkd_networks`` in `group_vars/lxc_hosts`,
+for example:
+
+.. code-block:: yaml
+
+  openstack_hosts_systemd_networkd_devices:
+    - NetDev:
+        Name: vlan-mgmt
+        Kind: vlan
+      VLAN:
+        Id: 10
+    - NetDev:
+        Name: "{{ management_bridge }}"
+        Kind: bridge
+      Bridge:
+        ForwardDelaySec: 0
+        HelloTimeSec: 2
+        MaxAgeSec: 12
+        STP: off
+
+  openstack_hosts_systemd_networkd_networks:
+    - interface: "vlan-mgmt"
+      bridge: "{{ management_bridge }}"
+    - interface: "{{ management_bridge }}"
+      address: "{{ management_address }}"
+      netmask: "255.255.252.0"
+      gateway: "172.29.236.1"
+    - interface: "eth0"
+      vlan:
+        - "vlan-mgmt"
+      # NOTE: `05` is prefixed to filename to have precedence over netplan
+      filename: 05-lxc-net-eth0
+      address: "{{ ansible_facts['eth0']['ipv4']['address'] }}"
+      netmask: "{{ ansible_facts['eth0']['ipv4']['netmask'] }}"
+
+If you need to run some pre/post hooks for interfaces, you will need to
+configure a systemd service for that. It can be done using variable
+``openstack_hosts_systemd_services``, like that:
+
+.. code-block:: yaml
+
+  openstack_hosts_systemd_services:
+    - service_name: "{{ management_bridge }}-hook"
+      state: started
+      enabled: yes
+      service_type: oneshot
+      execstarts:
+        - /bin/bash -c "/bin/echo 'management bridge is available'"
+      config_overrides:
+        Unit:
+          Wants: network-online.target
+          After: "{{ sys-subsystem-net-devices-{{ management_bridge }}.device }}"
+          BindsTo: "{{ sys-subsystem-net-devices-{{ management_bridge }}.device }}"
+
+
 Single interface or bond
 ------------------------