Configure access to physical network also with ML2/OVN backend
Neutron L3 module in Devstack has way to conigure access to physical
network on the node. It can put physical interface to the physical
bridge or, in case when such physical device isn't set, it creates
NAT rule in iptables.
There was missing the same operation for ML2/OVN backend as L3 agent is
not used there at all.
This patch adds the same to be done in both L3 agent and ovn_agent
modules.
Closes-Bug: #1939627
Change-Id: I9e558d1d5d3edbce9e7a025ba3c11267f1579820
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 791ff18..3196849 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -663,6 +663,27 @@
fi
}
+# _configure_public_network_connectivity() - Configures connectivity to the
+# external network using $PUBLIC_INTERFACE or NAT on the single interface
+# machines
+function _configure_public_network_connectivity {
+ # If we've given a PUBLIC_INTERFACE to take over, then we assume
+ # that we can own the whole thing, and privot it into the OVS
+ # bridge. If we are not, we're probably on a single interface
+ # machine, and we just setup NAT so that fixed guests can get out.
+ if [[ -n "$PUBLIC_INTERFACE" ]]; then
+ _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True False "inet"
+
+ if [[ $(ip -f inet6 a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then
+ _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False False "inet6"
+ fi
+ else
+ for d in $default_v4_route_devs; do
+ sudo iptables -t nat -A POSTROUTING -o $d -s $FLOATING_RANGE -j MASQUERADE
+ done
+ fi
+}
+
# cleanup_mutnauq() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_mutnauq {
diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent
index cfcb01e..1f737fb 100644
--- a/lib/neutron_plugins/ovn_agent
+++ b/lib/neutron_plugins/ovn_agent
@@ -266,6 +266,7 @@
# Create the public bridge that OVN will use
sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE -- set bridge $PUBLIC_BRIDGE protocols=OpenFlow13,OpenFlow15
sudo ovs-vsctl set open . external-ids:ovn-bridge-mappings=$PHYSICAL_NETWORK:$PUBLIC_BRIDGE
+ _configure_public_network_connectivity
}
function _disable_libvirt_apparmor {
diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index b6bc028..98b96ac 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3
@@ -123,21 +123,7 @@
neutron_plugin_configure_l3_agent $Q_L3_CONF_FILE
- # If we've given a PUBLIC_INTERFACE to take over, then we assume
- # that we can own the whole thing, and privot it into the OVS
- # bridge. If we are not, we're probably on a single interface
- # machine, and we just setup NAT so that fixed guests can get out.
- if [[ -n "$PUBLIC_INTERFACE" ]]; then
- _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True False "inet"
-
- if [[ $(ip -f inet6 a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then
- _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False False "inet6"
- fi
- else
- for d in $default_v4_route_devs; do
- sudo iptables -t nat -A POSTROUTING -o $d -s $FLOATING_RANGE -j MASQUERADE
- done
- fi
+ _configure_public_network_connectivity
}
# Explicitly set router id in l3 agent configuration