# {{ ansible_managed }}

# ML2 general
[ml2]
type_drivers = {{ neutron_plugins[neutron_plugin_type].drivers_type }}
tenant_network_types = {{ neutron_provider_networks.network_types if neutron_provider_networks.network_types != '' else 'local' }}
mechanism_drivers = {{ neutron_ml2_mechanism_drivers }}
extension_drivers = port_security{% if 'qos' in neutron_plugin_base %},qos{% endif %}{% if 'dns' in neutron_plugin_base %},dns{% endif %}{% if 'dns_domain_ports' in neutron_plugin_base %},dns_domain_ports{% endif %}{% if 'subnet_dns_publish_fixed_ip' in neutron_plugin_base %},subnet_dns_publish_fixed_ip{% endif %}{% if 'dns_domain_keywords' in neutron_plugin_base %},dns_domain_keywords{% endif %}

{% if neutron_provider_networks.network_flat_networks is defined %}

# ML2 flat networks
[ml2_type_flat]
flat_networks = {{ neutron_provider_networks.network_flat_networks }}

{% endif %}

{% if neutron_provider_networks.network_vlan_ranges is defined %}

# ML2 VLAN networks
[ml2_type_vlan]
network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }}

{% endif %}

{% if neutron_provider_networks.network_vxlan_ranges is defined %}

# ML2 VXLAN networks
[ml2_type_vxlan]
vxlan_group = {{ neutron_vxlan_group }}
vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }}

{% endif %}

{% if neutron_provider_networks.network_geneve_ranges is defined %}

[ml2_type_geneve]
vni_ranges = {{ neutron_provider_networks.network_geneve_ranges }}
max_header_size = 38

{% endif %}

{% if neutron_plugin_type == 'ml2.ovn' %}
{%   if (neutron_services['neutron-server']['group'] in group_names or neutron_services['neutron-ovn-controller']['group'] in group_names) %}
[ovn]
ovn_native_dhcp = True
ovn_nb_connection = {{ neutron_ovn_nb_connection }}
ovn_sb_connection = {{ neutron_ovn_sb_connection }}
ovn_l3_scheduler = {{ neutron_ovn_l3_scheduler }}
enable_distributed_floating_ip = {{ neutron_ovn_distributed_fip }}
ovn_metadata_enabled = True
{%   endif %}
{%   if neutron_ovn_ssl and (neutron_services['neutron-server']['group'] in group_names or neutron_services['neutron-ovn-controller']['group'] in group_names) %}
ovn_sb_ca_cert={{ [neutron_conf_version_dir, neutron_ovn_ssl_ca_cert] | join('/') }}
ovn_sb_certificate={{ [neutron_conf_version_dir, neutron_ovn_ssl_cert] | join('/') }}
ovn_sb_private_key={{ [neutron_conf_version_dir, neutron_ovn_ssl_key] | join('/') }}
ovn_nb_ca_cert={{ [neutron_conf_version_dir, neutron_ovn_ssl_ca_cert] | join('/') }}
ovn_nb_certificate={{ [neutron_conf_version_dir, neutron_ovn_ssl_cert] | join('/') }}
ovn_nb_private_key={{ [neutron_conf_version_dir, neutron_ovn_ssl_key] | join('/') }}
{%   endif %}
{% endif %}
# Security groups
[securitygroup]
enable_security_group = True
enable_ipset = True