From 527c884c65b9a400745a7c59eca1927fdf4c4b0c Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 18 Dec 2023 23:29:58 +0900 Subject: [PATCH] Support IGMP flood options This introduces support for the IGMP flood options which were recently added to neutron. Depneds-on: https://review.opendev.org/901753 Change-Id: Ie96b879f350a5053d447a31cd258721343e20349 --- manifests/agents/ml2/ovs.pp | 34 ++++++++++++++----- manifests/server.pp | 34 ++++++++++++++----- .../igmp_flood-opts-6e9c329b001fd33d.yaml | 10 ++++++ spec/classes/neutron_agents_ml2_ovs_spec.rb | 19 +++++++++++ spec/classes/neutron_server_spec.rb | 19 +++++++++++ 5 files changed, 98 insertions(+), 18 deletions(-) create mode 100644 releasenotes/notes/igmp_flood-opts-6e9c329b001fd33d.yaml diff --git a/manifests/agents/ml2/ovs.pp b/manifests/agents/ml2/ovs.pp index 230a9096f..ae8645db3 100644 --- a/manifests/agents/ml2/ovs.pp +++ b/manifests/agents/ml2/ovs.pp @@ -192,15 +192,25 @@ # Defaults to $facts['os_service_default'] # # [*igmp_snooping_enable*] -# (Optional) Enable IGMP snooping for integration bridge. If this -# option is set to True, support for Internet Group Management -# Protocol (IGMP) is enabled in integration bridge. -# Setting this option to True will also enable Open vSwitch -# mcast-snooping-disable-flood-unregistered flag. This option will -# disable flooding of unregistered multicast packets to all ports. -# The switch will send unregistered multicast packets only to ports -# connected to multicast routers. This option is used by the ML2/OVS -# mechanism driver for Neutron. +# (Optional) Enable IGMP snooping for integration bridge. If this option is +# set to True, support for Internet Group Management Protocol (IGMP) is +# enabled in integration bridge. +# Defaults to $facts['os_service_default'] +# +# [*igmp_flood*] +# (Optional) Multicast packets (except reports) are unconditionally forwarded +# to the ports bridging a local network to a physical network. +# Defaults to $facts['os_service_default'] +# +# [*igmp_flood_reports*] +# (Optional) Multicast reports are unconditionally forwarded to the ports +# bridging a logical network to a physical network. +# Defaults to $facts['os_service_default'] +# +# [*igmp_flood_unregistered*] +# (Optional) This option enables or disables flooding of unregistered +# multicast packets to all ports. If False, the switch will send unregistered +# multicast packets only to ports connected to multicast routers. # Defaults to $facts['os_service_default'] # # [*resource_provider_bandwidths*] @@ -298,6 +308,9 @@ class neutron::agents::ml2::ovs ( $tunnel_csum = $facts['os_service_default'], $bridge_mac_table_size = $facts['os_service_default'], $igmp_snooping_enable = $facts['os_service_default'], + $igmp_flood = $facts['os_service_default'], + $igmp_flood_reports = $facts['os_service_default'], + $igmp_flood_unregistered = $facts['os_service_default'], $resource_provider_bandwidths = [], $resource_provider_packet_processing_without_direction = [], @@ -492,6 +505,9 @@ class neutron::agents::ml2::ovs ( 'securitygroup/permitted_ethertypes': value => join(any2array($permitted_ethertypes), ','); 'ovs/bridge_mac_table_size': value => $bridge_mac_table_size; 'ovs/igmp_snooping_enable': value => $igmp_snooping_enable; + 'ovs/igmp_flood': value => $igmp_flood; + 'ovs/igmp_flood_reports': value => $igmp_flood_reports; + 'ovs/igmp_flood_unregistered': value => $igmp_flood_unregistered; 'network_log/rate_limit': value => $network_log_rate_limit; 'network_log/burst_limit': value => $network_log_burst_limit; 'network_log/local_output_log_base': value => $network_log_local_output_log_base; diff --git a/manifests/server.pp b/manifests/server.pp index 0543859af..b9c9d2eef 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -219,15 +219,25 @@ # Defaults to $facts['os_service_default'] # # [*igmp_snooping_enable*] -# (Optional) Enable IGMP snooping for integration bridge. If this -# option is set to True, support for Internet Group Management -# Protocol (IGMP) is enabled in integration bridge. -# Setting this option to True will also enable Open vSwitch -# mcast-snooping-disable-flood-unregistered flag. This option will -# disable flooding of unregistered multicast packets to all ports. -# The switch will send unregistered multicast packets only to ports -# connected to multicast routers. This option is used by the ML2/OVN -# mechanism driver for Neutron. +# (Optional) Enable IGMP snooping for integration bridge. If this option is +# set to True, support for Internet Group Management Protocol (IGMP) is +# enabled in integration bridge. +# Defaults to $facts['os_service_default'] +# +# [*igmp_flood*] +# (Optional) Multicast packets (except reports) are unconditionally forwarded +# to the ports bridging a local network to a physical network. +# Defaults to $facts['os_service_default'] +# +# [*igmp_flood_reports*] +# (Optional) Multicast reports are unconditionally forwarded to the ports +# bridging a logical network to a physical network. +# Defaults to $facts['os_service_default'] +# +# [*igmp_flood_unregistered*] +# (Optional) This option enables or disables flooding of unregistered +# multicast packets to all ports. If False, the switch will send unregistered +# multicast packets only to ports connected to multicast routers. # Defaults to $facts['os_service_default'] # # DEPRECATED PARAMETERS @@ -277,6 +287,9 @@ class neutron::server ( $max_request_body_size = $facts['os_service_default'], $ovs_integration_bridge = $facts['os_service_default'], $igmp_snooping_enable = $facts['os_service_default'], + $igmp_flood = $facts['os_service_default'], + $igmp_flood_reports = $facts['os_service_default'], + $igmp_flood_unregistered = $facts['os_service_default'], # DEPRECATED PARAMETERS Boolean $ensure_vpnaas_package = false, ) inherits neutron::params { @@ -337,6 +350,9 @@ the neutron::services::vpnaas class.") 'ovs/integration_bridge': value => $ovs_integration_bridge; 'service_providers/service_provider': value => $service_providers; 'ovs/igmp_snooping_enable': value => $igmp_snooping_enable; + 'ovs/igmp_flood': value => $igmp_flood; + 'ovs/igmp_flood_reports': value => $igmp_flood_reports; + 'ovs/igmp_flood_unregistered': value => $igmp_flood_unregistered; } if $server_package { diff --git a/releasenotes/notes/igmp_flood-opts-6e9c329b001fd33d.yaml b/releasenotes/notes/igmp_flood-opts-6e9c329b001fd33d.yaml new file mode 100644 index 000000000..01fd6d3aa --- /dev/null +++ b/releasenotes/notes/igmp_flood-opts-6e9c329b001fd33d.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + The ``neutron::server`` class (for OVN mechansim driver) and + the ``neutron::agents::ml2::ovs`` class (for OVS mechanism driver) now + supports configuring the following igmp flood options. + + - ``igmp_flood`` + - ``igmp_flood_reports`` + - ``igmp_flood_unregistered`` diff --git a/spec/classes/neutron_agents_ml2_ovs_spec.rb b/spec/classes/neutron_agents_ml2_ovs_spec.rb index 149e90fb3..32ad271a9 100644 --- a/spec/classes/neutron_agents_ml2_ovs_spec.rb +++ b/spec/classes/neutron_agents_ml2_ovs_spec.rb @@ -70,6 +70,9 @@ describe 'neutron::agents::ml2::ovs' do should contain_neutron_agent_ovs('agent/vxlan_udp_port').with_ensure('absent') should contain_neutron_agent_ovs('ovs/bridge_mac_table_size').with_value('') should contain_neutron_agent_ovs('ovs/igmp_snooping_enable').with_value('') + should contain_neutron_agent_ovs('ovs/igmp_flood').with_value('') + should contain_neutron_agent_ovs('ovs/igmp_flood_reports').with_value('') + should contain_neutron_agent_ovs('ovs/igmp_flood_unregistered').with_value('') should contain_neutron_agent_ovs('ovs/resource_provider_bandwidths').\ with_value('') should contain_neutron_agent_ovs('ovs/resource_provider_hypervisors').\ @@ -533,6 +536,22 @@ describe 'neutron::agents::ml2::ovs' do end end + context 'with IGMP flood enabled' do + before :each do + params.merge!({ + :igmp_flood => true, + :igmp_flood_reports => true, + :igmp_flood_unregistered => true, + }) + end + + it 'configure neutron/plugins/ml2/ml2_conf.ini' do + should contain_neutron_agent_ovs('ovs/igmp_flood').with_value(true) + should contain_neutron_agent_ovs('ovs/igmp_flood_reports').with_value(true) + should contain_neutron_agent_ovs('ovs/igmp_flood_unregistered').with_value(true) + end + end + context 'with direct output enabled for egress flows' do before :each do params.merge!(:explicitly_egress_direct => true) diff --git a/spec/classes/neutron_server_spec.rb b/spec/classes/neutron_server_spec.rb index bf8a2bf74..9de5aa999 100644 --- a/spec/classes/neutron_server_spec.rb +++ b/spec/classes/neutron_server_spec.rb @@ -90,6 +90,9 @@ describe 'neutron::server' do ) should contain_neutron_config('ovs/integration_bridge').with_value('') should contain_neutron_config('ovs/igmp_snooping_enable').with_value('') + should contain_neutron_config('ovs/igmp_flood').with_value('') + should contain_neutron_config('ovs/igmp_flood_reports').with_value('') + should contain_neutron_config('ovs/igmp_flood_unregistered').with_value('') end context 'with manage_service as false' do @@ -339,6 +342,22 @@ describe 'neutron::server' do end end + context 'with IGMP flood enabled' do + before :each do + params.merge!({ + :igmp_flood => true, + :igmp_flood_reports => true, + :igmp_flood_unregistered => true, + }) + end + + it 'configure neutron.conf' do + should contain_neutron_config('ovs/igmp_flood').with_value(true) + should contain_neutron_config('ovs/igmp_flood_reports').with_value(true) + should contain_neutron_config('ovs/igmp_flood_unregistered').with_value(true) + end + end + context 'with VPNaaS package installation' do before do params.merge!(