From 5016b3efafcb9bc00eb1156ec11cdf79ab0da3ff Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Tue, 6 Feb 2024 17:40:12 +0100
Subject: [PATCH] openvswitch: Set fail_mode to standalone for external bridges
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

That is the ovs-vsctl default but Ansible module is failing in
reconfigure step - and secure breaks external connectivity in
OVN.

From OVS docs:
fail_mode: optional string, either secure or standalone

When  a controller is configured, it is, ordinarily, responsible
for setting up all flows on the switch. Thus, if the  connection
to  the  controller fails, no new network connections can be set
up. If the connection to the controller stays down long  enough,
no  packets can pass through the switch at all. This setting de‐
termines the switch’s response to such a situation.  It  may  be
set to one of the following:

standalone
    If  no  message is received from the controller for three
    times  the  inactivity  probe  interval   (see   inactiv‐
    ity_probe), then Open vSwitch will take over responsibil‐
    ity for setting up flows.  In  this  mode,  Open  vSwitch
    causes  the  bridge  to act like an ordinary MAC-learning
    switch. Open vSwitch will continue to retry connecting to
    the controller in the background and, when the connection
    succeeds, it will discontinue its standalone behavior.

secure
    Open vSwitch will not set up flows on its  own  when  the
    controller  connection  fails  or when no controllers are
    defined. The bridge will continue to retry connecting  to
    any defined controllers forever.

The default is standalone if the value is unset, but future ver‐
sions of Open vSwitch may change the default.

Change-Id: Ica4dda2914113e8f8349e7227161cb81a02b33ee
---
 ansible/roles/openvswitch/tasks/post-config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/openvswitch/tasks/post-config.yml b/ansible/roles/openvswitch/tasks/post-config.yml
index 2c0b461065..68ad2b1450 100644
--- a/ansible/roles/openvswitch/tasks/post-config.yml
+++ b/ansible/roles/openvswitch/tasks/post-config.yml
@@ -26,7 +26,7 @@
     module_name: openvswitch_bridge
     module_args:
       bridge: "{{ item.0 }}"
-      fail_mode: secure
+      fail_mode: standalone
   loop:
     - "{{ neutron_bridge_name.split(',') }}"
   when: