From f6eefdf38860928ebbccca9eb40dfb0db4f0de1a Mon Sep 17 00:00:00 2001
From: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Date: Wed, 31 May 2017 17:51:09 +0300
Subject: [PATCH] Add flag to allow provider networks

In case of provider networks we need to configure external bridge
on compute nodes, like it is done in DVR. The only way to tell
if provider networks are to be used is a new flag.

Change-Id: I1aef197ee2b84e28f2131f058e6995551f873fe1
Closes-Bug: #1694726
---
 ansible/group_vars/all.yml                       |  3 +++
 ansible/roles/neutron/templates/ml2_conf.ini.j2  |  2 +-
 ansible/roles/openvswitch/handlers/main.yml      |  2 +-
 doc/networking-guide.rst                         | 16 ++++++++++++++++
 ...g-for-provider-networks-3fb5de28ba89b128.yaml | 13 +++++++++++++
 5 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/add-flag-for-provider-networks-3fb5de28ba89b128.yaml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 4be4bfaae9..9657cc1804 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -353,6 +353,7 @@ enable_neutron_fwaas: "no"
 enable_neutron_qos: "no"
 enable_neutron_agent_ha: "no"
 enable_neutron_bgp_dragent: "no"
+enable_neutron_provider_networks: "no"
 enable_nova_serialconsole_proxy: "no"
 enable_octavia: "no"
 enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}"
@@ -498,6 +499,8 @@ designate_ns_record: "sample.openstack.org"
 neutron_bgp_router_id: "1.1.1.1"
 neutron_bridge_name: "br-ex"
 
+computes_need_external_bridge: "{{ enable_neutron_dvr | bool or enable_neutron_provider_networks | bool }}"
+
 #######################
 # Nova options
 #######################
diff --git a/ansible/roles/neutron/templates/ml2_conf.ini.j2 b/ansible/roles/neutron/templates/ml2_conf.ini.j2
index b18e822a6e..6f905248c7 100644
--- a/ansible/roles/neutron/templates/ml2_conf.ini.j2
+++ b/ansible/roles/neutron/templates/ml2_conf.ini.j2
@@ -59,7 +59,7 @@ extensions = qos
 {% endif %}
 
 [ovs]
-{% if inventory_hostname in groups["network"] or (inventory_hostname in groups["compute"] and enable_neutron_dvr | bool) %}
+{% if inventory_hostname in groups["network"] or (inventory_hostname in groups["compute"] and computes_need_external_bridge ) %}
 bridge_mappings = {% for bridge in neutron_bridge_name.split(',') %}physnet{{ loop.index0 + 1 }}:{{ bridge }}{% if not loop.last %},{% endif %}{% endfor %}
 {% endif %}
 
diff --git a/ansible/roles/openvswitch/handlers/main.yml b/ansible/roles/openvswitch/handlers/main.yml
index 7e4a720b87..155536d836 100644
--- a/ansible/roles/openvswitch/handlers/main.yml
+++ b/ansible/roles/openvswitch/handlers/main.yml
@@ -36,7 +36,7 @@
   changed_when: status.stdout.find('changed') != -1
   when:
     - inventory_hostname in groups["network"]
-      or (inventory_hostname in groups["compute"] and enable_neutron_dvr | bool)
+      or (inventory_hostname in groups["compute"] and computes_need_external_bridge)
   with_together:
     - "{{ neutron_bridge_name.split(',') }}"
     - "{{ neutron_external_interface.split(',') }}"
diff --git a/doc/networking-guide.rst b/doc/networking-guide.rst
index e9542725f3..e4db822f5c 100644
--- a/doc/networking-guide.rst
+++ b/doc/networking-guide.rst
@@ -1,5 +1,21 @@
 .. _networking-guide:
 
+============================
+Enabling Provider Networks
+============================
+Provider networks allow to connect compute instances directly to physical networks avoiding tunnels.
+This is necessary for example for some performance critical applications. Only administrators of
+OpenStack can create such networks. For provider networks compute hosts must have external bridge
+created and configured by Ansible tasks like it is already done for tenant DVR mode networking.
+Normal tenant non-DVR networking does not need external bridge on compute hosts and therefore
+operators don't need additional dedicated network interface.
+
+To enable provider networks modify the configuration file ``/etc/kolla/globals.yml``:
+
+::
+
+    enable_neutron_provider_networks: "yes"
+
 ============================
 Enabling Neutron Extensions
 ============================
diff --git a/releasenotes/notes/add-flag-for-provider-networks-3fb5de28ba89b128.yaml b/releasenotes/notes/add-flag-for-provider-networks-3fb5de28ba89b128.yaml
new file mode 100644
index 0000000000..61b4c44553
--- /dev/null
+++ b/releasenotes/notes/add-flag-for-provider-networks-3fb5de28ba89b128.yaml
@@ -0,0 +1,13 @@
+---
+features:
+  - |
+    Add a new flag to explicitly enable provider networks, i.e. networks where
+    instances directly connect to the physical networks (flat,VLAN). In such
+    cases external bridges must be configured on compute nodes, like it is done
+    for self-service (tenant manageable) networks in DVR mode. Otherwise this flag
+    allows to avoid unnecessary interface and bridge setup on compute nodes
+    in case of tenant networks in non-DVR mode.
+upgrade:
+  - |
+    By default this flag is disabled. If provider networks were used in previous
+    releases please set 'enable_neutron_provider_networks' property to 'yes'.