258a0d6ec7
Not all clouds will provide us with MTUs of 1500. Instead of assuming a 1500 - 50 byte MTU to accomodate for vxlan overhead we list all interface MTUs, filter by those that appear to be "real" interfaces (to avoid those we ourselves may have created), take the smallest one and subtract it by 50 to accomodate for vxlan overhead. You can still set an explicitl bridge_mtu value if necessary. Change-Id: If899a1bee3b4b69df8c2905a219b41e119d8f652
77 lines
2.1 KiB
ReStructuredText
77 lines
2.1 KiB
ReStructuredText
Configures a VXLAN virtual network overlay through an openvswitch network
|
|
bridge between a 'switch' node and 'peer' nodes.
|
|
|
|
This allows members of the bridge to communicate with each other through the
|
|
virtual network.
|
|
|
|
By default, this role will:
|
|
|
|
- Install and start ``openvswitch``
|
|
- Set up a ``br-infra`` bridge on all nodes
|
|
- Set up the connectivity between the switch and the peer with a virtual port
|
|
- Set up an ip address on the bridge interface:
|
|
|
|
::
|
|
|
|
172.24.4.1/23 # switch node
|
|
172.41.4.2/23 # first peer
|
|
172.41.4.3/23 # second peer
|
|
...
|
|
|
|
**Role requirements**
|
|
|
|
This role requires and expects two groups to be set up in the Ansible host
|
|
inventory in order to work:
|
|
|
|
- ``switch`` (the node acting as the switch)
|
|
- ``peers`` (nodes connected to the virtual switch ports)
|
|
|
|
**Role variables**
|
|
|
|
.. zuul:rolevar:: bridge_vni_offset
|
|
:default: 1000000
|
|
|
|
VXLAN Network Identifier offset (openvswitch key).
|
|
|
|
.. zuul:rolevar:: bridge_mtu
|
|
:default: Smallest mtu less 50 bytes for vxlan overhead
|
|
|
|
Bridge interface MTU. By default we determine this value by checking
|
|
all interfaces on host, taking the smallest MTU and subtracting by
|
|
50 for vxlan overhead. Can be overridden explicitly if this does not
|
|
work.
|
|
|
|
.. zuul:rolevar:: bridge_name
|
|
:default: br-infra
|
|
|
|
Name of the bridge interface.
|
|
|
|
.. zuul:rolevar:: bridge_configure_address
|
|
:default: true
|
|
|
|
Whether or not to configure an IP address on the bridge interface.
|
|
|
|
.. zuul:rolevar:: bridge_authorize_internal_traffic
|
|
:default: false
|
|
|
|
When ``bridge_configure_address`` is ``true``, whether or not to set up
|
|
firewall rules in order to allow traffic to flow freely within the bridge
|
|
subnet (``bridge_address_prefix``.0/``bridge_address_subnet``).
|
|
|
|
.. zuul:rolevar:: bridge_address_prefix
|
|
:default: 172.24.4
|
|
|
|
The IP address range prefix.
|
|
|
|
.. zuul:rolevar:: bridge_address_offset
|
|
:default: 1
|
|
|
|
The IP address offset, used with ``bridge_address_prefix`` to provide the
|
|
full IP address. The initial offset defines the IP address of the switch
|
|
node in the virtual network.
|
|
|
|
.. zuul:rolevar:: bridge_address_subnet
|
|
:default: 23
|
|
|
|
The IP address range CIDR/subnet.
|