lxc
diff --git a/‎ansible/books/ovn.yaml
-418 b/‎ansible/books/ovn.yaml
-418
diff --git a/‎ansible/files/ovn/alias.sh.tpl
-9 b/‎ansible/files/ovn/alias.sh.tpl
-9
diff --git a/‎ansible/files/ovn/ovn-central.tpl
-22 b/‎ansible/files/ovn/ovn-central.tpl
-22
diff --git a/‎ansible/files/ovn/ovn-ic.tpl
-24 b/‎ansible/files/ovn/ovn-ic.tpl
-24
diff --git a/‎roles/ovn/defaults/main.yaml
+7 b/‎roles/ovn/defaults/main.yaml
+7
diff --git a/‎ansible/files/ovn/ovn-ppa.asc ‎roles/ovn/files/ovn-ppa.asc b/‎ansible/files/ovn/ovn-ppa.asc ‎roles/ovn/files/ovn-ppa.asc
diff --git a/‎roles/ovn/handlers/main.yaml
+87 b/‎roles/ovn/handlers/main.yaml
+87
@@ -0,0 +1,7 @@
+---
+ovn_clients: []
+ovn_name: ''
+ovn_roles: []
+ovn_release: 'distro'
+ovn_ip_address: "{{ ansible_default_ipv6['address'] | default(ansible_default_ipv4['address']) }}"
+ovn_az_name: ''
@@ -0,0 +1,87 @@
+---
+- name: Update apt
+  apt:
+    force_apt_get: yes
+    update_cache: yes
+    cache_valid_time: 0
+
+- name: Configure OVS
+  shell: ovs-vsctl set open_vswitch . external_ids:hostname={{ inventory_hostname }} external_ids:ovn-remote={{ ovn_central_southbound }} external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip={{ ovn_ip_address }}
+
+- name: Enable OVN IC gateway
+  shell:
+    cmd: "ovs-vsctl set open_vswitch . external_ids:ovn-is-interconn=true"
+  when: '"ic-gateway" in ovn_roles'
+
+- name: Configure OVN central northbound DB for SSL (certs)
+  shell:
+    cmd: "ovn-nbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
+  when: '"central" in ovn_roles'
+
+- name: Configure OVN central northbound DB for SSL (ports)
+  shell:
+    cmd: "ovn-nbctl set-connection pssl:6641:[::]"
+  when: '"central" in ovn_roles'
+
+- name: Configure OVN central southbound DB for SSL (certs)
+  shell:
+    cmd: "ovn-sbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
+  when: '"central" in ovn_roles'
+
+- name: Configure OVN central southbound DB for SSL (ports)
+  shell:
+    cmd: "ovn-sbctl set-connection pssl:6642:[::]"
+  when: '"central" in ovn_roles'
+
+- name: Configure OVN IC northbound DB for SSL (certs)
+  shell:
+    cmd: "ovn-ic-nbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
+  when: '"ic-db" in ovn_roles'
+
+- name: Configure OVN IC northbound DB for SSL (ports)
+  shell:
+    cmd: "ovn-ic-nbctl set-connection pssl:6645:[::]"
+  when: '"ic-db" in ovn_roles'
+
+- name: Configure OVN IC southbound DB for SSL (certs)
+  shell:
+    cmd: "ovn-ic-sbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
+  when: '"ic-db" in ovn_roles'
+
+- name: Configure OVN IC southbound DB for SSL (ports)
+  shell:
+    cmd: "ovn-ic-sbctl set-connection pssl:6646:[::]"
+  when: '"ic-db" in ovn_roles'
+
+- name: Restart OVN central
+  systemd:
+    name: ovn-central.service
+    state: restarted
+
+- name: Restart OVN host
+  systemd:
+    name: ovn-host.service
+    state: restarted
+
+- name: Restart OVN IC
+  systemd:
+    daemon_reload: true
+    name: ovn-ic.service
+    state: restarted
+  when: '"ic" in ovn_roles'
+
+- name: Restart OVN IC databases
+  systemd:
+    name: ovn-ic-db.service
+    state: restarted
+  when: '"ic-db" in ovn_roles'
+
+- name: Configure OVN AZ name
+  shell:
+    cmd: "ovn-nbctl --db={{ ovn_central_northbound }} -c /etc/ovn/{{ ovn_name }}.server.crt -p /etc/ovn/{{ ovn_name }}.server.key -C /etc/ovn/{{ ovn_name }}.ca.crt set NB_Global . name={{ ovn_az_name }}"
+  when: '"central" in ovn_roles and ovn_az_name'
+
+- name: Enable OVN IC route sharing
+  shell:
+    cmd: "ovn-nbctl --db={{ ovn_central_northbound }} -c /etc/ovn/{{ ovn_name }}.server.crt -p /etc/ovn/{{ ovn_name }}.server.key -C /etc/ovn/{{ ovn_name }}.ca.crt set NB_Global . options:ic-route-adv=true options:ic-route-learn=true"
+  when: '"central" in ovn_roles and ovn_az_name'