OVN: Open Virtual Network as a guest network provider

api/src/main/java/com/cloud/network/Network.java

@@ -207,6 +207,7 @@ public static class Provider {
 
         public static final Provider Nsx = new Provider("Nsx", false);
         public static final Provider Netris = new Provider("Netris", false);
+        public static final Provider Ovn = new Provider("Ovn", false);
 
         private final String name;
         private final boolean isExternal;

api/src/main/java/com/cloud/network/Networks.java

@@ -130,7 +130,8 @@ public <T> URI toUri(T value) {
         OpenDaylight("opendaylight", String.class),
         TUNGSTEN("tf", String.class),
         NSX("nsx", String.class),
-        Netris("netris", String.class);
+        Netris("netris", String.class),
+        OVN("ovn", String.class);
 
         private final String scheme;
         private final Class<?> type;

api/src/main/java/com/cloud/network/ovn/OvnProvider.java

@@ -0,0 +1,33 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.ovn;
+
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+public interface OvnProvider extends InternalIdentity, Identity {
+    long getZoneId();
+    Long getHostId();
+    String getName();
+    String getNbConnection();
+    String getSbConnection();
+    String getCaCertPath();
+    String getClientCertPath();
+    String getClientPrivateKeyPath();
+    String getExternalBridge();
+    String getLocalnetName();
+}

api/src/main/java/com/cloud/network/ovn/OvnService.java

@@ -0,0 +1,34 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.ovn;
+
+/**
+ * Service boundary for CloudStack's native OVN integration.
+ */
+public interface OvnService {
+    String getLogicalSwitchName(long networkId);
+    String getLogicalRouterName(long vpcId);
+    String getLogicalSwitchPortName(long nicId);
+    boolean isValidConnectionString(String connection);
+
+    /**
+     * Opens a transient connection to the OVN Northbound endpoint described by the arguments,
+     * runs an OVSDB echo and confirms the OVN_Northbound database is advertised. Throws a
+     * {@link com.cloud.utils.exception.CloudRuntimeException} on any failure, leaving no resources behind.
+     */
+    void verifyNbConnection(String nbConnection, String caCertPath, String clientCertPath, String clientPrivateKeyPath);
+}

api/src/main/java/com/cloud/network/vpc/VpcOffering.java

@@ -34,6 +34,7 @@ public enum State {
     public static final String DEFAULT_VPC_ROUTE_NSX_OFFERING_NAME = "VPC offering with NSX - Route Mode";
     public static final String DEFAULT_VPC_ROUTE_NETRIS_OFFERING_NAME = "VPC offering with Netris - Route Mode";
     public static final String DEFAULT_VPC_NAT_NETRIS_OFFERING_NAME = "VPC offering with Netris - NAT Mode";
+    public static final String DEFAULT_VPC_NAT_OVN_OFFERING_NAME = "VPC offering with OVN - NAT Mode";
 
     /**
      *

api/src/main/java/com/cloud/offering/NetworkOffering.java

@@ -66,6 +66,8 @@ enum RoutingMode {
     public static final String DEFAULT_ROUTED_NSX_OFFERING_FOR_VPC = "DefaultRoutedNSXNetworkOfferingForVpc";
     public static final String DEFAULT_ROUTED_NETRIS_OFFERING_FOR_VPC = "DefaultRoutedNetrisNetworkOfferingForVpc";
     public static final String DEFAULT_NAT_NETRIS_OFFERING_FOR_VPC = "DefaultNATNetrisNetworkOfferingForVpc";
+    public static final String DEFAULT_NAT_OVN_OFFERING = "DefaultNATOVNNetworkOffering";
+    public static final String DEFAULT_NAT_OVN_OFFERING_FOR_VPC = "DefaultNATOVNNetworkOfferingForVpc";
     public static final String DEFAULT_NAT_NSX_OFFERING = "DefaultNATNSXNetworkOffering";
     public static final String DEFAULT_ROUTED_NSX_OFFERING = "DefaultRoutedNSXNetworkOffering";
     public final static String QuickCloudNoServices = "QuickCloudNoServices";

api/src/main/java/org/apache/cloudstack/api/ApiConstants.java

@@ -1036,6 +1036,13 @@ public class ApiConstants {
 
     public static final String NSX_PROVIDER_PORT = "nsxproviderport";
     public static final String NSX_CONTROLLER_ID = "nsxcontrollerid";
+    public static final String OVN_NB_CONNECTION = "ovnnbconnection";
+    public static final String OVN_SB_CONNECTION = "ovnsbconnection";
+    public static final String OVN_CA_CERT_PATH = "ovncacertpath";
+    public static final String OVN_CLIENT_CERT_PATH = "ovnclientcertpath";
+    public static final String OVN_CLIENT_PRIVATE_KEY_PATH = "ovnclientprivatekeypath";
+    public static final String OVN_EXTERNAL_BRIDGE = "ovnexternalbridge";
+    public static final String OVN_LOCALNET_NAME = "ovnlocalnetname";
     public static final String S3_ACCESS_KEY = "accesskey";
     public static final String SECRET_KEY = "secretkey";
     public static final String S3_END_POINT = "endpoint";
@@ -1307,6 +1314,7 @@ public class ApiConstants {
     public static final String HAS_RULES = "hasrules";
     public static final String NSX_DETAIL_KEY = "forNsx";
     public static final String NETRIS_DETAIL_KEY = "forNetris";
+    public static final String OVN_DETAIL_KEY = "forOvn";
     public static final String NETRIS_TAG = "netristag";
     public static final String NETRIS_VXLAN_ID = "netrisvxlanid";
     public static final String NETRIS_URL = "netrisurl";

api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreatePhysicalNetworkCmd.java

@@ -75,7 +75,7 @@ public class CreatePhysicalNetworkCmd extends BaseAsyncCreateCmd {
     @Parameter(name = ApiConstants.ISOLATION_METHODS,
                type = CommandType.LIST,
                collectionType = CommandType.STRING,
-               description = "The isolation method for the physical Network[VLAN/VXLAN/GRE/STT/BCF_SEGMENT/SSP/ODL/L3VPN/VCS/NSX/NETRIS]")
+               description = "The isolation method for the physical Network[VLAN/VXLAN/GRE/STT/BCF_SEGMENT/SSP/ODL/L3VPN/VCS/NSX/NETRIS/OVN]")
     private List<String> isolationMethods;
 
     @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "The name of the physical Network")

api/src/main/java/org/apache/cloudstack/api/command/admin/network/NetworkOfferingBaseCmd.java

@@ -55,6 +55,7 @@
 import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNsxWithoutLb;
 import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNetrisNatted;
 import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNetrisRouted;
+import static org.apache.cloudstack.api.command.utils.OfferingUtils.isOvnProvider;
 
 public abstract class NetworkOfferingBaseCmd extends BaseCmd {
 
@@ -249,7 +250,7 @@ public Long getServiceOfferingId() {
     }
 
     public boolean isExternalNetworkProvider() {
-        return Arrays.asList("NSX", "Netris").stream()
+        return Arrays.asList("NSX", "Netris", "OVN").stream()
                 .anyMatch(s -> provider != null && s.equalsIgnoreCase(provider));
     }
 
@@ -271,16 +272,18 @@ public List<String> getSupportedServices() {
         } else {
             List<String> services = new ArrayList<>(List.of(
                     Dhcp.getName(),
-                    Dns.getName(),
-                    UserData.getName()
+                    Dns.getName()
             ));
+            if (!isOvnProvider(getProvider())) {
+                services.add(UserData.getName());
+            }
             if (NetworkOffering.NetworkMode.NATTED.name().equalsIgnoreCase(getNetworkMode())) {
                 services.addAll(Arrays.asList(
                         StaticNat.getName(),
                         SourceNat.getName(),
                         PortForwarding.getName()));
             }
-            if (getNsxSupportsLbService() || (provider != null && isNetrisNatted(getProvider(), getNetworkMode()))) {
+            if (getNsxSupportsLbService() || (provider != null && (isNetrisNatted(getProvider(), getNetworkMode()) || isOvnProvider(getProvider())))) {
                 services.add(Lb.getName());
             }
             if (Boolean.TRUE.equals(forVpc)) {
@@ -374,7 +377,7 @@ private void getServiceProviderMapForExternalProvider(Map<String, List<String>>
         String routerProvider = Boolean.TRUE.equals(getForVpc()) ? VirtualRouterProvider.Type.VPCVirtualRouter.name() :
                 VirtualRouterProvider.Type.VirtualRouter.name();
         List<String> unsupportedServices = new ArrayList<>(List.of("Vpn", "Gateway", "SecurityGroup", "Connectivity", "BaremetalPxeService"));
-        List<String> routerSupported = List.of("Dhcp", "Dns", "UserData");
+        List<String> routerSupported = isOvnProvider(provider) ? List.of() : List.of("Dhcp", "Dns", "UserData");
         List<String> allServices = Network.Service.listAllServices().stream().map(Network.Service::getName).collect(Collectors.toList());
         if (routerProvider.equals(VirtualRouterProvider.Type.VPCVirtualRouter.name())) {
             unsupportedServices.add("Firewall");
@@ -386,6 +389,9 @@ private void getServiceProviderMapForExternalProvider(Map<String, List<String>>
                 continue;
             if (routerSupported.contains(service))
                 serviceProviderMap.put(service, List.of(routerProvider));
+            else if (isOvnProvider(provider) && (Dhcp.getName().equalsIgnoreCase(service) || Dns.getName().equalsIgnoreCase(service))) {
+                serviceProviderMap.put(service, List.of(provider));
+            }
             else if (NetworkOffering.NetworkMode.NATTED.name().equalsIgnoreCase(getNetworkMode()) || NetworkACL.getName().equalsIgnoreCase(service)) {
                 serviceProviderMap.put(service, List.of(provider));
             }

api/src/main/java/org/apache/cloudstack/api/command/admin/vpc/CreateVPCOfferingCmd.java

@@ -64,6 +64,7 @@
 import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNetrisNatted;
 import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNetrisRouted;
 import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNsxWithoutLb;
+import static org.apache.cloudstack.api.command.utils.OfferingUtils.isOvnProvider;
 
 @APICommand(name = "createVPCOffering", description = "Creates VPC offering", responseObject = VpcOfferingResponse.class,
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
@@ -179,7 +180,7 @@ public String getDisplayText() {
     }
 
     public boolean isExternalNetworkProvider() {
-        return Arrays.asList("NSX", "Netris").stream()
+        return Arrays.asList("NSX", "Netris", "OVN").stream()
                 .anyMatch(s -> provider != null && s.equalsIgnoreCase(provider));
     }
 
@@ -189,9 +190,11 @@ public List<String> getSupportedServices() {
             supportedServices = new ArrayList<>(List.of(
                     Dhcp.getName(),
                     Dns.getName(),
-                    NetworkACL.getName(),
-                    UserData.getName()
+                    NetworkACL.getName()
                     ));
+            if (!isOvnProvider(getProvider())) {
+                supportedServices.add(UserData.getName());
+            }
             if (NetworkOffering.NetworkMode.NATTED.name().equalsIgnoreCase(getNetworkMode())) {
                 supportedServices.addAll(Arrays.asList(
                         StaticNat.getName(),
@@ -201,7 +204,7 @@ public List<String> getSupportedServices() {
             if (NetworkOffering.NetworkMode.ROUTED.name().equalsIgnoreCase(getNetworkMode())) {
                 supportedServices.add(Gateway.getName());
             }
-            if (getNsxSupportsLbService() || isNetrisNatted(getProvider(), getNetworkMode())) {
+            if (getNsxSupportsLbService() || isNetrisNatted(getProvider(), getNetworkMode()) || isOvnProvider(getProvider())) {
                 supportedServices.add(Lb.getName());
             }
         }
@@ -252,13 +255,16 @@ private void getServiceProviderMapForExternalProvider(Map<String, List<String>>
         if (NetworkOffering.NetworkMode.NATTED.name().equalsIgnoreCase(getNetworkMode())) {
             unsupportedServices.add("Gateway");
         }
-        List<String> routerSupported = List.of("Dhcp", "Dns", "UserData");
+        List<String> routerSupported = isOvnProvider(provider) ? List.of() : List.of("Dhcp", "Dns", "UserData");
         List<String> allServices = Network.Service.listAllServices().stream().map(Network.Service::getName).collect(Collectors.toList());
         for (String service : allServices) {
             if (unsupportedServices.contains(service))
                 continue;
             if (routerSupported.contains(service))
                 serviceProviderMap.put(service, List.of(VirtualRouterProvider.Type.VPCVirtualRouter.name()));
+            else if (isOvnProvider(provider) && (Dhcp.getName().equalsIgnoreCase(service) || Dns.getName().equalsIgnoreCase(service))) {
+                serviceProviderMap.put(service, List.of(provider));
+            }
             else if (NetworkOffering.NetworkMode.NATTED.name().equalsIgnoreCase(getNetworkMode()) ||
                     Stream.of(NetworkACL.getName(), Gateway.getName()).anyMatch(s -> s.equalsIgnoreCase(service))) {
                 serviceProviderMap.put(service, List.of(provider));

api/src/main/java/org/apache/cloudstack/api/command/utils/OfferingUtils.java

@@ -35,4 +35,8 @@ public static boolean isNsxWithoutLb(String provider, boolean nsxSupportsLbServi
     public static boolean isNetrisRouted(String provider, String networkMode) {
         return "Netris".equalsIgnoreCase(provider) && NetworkOffering.NetworkMode.ROUTED.name().equalsIgnoreCase(networkMode);
     }
+
+    public static boolean isOvnProvider(String provider) {
+        return "Ovn".equalsIgnoreCase(provider);
+    }
 }

client/pom.xml

@@ -306,6 +306,11 @@
             <artifactId>cloud-plugin-network-opendaylight</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.cloudstack</groupId>
+            <artifactId>cloud-plugin-network-ovn</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.cloudstack</groupId>
             <artifactId>cloud-plugin-network-vcs</artifactId>

engine/api/src/main/java/com/cloud/vm/VirtualMachineGuru.java

@@ -88,7 +88,7 @@ public static String getEncodedString(String certificate) {
         return Base64.getEncoder().encodeToString(certificate.replace("\n", KeyStoreUtils.CERT_NEWLINE_ENCODER).replace(" ", KeyStoreUtils.CERT_SPACE_ENCODER).getBytes(StandardCharsets.UTF_8));
     }
 
-    static void appendCertificateDetails(StringBuilder buf, Certificate certificate) {
+    public static void appendCertificateDetails(StringBuilder buf, Certificate certificate) {
         try {
             buf.append(" certificate=").append(getEncodedString(CertUtils.x509CertificateToPem(certificate.getClientCertificate())));
             buf.append(" cacertificate=").append(getEncodedString(CertUtils.x509CertificatesToPem(certificate.getCaCertificates())));

engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java

@@ -114,6 +114,9 @@ public interface NetworkOrchestrationService {
 
     ConfigKey<Boolean> NETRIS_ENABLED = new ConfigKey<>(Boolean.class, "netris.plugin.enable", "Advanced", "false",
             "Indicates whether to enable the Netris plugin", false, ConfigKey.Scope.Zone, null);
+
+    ConfigKey<Boolean> OVN_ENABLED = new ConfigKey<>(Boolean.class, "ovn.plugin.enable", "Advanced", "false",
+            "Indicates whether to enable the OVN plugin", false, ConfigKey.Scope.Zone, null);
     ConfigKey<Integer> NETWORK_LB_HAPROXY_MAX_CONN = new ConfigKey<>(
                     "Network",
                     Integer.class,