Bug 1420169

See the upstream blog for more details: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/

Assigning to Tahlia for review.

> 1. Existing OVN central server (outside the scope of this bug)

The provider can be on any machine.
The most common scenario will be having both ovirt-engine, the provider and ovn-central on the some host.
If provider is not on the same host as ovn-central, the following entry must by adjusted in the provider config file (/etc/ovirt-provider-ovn/ovirt-provider-ovn.conf):
ovn-remote=tcp:<ovn central ip>:6641


> * Does engine-setup take care of the config from the above link?
engine-setup will fully configure a default provider instance, including all the links, certificates and config values.
NOTE:
using engine-setup to configure the provider is not available in 4.1. This will only be available in 4.2

> * If installed on a machine that is not the Manager, does the rpm have to be downloaded, or is it available from another repo (RHEL?)? 
> * How is ovirt-provider-ovn-driver installed on RHVH? It's available from the existing repos on RHEL hosts, but didn't appear to be available on RHVH when I checked for it. Is there a repo that should be enabled, or should the RPM be manually downloaded and installed? 

It should be availble in the RHV repo.
The advisory for this:
https://errata.devel.redhat.com/advisory/28277

> * Are steps 2c and 2f things that would have already been done when the OVN central server was set up? Or are they specific to integration with RHV?

2c: We will have a firewalld service file for this (4.1.3), so we can enable it similar to the ovirt-provider-ovn service.
The service files:
/usr/lib/firewalld/services/ovirt-provider-ovn-central.xml
/usr/lib/firewalld/services/ovirt-provider-ovn.xml

2f: We need this step.

> * Since step 2d is done on the hosts, can it be moved to the end of step 1? Or does it specifically have to be done after step 2c? 

No dependency on 2c. Please move to 1.

Also:
There is firewalld service in OVS that I think could replace this step:
/usr/lib/firewalld/services/host-firewall-service.xml
I'll give this a try and let you know if this can replace 2d

> * Where https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/#provider-setup-using-the-engine-setup-script says that engine-setup will add and configure a default External Network OVN provider, does that mean that it takes care of everything in step 2? Is there anything in step 2 that the user will still have to manually do?

engine-setup will fully take care of installing and configuring a default instance of an ovn provider.
We will still need the description in point 2 in the docs. It will be needed in case the user will want to install the provider or OVN on a different host, or not use engine-setup for some other reason.

> Is there a separate engineering bug for this? I'll need to create a separate docs bug for 4.2.

The bug for the provider setup on engine:
https://bugzilla.redhat.com/show_bug.cgi?id=1436154


> It's available in the rhel-7-server-rhv-4-mgmt-agent-rpms repo, but not, it looks like, in the rhel-7-server-rhvh-4-rpms repo. So, how is it installed on RHVH hosts?

Currently it has to be installed manually. The host installation is still in progress.

> Does this mean that this step can then be deleted, or will it need to be replaced with another command? 
> Since this change is for 4.1.3, which isn't out yet, I'll need to update and republish (easy to do) after that release. Is there an engineering bug tracking this for 4.1.3? 

>Any update on this?

We need the firewalld services to be added:

Provider host (engine host):
  ovirt-provider-ovn - this opens up port 9696, needed for the provider http service
  ovirt-provider-ovn-central - this opens up ports 6641 (OVN north DB) and 6642 (OVN south DB)
ovirt-hosts (vdsm):
  ovn-host-firewall-service (part of ovs) - this opens up port 6081
  
The commands needed for this:

Central:
firewall-cmd --zone=<zone to add service to> --add-service=ovirt-provider-ovn --permanent  # This is what we have in 2.c
firewall-cmd --zone=<zone to add service to> --add-service=ovirt-provider-ovn-central --permanent  # This should replace the items in 2.d
firewall-cmd --reload

Hosts:
firewall-cmd --zone=<zone to add service to> --add-service=ovn-host-firewall-service --permanent
firewall-cmd --reload


This is already done in 4.1.2 (sorry for misleading you in the previous answer.)

> Add the OVN central server to Red Hat Virtualization as an external network provider.

Should be "
Add the OVN provider to Red Hat Virtualization as an external network provider.
"


>  9.Optionally, select the Requires Authentication check box and enter the
>    Username, Password, Tenant Name, and Authentication URL for the external
>    network provider.
> 10.Test the credentials:

Authentication and SSL is currently not available in 4.1.


A picture similar to the picture in 
Red_Hat_Enterprise_Linux-7-Virtualization_Tuning_and_Optimization_Guide
would complete the text.

> you can import existing OVN networks to Red Hat Virtualization,

Yes, but the networks must have some additional information.
Maybe we could drop this sentence, until we come up with a procedure for this?

(In reply to Dominik Holler from comment #14)
> > Add the OVN central server to Red Hat Virtualization as an external network provider.
> 
> Should be "
> Add the OVN provider to Red Hat Virtualization as an external network
> provider.
> "

To confirm I've understood correctly, does this also mean that if the OVN provider is on a different machine from the OVN central server, the Provider URL in the Add Provider window must be the URL of the OVN provider machine, NOT the central server? 

> 
> >  9.Optionally, select the Requires Authentication check box and enter the
> >    Username, Password, Tenant Name, and Authentication URL for the external
> >    network provider.
> > 10.Test the credentials:
> 
> Authentication and SSL is currently not available in 4.1.

Thanks, I've replaced those steps with a step to not check that box. 

> A picture similar to the picture in 
> Red_Hat_Enterprise_Linux-7-Virtualization_Tuning_and_Optimization_Guide
> would complete the text.

Can you link to the one you mean? A different docs team maintains that guide.

(In reply to Marcin Mirecki from comment #15)
> > you can import existing OVN networks to Red Hat Virtualization,
> 
> Yes, but the networks must have some additional information.
> Maybe we could drop this sentence, until we come up with a procedure for
> this?

Thanks for pointing this out. I've commented out the references to importing networks for now. Is the functionality currently available, but we just don't have docs for it yet? Or is the functionality itself still a work in progress? 
If the former, we should open a docs bug to get that done as an async for 4.1. 
If the latter, I'll add it to the docs bug for 4.2.

> --- Comment #16 from Tahlia Richardson <trichard> ---
> (In reply to Dominik Holler from comment #14)
> > > Add the OVN central server to Red Hat Virtualization as an
> > > external network provider.  
> > 
> > Should be "
> > Add the OVN provider to Red Hat Virtualization as an external
> > network provider.
> > "  
> 
> To confirm I've understood correctly, does this also mean that if the
> OVN provider is on a different machine from the OVN central server,
> the Provider URL in the Add Provider window must be the URL of the
> OVN provider machine, NOT the central server? 
> 

That is correct.

> 
> > A picture similar to the picture in 
> > Red_Hat_Enterprise_Linux-7-Virtualization_Tuning_and_Optimization_Guide
> > would complete the text.  
> 
> Can you link to the one you mean? A different docs team maintains
> that guide.
> 

I personally find the style the picture "Figure 5.2. Device assignment
and SR-IOV" in
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Tuning_and_Optimization_Guide/sect-Virtualization_Tuning_Optimization_Guide-Networking-Device_Assignment_and_SRIOV.html
easy to read.

(In reply to Dominik Holler from comment #19)
> 
> > --- Comment #16 from Tahlia Richardson <trichard> ---
> > (In reply to Dominik Holler from comment #14)
> > > > Add the OVN central server to Red Hat Virtualization as an
> > > > external network provider.  
> > > 
> > > Should be "
> > > Add the OVN provider to Red Hat Virtualization as an external
> > > network provider.
> > > "  
> > 
> > To confirm I've understood correctly, does this also mean that if the
> > OVN provider is on a different machine from the OVN central server,
> > the Provider URL in the Add Provider window must be the URL of the
> > OVN provider machine, NOT the central server? 
> > 
> 
> That is correct.
> 
> > 
> > > A picture similar to the picture in 
> > > Red_Hat_Enterprise_Linux-7-Virtualization_Tuning_and_Optimization_Guide
> > > would complete the text.  
> > 
> > Can you link to the one you mean? A different docs team maintains
> > that guide.
> > 
> 
> I personally find the style the picture "Figure 5.2. Device assignment
> and SR-IOV" in
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/
> html/Virtualization_Tuning_and_Optimization_Guide/sect-
> Virtualization_Tuning_Optimization_Guide-Networking-
> Device_Assignment_and_SRIOV.html
> easy to read.

Adding a new diagram involves some time-consuming back-and-forth with the graphics team, so in the interests of getting this content published ASAP, I'm putting this suggestion on hold for now. 
However, if you do feel that a diagram is required here, feel free to open a new docs bug for it, and we can consider adding it later.

Now published at https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html-single/administration_guide/#Adding_OVN_as_an_External_Network_Provider