diff options
25 files changed, 220 insertions, 39 deletions
diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml index 474e9966..1e25a357 100644 --- a/environments/docker-ha.yaml +++ b/environments/docker-ha.yaml @@ -5,6 +5,8 @@ resource_registry: # Pacemaker runs on the host OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml + OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None + OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None # Services that are disabled for HA deployments with pacemaker OS::TripleO::Services::Keepalived: OS::Heat::None diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 57cf2c5e..d4743326 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -14,6 +14,10 @@ resource_registry: OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml + OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml + OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml + OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml + OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml @@ -24,15 +28,16 @@ resource_registry: OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml - OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml - OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml + OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml - OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml - OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml + OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml + OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index 601554a1..ce64311b 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -1,13 +1,13 @@ # A Heat environment file which can be used to enable a # a Neutron Nuage backend on the controller, configured via puppet resource_registry: + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None # Override the NeutronCorePlugin to use Nuage - OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNuage - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2Nuage parameter_defaults: NeutronNuageNetPartitionName: 'default_name' @@ -18,9 +18,18 @@ parameter_defaults: NeutronNuageBaseURIVersion: 'default_uri_version' NeutronNuageCMSId: '' UseForwardedFor: true - NeutronCorePlugin: 'nuage_neutron.plugins.nuage.plugin.NuagePlugin' - NeutronEnableDHCPAgent: false - NeutronServicePlugins: [] - NovaOVSBridge: 'alubr0' - controllerExtraConfig: + NeutronServicePlugins: '' + NeutronDBSyncExtraParams: '--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini' + NeutronTypeDrivers: '' + NeutronNetworkType: '' + NeutronMechanismDrivers: '' + NeutronPluginExtensions: '' + NeutronFlatNetworks: '' + NeutronTunnelIdRanges: '' + NeutronNetworkVLANRanges: '' + NeutronVniRanges: '' + NovaOVSBridge: 'default_bridge' + NeutronMetadataProxySharedSecret: 'default' + InstanceNameTemplate: 'inst-%08x' + ControllerExtraConfig: neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron/plugins/nuage/' diff --git a/environments/nova-nuage-config.yaml b/environments/nova-nuage-config.yaml index 56c64d15..5e75ed9e 100644 --- a/environments/nova-nuage-config.yaml +++ b/environments/nova-nuage-config.yaml @@ -2,7 +2,13 @@ # Nuage backend on the compute, configured via puppet resource_registry: OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml parameter_defaults: NuageActiveController: '0.0.0.0' NuageStandbyController: '0.0.0.0' + NovaOVSBridge: 'default_bridge' + NovaComputeLibvirtType: 'default_type' + NovaIPv6: False + NuageMetadataProxySharedSecret: 'default' + NuageNovaApiEndpoint: 'default_endpoint' diff --git a/network/external.yaml b/network/external.yaml index 8dbe3e20..708d4635 100644 --- a/network/external.yaml +++ b/network/external.yaml @@ -66,4 +66,4 @@ outputs: description: Neutron external network value: {get_resource: ExternalNetwork} subnet_cidr: - value: {get_attr: ExternalSubnet, cidr} + value: {get_attr: [ExternalSubnet, cidr]} diff --git a/network/external_v6.yaml b/network/external_v6.yaml index 3266932a..9d1c3d00 100644 --- a/network/external_v6.yaml +++ b/network/external_v6.yaml @@ -73,4 +73,4 @@ outputs: description: Neutron external network value: {get_resource: ExternalNetwork} subnet_cidr: - value: {get_attr: ExternalSubnet, cidr} + value: {get_attr: [ExternalSubnet, cidr]} diff --git a/network/internal_api.yaml b/network/internal_api.yaml index 7ff0dafd..6e1885a9 100644 --- a/network/internal_api.yaml +++ b/network/internal_api.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron internal network value: {get_resource: InternalApiNetwork} subnet_cidr: - value: {get_attr: InternalApiSubnet, cidr} + value: {get_attr: [InternalApiSubnet, cidr]} diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml index 0688f138..7264b1c0 100644 --- a/network/internal_api_v6.yaml +++ b/network/internal_api_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron internal network value: {get_resource: InternalApiNetwork} subnet_cidr: - value: {get_attr: InternalApiSubnet, cidr} + value: {get_attr: [InternalApiSubnet, cidr]} diff --git a/network/management.yaml b/network/management.yaml index d9f773c1..be197e5c 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -67,4 +67,4 @@ outputs: description: Neutron management network value: {get_resource: ManagementNetwork} subnet_cidr: - value: {get_attr: ManagementSubnet, cidr} + value: {get_attr: [ManagementSubnet, cidr]} diff --git a/network/management_v6.yaml b/network/management_v6.yaml index bf715513..2eb8c876 100644 --- a/network/management_v6.yaml +++ b/network/management_v6.yaml @@ -68,4 +68,4 @@ outputs: description: Neutron management network value: {get_resource: ManagementNetwork} subnet_cidr: - value: {get_attr: ManagementSubnet, cidr} + value: {get_attr: [ManagementSubnet, cidr]} diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml index 2c223c16..ccf437bb 100644 --- a/network/network.network.j2.yaml +++ b/network/network.network.j2.yaml @@ -88,5 +88,4 @@ outputs: description: {{network.name_lower}} network value: {get_resource: {{network.name}}Network} subnet_cidr: - value: {get_attr: {{network.name}}Subnet, cidr} - + value: {get_attr: [{{network.name}}Subnet, cidr]} diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml index c790d370..48c509df 100644 --- a/network/networks.j2.yaml +++ b/network/networks.j2.yaml @@ -3,9 +3,9 @@ heat_template_version: pike description: Create networks to split out Overcloud traffic resources: - {%- for network in networks %} - {{network.name}}Network: + {%- set network_name = network.compat_name|default(network.name) %} + {{network_name}}Network: type: OS::TripleO::Network::{{network.name}} {%- endfor %} @@ -19,8 +19,9 @@ outputs: # NOTE(gfidente): we need to replace the null value with a # string to work around https://bugs.launchpad.net/heat/+bug/1700025 {%- for network in networks %} + {%- set network_name = network.compat_name|default(network.name) %} {{network.name_lower}}: yaql: - data: {get_attr: [{{network.name}}Network, subnet_cidr]} + data: {get_attr: [{{network_name}}Network, subnet_cidr]} expression: str($.data).replace('null', 'disabled') {%- endfor %} diff --git a/network/storage.yaml b/network/storage.yaml index 00316c51..9729044d 100644 --- a/network/storage.yaml +++ b/network/storage.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron storage network value: {get_resource: StorageNetwork} subnet_cidr: - value: {get_attr: StorageSubnet, cidr} + value: {get_attr: [StorageSubnet, cidr]} diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml index bc4347c2..fc005573 100644 --- a/network/storage_mgmt.yaml +++ b/network/storage_mgmt.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron storage management network value: {get_resource: StorageMgmtNetwork} subnet_cidr: - value: {get_attr: StorageMgmtSubnet, cidr} + value: {get_attr: [StorageMgmtSubnet, cidr]} diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml index 0d6614f9..cef87de9 100644 --- a/network/storage_mgmt_v6.yaml +++ b/network/storage_mgmt_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron storage management network value: {get_resource: StorageMgmtNetwork} subnet_cidr: - value: {get_attr: StorageMgmtSubnet, cidr} + value: {get_attr: [StorageMgmtSubnet, cidr]} diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml index bf796b2b..51edd4b3 100644 --- a/network/storage_v6.yaml +++ b/network/storage_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron storage network value: {get_resource: StorageNetwork} subnet_cidr: - value: {get_attr: StorageSubnet, cidr} + value: {get_attr: [StorageSubnet, cidr]} diff --git a/network/tenant.yaml b/network/tenant.yaml index 2104f0bd..67c4abbc 100644 --- a/network/tenant.yaml +++ b/network/tenant.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron tenant network value: {get_resource: TenantNetwork} subnet_cidr: - value: {get_attr: TenantSubnet, cidr} + value: {get_attr: [TenantSubnet, cidr]} diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml index 9993eec9..9f139cb1 100644 --- a/network/tenant_v6.yaml +++ b/network/tenant_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron tenant network value: {get_resource: TenantNetwork} subnet_cidr: - value: {get_attr: TenantSubnet, cidr} + value: {get_attr: [TenantSubnet, cidr]} diff --git a/network_data.yaml b/network_data.yaml index 947769ae..6ad37dfe 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -17,6 +17,8 @@ # allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}] # gateway_ip: gateway for the network (optional, may use parameter defaults) # NOTE: IP-related values set parameter defaults in templates, may be overridden. +# compat_name: for existing stack you may need to override the default transformation +# for the resource's name. # # Example: # - name Example @@ -39,6 +41,7 @@ vip: true ip_subnet: '172.16.2.0/24' allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] + compat_name: Internal - name: Storage vip: true name_lower: storage diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 0d3b875a..0b4b4feb 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -154,6 +154,7 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml + OS::TripleO::Services::NeutronCorePluginML2Nuage: puppet/services/neutron-plugin-ml2-nuage.yaml OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml OS::TripleO::Services::OVNDBs: OS::Heat::None OS::TripleO::Services::OVNController: OS::Heat::None diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index 3355a0d3..642685a8 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string resources: @@ -55,16 +61,30 @@ outputs: config_settings: generate_service_certificates: true tripleo::haproxy::use_internal_certificates: true - tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy' - tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy' + tripleo::certmonger::haproxy_dirs::certificate_dir: + get_param: HAProxyInternalTLSCertsDirectory + tripleo::certmonger::haproxy_dirs::key_dir: + get_param: HAProxyInternalTLSKeysDirectory certificates_specs: map_merge: repeat: template: haproxy-NETWORK: - service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem' - service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt' - service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key' + service_pem: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-NETWORK.pem' + service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-NETWORK.crt' + service_key: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/overcloud-haproxy-NETWORK.key' hostname: "%{hiera('cloud_name_NETWORK')}" postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_NETWORK')}" diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index f1739f78..b2766c44 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string outputs: role_data: @@ -38,14 +44,32 @@ outputs: service_name: haproxy_public_tls_certmonger config_settings: generate_service_certificates: true - tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem' - tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy' - tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy' + tripleo::haproxy::service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.pem' + tripleo::certmonger::haproxy_dirs::certificate_dir: + get_param: HAProxyInternalTLSCertsDirectory + tripleo::certmonger::haproxy_dirs::key_dir: + get_param: HAProxyInternalTLSKeysDirectory certificates_specs: haproxy-external: - service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem' - service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt' - service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key' + service_pem: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.pem' + service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.crt' + service_key: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/overcloud-haproxy-external.key' hostname: "%{hiera('cloud_name_external')}" postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_external')}" diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index b9556890..b6980045 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -69,6 +69,12 @@ parameters: networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay protocol overhead from this value. + NeutronDBSyncExtraParams: + default: '' + description: | + String of extra command line parameters to append to the neutron-db-manage + upgrade head command. + type: string ServiceData: default: {} description: Dictionary packing service data @@ -134,6 +140,7 @@ outputs: neutron::db::database_max_retries: -1 neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout} neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} + neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams} - if: - dhcp_agents_zero - {} diff --git a/puppet/services/neutron-plugin-ml2-nuage.yaml b/puppet/services/neutron-plugin-ml2-nuage.yaml new file mode 100644 index 00000000..a7dc2e8b --- /dev/null +++ b/puppet/services/neutron-plugin-ml2-nuage.yaml @@ -0,0 +1,99 @@ +heat_template_version: pike + +description: > + OpenStack Neutron ML2/Nuage plugin configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # Config specific parameters, to be provided via parameter_defaults + NeutronNuageNetPartitionName: + description: Specifies the title that you will see on the VSD + type: string + default: 'default_name' + + NeutronNuageVSDIp: + description: IP address and port of the Virtual Services Directory + type: string + + NeutronNuageVSDUsername: + description: Username to be used to log into VSD + type: string + + NeutronNuageVSDPassword: + description: Password to be used to log into VSD + type: string + + NeutronNuageVSDOrganization: + description: Organization parameter required to log into VSD + type: string + default: 'organization' + + NeutronNuageBaseURIVersion: + description: URI version to be used based on the VSD release + type: string + default: 'default_uri_version' + + NeutronNuageCMSId: + description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD + type: string + + UseForwardedFor: + description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. + type: boolean + default: false + +resources: + + NeutronML2Base: + type: ./neutron-plugin-ml2.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Neutron ML2/Nuage plugin + value: + service_name: neutron_plugin_ml2_nuage + config_settings: + map_merge: + - get_attr: [NeutronML2Base, role_data, config_settings] + - neutron::plugins::ml2::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName} + neutron::plugins::ml2::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp} + neutron::plugins::ml2::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername} + neutron::plugins::ml2::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword} + neutron::plugins::ml2::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization} + neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion} + neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId} + nova::api::use_forwarded_for: {get_param: UseForwardedFor} + step_config: | + include tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index dd757b5d..bc91374a 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -72,6 +72,10 @@ parameters: default: 'vxlan' description: The tenant network type for Neutron. type: comma_delimited_list + NeutronFirewallDriver: + description: Firewall driver for realizing neutron security group function + type: string + default: 'openvswitch' resources: NeutronBase: @@ -100,6 +104,7 @@ outputs: neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} + neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 |