summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--environments/docker-ha.yaml2
-rw-r--r--environments/docker-services-tls-everywhere.yaml13
-rw-r--r--environments/neutron-nuage-config.yaml23
-rw-r--r--environments/nova-nuage-config.yaml6
-rw-r--r--network/external.yaml2
-rw-r--r--network/external_v6.yaml2
-rw-r--r--network/internal_api.yaml2
-rw-r--r--network/internal_api_v6.yaml2
-rw-r--r--network/management.yaml2
-rw-r--r--network/management_v6.yaml2
-rw-r--r--network/network.network.j2.yaml3
-rw-r--r--network/networks.j2.yaml7
-rw-r--r--network/storage.yaml2
-rw-r--r--network/storage_mgmt.yaml2
-rw-r--r--network/storage_mgmt_v6.yaml2
-rw-r--r--network/storage_v6.yaml2
-rw-r--r--network/tenant.yaml2
-rw-r--r--network/tenant_v6.yaml2
-rw-r--r--network_data.yaml3
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml1
-rw-r--r--puppet/services/haproxy-internal-tls-certmonger.yaml30
-rw-r--r--puppet/services/haproxy-public-tls-certmonger.yaml36
-rw-r--r--puppet/services/neutron-base.yaml7
-rw-r--r--puppet/services/neutron-plugin-ml2-nuage.yaml99
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml5
25 files changed, 220 insertions, 39 deletions
diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml
index 474e9966..1e25a357 100644
--- a/environments/docker-ha.yaml
+++ b/environments/docker-ha.yaml
@@ -5,6 +5,8 @@ resource_registry:
# Pacemaker runs on the host
OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml
+ OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
# Services that are disabled for HA deployments with pacemaker
OS::TripleO::Services::Keepalived: OS::Heat::None
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
index 57cf2c5e..d4743326 100644
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -14,6 +14,10 @@ resource_registry:
OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
+ OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml
+ OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml
+ OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml
+ OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
@@ -24,15 +28,16 @@ resource_registry:
OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
- OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
- OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
- OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
- OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
+ OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
+ OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
+ OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
+ OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml
index 601554a1..ce64311b 100644
--- a/environments/neutron-nuage-config.yaml
+++ b/environments/neutron-nuage-config.yaml
@@ -1,13 +1,13 @@
# A Heat environment file which can be used to enable a
# a Neutron Nuage backend on the controller, configured via puppet
resource_registry:
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
# Override the NeutronCorePlugin to use Nuage
- OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNuage
- OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2Nuage
parameter_defaults:
NeutronNuageNetPartitionName: 'default_name'
@@ -18,9 +18,18 @@ parameter_defaults:
NeutronNuageBaseURIVersion: 'default_uri_version'
NeutronNuageCMSId: ''
UseForwardedFor: true
- NeutronCorePlugin: 'nuage_neutron.plugins.nuage.plugin.NuagePlugin'
- NeutronEnableDHCPAgent: false
- NeutronServicePlugins: []
- NovaOVSBridge: 'alubr0'
- controllerExtraConfig:
+ NeutronServicePlugins: ''
+ NeutronDBSyncExtraParams: '--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini'
+ NeutronTypeDrivers: ''
+ NeutronNetworkType: ''
+ NeutronMechanismDrivers: ''
+ NeutronPluginExtensions: ''
+ NeutronFlatNetworks: ''
+ NeutronTunnelIdRanges: ''
+ NeutronNetworkVLANRanges: ''
+ NeutronVniRanges: ''
+ NovaOVSBridge: 'default_bridge'
+ NeutronMetadataProxySharedSecret: 'default'
+ InstanceNameTemplate: 'inst-%08x'
+ ControllerExtraConfig:
neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron/plugins/nuage/'
diff --git a/environments/nova-nuage-config.yaml b/environments/nova-nuage-config.yaml
index 56c64d15..5e75ed9e 100644
--- a/environments/nova-nuage-config.yaml
+++ b/environments/nova-nuage-config.yaml
@@ -2,7 +2,13 @@
# Nuage backend on the compute, configured via puppet
resource_registry:
OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml
parameter_defaults:
NuageActiveController: '0.0.0.0'
NuageStandbyController: '0.0.0.0'
+ NovaOVSBridge: 'default_bridge'
+ NovaComputeLibvirtType: 'default_type'
+ NovaIPv6: False
+ NuageMetadataProxySharedSecret: 'default'
+ NuageNovaApiEndpoint: 'default_endpoint'
diff --git a/network/external.yaml b/network/external.yaml
index 8dbe3e20..708d4635 100644
--- a/network/external.yaml
+++ b/network/external.yaml
@@ -66,4 +66,4 @@ outputs:
description: Neutron external network
value: {get_resource: ExternalNetwork}
subnet_cidr:
- value: {get_attr: ExternalSubnet, cidr}
+ value: {get_attr: [ExternalSubnet, cidr]}
diff --git a/network/external_v6.yaml b/network/external_v6.yaml
index 3266932a..9d1c3d00 100644
--- a/network/external_v6.yaml
+++ b/network/external_v6.yaml
@@ -73,4 +73,4 @@ outputs:
description: Neutron external network
value: {get_resource: ExternalNetwork}
subnet_cidr:
- value: {get_attr: ExternalSubnet, cidr}
+ value: {get_attr: [ExternalSubnet, cidr]}
diff --git a/network/internal_api.yaml b/network/internal_api.yaml
index 7ff0dafd..6e1885a9 100644
--- a/network/internal_api.yaml
+++ b/network/internal_api.yaml
@@ -62,4 +62,4 @@ outputs:
description: Neutron internal network
value: {get_resource: InternalApiNetwork}
subnet_cidr:
- value: {get_attr: InternalApiSubnet, cidr}
+ value: {get_attr: [InternalApiSubnet, cidr]}
diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml
index 0688f138..7264b1c0 100644
--- a/network/internal_api_v6.yaml
+++ b/network/internal_api_v6.yaml
@@ -69,4 +69,4 @@ outputs:
description: Neutron internal network
value: {get_resource: InternalApiNetwork}
subnet_cidr:
- value: {get_attr: InternalApiSubnet, cidr}
+ value: {get_attr: [InternalApiSubnet, cidr]}
diff --git a/network/management.yaml b/network/management.yaml
index d9f773c1..be197e5c 100644
--- a/network/management.yaml
+++ b/network/management.yaml
@@ -67,4 +67,4 @@ outputs:
description: Neutron management network
value: {get_resource: ManagementNetwork}
subnet_cidr:
- value: {get_attr: ManagementSubnet, cidr}
+ value: {get_attr: [ManagementSubnet, cidr]}
diff --git a/network/management_v6.yaml b/network/management_v6.yaml
index bf715513..2eb8c876 100644
--- a/network/management_v6.yaml
+++ b/network/management_v6.yaml
@@ -68,4 +68,4 @@ outputs:
description: Neutron management network
value: {get_resource: ManagementNetwork}
subnet_cidr:
- value: {get_attr: ManagementSubnet, cidr}
+ value: {get_attr: [ManagementSubnet, cidr]}
diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml
index 2c223c16..ccf437bb 100644
--- a/network/network.network.j2.yaml
+++ b/network/network.network.j2.yaml
@@ -88,5 +88,4 @@ outputs:
description: {{network.name_lower}} network
value: {get_resource: {{network.name}}Network}
subnet_cidr:
- value: {get_attr: {{network.name}}Subnet, cidr}
-
+ value: {get_attr: [{{network.name}}Subnet, cidr]}
diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml
index c790d370..48c509df 100644
--- a/network/networks.j2.yaml
+++ b/network/networks.j2.yaml
@@ -3,9 +3,9 @@ heat_template_version: pike
description: Create networks to split out Overcloud traffic
resources:
-
{%- for network in networks %}
- {{network.name}}Network:
+ {%- set network_name = network.compat_name|default(network.name) %}
+ {{network_name}}Network:
type: OS::TripleO::Network::{{network.name}}
{%- endfor %}
@@ -19,8 +19,9 @@ outputs:
# NOTE(gfidente): we need to replace the null value with a
# string to work around https://bugs.launchpad.net/heat/+bug/1700025
{%- for network in networks %}
+ {%- set network_name = network.compat_name|default(network.name) %}
{{network.name_lower}}:
yaql:
- data: {get_attr: [{{network.name}}Network, subnet_cidr]}
+ data: {get_attr: [{{network_name}}Network, subnet_cidr]}
expression: str($.data).replace('null', 'disabled')
{%- endfor %}
diff --git a/network/storage.yaml b/network/storage.yaml
index 00316c51..9729044d 100644
--- a/network/storage.yaml
+++ b/network/storage.yaml
@@ -62,4 +62,4 @@ outputs:
description: Neutron storage network
value: {get_resource: StorageNetwork}
subnet_cidr:
- value: {get_attr: StorageSubnet, cidr}
+ value: {get_attr: [StorageSubnet, cidr]}
diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml
index bc4347c2..fc005573 100644
--- a/network/storage_mgmt.yaml
+++ b/network/storage_mgmt.yaml
@@ -62,4 +62,4 @@ outputs:
description: Neutron storage management network
value: {get_resource: StorageMgmtNetwork}
subnet_cidr:
- value: {get_attr: StorageMgmtSubnet, cidr}
+ value: {get_attr: [StorageMgmtSubnet, cidr]}
diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml
index 0d6614f9..cef87de9 100644
--- a/network/storage_mgmt_v6.yaml
+++ b/network/storage_mgmt_v6.yaml
@@ -69,4 +69,4 @@ outputs:
description: Neutron storage management network
value: {get_resource: StorageMgmtNetwork}
subnet_cidr:
- value: {get_attr: StorageMgmtSubnet, cidr}
+ value: {get_attr: [StorageMgmtSubnet, cidr]}
diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml
index bf796b2b..51edd4b3 100644
--- a/network/storage_v6.yaml
+++ b/network/storage_v6.yaml
@@ -69,4 +69,4 @@ outputs:
description: Neutron storage network
value: {get_resource: StorageNetwork}
subnet_cidr:
- value: {get_attr: StorageSubnet, cidr}
+ value: {get_attr: [StorageSubnet, cidr]}
diff --git a/network/tenant.yaml b/network/tenant.yaml
index 2104f0bd..67c4abbc 100644
--- a/network/tenant.yaml
+++ b/network/tenant.yaml
@@ -62,4 +62,4 @@ outputs:
description: Neutron tenant network
value: {get_resource: TenantNetwork}
subnet_cidr:
- value: {get_attr: TenantSubnet, cidr}
+ value: {get_attr: [TenantSubnet, cidr]}
diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml
index 9993eec9..9f139cb1 100644
--- a/network/tenant_v6.yaml
+++ b/network/tenant_v6.yaml
@@ -69,4 +69,4 @@ outputs:
description: Neutron tenant network
value: {get_resource: TenantNetwork}
subnet_cidr:
- value: {get_attr: TenantSubnet, cidr}
+ value: {get_attr: [TenantSubnet, cidr]}
diff --git a/network_data.yaml b/network_data.yaml
index 947769ae..6ad37dfe 100644
--- a/network_data.yaml
+++ b/network_data.yaml
@@ -17,6 +17,8 @@
# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}]
# gateway_ip: gateway for the network (optional, may use parameter defaults)
# NOTE: IP-related values set parameter defaults in templates, may be overridden.
+# compat_name: for existing stack you may need to override the default transformation
+# for the resource's name.
#
# Example:
# - name Example
@@ -39,6 +41,7 @@
vip: true
ip_subnet: '172.16.2.0/24'
allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}]
+ compat_name: Internal
- name: Storage
vip: true
name_lower: storage
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 0d3b875a..0b4b4feb 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -154,6 +154,7 @@ resource_registry:
OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml
OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml
+ OS::TripleO::Services::NeutronCorePluginML2Nuage: puppet/services/neutron-plugin-ml2-nuage.yaml
OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml
OS::TripleO::Services::OVNDBs: OS::Heat::None
OS::TripleO::Services::OVNController: OS::Heat::None
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml
index 3355a0d3..642685a8 100644
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -30,6 +30,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
resources:
@@ -55,16 +61,30 @@ outputs:
config_settings:
generate_service_certificates: true
tripleo::haproxy::use_internal_certificates: true
- tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
- tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
+ tripleo::certmonger::haproxy_dirs::certificate_dir:
+ get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::certmonger::haproxy_dirs::key_dir:
+ get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
map_merge:
repeat:
template:
haproxy-NETWORK:
- service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
- service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
- service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
+ service_pem:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-NETWORK.pem'
+ service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-NETWORK.crt'
+ service_key:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index f1739f78..b2766c44 100644
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -30,6 +30,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
outputs:
role_data:
@@ -38,14 +44,32 @@ outputs:
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
- tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
- tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
- tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
+ tripleo::haproxy::service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.pem'
+ tripleo::certmonger::haproxy_dirs::certificate_dir:
+ get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::certmonger::haproxy_dirs::key_dir:
+ get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
haproxy-external:
- service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
- service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
- service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
+ service_pem:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.pem'
+ service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.crt'
+ service_key:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/overcloud-haproxy-external.key'
hostname: "%{hiera('cloud_name_external')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_external')}"
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index b9556890..b6980045 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -69,6 +69,12 @@ parameters:
networks, neutron uses this value without modification. For overlay
networks such as VXLAN, neutron automatically subtracts the overlay
protocol overhead from this value.
+ NeutronDBSyncExtraParams:
+ default: ''
+ description: |
+ String of extra command line parameters to append to the neutron-db-manage
+ upgrade head command.
+ type: string
ServiceData:
default: {}
description: Dictionary packing service data
@@ -134,6 +140,7 @@ outputs:
neutron::db::database_max_retries: -1
neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout}
neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
+ neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams}
- if:
- dhcp_agents_zero
- {}
diff --git a/puppet/services/neutron-plugin-ml2-nuage.yaml b/puppet/services/neutron-plugin-ml2-nuage.yaml
new file mode 100644
index 00000000..a7dc2e8b
--- /dev/null
+++ b/puppet/services/neutron-plugin-ml2-nuage.yaml
@@ -0,0 +1,99 @@
+heat_template_version: pike
+
+description: >
+ OpenStack Neutron ML2/Nuage plugin configured with Puppet
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ # Config specific parameters, to be provided via parameter_defaults
+ NeutronNuageNetPartitionName:
+ description: Specifies the title that you will see on the VSD
+ type: string
+ default: 'default_name'
+
+ NeutronNuageVSDIp:
+ description: IP address and port of the Virtual Services Directory
+ type: string
+
+ NeutronNuageVSDUsername:
+ description: Username to be used to log into VSD
+ type: string
+
+ NeutronNuageVSDPassword:
+ description: Password to be used to log into VSD
+ type: string
+
+ NeutronNuageVSDOrganization:
+ description: Organization parameter required to log into VSD
+ type: string
+ default: 'organization'
+
+ NeutronNuageBaseURIVersion:
+ description: URI version to be used based on the VSD release
+ type: string
+ default: 'default_uri_version'
+
+ NeutronNuageCMSId:
+ description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD
+ type: string
+
+ UseForwardedFor:
+ description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy.
+ type: boolean
+ default: false
+
+resources:
+
+ NeutronML2Base:
+ type: ./neutron-plugin-ml2.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2/Nuage plugin
+ value:
+ service_name: neutron_plugin_ml2_nuage
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronML2Base, role_data, config_settings]
+ - neutron::plugins::ml2::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
+ neutron::plugins::ml2::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp}
+ neutron::plugins::ml2::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername}
+ neutron::plugins::ml2::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword}
+ neutron::plugins::ml2::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization}
+ neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion}
+ neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId}
+ nova::api::use_forwarded_for: {get_param: UseForwardedFor}
+ step_config: |
+ include tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index dd757b5d..bc91374a 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -72,6 +72,10 @@ parameters:
default: 'vxlan'
description: The tenant network type for Neutron.
type: comma_delimited_list
+ NeutronFirewallDriver:
+ description: Firewall driver for realizing neutron security group function
+ type: string
+ default: 'openvswitch'
resources:
NeutronBase:
@@ -100,6 +104,7 @@ outputs:
neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
+ neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2