1 files changed, 35 insertions, 4 deletions
diff --git a/overcloud.yaml b/overcloud.yaml
index c2a47b8d..0499fa67 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -174,6 +174,15 @@ parameters:
     description: Shared secret to prevent spoofing
     type: string
     hidden: true
+  NeutronTenantMtu:
+    description: >
+      The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
+      be at least 50 bytes smaller than the MTU on the physical network. This
+      value will be used to set the MTU on the virtual Ethernet device.
+      This value will be used to construct the NeutronDnsmasqOptions, since that
+      will determine the MTU that is assigned to the VM host through DHCP.
+    default: "1400"
+    type: string
   NeutronTunnelTypes:
     default: 'vxlan'
     description: |
@@ -214,7 +223,7 @@ parameters:
         The mechanism drivers for the Neutron tenant network.
     type: comma_delimited_list
   NeutronPluginExtensions:
-    default: "qos"
+    default: "qos,port_security"
     description: |
         Comma-separated list of extensions enabled for the Neutron plugin.
     type: comma_delimited_list
@@ -516,8 +525,11 @@ parameters:
     type: number
     default: 4096
   NeutronDnsmasqOptions:
-    default: 'dhcp-option-force=26,1400'
-    description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
+    default: 'dhcp-option-force=26,%MTU%'
+    description: >
+      Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU
+      to be set to the value of NeutronTenantMtu, which should be set to account
+      for tunnel overhead.
     type: string
   NeutronPublicInterfaceDefaultRoute:
     default: ''
@@ -916,6 +928,7 @@ resources:
           NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP}
           NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
           NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
+          NeutronTenantMtu: {get_param: NeutronTenantMtu}
           NeutronExternalNetworkBridge: {get_param: NeutronExternalNetworkBridge}
           NeutronEnableIsolatedMetadata: {get_param: NeutronEnableIsolatedMetadata}
           NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
@@ -925,7 +938,11 @@ resources:
           NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute}
           NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice}
           NeutronPassword: {get_param: NeutronPassword}
-          NeutronDnsmasqOptions: {get_param: NeutronDnsmasqOptions}
+          NeutronDnsmasqOptions:
+            str_replace:
+              template: {get_param: NeutronDnsmasqOptions}
+              params:
+                '%MTU%': {get_param: NeutronTenantMtu}
           NeutronDVR: {get_param: NeutronDVR}
           NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret}
           NeutronAgentMode: {get_param: NeutronAgentMode}
@@ -1014,6 +1031,7 @@ resources:
           KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
           KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
           NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
+          NeutronTenantMtu: {get_param: NeutronTenantMtu}
           NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
           NeutronEnableL2Pop : {get_param: NeutronEnableL2Pop}
           NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
@@ -1504,10 +1522,23 @@ resources:
       config: {get_resource: AllNodesValidationConfig}
       servers: {get_attr: [CephStorage, attributes, nova_server_resource]}
 
+  UpdateWorkflow:
+    type: OS::TripleO::Tasks::UpdateWorkflow
+    properties:
+      controller_servers: {get_attr: [Controller, attributes, nova_server_resource]}
+      compute_servers: {get_attr: [Compute, attributes, nova_server_resource]}
+      blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]}
+      objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]}
+      cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]}
+      input_values:
+        deploy_identifier: {get_param: DeployIdentifier}
+        update_identifier: {get_param: UpdateIdentifier}
+
   # Optional ExtraConfig for all nodes - all roles are passed in here, but
   # the nested template may configure each role differently (or not at all)
   AllNodesExtraConfig:
     type: OS::TripleO::AllNodesExtraConfig
+    depends_on: UpdateWorkflow
     properties:
       controller_servers: {get_attr: [Controller, attributes, nova_server_resource]}
       compute_servers: {get_attr: [Compute, attributes, nova_server_resource]}