10 files changed, 27 insertions, 18 deletions

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 79033047..b321ecbe 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -87,6 +87,12 @@ parameters:
   MonitoringSubscriptionKeystone:
     default: 'overcloud-kestone'
     type: string
+  KeystoneCredential0:
+    type: string
+    description: The first Keystone credential key. Must be a valid key.
+  KeystoneCredential1:
+    type: string
+    description: The second Keystone credential key. Must be a valid key.
 
 resources:
 
@@ -121,6 +127,12 @@ outputs:
             keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
             keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
             keystone::enable_proxy_headers_parsing: true
+            keystone::enable_credential_setup: true
+            keystone::credential_keys:
+              '/etc/keystone/credential-keys/0':
+                content: {get_param: KeystoneCredential0}
+              '/etc/keystone/credential-keys/1':
+                content: {get_param: KeystoneCredential1}
             keystone::debug: {get_param: Debug}
             keystone::db::mysql::password: {get_param: AdminToken}
             keystone::rabbit_userid: {get_param: RabbitUserName}
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index 2e43730d..1513ab31 100644
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -66,6 +66,7 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
+            manila::api::enable_proxy_headers_parsing: true
       step_config: |
         include ::tripleo::profile::base::manila::api
 
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index 72ae7d9c..e4ca489a 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -75,7 +75,7 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [NeutronBase, role_data, config_settings]
-            neutron::server::database_connection:
+          - neutron::server::database_connection:
               list_join:
                 - ''
                 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index 4eb417c0..32d50d41 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -50,13 +50,16 @@ parameters:
         to false may result in configuration remnants after updates/upgrades.
   NeutronGlobalPhysnetMtu:
     type: number
-    default: 1500
+    default: 1496
     description: |
         MTU of the underlying physical network. Neutron uses this value to
         calculate MTU for all virtual network components. For flat and VLAN
         networks, neutron uses this value without modification. For overlay
         networks such as VXLAN, neutron automatically subtracts the overlay
-        protocol overhead from this value.
+        protocol overhead from this value. The default value of 1496 is
+        currently in effect to compensate for some additional overhead when
+        deploying with some network configurations (e.g. network isolation over
+        single network interfaces)
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 080cd1c3..ade322ed 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -83,7 +83,7 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [NeutronBase, role_data, config_settings]
-            neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
+          - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
             neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
             neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
             neutron::agents::ml2::ovs::bridge_mappings:
diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml
index 8ee98a3d..cc772c9d 100644
--- a/puppet/services/neutron-ovs-dpdk-agent.yaml
+++ b/puppet/services/neutron-ovs-dpdk-agent.yaml
@@ -65,7 +65,7 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [NeutronOvsAgent, role_data, config_settings]
-            neutron::agents::ml2::ovs::enable_dpdk: true
+          - neutron::agents::ml2::ovs::enable_dpdk: true
             neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType}
             neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir}
             vswitch::dpdk::core_list: {get_param: NeutronDpdkCoreList}
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index 5dbae3dc..17e8bca1 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -33,7 +33,7 @@ parameters:
     default: 'datacentre'
     description: If set, flat networks to configure in neutron plugins.
   NeutronPluginExtensions:
-    default: "qos,port_security"
+    default: "qos,port_security,trunk"
     description: |
         Comma-separated list of extensions enabled for the Neutron plugin.
     type: comma_delimited_list
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index ccdcb52f..d1d7ae60 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -128,7 +128,7 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
-            nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host]}
+            nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]}
       step_config: |
         # TODO(emilien): figure how to deal with libvirt profile.
         # We'll probably treat it like we do with Neutron plugins.
diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vnc-proxy.yaml
index ce15fccc..899fa353 100644
--- a/puppet/services/nova-vncproxy.yaml
+++ b/puppet/services/nova-vnc-proxy.yaml
@@ -34,21 +34,14 @@ outputs:
   role_data:
     description: Role data for the Nova Vncproxy service.
     value:
-      service_name: nova_vncproxy
+      service_name: nova_vnc_proxy
       monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy}
       config_settings:
         map_merge:
           - get_attr: [NovaBase, role_data, config_settings]
           - nova::vncproxy::enabled: true
             nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
-            # Remove brackets that may come if the IP address is IPv6.
-            # For DNS names and IPv4, this will just get NovaVNCProxyPublic
-            nova::vncproxy::common::vncproxy_host:
-              str_replace:
-                template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
-                params:
-                  '[': ''
-                  ']': ''
+            nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
             nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
             # for the given network; replacement examples (eg. for internal_api):
diff --git a/puppet/services/pacemaker/nova-vncproxy.yaml b/puppet/services/pacemaker/nova-vnc-proxy.yaml
index 0ec5de68..d0c4f1d0 100644
--- a/puppet/services/pacemaker/nova-vncproxy.yaml
+++ b/puppet/services/pacemaker/nova-vnc-proxy.yaml
@@ -22,7 +22,7 @@ parameters:
 resources:
 
   NovaVncproxyBase:
-    type: ../nova-vncproxy.yaml
+    type: ../nova-vnc-proxy.yaml
     properties:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
@@ -32,7 +32,7 @@ outputs:
   role_data:
     description: Role data for the Nova Vncproxy role.
     value:
-      service_name: nova_vncproxy
+      service_name: nova_vnc_proxy
       monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]}
       config_settings:
         map_merge: