6 files changed, 68 insertions, 43 deletions

diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml
index 32aefd29c..5c9c16d6b 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml
@@ -22,7 +22,6 @@ parameters:
   _param:
     interface_mtu: 9000
     linux_system_codename: xenial
-    barbican_integration_enabled: true
   nova:
     compute:
       libvirt_service: libvirtd
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2
index aebd88828..38f57688f 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2
@@ -7,6 +7,11 @@
 ##############################################################################
 {#- NOTE: br-{mgmt,ctl} are cross-referenced, careful when changing names #}
 {%- import 'net_map.j2' as nm with context %}
+{%- import 'net_macros.j2' as ma with context %}
+{#- Filter-out NIC duplicates by constructing a dict (used NICs only) #}
+{%- set nics = { nm.cmp001.nic_mgmt: True, nm.cmp001.nic_private: True } %}
+{%- set vlan_private_start = (nm.vlan_private | string).rsplit('-')[0] %}
+{%- set vlans = { nm.vlan_mgmt: nm.cmp001.nic_mgmt, vlan_private_start: nm.cmp001.nic_private } %}
 ---
 parameters:
   _param:
@@ -19,9 +24,6 @@ parameters:
 {%- else %}
     ~cinder_lvm_devices: ['/dev/sda1']
 {%- endif %}
-    primary_interface: {{ nm.cmp001.nic_mgmt }}
-    tenant_interface: {{ nm.cmp001.nic_private }}
-    external_interface: {{ nm.cmp001.nic_public }}
   linux:
     network:
       bridge: openvswitch
@@ -34,17 +36,17 @@ parameters:
           address: ${_param:pxe_admin_address}
           netmask: ${_param:opnfv_net_admin_mask}
           mtu: ${_param:interface_mtu}
-        primary_interface:
-          enabled: true
-          name: ${_param:primary_interface}
-          proto: manual
-          type: eth
-        tenant_interface:
-          enabled: true
-          name: ${_param:tenant_interface}
-          mtu: ${_param:interface_mtu}
-          proto: manual
-          type: eth
+          noifupdown: true
+
+{#- prevent duplicates for tagged mgmt on the same physical interface as PXE/admin #}
+{%- if nm.cmp001.nic_admin in nics %}
+  {%- do nics.pop(nm.cmp001.nic_admin) %}
+{%- endif %}
+
+{{ ma.linux_network_interfaces_nic(nics) }}
+
+{{ ma.linux_network_interfaces_vlan(vlans) }}
+
         br-mgmt:
           enabled: true
           type: bridge
@@ -52,4 +54,4 @@ parameters:
           address: ${_param:single_address}
           netmask: ${_param:opnfv_net_mgmt_mask}
           use_interfaces:
-            - ${_param:primary_interface}
+            - {{ ma.interface_str(nm.cmp001.nic_mgmt, nm.vlan_mgmt) }}
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml
index 0eeff7c05..48f99ca59 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml
@@ -60,14 +60,17 @@ classes:
   - system.apache.server.site.gnocchi
   - system.apache.server.site.panko
   - system.apache.server.site.barbican
+  - system.apache.server.single
   - system.horizon.server.single
   - service.haproxy.proxy.single
   - cluster.mcp-common-noha.haproxy_openstack_api
   - cluster.mcp-common-noha.openstack_control_pdf
 parameters:
   _param:
+    interface_mtu: 1500
     linux_system_codename: xenial
     ceilometer_create_gnocchi_resources: 'True'
+    barbican_integration_enabled: 'false'
   linux:
     system:
       package:
@@ -174,6 +177,8 @@ parameters:
       root_helper_daemon: false
   apache:
     server:
+      bind:
+        listen_default_ports: false
       site:
         gnocchi: &wsgi_threads
           wsgi:
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2
index b0b55afb9..7a1c3532d 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2
@@ -6,6 +6,10 @@
 # http://www.apache.org/licenses/LICENSE-2.0
 ##############################################################################
 {%- import 'net_map.j2' as nm with context %}
+{%- import 'net_macros.j2' as ma with context %}
+{#- Filter-out NIC duplicates by constructing a dict (used NICs only) #}
+{%- set nics = { nm.ctl01.nic_mgmt: True, nm.ctl01.nic_public: True } %}
+{%- set vlans = { nm.vlan_mgmt: nm.ctl01.nic_mgmt, nm.vlan_public: nm.ctl01.nic_public } %}
 ---
 parameters:
   linux:
@@ -18,19 +22,34 @@ parameters:
           type: eth
           address: ${_param:pxe_admin_address}
           netmask: ${_param:opnfv_net_admin_mask}
-        single_int:
+          noifupdown: true
+
+{#- prevent duplicates for tagged mgmt on the same physical interface as PXE/admin #}
+{%- if nm.ctl01.nic_admin in nics %}
+  {%- do nics.pop(nm.ctl01.nic_admin) %}
+{%- endif %}
+
+{{ ma.linux_network_interfaces_nic(nics) }}
+
+{{ ma.linux_network_interfaces_vlan(vlans) }}
+
+        br-ctl:
           enabled: true
-          name: {{ nm.ctl01.nic_mgmt }}
-          type: eth
+          type: bridge
           proto: static
           address: ${_param:single_address}
           netmask: ${_param:opnfv_net_mgmt_mask}
-        public_int:
+          noifupdown: true
+          use_interfaces:
+            - {{ ma.interface_str(nm.ctl01.nic_mgmt, nm.vlan_mgmt) }}
+        br-ext:
           enabled: true
-          name: {{ nm.ctl01.nic_public }}
-          type: eth
+          type: bridge
           proto: static
           address: ${_param:cluster_public_host}
           netmask: ${_param:opnfv_net_public_mask}
           gateway: ${_param:opnfv_net_public_gw}
           name_servers: {{ nm.dns_public }}
+          use_interfaces:
+            - {{ ma.interface_str(nm.ctl01.nic_public, nm.vlan_public) }}
+          noifupdown: true
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2
index 4f22d4fa2..972069ec1 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2
@@ -7,11 +7,12 @@
 ##############################################################################
 ---
 {%- import 'net_map.j2' as nm with context %}
+{%- import 'net_macros.j2' as ma with context %}
+{#- Filter-out NIC duplicates by constructing a dict (used NICs only) #}
+{%- set nics = { nm.ctl01.nic_mgmt: True, nm.ctl01.nic_private: True } %}
+{%- set vlan_private_start = (nm.vlan_private | string).rsplit('-')[0] %}
+{%- set vlans = { nm.vlan_mgmt: nm.ctl01.nic_mgmt, vlan_private_start: nm.ctl01.nic_private } %}
 parameters:
-  _param:
-    primary_interface: {{ nm.ctl01.nic_mgmt }}
-    tenant_interface: {{ nm.ctl01.nic_private }}
-    external_interface: {{ nm.ctl01.nic_public }}
   linux:
     network:
       bridge: openvswitch
@@ -24,21 +25,20 @@ parameters:
           address: ${_param:pxe_admin_address}
           netmask: ${_param:opnfv_net_admin_mask}
           mtu: ${_param:interface_mtu}
-        primary_interface:
+          noifupdown: true
+
+{#- prevent duplicates for tagged mgmt on the same physical interface as PXE/admin #}
+{%- if nm.ctl01.nic_admin in nics %}
+  {%- do nics.pop(nm.ctl01.nic_admin) %}
+{%- endif %}
+
+{{ ma.linux_network_interfaces_nic(nics) }}
+
+{{ ma.linux_network_interfaces_vlan(vlans) }}
+
+        ovs_port_{{ nm.ctl01.nic_public }}:
           enabled: true
-          name: ${_param:primary_interface}
-          mtu: ${_param:interface_mtu}
-          proto: manual
-          type: eth
-        tenant_interface:
-          enabled: true
-          name: ${_param:tenant_interface}
-          mtu: ${_param:interface_mtu}
-          proto: manual
-          type: eth
-        external_interface:
-          enabled: true
-          name: ${_param:external_interface}
+          name: {{ ma.interface_str(nm.ctl01.nic_public, nm.vlan_public) }}
           proto: manual
           ovs_port_type: OVSPort
           type: ovs_port
@@ -52,7 +52,7 @@ parameters:
           address: ${_param:external_address}
           netmask: ${_param:opnfv_net_public_mask}
           use_interfaces:
-            - ${_param:external_interface}
+            - {{ ma.interface_str(nm.ctl01.nic_public, nm.vlan_public) }}
           gateway: ${_param:opnfv_net_public_gw}
           name_servers: {{ nm.dns_public }}
         br-mgmt:
@@ -63,4 +63,4 @@ parameters:
           netmask: ${_param:opnfv_net_mgmt_mask}
           mtu: ${_param:interface_mtu}
           use_interfaces:
-            - ${_param:primary_interface}
+            - {{ ma.interface_str(nm.ctl01.nic_mgmt, nm.vlan_mgmt) }}
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2
index e25d8e301..da6d30601 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2
@@ -91,7 +91,7 @@ parameters:
     mysql_barbican_password: opnfv_secret
     keystone_barbican_password: opnfv_secret
     barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY="
-    barbican_integration_enabled: false
+    barbican_integration_enabled: true
 
     aodh_version: ${_param:openstack_version}
     keystone_aodh_password: opnfv_secret