Merge branch '2.0-dev'

2019-01-10 12:07:32 -06:00 · 2019-01-10 12:07:32 -06:00 · 626b458b0a
parent abc95e8351 572bce6c96
commit 626b458b0a
94 changed files with 1823 additions and 5540 deletions
--- a/bin/environment-generator.py
+++ b/bin/environment-generator.py
@ -87,7 +87,7 @@ def _generate_environment(input_env, parent_env=None):
    param_names = []
    sample_values = env.get('sample_values', {})
    static_names = env.get('static', [])
-    for template_file, template_data in env['files'].items():
+    for template_file, template_data in env.get('files', {}).items():
        with open(template_file) as f:
            f_data = yaml.safe_load(f)
            f_params = f_data['parameters']
--- a/bin/install_openstackbmc.sh
+++ b/bin/install_openstackbmc.sh
@ -5,7 +5,7 @@ set -x
 # install python2-crypto from EPEL
 # python-[nova|neutron]client are in a similar situation.  They were renamed
 # in RDO to python2-*
-required_packages="python-pip os-net-config git jq python2-os-client-config"
+required_packages="python-pip os-net-config git jq python2-os-client-config python2-openstackclient"

 function have_packages() {
    for i in $required_packages; do
@ -59,12 +59,9 @@ print(yaml.safe_dump(clouds, default_flow_style=False))' > ~/.config/openstack/c
 rm -f /tmp/bmc-cloud-data
 export OS_CLOUD=host_cloud

-# At some point neutronclient started returning a python list repr from this
-# command instead of just the value.  This sed will strip off the bits we
-# don't care about without messing up the output from older clients.
-private_subnet=$(neutron net-show -f value -c subnets $private_net | sed "s/\[u'\(.*\)'\]/\1/")
-default_gw=$(neutron subnet-show $private_subnet -f value -c gateway_ip)
-prefix_len=$(neutron subnet-show -f value -c cidr $private_subnet | awk -F / '{print $2}')
+private_subnet=$(openstack network show -f value -c subnets $private_net)
+default_gw=$(openstack subnet show -f value -c gateway_ip $private_subnet)
+prefix_len=$(openstack subnet show -f value -c cidr $private_subnet | awk -F / '{print $2}')
 cache_status=
 if [ "$bmc_use_cache" != "False" ]; then
    cache_status="--cache-status"
@ -103,14 +100,9 @@ EOF
 for i in $(seq 1 $bm_node_count)
 do
    bm_port="$bm_prefix_$(($i-1))"
-    bm_instance=$(neutron port-show $bm_port -c device_id -f value)
+    bm_instance=$(openstack port show -c device_id -f value $bm_port)
    bmc_port="$bmc_prefix_$(($i-1))"
-    bmc_ip=$(neutron port-show $bmc_port -c fixed_ips -f value | jq -r .ip_address)
-    # Newer neutronclient requires explicit json output and a slightly
-    # different jq query
-    if [ -z "$bmc_ip" ]; then
-        bmc_ip=$(neutron port-show $bmc_port -c fixed_ips -f json | jq -r .fixed_ips[0].ip_address)
-    fi
+    bmc_ip=$(openstack port show -c fixed_ips -f value $bmc_port | awk -F \' '{print $2}')
    unit="openstack-bmc-$bm_port.service"

    cat <<EOF >/usr/lib/systemd/system/$unit
@ -144,6 +136,21 @@ do
    unit="openstack-bmc-$bm_port.service"
    systemctl enable $unit
    systemctl start $unit
-    systemctl status $unit
 done

+sleep 5
+
+for i in $(seq 1 $bm_node_count)
+do
+    bm_port="$bm_prefix_$(($i-1))"
+    unit="openstack-bmc-$bm_port.service"
+    if ! systemctl status $unit
+    then
+        $signal_command --data-binary '{"status": "FAILURE"}'
+        echo "********** $unit failed to start **********"
+        exit 1
+    fi
+done
+
+$signal_command --data-binary '{"status": "SUCCESS"}'
+
--- a/bin/test-job
+++ b/bin/test-job
@ -49,9 +49,9 @@ then
 fi
 echo 'resource_registry:' >> env.yaml
 echo '  OS::OVB::UndercloudFloating: templates/undercloud-floating.yaml' >> env.yaml
-echo '  OS::OVB::BaremetalPorts: templates/baremetal-ports-default-port-security.yaml' >> env.yaml
-echo '  OS::OVB::BMCPort: templates/bmc-port-port-security.yaml' >> env.yaml
-echo '  OS::OVB::UndercloudPorts: templates/undercloud-ports-port-security.yaml' >> env.yaml
+echo '  OS::OVB::BaremetalPorts: templates/baremetal-ports-default.yaml' >> env.yaml
+echo '  OS::OVB::BMCPort: templates/bmc-port.yaml' >> env.yaml
+echo '  OS::OVB::UndercloudPorts: templates/undercloud-ports.yaml' >> env.yaml
 echo '  OS::OVB::PrivateNetwork: templates/private-net-create.yaml' >> env.yaml

 cp -r $BIN_DIR ./bin
--- a/bin/test-job-v2
+++ b/bin/test-job-v2
@ -52,7 +52,7 @@ fi
 cp -r $BIN_DIR ./bin
 cp -r $BIN_DIR/../openstack_virtual_baremetal .
 STACK_NAME=$MY_ID
-$BIN_DIR/deploy.py --quintupleo --id $MY_ID --name $STACK_NAME --poll -e env.yaml -e environments/create-private-network.yaml -e environments/all-networks-port-security.yaml
+$BIN_DIR/deploy.py --quintupleo --id $MY_ID --name $STACK_NAME --poll -e env.yaml -e environments/create-private-network.yaml -e environments/all-networks.yaml
 UNDERCLOUD_IP=$(heat output-show $STACK_NAME undercloud_host_floating_ip | sed -e 's/"//g')
 bin/build-nodes-json --env env-$MY_ID.yaml --driver ipmi
 SSH_OPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Verbose -o PasswordAuthentication=no -o ConnectionAttempts=32 "
--- a/bond-network-templates/DEPRECATED
+++ b/bond-network-templates/DEPRECATED
@ -1,3 +0,0 @@
-WARNING: This directory is deprecated and may be removed in the future.
-A duplicate copy of these network templates can be found in the
-overcloud-templates directory in a sub-directory with the same name as this one.
--- a/bond-network-templates/README
+++ b/bond-network-templates/README
@ -1,23 +0,0 @@
-Generated Network Isolation Templates
-------------------------------------
-These templates were generated by the UI tool at
-https://github.com/cybertron/tripleo-scripts#net-iso-genpy
-
-ui-settings.pickle is specific to the tool.  TripleO will not use it when
-doing deployments with these templates, but it is needed to be able to
-load the templates into the UI again.  Note that the UI only reads this file,
-so any changes made by hand to the templates will not be reflected in the UI.
-
-The network-isolation.yaml file needs to reference the port files shipped with
-tripleo-heat-templates, so by default the tool generates the paths assuming
-network-isolation.yaml will be copied into the environments/ directory of
-tripleo-heat-templates.
-
-If the standard tripleo-heat-templates are in use, then the
-network-isolation-absolute.yaml file can be used instead.  It has hard-coded
-references to the port files in /usr/share/openstack-tripleo-heat-templates.
-
-If the generated network isolation templates are at ~/generated-templates, an
-example deployment command would look like:
-
-openstack overcloud deploy --templates -e ~/generated-templates/network-isolation-absolute.yaml -e ~/generated-templates/network-environment.yaml
--- a/bond-network-templates/network-environment.yaml
+++ b/bond-network-templates/network-environment.yaml
@ -1,26 +0,0 @@
-
-resource_registry:
-  OS::TripleO::BlockStorage::Net::SoftwareConfig: nic-configs/cinder-storage.yaml
-  OS::TripleO::Compute::Net::SoftwareConfig: nic-configs/compute.yaml
-  OS::TripleO::Controller::Net::SoftwareConfig: nic-configs/controller.yaml
-  OS::TripleO::ObjectStorage::Net::SoftwareConfig: nic-configs/swift-storage.yaml
-  OS::TripleO::CephStorage::Net::SoftwareConfig: nic-configs/ceph-storage.yaml
-
-parameter_defaults:
-  ControlPlaneSubnetCidr: '24'
-  ControlPlaneDefaultRoute: 192.0.2.1
-  EC2MetadataIp: 192.0.2.1
-  ExternalNetCidr: 10.0.0.0/24
-  ExternalAllocationPools: [{"start": "10.0.0.10", "end": "10.0.0.50"}]
-  ExternalInterfaceDefaultRoute: 10.0.0.1
-  NeutronExternalNetworkBridge: "''"
-  InternalApiNetCidr: 172.17.0.0/24
-  InternalApiAllocationPools: [{"start": "172.17.0.10", "end": "172.17.0.250"}]
-  StorageNetCidr: 172.18.0.0/24
-  StorageAllocationPools: [{"start": "172.18.0.10", "end": "172.18.0.250"}]
-  StorageMgmtNetCidr: 172.19.0.0/24
-  StorageMgmtAllocationPools: [{"start": "172.19.0.10", "end": "172.19.0.250"}]
-  TenantNetCidr: 172.16.0.0/24
-  TenantAllocationPools: [{"start": "172.16.0.10", "end": "172.16.0.250"}]
-  DnsServers: ["8.8.8.8", "8.8.4.4"]
-  BondInterfaceOvsOptions: bond_mode=balance-slb
--- a/bond-network-templates/network-isolation-absolute.yaml
+++ b/bond-network-templates/network-isolation-absolute.yaml
@ -1,28 +0,0 @@
-resource_registry:
-  # Redis
-  OS::TripleO::Network::Ports::RedisVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/vip.yaml
-  # External
-  OS::TripleO::Network::External: /usr/share/openstack-tripleo-heat-templates/network/external.yaml
-  OS::TripleO::Network::Ports::ExternalVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/external.yaml
-  OS::TripleO::Controller::Ports::ExternalPort: /usr/share/openstack-tripleo-heat-templates/network/ports/external.yaml
-  # InternalApi
-  OS::TripleO::Network::InternalApi: /usr/share/openstack-tripleo-heat-templates/network/internal_api.yaml
-  OS::TripleO::Network::Ports::InternalApiVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/internal_api.yaml
-  OS::TripleO::Controller::Ports::InternalApiPort: /usr/share/openstack-tripleo-heat-templates/network/ports/internal_api.yaml
-  OS::TripleO::Compute::Ports::InternalApiPort: /usr/share/openstack-tripleo-heat-templates/network/ports/internal_api.yaml
-  # Storage
-  OS::TripleO::Network::Storage: /usr/share/openstack-tripleo-heat-templates/network/storage.yaml
-  OS::TripleO::Network::Ports::StorageVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage.yaml
-  OS::TripleO::Controller::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage.yaml
-  OS::TripleO::Compute::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage.yaml
-  OS::TripleO::CephStorage::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage.yaml
-  # StorageMgmt
-  OS::TripleO::Network::StorageMgmt: /usr/share/openstack-tripleo-heat-templates/network/storage_mgmt.yaml
-  OS::TripleO::Network::Ports::StorageMgmtVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_mgmt.yaml
-  OS::TripleO::Controller::Ports::StorageMgmtPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_mgmt.yaml
-  OS::TripleO::CephStorage::Ports::StorageMgmtPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_mgmt.yaml
-  # Tenant
-  OS::TripleO::Network::Tenant: /usr/share/openstack-tripleo-heat-templates/network/tenant.yaml
-  OS::TripleO::Network::Ports::TenantVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
-  OS::TripleO::Controller::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
-  OS::TripleO::Compute::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
--- a/bond-network-templates/network-isolation.yaml
+++ b/bond-network-templates/network-isolation.yaml
@ -1,28 +0,0 @@
-resource_registry:
-  # Redis
-  OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
-  # External
-  OS::TripleO::Network::External: ../network/external.yaml
-  OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
-  OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml
-  # InternalApi
-  OS::TripleO::Network::InternalApi: ../network/internal_api.yaml
-  OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml
-  OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml
-  OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml
-  # Storage
-  OS::TripleO::Network::Storage: ../network/storage.yaml
-  OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml
-  OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml
-  OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml
-  OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml
-  # StorageMgmt
-  OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml
-  OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
-  OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
-  OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
-  # Tenant
-  OS::TripleO::Network::Tenant: ../network/tenant.yaml
-  OS::TripleO::Network::Ports::TenantVipPort: ../network/ports/tenant.yaml
-  OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml
-  OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml
--- a/bond-network-templates/nic-configs/ceph-storage.yaml
+++ b/bond-network-templates/nic-configs/ceph-storage.yaml
@ -1,119 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config:
-          - type: interface
-            name: nic1
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask:
-                list_join:
-                - /
-                - - {get_param: ControlPlaneIp}
-                  - {get_param: ControlPlaneSubnetCidr}
-            routes:
-            - ip_netmask: 169.254.169.254/32
-              next_hop: {get_param: EC2MetadataIp}
-            - default: true
-              next_hop: {get_param: ControlPlaneDefaultRoute}
-          - type: interface
-            name: nic5
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageIpSubnet}
-          - type: interface
-            name: nic6
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageMgmtIpSubnet}
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/bond-network-templates/nic-configs/cinder-storage.yaml
+++ b/bond-network-templates/nic-configs/cinder-storage.yaml
@ -1,92 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config: []
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/bond-network-templates/nic-configs/compute.yaml
+++ b/bond-network-templates/nic-configs/compute.yaml
@ -1,130 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config:
-          - type: interface
-            name: nic1
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask:
-                list_join:
-                - /
-                - - {get_param: ControlPlaneIp}
-                  - {get_param: ControlPlaneSubnetCidr}
-            routes:
-            - ip_netmask: 169.254.169.254/32
-              next_hop: {get_param: EC2MetadataIp}
-            - default: true
-              next_hop: {get_param: ControlPlaneDefaultRoute}
-          - type: interface
-            name: nic4
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: InternalApiIpSubnet}
-          - type: interface
-            name: nic5
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageIpSubnet}
-          - type: ovs_bridge
-            name: br-tenant
-            dns_servers: {get_param: DnsServers}
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: TenantIpSubnet}
-            members:
-            - type: interface
-              name: nic7
-              mtu: 1350
-              primary: true
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/bond-network-templates/nic-configs/controller.yaml
+++ b/bond-network-templates/nic-configs/controller.yaml
@ -1,156 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config:
-          - type: interface
-            name: nic1
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask:
-                list_join:
-                - /
-                - - {get_param: ControlPlaneIp}
-                  - {get_param: ControlPlaneSubnetCidr}
-            routes:
-            - ip_netmask: 169.254.169.254/32
-              next_hop: {get_param: EC2MetadataIp}
-          - type: ovs_bridge
-            name: br-ex
-            dns_servers: {get_param: DnsServers}
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: ExternalIpSubnet}
-            routes:
-            - ip_netmask: 0.0.0.0/0
-              next_hop: {get_param: ExternalInterfaceDefaultRoute}
-            members:
-            - type: ovs_bond
-              name: bond1
-              ovs_options: {get_param: BondInterfaceOvsOptions}
-              members:
-              - type: interface
-                name: nic2
-                mtu: 1350
-                primary: true
-              - type: interface
-                name: nic3
-                mtu: 1350
-                primary: false
-          - type: interface
-            name: nic4
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: InternalApiIpSubnet}
-          - type: interface
-            name: nic5
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageIpSubnet}
-          - type: interface
-            name: nic6
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageMgmtIpSubnet}
-          - type: ovs_bridge
-            name: br-tenant
-            dns_servers: {get_param: DnsServers}
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: TenantIpSubnet}
-            members:
-            - type: interface
-              name: nic7
-              mtu: 1350
-              primary: true
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/bond-network-templates/nic-configs/swift-storage.yaml
+++ b/bond-network-templates/nic-configs/swift-storage.yaml
@ -1,92 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config: []
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/bond-network-templates/ui-settings.pickle
+++ b/bond-network-templates/ui-settings.pickle
@ -1,699 +0,0 @@
-(dp0
-S'global_data'
-p1
-(dp2
-S'control'
-p3
-(dp4
-S'route'
-p5
-V192.0.2.1
-p6
-sS'mask'
-p7
-I24
-sS'ec2'
-p8
-V192.0.2.1
-p9
-ssS'major'
-p10
-I1
-sS'management'
-p11
-(dp12
-S'start'
-p13
-V172.20.0.10
-p14
-sS'cidr'
-p15
-V172.20.0.0/24
-p16
-sS'vlan'
-p17
-I6
-sS'end'
-p18
-V172.20.0.250
-p19
-ssS'dns2'
-p20
-V8.8.4.4
-p21
-sS'dns1'
-p22
-V8.8.8.8
-p23
-sS'storage'
-p24
-(dp25
-g13
-V172.18.0.10
-p26
-sg15
-V172.18.0.0/24
-p27
-sg17
-I3
-sg18
-V172.18.0.250
-p28
-ssS'auto_routes'
-p29
-I01
-sS'bond_options'
-p30
-Vbond_mode=balance-slb
-p31
-sS'version'
-p32
-I1
-sS'external'
-p33
-(dp34
-S'bridge'
-p35
-V''
-p36
-sg18
-V10.0.0.50
-p37
-sg17
-I1
-sg13
-V10.0.0.10
-p38
-sg15
-V10.0.0.0/24
-p39
-sS'gateway'
-p40
-V10.0.0.1
-p41
-ssS'internal_api'
-p42
-(dp43
-g13
-V172.17.0.10
-p44
-sg15
-V172.17.0.0/24
-p45
-sg17
-I2
-sg18
-V172.17.0.250
-p46
-ssS'ipv6'
-p47
-I00
-sS'storage_mgmt'
-p48
-(dp49
-g13
-V172.19.0.10
-p50
-sg15
-V172.19.0.0/24
-p51
-sg17
-I4
-sg18
-V172.19.0.250
-p52
-ssS'minor'
-p53
-I2
-sS'tenant'
-p54
-(dp55
-g13
-V172.16.0.10
-p56
-sg15
-V172.16.0.0/24
-p57
-sg17
-I5
-sg18
-V172.16.0.250
-p58
-sssS'data'
-p59
-(dp60
-S'cinder-storage.yaml'
-p61
-(lp62
-sS'ceph-storage.yaml'
-p63
-(lp64
-(dp65
-Vaddresses
-p66
-(lp67
-sVnetwork
-p68
-VControlPlane
-p69
-sVprimary
-p70
-I01
-sVmtu
-p71
-I1350
-sS'members'
-p72
-(lp73
-sVroutes
-p74
-(lp75
-sVuse_dhcp
-p76
-I00
-sVtype
-p77
-Vinterface
-p78
-sVname
-p79
-Vnic1
-p80
-sa(dp81
-Vaddresses
-p82
-(lp83
-sVnetwork
-p84
-VStorage
-p85
-sVprimary
-p86
-I01
-sVmtu
-p87
-I1350
-sg72
-(lp88
-sVroutes
-p89
-(lp90
-sVuse_dhcp
-p91
-I00
-sVtype
-p92
-Vinterface
-p93
-sVname
-p94
-Vnic5
-p95
-sa(dp96
-Vaddresses
-p97
-(lp98
-sVnetwork
-p99
-VStorageMgmt
-p100
-sVprimary
-p101
-I01
-sVmtu
-p102
-I1350
-sg72
-(lp103
-sVroutes
-p104
-(lp105
-sVuse_dhcp
-p106
-I00
-sVtype
-p107
-Vinterface
-p108
-sVname
-p109
-Vnic6
-p110
-sasS'controller.yaml'
-p111
-(lp112
-(dp113
-Vaddresses
-p114
-(lp115
-sVnetwork
-p116
-VControlPlane
-p117
-sVprimary
-p118
-I01
-sVmtu
-p119
-I1350
-sg72
-(lp120
-sVroutes
-p121
-(lp122
-sVuse_dhcp
-p123
-I00
-sVtype
-p124
-Vinterface
-p125
-sVname
-p126
-Vnic1
-p127
-sa(dp128
-Vdns_servers
-p129
-V{get_param: DnsServers}
-p130
-sVaddresses
-p131
-(lp132
-sVnetwork
-p133
-VExternal
-p134
-sVmtu
-p135
-I-1
-sg72
-(lp136
-(dp137
-Vnetwork
-p138
-VNone
-p139
-sVbond_type
-p140
-Vovs
-p141
-sVovs_options
-p142
-V{get_param: BondInterfaceOvsOptions}
-p143
-sVmtu
-p144
-I-1
-sg72
-(lp145
-(dp146
-Vaddresses
-p147
-(lp148
-sVnetwork
-p149
-VNone
-p150
-sVprimary
-p151
-I01
-sVmtu
-p152
-I1350
-sVroutes
-p153
-(lp154
-sVuse_dhcp
-p155
-I00
-sVtype
-p156
-Vinterface
-p157
-sVname
-p158
-Vnic2
-p159
-sa(dp160
-Vaddresses
-p161
-(lp162
-sVnetwork
-p163
-VNone
-p164
-sVprimary
-p165
-I00
-sVmtu
-p166
-I1350
-sVroutes
-p167
-(lp168
-sVuse_dhcp
-p169
-I00
-sVtype
-p170
-Vinterface
-p171
-sVname
-p172
-Vnic3
-p173
-sasVroutes
-p174
-(lp175
-sVtype
-p176
-Vovs_bond
-p177
-sVname
-p178
-Vbond1
-p179
-sasVroutes
-p180
-(lp181
-sVuse_dhcp
-p182
-I00
-sVtype
-p183
-Vovs_bridge
-p184
-sVname
-p185
-Vbr-ex
-p186
-sa(dp187
-Vaddresses
-p188
-(lp189
-sVnetwork
-p190
-VInternalApi
-p191
-sVprimary
-p192
-I01
-sVmtu
-p193
-I1350
-sg72
-(lp194
-sVroutes
-p195
-(lp196
-sVuse_dhcp
-p197
-I00
-sVtype
-p198
-Vinterface
-p199
-sVname
-p200
-Vnic4
-p201
-sa(dp202
-Vaddresses
-p203
-(lp204
-sVnetwork
-p205
-VStorage
-p206
-sVprimary
-p207
-I01
-sVmtu
-p208
-I1350
-sg72
-(lp209
-sVroutes
-p210
-(lp211
-sVuse_dhcp
-p212
-I00
-sVtype
-p213
-Vinterface
-p214
-sVname
-p215
-Vnic5
-p216
-sa(dp217
-Vaddresses
-p218
-(lp219
-sVnetwork
-p220
-VStorageMgmt
-p221
-sVprimary
-p222
-I01
-sVmtu
-p223
-I1350
-sg72
-(lp224
-sVroutes
-p225
-(lp226
-sVuse_dhcp
-p227
-I00
-sVtype
-p228
-Vinterface
-p229
-sVname
-p230
-Vnic6
-p231
-sa(dp232
-Vdns_servers
-p233
-V{get_param: DnsServers}
-p234
-sVaddresses
-p235
-(lp236
-sVnetwork
-p237
-VTenant
-p238
-sVmtu
-p239
-I-1
-sg72
-(lp240
-(dp241
-Vaddresses
-p242
-(lp243
-sVnetwork
-p244
-VNone
-p245
-sVprimary
-p246
-I01
-sVmtu
-p247
-I1350
-sg72
-(lp248
-sVroutes
-p249
-(lp250
-sVuse_dhcp
-p251
-I00
-sVtype
-p252
-Vinterface
-p253
-sVname
-p254
-Vnic7
-p255
-sasVroutes
-p256
-(lp257
-sVuse_dhcp
-p258
-I00
-sVtype
-p259
-Vovs_bridge
-p260
-sVname
-p261
-Vbr-tenant
-p262
-sasS'swift-storage.yaml'
-p263
-(lp264
-sS'compute.yaml'
-p265
-(lp266
-(dp267
-Vaddresses
-p268
-(lp269
-sVnetwork
-p270
-VControlPlane
-p271
-sVprimary
-p272
-I01
-sVmtu
-p273
-I1350
-sg72
-(lp274
-sVroutes
-p275
-(lp276
-sVuse_dhcp
-p277
-I00
-sVtype
-p278
-Vinterface
-p279
-sVname
-p280
-Vnic1
-p281
-sa(dp282
-Vaddresses
-p283
-(lp284
-sVnetwork
-p285
-VInternalApi
-p286
-sVprimary
-p287
-I01
-sVmtu
-p288
-I1350
-sg72
-(lp289
-sVroutes
-p290
-(lp291
-sVuse_dhcp
-p292
-I00
-sVtype
-p293
-Vinterface
-p294
-sVname
-p295
-Vnic4
-p296
-sa(dp297
-Vaddresses
-p298
-(lp299
-sVnetwork
-p300
-VStorage
-p301
-sVprimary
-p302
-I01
-sVmtu
-p303
-I1350
-sg72
-(lp304
-sVroutes
-p305
-(lp306
-sVuse_dhcp
-p307
-I00
-sVtype
-p308
-Vinterface
-p309
-sVname
-p310
-Vnic5
-p311
-sa(dp312
-Vdns_servers
-p313
-V{get_param: DnsServers}
-p314
-sVaddresses
-p315
-(lp316
-sVnetwork
-p317
-VTenant
-p318
-sVmtu
-p319
-I-1
-sg72
-(lp320
-(dp321
-Vaddresses
-p322
-(lp323
-sVnetwork
-p324
-VNone
-p325
-sVprimary
-p326
-I01
-sVmtu
-p327
-I1350
-sg72
-(lp328
-sVroutes
-p329
-(lp330
-sVuse_dhcp
-p331
-I00
-sVtype
-p332
-Vinterface
-p333
-sVname
-p334
-Vnic7
-p335
-sasVroutes
-p336
-(lp337
-sVuse_dhcp
-p338
-I00
-sVtype
-p339
-Vovs_bridge
-p340
-sVname
-p341
-Vbr-tenant
-p342
-sass.
--- a/doc/source/conf.py
+++ b/doc/source/conf.py
@ -28,6 +28,7 @@ sys.path.insert(0, os.path.abspath('../../openstack_virtual_baremetal'))
 extensions = [
    'sphinx.ext.autodoc',
    'sphinx.ext.intersphinx',
+    'sphinx.ext.autosectionlabel',
 ]


@ -95,6 +96,7 @@ pygments_style = 'sphinx'

 # -- Options for HTML output ---------------------------------------------------

+html_theme = 'sphinx_rtd_theme'
 html_static_path = []
 # html_style = 'custom.css'
 templates_path = []
--- a/doc/source/deploy/baremetal.rst
+++ b/doc/source/deploy/baremetal.rst
@ -37,7 +37,7 @@ method, which creates most of the resources needed automatically.
   ::

      neutron net-create provision
-      neutron subnet-create --name provision --no-gateway --disable-dhcp provision 192.0.2.0/24
+      neutron subnet-create --name provision --no-gateway --disable-dhcp provision 192.168.24.0/24

 #. Create "public" network.

@ -94,8 +94,7 @@ method, which creates most of the resources needed automatically.
    neutron port-list
    neutron floatingip-associate [floatingip uuid] [undercloud instance port id]

-#. (Optional) If not using the Noop firewall driver, turn off port-security on
-   the undercloud provisioning port::
+#. Turn off port-security on the undercloud provisioning port::

    neutron port-update [UUID of undercloud port on the provision network] --no-security-groups --port-security-enabled=False

--- a/doc/source/deploy/environment-index.rst
+++ b/doc/source/deploy/environment-index.rst
@ -1,30 +1,6 @@
 Sample Environment Index
 ========================

-Deploy with All Networks Enabled
--------------------------------
-
-**File:** environments/all-networks-port-security.yaml
-
-**Description:** Deploy an OVB stack that adds interfaces for all the standard TripleO
-network isolation networks.  This version uses the port-security
-Neutron extension to allow OVB to be run on clouds with security
-groups enabled.
-
-
-Deploy with All Networks Enabled and Two Public Interfaces
----------------------------------------------------------
-
-**File:** environments/all-networks-public-bond-port-security.yaml
-
-**Description:** Deploy an OVB stack that adds interfaces for all the standard TripleO
-network isolation networks.  This version will deploy duplicate
-public network interfaces on the baremetal instances so that the
-public network can be configured as a bond.  It will also use the
-port-security Neutron extension to allow OVB to be run on clouds with
-security groups enabled.
-
-
 Deploy with All Networks Enabled and Two Public Interfaces
 ----------------------------------------------------------

@ -118,13 +94,14 @@ Create a Private Network
 existing one.


-Deploy a Basic OVB Environment Using Neutron port-security
----------------------------------------------------------
+Public Network External Router
+------------------------------

-**File:** environments/port-security.yaml
+**File:** environments/public-router.yaml

-**Description:** Deploy an OVB stack that uses the Neutron port-security extension to
-allow OVB functionality in clouds with security groups enabled.
+**Description:** Deploy a router that connects the public and external networks. This
+allows the public network to be used as a gateway instead of routing all
+traffic through the undercloud.


 Disable the Undercloud in a QuintupleO Stack
@ -136,6 +113,38 @@ Disable the Undercloud in a QuintupleO Stack
 instance.


+Configuration for Routed Networks
+---------------------------------
+
+**File:** environments/routed-networks-configuration.yaml
+
+**Description:** Contains the available parameters that need to be configured when using
+a routed networks environment. Requires the routed-networks.yaml
+environment.
+
+
+Base Role Configuration for Routed Networks
+-------------------------------------------
+
+**File:** environments/routed-networks-role.yaml
+
+**Description:** A base role environment that contains the necessary parameters for
+deploying with routed networks.
+
+
+Enable Routed Networks
+----------------------
+
+**File:** environments/routed-networks.yaml
+
+**Description:** Enable use of routed networks, where there may be multiple separate
+networks connected with a router and DHCP relay. Do not pass any other
+network configuration environments after this one or they may override
+the changes made by this environment. When this environment is in use,
+the routed-networks-configuration environment should usually be
+included as well.
+
+
 Assign the Undercloud an Existing Floating IP
 ---------------------------------------------

--- a/doc/source/deploy/quintupleo.rst
+++ b/doc/source/deploy/quintupleo.rst
@ -19,7 +19,7 @@ however.
   with some older clouds.  See below for details on customizing an OVB
   deployment for your particular situation::

-    bin/deploy.py --quintupleo -e env.yaml -e environments/all-networks-port-security.yaml -e environments/create-private-network.yaml
+    bin/deploy.py --quintupleo -e env.yaml -e environments/all-networks.yaml -e environments/create-private-network.yaml

   .. note:: There is a quintupleo-specific option ``--id`` in deploy.py.
             It appends the value passed in to the name of all resources
@ -97,10 +97,10 @@ There are also a number of advanced options that can be enabled for a
 QuintupleO deployment.  For each such option there is a sample environment
 to be passed to the deploy command.

-For example, to deploy using the Neutron port-security extension to allow
-DHCP and PXE booting, the following command could be used::
+For example, to deploy all networks needed for TripleO network isolation, the
+following command could be used::

-    bin/deploy.py --quintupleo -e env.yaml -e environments/port-security.yaml
+    bin/deploy.py --quintupleo -e env.yaml -e environments/all-networks.yaml

 .. important:: When deploying with multiple environment files, ``env.yaml``
               *must* be explicitly passed to the deploy command.
@ -110,7 +110,7 @@ DHCP and PXE booting, the following command could be used::
 Some options may have additional configuration parameters.  These parameters
 will be listed in the environment file.

-A full list of the option environments available can be found at
+A full list of the environments available can be found at
 :doc:`environment-index`.

 Network Isolation
@ -144,15 +144,163 @@ Three primary networking layouts are included:
  OVB environment.  The ``bond-*`` overcloud templates must be used with this
  type of environment.

-Each of the networking layouts has two variations: with and without the use of
-Neutron's port-security extension.  The reason for this is that older releases
-of OpenStack did not support port-security, so those templates cannot be used.
-However, use of the port-security extension allows OVB to work on a much larger
-number of clouds because it does not require insecure Neutron settings.
+QuintupleO and routed networks
+------------------------------

-While the port-security extension existed as far back as the Liberty release,
-it has only been successfully tested with OVB on Newton and above.
+TripleO supports deploying OpenStack with nodes on multiple network segments
+which is connected via L3 routing. OVB can set up a full development
+environment with routers and DHCP-relay service.  This environment is targeted
+for TripleO development, however it should be useful for non-TripleO users of
+OVB as well.

-The port-security environments can be recognized by the presence of
-`port-security` somewhere in the filename.  Network environments without that
-substring are the standard ones that require the noop Neutron firewall driver.
+#. When deploying QuintupleO with routed networks environment files to enable
+   routed networks must be included, as well as one or more role environment
+   files. See :ref:`Enable Routed Networks`,
+   :ref:`Configuration for Routed Networks`, and
+   :ref:`Base Role Configuration for Routed Networks` in the
+   :doc:`environment-index` for details.
+
+#. Copy the example env file and edit it to reflect the host environment::
+
+      cp environments/base.yaml env.yaml
+      vi env.yaml
+
+#. Copy the ``routed-networks-configuration.yaml`` sample environment file and
+   edit it to reflect the host environment::
+
+     cp environments/routed-networks-configuration.yaml env-routed-networks.yaml
+     vi env-routed-networks.yaml
+
+#. For each desired role, copy the ``routed-networks-role.yaml`` sample
+   environment file and edit it to reflect the host environment::
+
+     cp environments/routed-networks-role.yaml env-leaf1.yaml
+     vi env-leaf1.yaml
+
+#. Deploy the QuintupleO routed networks environment by running the deploy.py
+   command. For example::
+
+     ./bin/deploy.py --env env.yaml \
+                     --quintupleo \
+                     --env environments/all-networks.yaml \
+                     --env environments/routed-networks.yaml \
+                     --env env-routed-networks.yaml \
+                     --role env-leaf1.yaml
+
+#. When generating the ``nodes.json`` file for TripleO undercloud node import,
+   the environment ``env-routed.yaml`` should be specified. Also, to include
+   physical network attributes of the node ports in ``nodes.json`` specify the
+   ``--physical_network`` option when running ``build-nodes-json``. For
+   example::
+
+     bin/build-nodes-json --physical_network
+
+   The following is an example node definition produced when using the
+   ``--physical_network`` options. Notice that ports are defined with both
+   ``address`` and ``physical_network`` attributes.
+
+   ::
+
+     {
+       "pm_password": "password",
+       "name": "baremetal-leaf1-0",
+       "memory": 8192,
+       "pm_addr": "10.0.1.13",
+       "ports": [
+         {
+           "physical_network": "provision2",
+           "address": "fa:16:3e:2f:a1:cf"
+         }
+       ],
+       "capabilities": "boot_option:local,profile:leaf1",
+       "pm_type": "pxe_ipmitool",
+       "disk": 80,
+       "arch": "x86_64",
+       "cpu": 4,
+       "pm_user": "admin"
+     }
+
+    .. NOTE:: Due to technical debet (backward compatibility) the TripleO
+              Undercloud uses ``ctlplane`` as the physical network name for the
+              subnet that is local to the Undercloud itself. Either override
+              the name of the provision network in the ovb environment by
+              setting: ``provision_net: ctlplane`` in the
+              ``parameters_defaults`` section or edit the generated nodes.json
+              file, replacing:
+              ``"physical_network": "<name-used-for-provision_net>"`` with
+              ``"physical_network": "ctlplane"``.
+
+#. For convenience router addresses are made available via the
+   ``network_environment_data`` key in the stack output of the quintupleo heat
+   stack. To retrieve this data run the ``openstack stack show`` command. For
+   example::
+
+     $ openstack stack show quintupleo -c outputs -f yaml
+
+     outputs:
+     - description: floating ip of the undercloud instance
+       output_key: undercloud_host_floating_ip
+       output_value: 38.145.35.98
+     - description: Network environment data, router addresses etc.
+       output_key: network_environment_data
+       output_value:
+         internal2_router: 172.17.1.204
+         internal_router_address: 172.17.0.201
+         provision2_router: 192.168.25.254
+         provision3_router: 192.168.26.254
+         provision_router: 192.168.24.254
+         storage2_router_address: 172.18.1.254
+         storage_mgmt2_router_address: 172.19.1.254
+         storage_mgmt_router_address: 172.19.0.254
+         storage_router_address: 172.18.0.254
+         tenant2_router_address: 172.16.1.254
+         tenant_router_address: 172.16.0.254
+     - description: ip of the undercloud instance on the private network
+       output_key: undercloud_host_private_ip
+       output_value: 10.0.1.14
+
+#. Below is an example TripleO Undercloud configuration (``undercloud.conf``)
+   with routed networks support enabled and the three provisioning networks
+   defined.
+
+   ::
+
+     [DEFAULT]
+     enable_routed_networks = true
+     enable_ui = false
+     overcloud_domain_name = localdomain
+     scheduler_max_attempts = 2
+     undercloud_ntp_servers = pool.ntp.org
+     undercloud_hostname = undercloud.rdocloud
+     local_interface = eth1
+     local_mtu = 1450
+     local_ip = 192.168.24.1/24
+     undercloud_public_host = 192.168.24.2
+     undercloud_admin_host = 192.168.24.3
+     undercloud_nameservers = 8.8.8.8,8.8.4.4
+     local_subnet = provision
+     subnets = provision,provision2,provision3
+
+     [provision]
+     cidr = 192.168.24.0/24
+     dhcp_start = 192.168.24.10
+     dhcp_end = 192.168.24.30
+     gateway = 192.168.24.254
+     inspection_iprange = 192.168.24.100,192.168.24.120
+     masquerade = true
+
+     [provision2]
+     cidr = 192.168.25.0/24
+     dhcp_start = 192.168.25.10
+     dhcp_end = 192.168.25.30
+     gateway = 192.168.25.254
+     inspection_iprange = 192.168.25.100,192.168.25.120
+     masquerade = true
+
+     [provision3]
+     cidr = 192.168.26.0/24
+     dhcp_start = 192.168.26.10
+     dhcp_end = 192.168.26.30
+     gateway = 192.168.26.254
+     inspection_iprange = 192.168.26.100,192.168.26.120
+     masquerade = true
--- a/doc/source/host-cloud/configuration.rst
+++ b/doc/source/host-cloud/configuration.rst
@ -7,19 +7,8 @@ all of it will provide the optimal experience.
 The changes described in this document apply to compute nodes in the
 host cloud.

-#. Neutron must be configured to use the NoopFirewallDriver.  Edit
-   ``/etc/neutron/plugins/ml2/ml2_conf.ini`` and set the option
-   ``firewall_driver`` in the ``[securitygroup]`` section as follows::
-
-       firewall_driver = neutron.agent.firewall.NoopFirewallDriver
-
-#. In Liberty and later versions, arp spoofing must be disabled.  Edit
-   ``/etc/neutron/plugins/ml2/ml2_conf.ini`` and set the option
-   ``prevent_arp_spoofing`` in the ``[agent]`` section as follows::
-
-        prevent_arp_spoofing = False
-
-#. The Nova option ``force_config_drive`` must _not_ be set.
+#. The Nova option ``force_config_drive`` must _not_ be set. If you have to
+   change this option, restart ``nova-compute`` to apply it.

 #. Ideally, jumbo frames should be enabled on the host cloud.  This
   avoids MTU problems when deploying to instances over tunneled
@ -33,6 +22,3 @@ host cloud.
   such a change on the host cloud), it will likely be necessary to
   configure a smaller MTU on the deployed virtual instances.  Details
   on doing so can be found on the :doc:`../usage/usage` page.
-
-#. Restart ``nova-compute`` and ``neutron-openvswitch-agent`` to apply the
-   changes above.
--- a/doc/source/host-cloud/setup.rst
+++ b/doc/source/host-cloud/setup.rst
@ -6,9 +6,6 @@ Instructions for setting up the host cloud[1].
 1: The host cloud is any OpenStack cloud providing the necessary functionality
 to run OVB.  The host cloud must be running on real baremetal.

-.. warning:: This process requires patches and configuration settings that
-             may not be appropriate for production clouds.
-
 .. toctree::

   patches
--- a/doc/source/troubleshooting.rst
+++ b/doc/source/troubleshooting.rst
@ -49,10 +49,8 @@ VM, but responses never get to the baremetal instances.

 **Cause**: Neutron port security blocking DHCP from the undercloud.

-**Solution**: Neutron either needs to be configured to use the Noop firewall
-driver, or the port-security extension must be used to disable
-port-security on the appropriate ports.  As of this writing that
-requires use of the port-security branch of OVB.
+**Solution**: Ensure that the Neutron port-security extension is present in
+the host cloud. It is required for OVB to function properly.

 The BMC does not respond to IPMI requests
 -----------------------------------------
@ -62,11 +60,10 @@ on arbitrary addresses.  The BMC deployment may have failed for some
 reason.

 **Solution**: Neutron must be configured to allow the BMC to listen on
-arbitrary addresses.  This requires use of the Noop firewall driver
-or port-security extension as in the previous solution.  If this
-is already configured correctly, then the BMC may have failed to
-deploy properly.  This can usually be determined by looking at the
-nova console-log of the BMC instance.  A correctly working BMC will
+arbitrary addresses.  This requires the port-security extension as in the
+previous solution.  If this is already configured correctly, then the BMC may
+have failed to deploy properly.  This can usually be determined by looking at
+the nova console-log of the BMC instance.  A correctly working BMC will
 display 'Managing instance [uuid]' for each baremetal node in the
 environment.  If those messages are not found, then the BMC has
 failed to start properly.  The relevant error messages should be
--- a/doc/source/usage/usage.rst
+++ b/doc/source/usage/usage.rst
@ -43,15 +43,12 @@ After an OVB environment has been deployed, there are a few things to know.
   this is a brief explanation of each:

   - **network-templates:** IPv4 multi-nic.  Usable with the network layout
-     deployed by the ``all-networks.yaml`` and
-     ``all-networks-port-security.yaml`` environments.
+     deployed by the ``all-networks.yaml`` environment.
   - **ipv6-network-templates:** IPv6 multi-nic. Usable with the network layout
-     deployed by the ``all-networks.yaml`` and
-     ``all-networks-port-security.yaml`` environments.
+     deployed by the ``all-networks.yaml`` environment.
   - **bond-network-templates:** IPv4 multi-nic, with duplicate `public`
     interfaces for testing bonded nics.  Usable with the network layout
-     deployed by the ``all-networks-public-bond.yaml`` and
-     ``all-networks-public-bond-port-security.yaml`` environments.
+     deployed by the ``all-networks-public-bond.yaml`` environment.

   The undercloud's ``public`` interface should be configured with the address
   of the default route from the templates in use.  Firewall rules for
--- a/environments/all-networks-port-security.yaml
+++ b/environments/all-networks-port-security.yaml
@ -1,54 +0,0 @@
-# *******************************************************************
-# This file was created automatically by the sample environment
-# generator. Developers should use `tox -e genconfig` to update it.
-# Users are recommended to make changes to a copy of the file instead
-# of the original, if any customizations are needed.
-# *******************************************************************
-# title: Deploy with All Networks Enabled
-# description: |
-#   Deploy an OVB stack that adds interfaces for all the standard TripleO
-#   network isolation networks.  This version uses the port-security
-#   Neutron extension to allow OVB to be run on clouds with security
-#   groups enabled.
-parameter_defaults:
-  # Name of internal API network
-  # Type: string
-  overcloud_internal_net: overcloud_internal
-
-  # CIDR for internal API network subnet.  This is typically irrelevant and
-  # does not need to be changed.
-  # Type: string
-  overcloud_internal_net_cidr: 172.17.0.0/24
-
-  # Name of storage management network
-  # Type: string
-  overcloud_storage_mgmt_net: overcloud_storage_mgmt
-
-  # CIDR for storage management network subnet.  This is typically irrelevant
-  # and does not need to be changed.
-  # Type: string
-  overcloud_storage_mgmt_net_cidr: 172.19.0.0/24
-
-  # Name of storage network
-  # Type: string
-  overcloud_storage_net: overcloud_storage
-
-  # CIDR for storage network subnet.  This is typically irrelevant and
-  # does not need to be changed.
-  # Type: string
-  overcloud_storage_net_cidr: 172.18.0.0/24
-
-  # Name of tenant network
-  # Type: string
-  overcloud_tenant_net: overcloud_tenant
-
-  # CIDR for tenant network subnet.  This is typically irrelevant and
-  # does not need to be changed.
-  # Type: string
-  overcloud_tenant_net_cidr: 172.16.0.0/24
-
-resource_registry:
-  OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
-  OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
-  OS::OVB::BaremetalPorts: ../templates/baremetal-ports-all-port-security.yaml
-  OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
--- a/environments/all-networks-port-security.yaml
+++ b/environments/all-networks-port-security.yaml
@ -0,0 +1 @@
+all-networks.yaml
--- a/environments/all-networks-public-bond-port-security.yaml
+++ b/environments/all-networks-public-bond-port-security.yaml
@ -1,56 +0,0 @@
-# *******************************************************************
-# This file was created automatically by the sample environment
-# generator. Developers should use `tox -e genconfig` to update it.
-# Users are recommended to make changes to a copy of the file instead
-# of the original, if any customizations are needed.
-# *******************************************************************
-# title: Deploy with All Networks Enabled and Two Public Interfaces
-# description: |
-#   Deploy an OVB stack that adds interfaces for all the standard TripleO
-#   network isolation networks.  This version will deploy duplicate
-#   public network interfaces on the baremetal instances so that the
-#   public network can be configured as a bond.  It will also use the
-#   port-security Neutron extension to allow OVB to be run on clouds with
-#   security groups enabled.
-parameter_defaults:
-  # Name of internal API network
-  # Type: string
-  overcloud_internal_net: overcloud_internal
-
-  # CIDR for internal API network subnet.  This is typically irrelevant and
-  # does not need to be changed.
-  # Type: string
-  overcloud_internal_net_cidr: 172.17.0.0/24
-
-  # Name of storage management network
-  # Type: string
-  overcloud_storage_mgmt_net: overcloud_storage_mgmt
-
-  # CIDR for storage management network subnet.  This is typically irrelevant
-  # and does not need to be changed.
-  # Type: string
-  overcloud_storage_mgmt_net_cidr: 172.19.0.0/24
-
-  # Name of storage network
-  # Type: string
-  overcloud_storage_net: overcloud_storage
-
-  # CIDR for storage network subnet.  This is typically irrelevant and
-  # does not need to be changed.
-  # Type: string
-  overcloud_storage_net_cidr: 172.18.0.0/24
-
-  # Name of tenant network
-  # Type: string
-  overcloud_tenant_net: overcloud_tenant
-
-  # CIDR for tenant network subnet.  This is typically irrelevant and
-  # does not need to be changed.
-  # Type: string
-  overcloud_tenant_net_cidr: 172.16.0.0/24
-
-resource_registry:
-  OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
-  OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
-  OS::OVB::BaremetalPorts: ../templates/baremetal-ports-public-bond-port-security.yaml
-  OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
--- a/environments/all-networks-public-bond-port-security.yaml
+++ b/environments/all-networks-public-bond-port-security.yaml
@ -0,0 +1 @@
+all-networks-public-bond.yaml
--- a/environments/base-extra-node.yaml
+++ b/environments/base-extra-node.yaml
@ -33,4 +33,4 @@ parameter_defaults:
  role: extra

 resource_registry:
-  OS::OVB::BaremetalPorts: ../templates/baremetal-ports-extra-node-port-security.yaml
+  OS::OVB::BaremetalPorts: ../templates/baremetal-ports-extra-node.yaml
--- a/environments/public-router.yaml
+++ b/environments/public-router.yaml
@ -4,11 +4,10 @@
 # Users are recommended to make changes to a copy of the file instead
 # of the original, if any customizations are needed.
 # *******************************************************************
-# title: Deploy a Basic OVB Environment Using Neutron port-security
+# title: Public Network External Router
 # description: |
-#   Deploy an OVB stack that uses the Neutron port-security extension to
-#   allow OVB functionality in clouds with security groups enabled.
+#   Deploy a router that connects the public and external networks. This
+#   allows the public network to be used as a gateway instead of routing all
+#   traffic through the undercloud.
 resource_registry:
-  OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
-  OS::OVB::BaremetalPorts: ../templates/baremetal-ports-default-port-security.yaml
-  OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
+  OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-public-router.yaml
--- a/environments/routed-networks-configuration.yaml
+++ b/environments/routed-networks-configuration.yaml
@ -0,0 +1,21 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Configuration for Routed Networks
+# description: |
+#   Contains the available parameters that need to be configured when using
+#   a routed networks environment. Requires the routed-networks.yaml
+#   environment.
+parameter_defaults:
+  # The Nova flavor to use for the dhcrelay instance
+  # Type: string
+  dhcp_relay_flavor: m1.small
+
+  # The base image for the dhcrelay instance.  A CentOS 7 image is currently
+  # the only one supported.
+  # Type: string
+  dhcp_relay_image: CentOS-7-x86_64-GenericCloud
+
--- a/environments/routed-networks-role.yaml
+++ b/environments/routed-networks-role.yaml
@ -0,0 +1,48 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Base Role Configuration for Routed Networks
+# description: |
+#   A base role environment that contains the necessary parameters for
+#   deploying with routed networks.
+parameter_defaults:
+  # Recommended to be at least 1 vcpu, 4 GB RAM, 50 GB disk
+  # Type: string
+  baremetal_flavor: baremetal
+
+  # Nova keypair to inject into the undercloud and bmc
+  # Type: string
+  key_name: default
+
+  # Number of baremetal nodes to deploy
+  # Type: number
+  node_count: 2
+
+  # Name of internal API network
+  # Type: string
+  overcloud_internal_net: overcloud_internal2
+
+  # Name of storage management network
+  # Type: string
+  overcloud_storage_mgmt_net: overcloud_storage_mgmt2
+
+  # Name of storage network
+  # Type: string
+  overcloud_storage_net: overcloud_storage2
+
+  # Name of tenant network
+  # Type: string
+  overcloud_tenant_net: overcloud_tenant2
+
+  # Name of a network that will be used for provisioning traffic
+  # Type: string
+  provision_net: provision2
+
+  # The default role for nodes in this environment.  This parameter is
+  # ignored by Heat, but used by build-nodes-json.
+  # Type: string
+  role: leaf1
+
--- a/environments/routed-networks.yaml
+++ b/environments/routed-networks.yaml
@ -0,0 +1,18 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable Routed Networks
+# description: |
+#   Enable use of routed networks, where there may be multiple separate
+#   networks connected with a router and DHCP relay. Do not pass any other
+#   network configuration environments after this one or they may override
+#   the changes made by this environment. When this environment is in use,
+#   the routed-networks-configuration environment should usually be
+#   included as well.
+resource_registry:
+  OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml
+  OS::OVB::DHCPRelay: ../templates/dhcp-relay.yaml
+  OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml
--- a/ipv6-network-templates/DEPRECATED
+++ b/ipv6-network-templates/DEPRECATED
@ -1,3 +0,0 @@
-WARNING: This directory is deprecated and may be removed in the future.
-A duplicate copy of these network templates can be found in the
-overcloud-templates directory in a sub-directory with the same name as this one.
--- a/ipv6-network-templates/README
+++ b/ipv6-network-templates/README
@ -1,23 +0,0 @@
-Generated Network Isolation Templates
-------------------------------------
-These templates were generated by the UI tool at
-https://github.com/cybertron/tripleo-scripts#net-iso-genpy
-
-ui-settings.pickle is specific to the tool.  TripleO will not use it when
-doing deployments with these templates, but it is needed to be able to
-load the templates into the UI again.  Note that the UI only reads this file,
-so any changes made by hand to the templates will not be reflected in the UI.
-
-The network-isolation.yaml file needs to reference the port files shipped with
-tripleo-heat-templates, so by default the tool generates the paths assuming
-network-isolation.yaml will be copied into the environments/ directory of
-tripleo-heat-templates.
-
-If the standard tripleo-heat-templates are in use, then the
-network-isolation-absolute.yaml file can be used instead.  It has hard-coded
-references to the port files in /usr/share/openstack-tripleo-heat-templates.
-
-If the generated network isolation templates are at ~/generated-templates, an
-example deployment command would look like:
-
-openstack overcloud deploy --templates -e ~/generated-templates/network-isolation-absolute.yaml -e ~/generated-templates/network-environment.yaml
--- a/ipv6-network-templates/network-environment.yaml
+++ b/ipv6-network-templates/network-environment.yaml
@ -1,25 +0,0 @@
-
-resource_registry:
-  OS::TripleO::BlockStorage::Net::SoftwareConfig: nic-configs/cinder-storage.yaml
-  OS::TripleO::Compute::Net::SoftwareConfig: nic-configs/compute.yaml
-  OS::TripleO::Controller::Net::SoftwareConfig: nic-configs/controller.yaml
-  OS::TripleO::ObjectStorage::Net::SoftwareConfig: nic-configs/swift-storage.yaml
-  OS::TripleO::CephStorage::Net::SoftwareConfig: nic-configs/ceph-storage.yaml
-
-parameter_defaults:
-  ControlPlaneSubnetCidr: '24'
-  ControlPlaneDefaultRoute: 192.0.2.1
-  EC2MetadataIp: 192.0.2.1
-  ExternalNetCidr: 2001:db8:fd00:1000::/64
-  ExternalAllocationPools: [{"start": "2001:db8:fd00:1000::10", "end": "2001:db8:fd00:1000:ffff:ffff:ffff:fffe"}]
-  ExternalInterfaceDefaultRoute: 2001:db8:fd00:1000::1
-  NeutronExternalNetworkBridge: "''"
-  InternalApiNetCidr: fd00:fd00:fd00:2000::/64
-  InternalApiAllocationPools: [{"start": "fd00:fd00:fd00:2000::10", "end": "fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe"}]
-  StorageNetCidr: fd00:fd00:fd00:3000::/64
-  StorageAllocationPools: [{"start": "fd00:fd00:fd00:3000::10", "end": "fd00:fd00:fd00:3000:ffff:ffff:ffff:fffe"}]
-  StorageMgmtNetCidr: fd00:fd00:fd00:4000::/64
-  StorageMgmtAllocationPools: [{"start": "fd00:fd00:fd00:4000::10", "end": "fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe"}]
-  TenantNetCidr: 172.16.0.0/24
-  TenantAllocationPools: [{"start": "172.16.0.10", "end": "172.16.0.250"}]
-  DnsServers: ["8.8.8.8", "8.8.4.4"]
--- a/ipv6-network-templates/network-isolation-absolute.yaml
+++ b/ipv6-network-templates/network-isolation-absolute.yaml
@ -1,35 +0,0 @@
-resource_registry:
-  # Redis
-  OS::TripleO::Network::Ports::RedisVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/vip_v6.yaml
-  # External
-  OS::TripleO::Network::External: /usr/share/openstack-tripleo-heat-templates/network/external_v6.yaml
-  OS::TripleO::Network::Ports::ExternalVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/external_v6.yaml
-  OS::TripleO::Controller::Ports::ExternalPort: /usr/share/openstack-tripleo-heat-templates/network/ports/external_v6.yaml
-  # InternalApi
-  OS::TripleO::Network::InternalApi: /usr/share/openstack-tripleo-heat-templates/network/internal_api_v6.yaml
-  OS::TripleO::Network::Ports::InternalApiVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/internal_api_v6.yaml
-  OS::TripleO::Controller::Ports::InternalApiPort: /usr/share/openstack-tripleo-heat-templates/network/ports/internal_api_v6.yaml
-  OS::TripleO::Compute::Ports::InternalApiPort: /usr/share/openstack-tripleo-heat-templates/network/ports/internal_api_v6.yaml
-  # Storage
-  OS::TripleO::Network::Storage: /usr/share/openstack-tripleo-heat-templates/network/storage_v6.yaml
-  OS::TripleO::Network::Ports::StorageVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_v6.yaml
-  OS::TripleO::Controller::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_v6.yaml
-  OS::TripleO::Compute::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_v6.yaml
-  OS::TripleO::CephStorage::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_v6.yaml
-  # StorageMgmt
-  OS::TripleO::Network::StorageMgmt: /usr/share/openstack-tripleo-heat-templates/network/storage_mgmt_v6.yaml
-  OS::TripleO::Network::Ports::StorageMgmtVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_mgmt_v6.yaml
-  OS::TripleO::Controller::Ports::StorageMgmtPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_mgmt_v6.yaml
-  OS::TripleO::CephStorage::Ports::StorageMgmtPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_mgmt_v6.yaml
-  # Tenant
-  OS::TripleO::Network::Tenant: /usr/share/openstack-tripleo-heat-templates/network/tenant.yaml
-  OS::TripleO::Network::Ports::TenantVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
-  OS::TripleO::Controller::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
-  OS::TripleO::Compute::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
-parameter_defaults:
-  CephIPv6: True
-  CorosyncIPv6: True
-  MongoDbIPv6: True
-  NovaIPv6: True
-  RabbitIPv6: True
-  MemcachedIPv6: True
--- a/ipv6-network-templates/network-isolation.yaml
+++ b/ipv6-network-templates/network-isolation.yaml
@ -1,35 +0,0 @@
-resource_registry:
-  # Redis
-  OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml
-  # External
-  OS::TripleO::Network::External: ../network/external_v6.yaml
-  OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_v6.yaml
-  OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_v6.yaml
-  # InternalApi
-  OS::TripleO::Network::InternalApi: ../network/internal_api_v6.yaml
-  OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api_v6.yaml
-  OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml
-  OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml
-  # Storage
-  OS::TripleO::Network::Storage: ../network/storage_v6.yaml
-  OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage_v6.yaml
-  OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_v6.yaml
-  OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage_v6.yaml
-  OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml
-  # StorageMgmt
-  OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt_v6.yaml
-  OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt_v6.yaml
-  OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml
-  OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml
-  # Tenant
-  OS::TripleO::Network::Tenant: ../network/tenant.yaml
-  OS::TripleO::Network::Ports::TenantVipPort: ../network/ports/tenant.yaml
-  OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml
-  OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml
-parameter_defaults:
-  CephIPv6: True
-  CorosyncIPv6: True
-  MongoDbIPv6: True
-  NovaIPv6: True
-  RabbitIPv6: True
-  MemcachedIPv6: True
--- a/ipv6-network-templates/nic-configs/ceph-storage.yaml
+++ b/ipv6-network-templates/nic-configs/ceph-storage.yaml
@ -1,120 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config:
-          - type: interface
-            name: nic1
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask:
-                list_join:
-                - /
-                - - {get_param: ControlPlaneIp}
-                  - {get_param: ControlPlaneSubnetCidr}
-            routes:
-            - default: true
-              ip_netmask: 0.0.0.0/0
-              next_hop: {get_param: ControlPlaneDefaultRoute}
-            - ip_netmask: 169.254.169.254/32
-              next_hop: {get_param: EC2MetadataIp}
-          - type: interface
-            name: nic4
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageIpSubnet}
-          - type: interface
-            name: nic5
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageMgmtIpSubnet}
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/ipv6-network-templates/nic-configs/cinder-storage.yaml
+++ b/ipv6-network-templates/nic-configs/cinder-storage.yaml
@ -1,92 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config: []
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/ipv6-network-templates/nic-configs/compute.yaml
+++ b/ipv6-network-templates/nic-configs/compute.yaml
@ -1,131 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config:
-          - type: interface
-            name: nic1
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask:
-                list_join:
-                - /
-                - - {get_param: ControlPlaneIp}
-                  - {get_param: ControlPlaneSubnetCidr}
-            routes:
-            - default: true
-              ip_netmask: 0.0.0.0/0
-              next_hop: {get_param: ControlPlaneDefaultRoute}
-            - ip_netmask: 169.254.169.254/32
-              next_hop: {get_param: EC2MetadataIp}
-          - type: interface
-            name: nic3
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: InternalApiIpSubnet}
-          - type: interface
-            name: nic4
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageIpSubnet}
-          - type: ovs_bridge
-            name: br-tenant
-            dns_servers: {get_param: DnsServers}
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: TenantIpSubnet}
-            members:
-            - type: interface
-              name: nic6
-              mtu: 1350
-              primary: true
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/ipv6-network-templates/nic-configs/controller.yaml
+++ b/ipv6-network-templates/nic-configs/controller.yaml
@ -1,152 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config:
-          - type: interface
-            name: nic1
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask:
-                list_join:
-                - /
-                - - {get_param: ControlPlaneIp}
-                  - {get_param: ControlPlaneSubnetCidr}
-            routes:
-            - default: true
-              ip_netmask: 0.0.0.0/0
-              next_hop: {get_param: ControlPlaneDefaultRoute}
-            - ip_netmask: 169.254.169.254/32
-              next_hop: {get_param: EC2MetadataIp}
-          - type: ovs_bridge
-            name: br-ex
-            dns_servers: {get_param: DnsServers}
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: ExternalIpSubnet}
-            routes:
-            - default: true
-              ip_netmask: 0.0.0.0/0
-              next_hop: {get_param: ExternalInterfaceDefaultRoute}
-            members:
-            - type: interface
-              name: nic2
-              mtu: 1350
-              primary: true
-          - type: interface
-            name: nic3
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: InternalApiIpSubnet}
-          - type: interface
-            name: nic4
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageIpSubnet}
-          - type: interface
-            name: nic5
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageMgmtIpSubnet}
-          - type: ovs_bridge
-            name: br-tenant
-            dns_servers: {get_param: DnsServers}
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: TenantIpSubnet}
-            members:
-            - type: interface
-              name: nic6
-              mtu: 1350
-              primary: true
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/ipv6-network-templates/nic-configs/swift-storage.yaml
+++ b/ipv6-network-templates/nic-configs/swift-storage.yaml
@ -1,92 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config: []
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/ipv6-network-templates/ui-settings.pickle
+++ b/ipv6-network-templates/ui-settings.pickle
@ -1,729 +0,0 @@
-(dp0
-S'global_data'
-p1
-(dp2
-S'control'
-p3
-(dp4
-S'route'
-p5
-V192.0.2.1
-p6
-sS'mask'
-p7
-I24
-sS'ec2'
-p8
-V192.0.2.1
-p9
-ssS'major'
-p10
-I1
-sS'management'
-p11
-(dp12
-S'start'
-p13
-V172.20.0.10
-p14
-sS'cidr'
-p15
-V172.20.0.0/24
-p16
-sS'vlan'
-p17
-I6
-sS'end'
-p18
-V172.20.0.250
-p19
-ssS'dns2'
-p20
-V8.8.4.4
-p21
-sS'dns1'
-p22
-V8.8.8.8
-p23
-sS'storage'
-p24
-(dp25
-g13
-Vfd00:fd00:fd00:3000::10
-p26
-sg15
-Vfd00:fd00:fd00:3000::/64
-p27
-sg17
-I3
-sg18
-Vfd00:fd00:fd00:3000:ffff:ffff:ffff:fffe
-p28
-ssS'auto_routes'
-p29
-I00
-sS'bond_options'
-p30
-V
-p31
-sS'external'
-p32
-(dp33
-S'bridge'
-p34
-V''
-p35
-sg18
-V2001:db8:fd00:1000:ffff:ffff:ffff:fffe
-p36
-sg17
-I1
-sg13
-V2001:db8:fd00:1000::10
-p37
-sg15
-V2001:db8:fd00:1000::/64
-p38
-sS'gateway'
-p39
-V2001:db8:fd00:1000::1
-p40
-ssS'internal_api'
-p41
-(dp42
-g13
-Vfd00:fd00:fd00:2000::10
-p43
-sg15
-Vfd00:fd00:fd00:2000::/64
-p44
-sg17
-I2
-sg18
-Vfd00:fd00:fd00:2000:ffff:ffff:ffff:fffe
-p45
-ssS'ipv6'
-p46
-I01
-sS'storage_mgmt'
-p47
-(dp48
-g13
-Vfd00:fd00:fd00:4000::10
-p49
-sg15
-Vfd00:fd00:fd00:4000::/64
-p50
-sg17
-I4
-sg18
-Vfd00:fd00:fd00:4000:ffff:ffff:ffff:fffe
-p51
-ssS'minor'
-p52
-I2
-sS'tenant'
-p53
-(dp54
-g13
-V172.16.0.10
-p55
-sg15
-V172.16.0.0/24
-p56
-sg17
-I5
-sg18
-V172.16.0.250
-p57
-sssS'data'
-p58
-(dp59
-S'cinder-storage.yaml'
-p60
-(lp61
-sS'ceph-storage.yaml'
-p62
-(lp63
-(dp64
-Vaddresses
-p65
-(lp66
-sVnetwork
-p67
-VControlPlane
-p68
-sVprimary
-p69
-I01
-sVmtu
-p70
-I1350
-sS'members'
-p71
-(lp72
-(dp73
-Vip_netmask
-p74
-V0.0.0.0/0
-p75
-sVname
-p76
-VRoute
-p77
-sVdefault
-p78
-I01
-sVnext_hop
-p79
-V{get_param: ControlPlaneDefaultRoute}
-p80
-sg71
-(lp81
-sVtype
-p82
-Vroute
-p83
-sasVroutes
-p84
-(lp85
-sVuse_dhcp
-p86
-I00
-sVtype
-p87
-Vinterface
-p88
-sVname
-p89
-Vnic1
-p90
-sa(dp91
-Vaddresses
-p92
-(lp93
-sVnetwork
-p94
-VStorage
-p95
-sVprimary
-p96
-I01
-sVmtu
-p97
-I1350
-sg71
-(lp98
-sVroutes
-p99
-(lp100
-sVuse_dhcp
-p101
-I00
-sVtype
-p102
-Vinterface
-p103
-sVname
-p104
-Vnic4
-p105
-sa(dp106
-Vaddresses
-p107
-(lp108
-sVnetwork
-p109
-VStorageMgmt
-p110
-sVprimary
-p111
-I01
-sVmtu
-p112
-I1350
-sg71
-(lp113
-sVroutes
-p114
-(lp115
-sVuse_dhcp
-p116
-I00
-sVtype
-p117
-Vinterface
-p118
-sVname
-p119
-Vnic5
-p120
-sasS'controller.yaml'
-p121
-(lp122
-(dp123
-Vaddresses
-p124
-(lp125
-sVnetwork
-p126
-VControlPlane
-p127
-sVprimary
-p128
-I01
-sVmtu
-p129
-I1350
-sg71
-(lp130
-(dp131
-Vip_netmask
-p132
-V0.0.0.0/0
-p133
-sVname
-p134
-VRoute
-p135
-sVdefault
-p136
-I01
-sVnext_hop
-p137
-V{get_param: ControlPlaneDefaultRoute}
-p138
-sg71
-(lp139
-sVtype
-p140
-Vroute
-p141
-sasVroutes
-p142
-(lp143
-sVuse_dhcp
-p144
-I00
-sVtype
-p145
-Vinterface
-p146
-sVname
-p147
-Vnic1
-p148
-sa(dp149
-Vdns_servers
-p150
-V{get_param: DnsServers}
-p151
-sVaddresses
-p152
-(lp153
-sVnetwork
-p154
-VExternal
-p155
-sVmtu
-p156
-I-1
-sg71
-(lp157
-(dp158
-Vaddresses
-p159
-(lp160
-sVnetwork
-p161
-VNone
-p162
-sVprimary
-p163
-I01
-sVmtu
-p164
-I1350
-sg71
-(lp165
-sVroutes
-p166
-(lp167
-sVuse_dhcp
-p168
-I00
-sVtype
-p169
-Vinterface
-p170
-sVname
-p171
-Vnic2
-p172
-sa(dp173
-Vip_netmask
-p174
-V0.0.0.0/0
-p175
-sVname
-p176
-VRoute
-p177
-sVdefault
-p178
-I01
-sVnext_hop
-p179
-V{get_param: ExternalInterfaceDefaultRoute}
-p180
-sg71
-(lp181
-sVtype
-p182
-Vroute
-p183
-sasVroutes
-p184
-(lp185
-sVuse_dhcp
-p186
-I00
-sVtype
-p187
-Vovs_bridge
-p188
-sVname
-p189
-Vbr-ex
-p190
-sa(dp191
-Vaddresses
-p192
-(lp193
-sVnetwork
-p194
-VInternalApi
-p195
-sVprimary
-p196
-I01
-sVmtu
-p197
-I1350
-sg71
-(lp198
-sVroutes
-p199
-(lp200
-sVuse_dhcp
-p201
-I00
-sVtype
-p202
-Vinterface
-p203
-sVname
-p204
-Vnic3
-p205
-sa(dp206
-Vaddresses
-p207
-(lp208
-sVnetwork
-p209
-VStorage
-p210
-sVprimary
-p211
-I01
-sVmtu
-p212
-I1350
-sg71
-(lp213
-sVroutes
-p214
-(lp215
-sVuse_dhcp
-p216
-I00
-sVtype
-p217
-Vinterface
-p218
-sVname
-p219
-Vnic4
-p220
-sa(dp221
-Vaddresses
-p222
-(lp223
-sVnetwork
-p224
-VStorageMgmt
-p225
-sVprimary
-p226
-I01
-sVmtu
-p227
-I1350
-sg71
-(lp228
-sVroutes
-p229
-(lp230
-sVuse_dhcp
-p231
-I00
-sVtype
-p232
-Vinterface
-p233
-sVname
-p234
-Vnic5
-p235
-sa(dp236
-Vdns_servers
-p237
-V{get_param: DnsServers}
-p238
-sVaddresses
-p239
-(lp240
-sVnetwork
-p241
-VTenant
-p242
-sVmtu
-p243
-I-1
-sg71
-(lp244
-(dp245
-Vaddresses
-p246
-(lp247
-sVnetwork
-p248
-VNone
-p249
-sVprimary
-p250
-I01
-sVmtu
-p251
-I1350
-sg71
-(lp252
-sVroutes
-p253
-(lp254
-sVuse_dhcp
-p255
-I00
-sVtype
-p256
-Vinterface
-p257
-sVname
-p258
-Vnic6
-p259
-sasVroutes
-p260
-(lp261
-sVuse_dhcp
-p262
-I00
-sVtype
-p263
-Vovs_bridge
-p264
-sVname
-p265
-Vbr-tenant
-p266
-sasS'swift-storage.yaml'
-p267
-(lp268
-sS'compute.yaml'
-p269
-(lp270
-(dp271
-Vaddresses
-p272
-(lp273
-sVnetwork
-p274
-VControlPlane
-p275
-sVprimary
-p276
-I01
-sVmtu
-p277
-I1350
-sg71
-(lp278
-(dp279
-Vip_netmask
-p280
-V0.0.0.0/0
-p281
-sVname
-p282
-VRoute
-p283
-sVdefault
-p284
-I01
-sVnext_hop
-p285
-V{get_param: ControlPlaneDefaultRoute}
-p286
-sg71
-(lp287
-sVtype
-p288
-Vroute
-p289
-sasVroutes
-p290
-(lp291
-sVuse_dhcp
-p292
-I00
-sVtype
-p293
-Vinterface
-p294
-sVname
-p295
-Vnic1
-p296
-sa(dp297
-Vaddresses
-p298
-(lp299
-sVnetwork
-p300
-VInternalApi
-p301
-sVprimary
-p302
-I01
-sVmtu
-p303
-I1350
-sg71
-(lp304
-sVroutes
-p305
-(lp306
-sVuse_dhcp
-p307
-I00
-sVtype
-p308
-Vinterface
-p309
-sVname
-p310
-Vnic3
-p311
-sa(dp312
-Vaddresses
-p313
-(lp314
-sVnetwork
-p315
-VStorage
-p316
-sVprimary
-p317
-I01
-sVmtu
-p318
-I1350
-sg71
-(lp319
-sVroutes
-p320
-(lp321
-sVuse_dhcp
-p322
-I00
-sVtype
-p323
-Vinterface
-p324
-sVname
-p325
-Vnic4
-p326
-sa(dp327
-Vdns_servers
-p328
-V{get_param: DnsServers}
-p329
-sVaddresses
-p330
-(lp331
-sVnetwork
-p332
-VTenant
-p333
-sVmtu
-p334
-I-1
-sg71
-(lp335
-(dp336
-Vaddresses
-p337
-(lp338
-sVnetwork
-p339
-VNone
-p340
-sVprimary
-p341
-I01
-sVmtu
-p342
-I1350
-sg71
-(lp343
-sVroutes
-p344
-(lp345
-sVuse_dhcp
-p346
-I00
-sVtype
-p347
-Vinterface
-p348
-sVname
-p349
-Vnic6
-p350
-sasVroutes
-p351
-(lp352
-sVuse_dhcp
-p353
-I00
-sVtype
-p354
-Vovs_bridge
-p355
-sVname
-p356
-Vbr-tenant
-p357
-sass.
--- a/network-templates/DEPRECATED
+++ b/network-templates/DEPRECATED
@ -1,3 +0,0 @@
-WARNING: This directory is deprecated and may be removed in the future.
-A duplicate copy of these network templates can be found in the
-overcloud-templates directory in a sub-directory with the same name as this one.
--- a/network-templates/README
+++ b/network-templates/README
@ -1,23 +0,0 @@
-Generated Network Isolation Templates
-------------------------------------
-These templates were generated by the UI tool at
-https://github.com/cybertron/tripleo-scripts#net-iso-genpy
-
-ui-settings.pickle is specific to the tool.  TripleO will not use it when
-doing deployments with these templates, but it is needed to be able to
-load the templates into the UI again.  Note that the UI only reads this file,
-so any changes made by hand to the templates will not be reflected in the UI.
-
-The network-isolation.yaml file needs to reference the port files shipped with
-tripleo-heat-templates, so by default the tool generates the paths assuming
-network-isolation.yaml will be copied into the environments/ directory of
-tripleo-heat-templates.
-
-If the standard tripleo-heat-templates are in use, then the
-network-isolation-absolute.yaml file can be used instead.  It has hard-coded
-references to the port files in /usr/share/openstack-tripleo-heat-templates.
-
-If the generated network isolation templates are at ~/generated-templates, an
-example deployment command would look like:
-
-openstack overcloud deploy --templates -e ~/generated-templates/network-isolation-absolute.yaml -e ~/generated-templates/network-environment.yaml
--- a/network-templates/network-environment.yaml
+++ b/network-templates/network-environment.yaml
@ -1,25 +0,0 @@
-
-resource_registry:
-  OS::TripleO::BlockStorage::Net::SoftwareConfig: nic-configs/cinder-storage.yaml
-  OS::TripleO::Compute::Net::SoftwareConfig: nic-configs/compute.yaml
-  OS::TripleO::Controller::Net::SoftwareConfig: nic-configs/controller.yaml
-  OS::TripleO::ObjectStorage::Net::SoftwareConfig: nic-configs/swift-storage.yaml
-  OS::TripleO::CephStorage::Net::SoftwareConfig: nic-configs/ceph-storage.yaml
-
-parameter_defaults:
-  ControlPlaneSubnetCidr: '24'
-  ControlPlaneDefaultRoute: 192.0.2.1
-  EC2MetadataIp: 192.0.2.1
-  ExternalNetCidr: 10.0.0.0/24
-  ExternalAllocationPools: [{"start": "10.0.0.10", "end": "10.0.0.50"}]
-  ExternalInterfaceDefaultRoute: 10.0.0.1
-  NeutronExternalNetworkBridge: "''"
-  InternalApiNetCidr: 172.17.0.0/24
-  InternalApiAllocationPools: [{"start": "172.17.0.10", "end": "172.17.0.250"}]
-  StorageNetCidr: 172.18.0.0/24
-  StorageAllocationPools: [{"start": "172.18.0.10", "end": "172.18.0.250"}]
-  StorageMgmtNetCidr: 172.19.0.0/24
-  StorageMgmtAllocationPools: [{"start": "172.19.0.10", "end": "172.19.0.250"}]
-  TenantNetCidr: 172.16.0.0/24
-  TenantAllocationPools: [{"start": "172.16.0.10", "end": "172.16.0.250"}]
-  DnsServers: ["8.8.8.8", "8.8.4.4"]
--- a/network-templates/network-isolation-absolute.yaml
+++ b/network-templates/network-isolation-absolute.yaml
@ -1,28 +0,0 @@
-resource_registry:
-  # Redis
-  OS::TripleO::Network::Ports::RedisVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/vip.yaml
-  # External
-  OS::TripleO::Network::External: /usr/share/openstack-tripleo-heat-templates/network/external.yaml
-  OS::TripleO::Network::Ports::ExternalVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/external.yaml
-  OS::TripleO::Controller::Ports::ExternalPort: /usr/share/openstack-tripleo-heat-templates/network/ports/external.yaml
-  # InternalApi
-  OS::TripleO::Network::InternalApi: /usr/share/openstack-tripleo-heat-templates/network/internal_api.yaml
-  OS::TripleO::Network::Ports::InternalApiVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/internal_api.yaml
-  OS::TripleO::Controller::Ports::InternalApiPort: /usr/share/openstack-tripleo-heat-templates/network/ports/internal_api.yaml
-  OS::TripleO::Compute::Ports::InternalApiPort: /usr/share/openstack-tripleo-heat-templates/network/ports/internal_api.yaml
-  # Storage
-  OS::TripleO::Network::Storage: /usr/share/openstack-tripleo-heat-templates/network/storage.yaml
-  OS::TripleO::Network::Ports::StorageVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage.yaml
-  OS::TripleO::Controller::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage.yaml
-  OS::TripleO::Compute::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage.yaml
-  OS::TripleO::CephStorage::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage.yaml
-  # StorageMgmt
-  OS::TripleO::Network::StorageMgmt: /usr/share/openstack-tripleo-heat-templates/network/storage_mgmt.yaml
-  OS::TripleO::Network::Ports::StorageMgmtVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_mgmt.yaml
-  OS::TripleO::Controller::Ports::StorageMgmtPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_mgmt.yaml
-  OS::TripleO::CephStorage::Ports::StorageMgmtPort: /usr/share/openstack-tripleo-heat-templates/network/ports/storage_mgmt.yaml
-  # Tenant
-  OS::TripleO::Network::Tenant: /usr/share/openstack-tripleo-heat-templates/network/tenant.yaml
-  OS::TripleO::Network::Ports::TenantVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
-  OS::TripleO::Controller::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
-  OS::TripleO::Compute::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
--- a/network-templates/network-isolation.yaml
+++ b/network-templates/network-isolation.yaml
@ -1,28 +0,0 @@
-resource_registry:
-  # Redis
-  OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
-  # External
-  OS::TripleO::Network::External: ../network/external.yaml
-  OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
-  OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml
-  # InternalApi
-  OS::TripleO::Network::InternalApi: ../network/internal_api.yaml
-  OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml
-  OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml
-  OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml
-  # Storage
-  OS::TripleO::Network::Storage: ../network/storage.yaml
-  OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml
-  OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml
-  OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml
-  OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml
-  # StorageMgmt
-  OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml
-  OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
-  OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
-  OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
-  # Tenant
-  OS::TripleO::Network::Tenant: ../network/tenant.yaml
-  OS::TripleO::Network::Ports::TenantVipPort: ../network/ports/tenant.yaml
-  OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml
-  OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml
--- a/network-templates/nic-configs/ceph-storage.yaml
+++ b/network-templates/nic-configs/ceph-storage.yaml
@ -1,119 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config:
-          - type: interface
-            name: nic1
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask:
-                list_join:
-                - /
-                - - {get_param: ControlPlaneIp}
-                  - {get_param: ControlPlaneSubnetCidr}
-            routes:
-            - ip_netmask: 169.254.169.254/32
-              next_hop: {get_param: EC2MetadataIp}
-            - default: true
-              next_hop: {get_param: ControlPlaneDefaultRoute}
-          - type: interface
-            name: nic4
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageIpSubnet}
-          - type: interface
-            name: nic5
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageMgmtIpSubnet}
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/network-templates/nic-configs/cinder-storage.yaml
+++ b/network-templates/nic-configs/cinder-storage.yaml
@ -1,92 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config: []
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/network-templates/nic-configs/compute.yaml
+++ b/network-templates/nic-configs/compute.yaml
@ -1,130 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config:
-          - type: interface
-            name: nic1
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask:
-                list_join:
-                - /
-                - - {get_param: ControlPlaneIp}
-                  - {get_param: ControlPlaneSubnetCidr}
-            routes:
-            - ip_netmask: 169.254.169.254/32
-              next_hop: {get_param: EC2MetadataIp}
-            - default: true
-              next_hop: {get_param: ControlPlaneDefaultRoute}
-          - type: interface
-            name: nic3
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: InternalApiIpSubnet}
-          - type: interface
-            name: nic4
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageIpSubnet}
-          - type: ovs_bridge
-            name: br-tenant
-            dns_servers: {get_param: DnsServers}
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: TenantIpSubnet}
-            members:
-            - type: interface
-              name: nic6
-              mtu: 1350
-              primary: true
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/network-templates/nic-configs/controller.yaml
+++ b/network-templates/nic-configs/controller.yaml
@ -1,148 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config:
-          - type: interface
-            name: nic1
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask:
-                list_join:
-                - /
-                - - {get_param: ControlPlaneIp}
-                  - {get_param: ControlPlaneSubnetCidr}
-            routes:
-            - ip_netmask: 169.254.169.254/32
-              next_hop: {get_param: EC2MetadataIp}
-          - type: ovs_bridge
-            name: br-ex
-            dns_servers: {get_param: DnsServers}
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: ExternalIpSubnet}
-            routes:
-            - ip_netmask: 0.0.0.0/0
-              next_hop: {get_param: ExternalInterfaceDefaultRoute}
-            members:
-            - type: interface
-              name: nic2
-              mtu: 1350
-              primary: true
-          - type: interface
-            name: nic3
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: InternalApiIpSubnet}
-          - type: interface
-            name: nic4
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageIpSubnet}
-          - type: interface
-            name: nic5
-            mtu: 1350
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: StorageMgmtIpSubnet}
-          - type: ovs_bridge
-            name: br-tenant
-            dns_servers: {get_param: DnsServers}
-            use_dhcp: false
-            addresses:
-            - ip_netmask: {get_param: TenantIpSubnet}
-            members:
-            - type: interface
-              name: nic6
-              mtu: 1350
-              primary: true
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/network-templates/nic-configs/swift-storage.yaml
+++ b/network-templates/nic-configs/swift-storage.yaml
@ -1,92 +0,0 @@
-heat_template_version: 2015-04-30
-
-parameters:
-  ControlPlaneIp:
-    default: ''
-    description: IP address/subnet on the ctlplane network
-    type: string
-  ExternalIpSubnet:
-    default: ''
-    description: IP address/subnet on the external network
-    type: string
-  InternalApiIpSubnet:
-    default: ''
-    description: IP address/subnet on the internal API network
-    type: string
-  StorageIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage network
-    type: string
-  StorageMgmtIpSubnet:
-    default: ''
-    description: IP address/subnet on the storage mgmt network
-    type: string
-  TenantIpSubnet:
-    default: ''
-    description: IP address/subnet on the tenant network
-    type: string
-  ManagementIpSubnet: # Only populated when including environments/network-management.yaml
-    default: ''
-    description: IP address/subnet on the management network
-    type: string
-  BondInterfaceOvsOptions:
-    default: 'bond_mode=active-backup'
-    description: The ovs_options string for the bond interface. Set things like
-                 lacp=active and/or bond_mode=balance-slb using this option.
-    type: string
-  ExternalNetworkVlanID:
-    default: 10
-    description: Vlan ID for the external network traffic.
-    type: number
-  InternalApiNetworkVlanID:
-    default: 20
-    description: Vlan ID for the internal_api network traffic.
-    type: number
-  StorageNetworkVlanID:
-    default: 30
-    description: Vlan ID for the storage network traffic.
-    type: number
-  StorageMgmtNetworkVlanID:
-    default: 40
-    description: Vlan ID for the storage mgmt network traffic.
-    type: number
-  TenantNetworkVlanID:
-    default: 50
-    description: Vlan ID for the tenant network traffic.
-    type: number
-  ManagementNetworkVlanID:
-    default: 60
-    description: Vlan ID for the management network traffic.
-    type: number
-  ExternalInterfaceDefaultRoute:
-    default: '10.0.0.1'
-    description: default route for the external network
-    type: string
-  ControlPlaneSubnetCidr: # Override this via parameter_defaults
-    default: '24'
-    description: The subnet CIDR of the control plane network.
-    type: string
-  ControlPlaneDefaultRoute: # Override this via parameter_defaults
-    description: The default route of the control plane network.
-    type: string
-  DnsServers: # Override this via parameter_defaults
-    default: []
-    description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
-    type: comma_delimited_list
-  EC2MetadataIp: # Override this via parameter_defaults
-    description: The IP address of the EC2 metadata server.
-    type: string
-
-resources:
-  OsNetConfigImpl:
-    properties:
-      config:
-        os_net_config:
-          network_config: []
-      group: os-apply-config
-    type: OS::Heat::StructuredConfig
-
-outputs:
-  OS::stack_id:
-    description: The OsNetConfigImpl resource.
-    value: {get_resource: OsNetConfigImpl}
--- a/network-templates/ui-settings.pickle
+++ b/network-templates/ui-settings.pickle
@ -1,641 +0,0 @@
-(dp0
-S'global_data'
-p1
-(dp2
-S'control'
-p3
-(dp4
-S'route'
-p5
-V192.0.2.1
-p6
-sS'mask'
-p7
-I24
-sS'ec2'
-p8
-V192.0.2.1
-p9
-ssS'major'
-p10
-I1
-sS'management'
-p11
-(dp12
-S'start'
-p13
-V172.20.0.10
-p14
-sS'cidr'
-p15
-V172.20.0.0/24
-p16
-sS'vlan'
-p17
-I6
-sS'end'
-p18
-V172.20.0.250
-p19
-ssS'dns2'
-p20
-V8.8.4.4
-p21
-sS'dns1'
-p22
-V8.8.8.8
-p23
-sS'storage'
-p24
-(dp25
-g13
-V172.18.0.10
-p26
-sg15
-V172.18.0.0/24
-p27
-sg17
-I3
-sg18
-V172.18.0.250
-p28
-ssS'auto_routes'
-p29
-I01
-sS'bond_options'
-p30
-V
-p31
-sS'external'
-p32
-(dp33
-S'bridge'
-p34
-V''
-p35
-sg18
-V10.0.0.50
-p36
-sg17
-I1
-sg13
-V10.0.0.10
-p37
-sg15
-V10.0.0.0/24
-p38
-sS'gateway'
-p39
-V10.0.0.1
-p40
-ssS'internal_api'
-p41
-(dp42
-g13
-V172.17.0.10
-p43
-sg15
-V172.17.0.0/24
-p44
-sg17
-I2
-sg18
-V172.17.0.250
-p45
-ssS'ipv6'
-p46
-I00
-sS'storage_mgmt'
-p47
-(dp48
-g13
-V172.19.0.10
-p49
-sg15
-V172.19.0.0/24
-p50
-sg17
-I4
-sg18
-V172.19.0.250
-p51
-ssS'minor'
-p52
-I2
-sS'tenant'
-p53
-(dp54
-g13
-V172.16.0.10
-p55
-sg15
-V172.16.0.0/24
-p56
-sg17
-I5
-sg18
-V172.16.0.250
-p57
-sssS'data'
-p58
-(dp59
-S'cinder-storage.yaml'
-p60
-(lp61
-sS'ceph-storage.yaml'
-p62
-(lp63
-(dp64
-Vaddresses
-p65
-(lp66
-sVnetwork
-p67
-VControlPlane
-p68
-sVprimary
-p69
-I01
-sVmtu
-p70
-I1350
-sS'members'
-p71
-(lp72
-sVroutes
-p73
-(lp74
-sVuse_dhcp
-p75
-I00
-sVtype
-p76
-Vinterface
-p77
-sVname
-p78
-Vnic1
-p79
-sa(dp80
-Vaddresses
-p81
-(lp82
-sVnetwork
-p83
-VStorage
-p84
-sVprimary
-p85
-I01
-sVmtu
-p86
-I1350
-sg71
-(lp87
-sVroutes
-p88
-(lp89
-sVuse_dhcp
-p90
-I00
-sVtype
-p91
-Vinterface
-p92
-sVname
-p93
-Vnic4
-p94
-sa(dp95
-Vaddresses
-p96
-(lp97
-sVnetwork
-p98
-VStorageMgmt
-p99
-sVprimary
-p100
-I01
-sVmtu
-p101
-I1350
-sg71
-(lp102
-sVroutes
-p103
-(lp104
-sVuse_dhcp
-p105
-I00
-sVtype
-p106
-Vinterface
-p107
-sVname
-p108
-Vnic5
-p109
-sasS'controller.yaml'
-p110
-(lp111
-(dp112
-Vaddresses
-p113
-(lp114
-sVnetwork
-p115
-VControlPlane
-p116
-sVprimary
-p117
-I01
-sVmtu
-p118
-I1350
-sg71
-(lp119
-sVroutes
-p120
-(lp121
-sVuse_dhcp
-p122
-I00
-sVtype
-p123
-Vinterface
-p124
-sVname
-p125
-Vnic1
-p126
-sa(dp127
-Vdns_servers
-p128
-V{get_param: DnsServers}
-p129
-sVaddresses
-p130
-(lp131
-sVnetwork
-p132
-VExternal
-p133
-sVmtu
-p134
-I-1
-sg71
-(lp135
-(dp136
-Vaddresses
-p137
-(lp138
-sVnetwork
-p139
-VNone
-p140
-sVprimary
-p141
-I01
-sVmtu
-p142
-I1350
-sg71
-(lp143
-sVroutes
-p144
-(lp145
-sVuse_dhcp
-p146
-I00
-sVtype
-p147
-Vinterface
-p148
-sVname
-p149
-Vnic2
-p150
-sasVroutes
-p151
-(lp152
-sVuse_dhcp
-p153
-I00
-sVtype
-p154
-Vovs_bridge
-p155
-sVname
-p156
-Vbr-ex
-p157
-sa(dp158
-Vaddresses
-p159
-(lp160
-sVnetwork
-p161
-VInternalApi
-p162
-sVprimary
-p163
-I01
-sVmtu
-p164
-I1350
-sg71
-(lp165
-sVroutes
-p166
-(lp167
-sVuse_dhcp
-p168
-I00
-sVtype
-p169
-Vinterface
-p170
-sVname
-p171
-Vnic3
-p172
-sa(dp173
-Vaddresses
-p174
-(lp175
-sVnetwork
-p176
-VStorage
-p177
-sVprimary
-p178
-I01
-sVmtu
-p179
-I1350
-sg71
-(lp180
-sVroutes
-p181
-(lp182
-sVuse_dhcp
-p183
-I00
-sVtype
-p184
-Vinterface
-p185
-sVname
-p186
-Vnic4
-p187
-sa(dp188
-Vaddresses
-p189
-(lp190
-sVnetwork
-p191
-VStorageMgmt
-p192
-sVprimary
-p193
-I01
-sVmtu
-p194
-I1350
-sg71
-(lp195
-sVroutes
-p196
-(lp197
-sVuse_dhcp
-p198
-I00
-sVtype
-p199
-Vinterface
-p200
-sVname
-p201
-Vnic5
-p202
-sa(dp203
-Vdns_servers
-p204
-V{get_param: DnsServers}
-p205
-sVaddresses
-p206
-(lp207
-sVnetwork
-p208
-VTenant
-p209
-sVmtu
-p210
-I-1
-sg71
-(lp211
-(dp212
-Vaddresses
-p213
-(lp214
-sVnetwork
-p215
-VNone
-p216
-sVprimary
-p217
-I01
-sVmtu
-p218
-I1350
-sg71
-(lp219
-sVroutes
-p220
-(lp221
-sVuse_dhcp
-p222
-I00
-sVtype
-p223
-Vinterface
-p224
-sVname
-p225
-Vnic6
-p226
-sasVroutes
-p227
-(lp228
-sVuse_dhcp
-p229
-I00
-sVtype
-p230
-Vovs_bridge
-p231
-sVname
-p232
-Vbr-tenant
-p233
-sasS'swift-storage.yaml'
-p234
-(lp235
-sS'compute.yaml'
-p236
-(lp237
-(dp238
-Vaddresses
-p239
-(lp240
-sVnetwork
-p241
-VControlPlane
-p242
-sVprimary
-p243
-I01
-sVmtu
-p244
-I1350
-sg71
-(lp245
-sVroutes
-p246
-(lp247
-sVuse_dhcp
-p248
-I00
-sVtype
-p249
-Vinterface
-p250
-sVname
-p251
-Vnic1
-p252
-sa(dp253
-Vaddresses
-p254
-(lp255
-sVnetwork
-p256
-VInternalApi
-p257
-sVprimary
-p258
-I01
-sVmtu
-p259
-I1350
-sg71
-(lp260
-sVroutes
-p261
-(lp262
-sVuse_dhcp
-p263
-I00
-sVtype
-p264
-Vinterface
-p265
-sVname
-p266
-Vnic3
-p267
-sa(dp268
-Vaddresses
-p269
-(lp270
-sVnetwork
-p271
-VStorage
-p272
-sVprimary
-p273
-I01
-sVmtu
-p274
-I1350
-sg71
-(lp275
-sVroutes
-p276
-(lp277
-sVuse_dhcp
-p278
-I00
-sVtype
-p279
-Vinterface
-p280
-sVname
-p281
-Vnic4
-p282
-sa(dp283
-Vdns_servers
-p284
-V{get_param: DnsServers}
-p285
-sVaddresses
-p286
-(lp287
-sVnetwork
-p288
-VTenant
-p289
-sVmtu
-p290
-I-1
-sg71
-(lp291
-(dp292
-Vaddresses
-p293
-(lp294
-sVnetwork
-p295
-VNone
-p296
-sVprimary
-p297
-I01
-sVmtu
-p298
-I1350
-sg71
-(lp299
-sVroutes
-p300
-(lp301
-sVuse_dhcp
-p302
-I00
-sVtype
-p303
-Vinterface
-p304
-sVname
-p305
-Vnic6
-p306
-sasVroutes
-p307
-(lp308
-sVuse_dhcp
-p309
-I00
-sVtype
-p310
-Vovs_bridge
-p311
-sVname
-p312
-Vbr-tenant
-p313
-sass.
--- a/openstack_virtual_baremetal/build_nodes_json.py
+++ b/openstack_virtual_baremetal/build_nodes_json.py
@ -45,7 +45,7 @@ def _parse_args():
    parser.add_argument('--provision_net',
                        dest='provision_net',
                        default='provision',
-                        help='Provisioning network name')
+                        help='DEPRECATED: This parameter is ignored.')
    parser.add_argument('--nodes_json',
                        dest='nodes_json',
                        default='nodes.json',
@ -71,31 +71,22 @@ def _parse_args():
    return args


-def _get_from_env(env, name):
-    try:
-        return env['parameters'][name]
-    except KeyError:
-        return env['parameter_defaults'][name]
-
-
 def _get_names(args):
    if args.env is None:
        bmc_base = args.bmc_prefix
        baremetal_base = args.baremetal_prefix
-        provision_net = args.provision_net
        # FIXME: This is not necessarily true.
        undercloud_name = 'undercloud'
    else:
        with open(args.env) as f:
            e = yaml.safe_load(f)
-        bmc_base = _get_from_env(e, 'bmc_prefix')
-        baremetal_base = _get_from_env(e, 'baremetal_prefix')
-        provision_net = _get_from_env(e, 'provision_net')
+        bmc_base = e['parameter_defaults']['bmc_prefix']
+        baremetal_base = e['parameter_defaults']['baremetal_prefix']
        role = e.get('parameter_defaults', {}).get('role')
        if role and baremetal_base.endswith('-' + role):
            baremetal_base = baremetal_base[:-len(role) - 1]
        undercloud_name = e.get('parameter_defaults', {}).get('undercloud_name')  # noqa: E501
-    return bmc_base, baremetal_base, provision_net, undercloud_name
+    return bmc_base, baremetal_base, undercloud_name


 def _get_clients():
@ -116,10 +107,17 @@ def _get_ports(neutron, bmc_base, baremetal_base):
        raise RuntimeError('Found different numbers of baremetal and '
                           'bmc ports. bmc: %s baremetal: %s' % (bmc_ports,
                                                                 bm_ports))
-    return bmc_ports, bm_ports
+    provision_net_map = {}
+    for port in bm_ports:
+        provision_net_map.update({
+            port.get('id'):
+                neutron.list_subnets(
+                    id=port['fixed_ips'][0]['subnet_id'])['subnets'][0].get(
+                    'name')})
+    return bmc_ports, bm_ports, provision_net_map


-def _build_nodes(nova, glance, bmc_ports, bm_ports, provision_net,
+def _build_nodes(nova, glance, bmc_ports, bm_ports, provision_net_map,
                 baremetal_base, undercloud_name, driver, physical_network):
    node_template = {
        'pm_type': driver,
@ -136,9 +134,6 @@ def _build_nodes(nova, glance, bmc_ports, bm_ports, provision_net,
    }
    if physical_network:
        node_template.pop('mac')
-        node_template.update(
-            {'ports': [{'address': '', 'physical_network': provision_net}]})
-
    nodes = []
    bmc_bm_pairs = []
    cache = {}
@ -151,9 +146,11 @@ def _build_nodes(nova, glance, bmc_ports, bm_ports, provision_net,
        node = dict(node_template)
        node['pm_addr'] = bmc_port['fixed_ips'][0]['ip_address']
        bmc_bm_pairs.append((node['pm_addr'], baremetal.name))
+        provision_net = provision_net_map.get(baremetal_port['id'])
        mac = baremetal.addresses[provision_net][0]['OS-EXT-IPS-MAC:mac_addr']
        if physical_network:
-            node['ports'][0]['address'] = mac
+            node.update({'ports': [{'address': mac,
+                                    'physical_network': provision_net}]})
        else:
            node['mac'] = [mac]
        if not cache.get(baremetal.flavor['id']):
@ -282,14 +279,15 @@ def _write_pairs(bmc_bm_pairs):

 def main():
    args = _parse_args()
-    bmc_base, baremetal_base, provision_net, undercloud_name = _get_names(args)
+    bmc_base, baremetal_base, undercloud_name = _get_names(args)
    nova, neutron, glance = _get_clients()
-    bmc_ports, bm_ports = _get_ports(neutron, bmc_base, baremetal_base)
+    bmc_ports, bm_ports, provision_net_map = _get_ports(neutron, bmc_base,
+                                                        baremetal_base)
    (nodes,
     bmc_bm_pairs,
     extra_nodes,
     network_details) = _build_nodes(nova, glance, bmc_ports, bm_ports,
-                                     provision_net, baremetal_base,
+                                     provision_net_map, baremetal_base,
                                     undercloud_name, args.driver,
                                     args.physical_network)
    _write_nodes(nodes, extra_nodes, network_details, args)
--- a/openstack_virtual_baremetal/deploy.py
+++ b/openstack_virtual_baremetal/deploy.py
@ -101,27 +101,18 @@ def _process_args(args):


 def _add_identifier(env_data, name, identifier, default=None):
-    # We require both sections for id environments
-    if not env_data.get('parameters'):
-        env_data['parameters'] = {}
-    if not env_data.get('parameter_defaults'):
-        env_data['parameter_defaults'] = {}
-    parameter = False
-    try:
-        original = env_data['parameters'][name]
-        parameter = True
-    except KeyError:
-        original = env_data['parameter_defaults'].get(name)
-    if original is None:
-        original = default
-    if original is None:
+    """Append identifier to the end of parameter name in env_data
+
+    Look for ``name`` in the ``parameter_defaults`` key of ``env_data`` and
+    append '-``identifier``' to it.
+    """
+    value = env_data['parameter_defaults'].get(name)
+    if value is None:
+        value = default
+    if value is None:
        raise RuntimeError('No base value found when adding id')
-    value = '%s-%s' % (original, identifier)
-    # If it was passed in as a parameter we need to set it in the parameters
-    # section or it will be overridden by the original value.  We can't always
-    # do that though because some parameters are not exposed at the top-level.
-    if parameter:
-        env_data['parameters'][name] = value
+    if identifier:
+        value = '%s-%s' % (value, identifier)
    env_data['parameter_defaults'][name] = value


@ -142,6 +133,8 @@ def _build_env_data(env_paths):
 def _generate_id_env(args):
    env_data = _build_env_data(args.env)
    _add_identifier(env_data, 'provision_net', args.id, default='provision')
+    _add_identifier(env_data, 'provision_net2', args.id, default='provision2')
+    _add_identifier(env_data, 'provision_net3', args.id, default='provision3')
    _add_identifier(env_data, 'public_net', args.id, default='public')
    _add_identifier(env_data,
                    'baremetal_prefix',
@ -163,6 +156,16 @@ def _generate_id_env(args):
                    default='storage_mgmt')
    _add_identifier(env_data, 'overcloud_tenant_net', args.id,
                    default='tenant')
+    # TODO(bnemec): Network names should be parameterized so we don't have to
+    # hardcode them into deploy.py like this.
+    _add_identifier(env_data, 'overcloud_internal_net2', args.id,
+                    default='overcloud_internal2')
+    _add_identifier(env_data, 'overcloud_storage_net2', args.id,
+                    default='overcloud_storage2')
+    _add_identifier(env_data, 'overcloud_storage_mgmt_net2', args.id,
+                    default='overcloud_storage_mgmt2')
+    _add_identifier(env_data, 'overcloud_tenant_net2', args.id,
+                    default='overcloud_tenant2')
    # We don't modify any resource_registry entries, and because we may be
    # writing the new env file to a different path it can break relative paths
    # in the resource_registry.
@ -182,14 +185,19 @@ def _validate_env(args, env_paths):
    if not args.id:
        env_data = _build_env_data(env_paths)
        role = env_data.get('parameter_defaults', {}).get('role')
-        try:
-            prefix = env_data['parameters']['baremetal_prefix']
-        except KeyError:
-            prefix = env_data['parameter_defaults']['baremetal_prefix']
+        prefix = env_data['parameter_defaults']['baremetal_prefix']
        if role and prefix.endswith('-' + role):
            raise RuntimeError('baremetal_prefix ends with role name.  This '
                               'will break build-nodes-json.  Please choose '
                               'a different baremetal_prefix or role name.')
+    for path in env_paths:
+        if 'port-security.yaml' in path:
+            print('WARNING: port-security environment file detected. '
+                  'port-security is now the default. The existing '
+                  'port-security environment files are deprecated and may be '
+                  'removed in the future. Please use the environment files '
+                  'without "port-security" in their filename instead.'
+                  )


 def _get_heat_client():
@ -284,17 +292,24 @@ def _process_role(role_file, base_envs, stack_name, args):
                      'overcloud_storage_net', 'overcloud_tenant_net',
                      ]
    # Parameters that are inherited but can be overridden by the role
-    allowed_parameter_keys = ['baremetal_image', 'bmc_flavor', 'key_name']
-    allowed_registry_keys = ['OS::OVB::BaremetalPorts', 'OS::OVB::BMCPort']
+    allowed_parameter_keys = ['baremetal_image', 'bmc_flavor', 'key_name',
+                              'provision_net', 'overcloud_internal_net',
+                              'overcloud_storage_net',
+                              'overcloud_storage_mgmt_net',
+                              'overcloud_tenant_net',
+                              ]
+    allowed_registry_keys = ['OS::OVB::BaremetalPorts', 'OS::OVB::BMCPort',
+                             'OS::OVB::UndercloudNetworks',
+                             ]
+    # NOTE(bnemec): Not sure what purpose this serves. Can probably be removed.
    role_env = role_data
    # resource_registry is intentionally omitted as it should not be inherited
-    for section in ['parameters', 'parameter_defaults']:
-        role_env.setdefault(section, {}).update({
-            k: v for k, v in base_data.get(section, {}).items()
-            if k in inherited_keys and
-            (k not in role_env.get(section, {}) or
-             k not in allowed_parameter_keys)
-        })
+    role_env.setdefault('parameter_defaults', {}).update({
+        k: v for k, v in base_data.get('parameter_defaults', {}).items()
+        if k in inherited_keys and
+        (k not in role_env.get('parameter_defaults', {}) or
+         k not in allowed_parameter_keys)
+    })
    # Most of the resource_registry should not be included in role envs.
    # Only allow specific entries that may be needed.
    role_env.setdefault('resource_registry', {})
@ -307,22 +322,44 @@ def _process_role(role_file, base_envs, stack_name, args):
        if k not in role_reg and k in base_reg:
            role_reg[k] = base_reg[k]
    # We need to start with the unmodified prefix
-    try:
-        base_prefix = orig_data['parameters']['baremetal_prefix']
-    except KeyError:
-        base_prefix = orig_data['parameter_defaults']['baremetal_prefix']
+    base_prefix = orig_data['parameter_defaults']['baremetal_prefix']
    # But we do need to add the id if one is in use
    if args.id:
        base_prefix += '-%s' % args.id
-    try:
-        bmc_prefix = base_data['parameters']['bmc_prefix']
-    except KeyError:
-        bmc_prefix = base_data['parameter_defaults']['bmc_prefix']
+    bmc_prefix = base_data['parameter_defaults']['bmc_prefix']
    role = role_data['parameter_defaults']['role']
    if '_' in role:
        raise RuntimeError('_ character not allowed in role name "%s".' % role)
-    role_env['parameters']['baremetal_prefix'] = '%s-%s' % (base_prefix, role)
-    role_env['parameters']['bmc_prefix'] = '%s-%s' % (bmc_prefix, role)
+    role_env['parameter_defaults']['baremetal_prefix'] = ('%s-%s' %
+                                                          (base_prefix, role))
+    role_env['parameter_defaults']['bmc_prefix'] = '%s-%s' % (bmc_prefix, role)
+    # At this time roles are only attached to a single set of networks, so
+    # we use just the primary network parameters.
+
+    def maybe_add_id(role_env, name, args):
+        """Add id only if one is not already present
+
+        When we inherit network names, they will already have the id present.
+        However, if the user overrides the network name (for example, when
+        using multiple routed networks) then it should not have the id.
+        We can detect which is the case by looking at whether the name already
+        ends with -id.
+        """
+        if (args.id and
+                not role_env['parameter_defaults'].get(name, '')
+                                                  .endswith('-' + args.id)):
+            _add_identifier(role_env, name, args.id)
+
+    maybe_add_id(role_env, 'provision_net', args)
+    maybe_add_id(role_env, 'overcloud_internal_net', args)
+    maybe_add_id(role_env, 'overcloud_storage_net', args)
+    maybe_add_id(role_env, 'overcloud_storage_mgmt_net', args)
+    maybe_add_id(role_env, 'overcloud_tenant_net', args)
+    role_env['parameter_defaults']['networks'] = {
+        'private': role_env['parameter_defaults']['private_net'],
+        'provision': role_env['parameter_defaults']['provision_net'],
+        'public': role_env['parameter_defaults']['public_net'],
+    }
    role_file = 'env-%s-%s.yaml' % (stack_name, role)
    _write_role_file(role_env, role_file)
    return role_file, role
--- a/openstack_virtual_baremetal/openstackbmc.py
+++ b/openstack_virtual_baremetal/openstackbmc.py
@ -28,63 +28,19 @@ import os
 import sys
 import time

-import novaclient as nc
-from novaclient import client as novaclient
 from novaclient import exceptions
-try:
-    import os_client_config
-except ImportError:
-    os_client_config = None
+import os_client_config
 import pyghmi.ipmi.bmc as bmc


-NO_OCC_DEPRECATION = ('WARNING: Creating novaclient without os-client-config '
-                      'is deprecated.  Please install os-client-config on the '
-                      'BMC image.')
-
-
 class OpenStackBmc(bmc.Bmc):
-    def __init__(self, authdata, port, address, instance, user, password,
-                 tenant, auth_url, project, user_domain, project_domain,
-                 cache_status, os_cloud):
+    def __init__(self, authdata, port, address, instance, cache_status,
+                 os_cloud):
        super(OpenStackBmc, self).__init__(authdata,
                                           port=port,
                                           address=address)
-        if os_client_config:
-            if user:
-                # NOTE(bnemec): This is deprecated.  clouds.yaml is a much
-                # more robust way to specify auth details.
-                kwargs = dict(os_username=user,
-                              os_password=password,
-                              os_project_name=tenant,
-                              os_auth_url=auth_url,
-                              os_user_domain=user_domain,
-                              os_project_domain=project_domain)
-                self.novaclient = os_client_config.make_client('compute',
-                                                               **kwargs)
-            else:
-                self.novaclient = os_client_config.make_client('compute',
-                                                               cloud=os_cloud)
-        else:
-            # NOTE(bnemec): This path was deprecated 2017-7-17
-            self.log(NO_OCC_DEPRECATION)
-            if '/v3' not in auth_url:
-                # novaclient 7+ is backwards-incompatible :-(
-                if int(nc.__version__[0]) <= 6:
-                    self.novaclient = novaclient.Client(2, user, password,
-                                                        tenant, auth_url)
-                else:
-                    self.novaclient = novaclient.Client(2, user, password,
-                                                        auth_url=auth_url,
-                                                        project_name=tenant)
-            else:
-                self.novaclient = novaclient.Client(
-                    2, user, password,
-                    auth_url=auth_url,
-                    project_name=project,
-                    user_domain_name=user_domain,
-                    project_domain_name=project_domain
-                )
+        self.novaclient = os_client_config.make_client('compute',
+                                                       cloud=os_cloud)
        self.instance = None
        self.cache_status = cache_status
        self.cached_status = None
@ -234,55 +190,6 @@ def main():
                        required=True,
                        help='The uuid or name of the OpenStack instance '
                        'to manage')
-    parser.add_argument('--os-user',
-                        dest='user',
-                        required=False,
-                        default='',
-                        help='DEPRECATED: Use --os-cloud to specify auth '
-                             'details. '
-                             'The user for connecting to OpenStack')
-    parser.add_argument('--os-password',
-                        dest='password',
-                        required=False,
-                        default='',
-                        help='DEPRECATED: Use --os-cloud to specify auth '
-                             'details. '
-                             'The password for connecting to OpenStack')
-    parser.add_argument('--os-tenant',
-                        dest='tenant',
-                        required=False,
-                        default='',
-                        help='DEPRECATED: Use --os-cloud to specify auth '
-                             'details. '
-                             'The tenant for connecting to OpenStack')
-    parser.add_argument('--os-auth-url',
-                        dest='auth_url',
-                        required=False,
-                        default='',
-                        help='DEPRECATED: Use --os-cloud to specify auth '
-                             'details. '
-                             'The OpenStack Keystone auth url')
-    parser.add_argument('--os-project',
-                        dest='project',
-                        required=False,
-                        default='',
-                        help='DEPRECATED: Use --os-cloud to specify auth '
-                             'details. '
-                             'The project for connecting to OpenStack')
-    parser.add_argument('--os-user-domain',
-                        dest='user_domain',
-                        required=False,
-                        default='',
-                        help='DEPRECATED: Use --os-cloud to specify auth '
-                             'details. '
-                             'The user domain for connecting to OpenStack')
-    parser.add_argument('--os-project-domain',
-                        dest='project_domain',
-                        required=False,
-                        default='',
-                        help='DEPRECATED: Use --os-cloud to specify auth '
-                             'details. '
-                             'The project domain for connecting to OpenStack')
    parser.add_argument('--cache-status',
                        dest='cache_status',
                        default=False,
@ -293,7 +200,6 @@ def main():
                             'it may become out of sync.')
    parser.add_argument('--os-cloud',
                        dest='os_cloud',
-                        required=False,
                        default=os.environ.get('OS_CLOUD'),
                        help='Use the specified cloud from clouds.yaml. '
                             'Defaults to the OS_CLOUD environment variable.')
@ -306,13 +212,6 @@ def main():
    mybmc = OpenStackBmc({'admin': 'password'}, port=args.port,
                         address=addr_format % args.address,
                         instance=args.instance,
-                         user=args.user,
-                         password=args.password,
-                         tenant=args.tenant,
-                         auth_url=args.auth_url,
-                         project=args.project,
-                         user_domain=args.user_domain,
-                         project_domain=args.project_domain,
                         cache_status=args.cache_status,
                         os_cloud=args.os_cloud)
    mybmc.listen()
--- a/openstack_virtual_baremetal/tests/test_build_nodes_json.py
+++ b/openstack_virtual_baremetal/tests/test_build_nodes_json.py
@ -70,13 +70,11 @@ class TestBuildNodesJson(testtools.TestCase):
        args.env = None
        args.bmc_prefix = 'bmc-foo'
        args.baremetal_prefix = 'baremetal-foo'
-        args.provision_net = 'provision-foo'
        args.add_undercloud = False
-        bmc_base, baremetal_base, provision_net, undercloud_name = (
+        bmc_base, baremetal_base, undercloud_name = (
            build_nodes_json._get_names(args))
        self.assertEqual('bmc-foo', bmc_base)
        self.assertEqual('baremetal-foo', baremetal_base)
-        self.assertEqual('provision-foo', provision_net)
        self.assertEqual('undercloud', undercloud_name)

    def test_get_names_no_env_w_undercloud(self):
@ -84,37 +82,13 @@ class TestBuildNodesJson(testtools.TestCase):
        args.env = None
        args.bmc_prefix = 'bmc-foo'
        args.baremetal_prefix = 'baremetal-foo'
-        args.provision_net = 'provision-foo'
        args.add_undercloud = True
-        bmc_base, baremetal_base, provision_net, undercloud_name = (
+        bmc_base, baremetal_base, undercloud_name = (
            build_nodes_json._get_names(args))
        self.assertEqual('bmc-foo', bmc_base)
        self.assertEqual('baremetal-foo', baremetal_base)
-        self.assertEqual('provision-foo', provision_net)
        self.assertEqual('undercloud', undercloud_name)

-    @mock.patch('openstack_virtual_baremetal.build_nodes_json.open',
-                create=True)
-    @mock.patch('yaml.safe_load')
-    def test_get_names_old_env(self, mock_load, mock_open):
-        args = mock.Mock()
-        args.env = 'foo.yaml'
-        args.add_undercloud = False
-        mock_env = {
-            'parameters': {
-                'bmc_prefix': 'bmc-foo',
-                'baremetal_prefix': 'baremetal-foo',
-                'provision_net': 'provision-foo'
-            },
-        }
-        mock_load.return_value = mock_env
-        bmc_base, baremetal_base, provision_net, undercloud_name = (
-            build_nodes_json._get_names(args))
-        self.assertEqual('bmc-foo', bmc_base)
-        self.assertEqual('baremetal-foo', baremetal_base)
-        self.assertEqual('provision-foo', provision_net)
-        self.assertIsNone(undercloud_name)
-
    @mock.patch('openstack_virtual_baremetal.build_nodes_json.open',
                create=True)
    @mock.patch('yaml.safe_load')
@ -126,15 +100,13 @@ class TestBuildNodesJson(testtools.TestCase):
            'parameter_defaults': {
                'bmc_prefix': 'bmc-foo',
                'baremetal_prefix': 'baremetal-foo',
-                'provision_net': 'provision-foo'
            },
        }
        mock_load.return_value = mock_env
-        bmc_base, baremetal_base, provision_net, undercloud_name = (
+        bmc_base, baremetal_base, undercloud_name = (
            build_nodes_json._get_names(args))
        self.assertEqual('bmc-foo', bmc_base)
        self.assertEqual('baremetal-foo', baremetal_base)
-        self.assertEqual('provision-foo', provision_net)
        self.assertIsNone(undercloud_name)

    @mock.patch('openstack_virtual_baremetal.build_nodes_json.open',
@ -148,16 +120,14 @@ class TestBuildNodesJson(testtools.TestCase):
            'parameter_defaults': {
                'bmc_prefix': 'bmc',
                'baremetal_prefix': 'baremetal',
-                'provision_net': 'provision',
                'role': 'foo',
            },
        }
        mock_load.return_value = mock_env
-        bmc_base, baremetal_base, provision_net, undercloud_name = (
+        bmc_base, baremetal_base, undercloud_name = (
            build_nodes_json._get_names(args))
        self.assertEqual('bmc', bmc_base)
        self.assertEqual('baremetal', baremetal_base)
-        self.assertEqual('provision', provision_net)
        self.assertIsNone(undercloud_name)

    @mock.patch('openstack_virtual_baremetal.build_nodes_json.open',
@ -171,16 +141,14 @@ class TestBuildNodesJson(testtools.TestCase):
            'parameter_defaults': {
                'bmc_prefix': 'bmc-foo',
                'baremetal_prefix': 'baremetal-foo-bar',
-                'provision_net': 'provision-foo',
                'role': 'bar',
            },
        }
        mock_load.return_value = mock_env
-        bmc_base, baremetal_base, provision_net, undercloud_name = (
+        bmc_base, baremetal_base, undercloud_name = (
            build_nodes_json._get_names(args))
        self.assertEqual('bmc-foo', bmc_base)
        self.assertEqual('baremetal-foo', baremetal_base)
-        self.assertEqual('provision-foo', provision_net)
        self.assertIsNone(undercloud_name)

    @mock.patch('os_client_config.make_client')
@ -203,21 +171,42 @@ class TestBuildNodesJson(testtools.TestCase):

    def test_get_ports(self):
        neutron = mock.Mock()
+        fake_fixed_ips = [{'subnet_id': 'provision_id'}]
        fake_ports = {
            'ports': [
-                {'name': 'random'},
-                {'name': 'bmc_1'},
-                {'name': 'bmc_0'},
-                {'name': 'baremetal_1'},
-                {'name': 'baremetal_0'},
+                {'name': 'random',
+                 'id': 'random_id',
+                 'fixed_ips': fake_fixed_ips},
+                {'name': 'bmc_1',
+                 'id': 'bmc_1_id',
+                 'fixed_ips': fake_fixed_ips},
+                {'name': 'bmc_0',
+                 'id': 'bmc_0_id',
+                 'fixed_ips': fake_fixed_ips},
+                {'name': 'baremetal_1',
+                 'id': 'baremetal_1_id',
+                 'fixed_ips': fake_fixed_ips},
+                {'name': 'baremetal_0',
+                 'id': 'baremetal_0_id',
+                 'fixed_ips': fake_fixed_ips},
+            ]
+        }
+        fake_subnets = {
+            'subnets': [
+                {'name': 'provision',
+                 'id': 'provision_id'}
            ]
        }
        neutron.list_ports.return_value = fake_ports
-        bmc_ports, bm_ports = build_nodes_json._get_ports(neutron, 'bmc',
-                                                          'baremetal')
-        self.assertEqual([{'name': 'bmc_0'}, {'name': 'bmc_1'}], bmc_ports)
-        self.assertEqual([{'name': 'baremetal_0'}, {'name': 'baremetal_1'}],
+        neutron.list_subnets.return_value = fake_subnets
+        bmc_ports, bm_ports, provision_net_map = build_nodes_json._get_ports(
+            neutron, 'bmc', 'baremetal')
+        self.assertEqual([fake_ports['ports'][2], fake_ports['ports'][1]],
+                         bmc_ports)
+        self.assertEqual([fake_ports['ports'][4], fake_ports['ports'][3]],
                         bm_ports)
+        self.assertEqual({'baremetal_0_id': 'provision',
+                          'baremetal_1_id': 'provision'}, provision_net_map)

    def test_get_ports_mismatch(self):
        neutron = mock.Mock()
@ -228,20 +217,38 @@ class TestBuildNodesJson(testtools.TestCase):

    def test_get_ports_multiple(self):
        neutron = mock.Mock()
+        fake_fixed_ips = [{'subnet_id': 'provision_id'}]
        fake_ports = {
            'ports': [
-                {'name': 'random'},
-                {'name': 'bmc-foo_0'},
-                {'name': 'bmc-bar_0'},
-                {'name': 'baremetal-foo_0'},
-                {'name': 'baremetal-bar_0'},
+                {'name': 'random',
+                 'id': 'random_id',
+                 'fixed_ips': fake_fixed_ips},
+                {'name': 'bmc-foo_0',
+                 'id': 'bmc_foo_0_id',
+                 'fixed_ips': fake_fixed_ips},
+                {'name': 'bmc-bar_0',
+                 'id': 'bmc_bar_0_id',
+                 'fixed_ips': fake_fixed_ips},
+                {'name': 'baremetal-foo_0',
+                 'id': 'baremetal_foo_0_id',
+                 'fixed_ips': fake_fixed_ips},
+                {'name': 'baremetal-bar_0',
+                 'id': 'baremetal_bar_0_id',
+                 'fixed_ips': fake_fixed_ips},
+            ]
+        }
+        fake_subnets = {
+            'subnets': [
+                {'name': 'provision',
+                 'id': 'provision_id'}
            ]
        }
        neutron.list_ports.return_value = fake_ports
-        bmc_ports, bm_ports = build_nodes_json._get_ports(neutron, 'bmc-foo',
-                                                          'baremetal-foo')
-        self.assertEqual([{'name': 'bmc-foo_0'}], bmc_ports)
-        self.assertEqual([{'name': 'baremetal-foo_0'}], bm_ports)
+        neutron.list_subnets.return_value = fake_subnets
+        bmc_ports, bm_ports, provision_net_map = build_nodes_json._get_ports(
+            neutron, 'bmc-foo', 'baremetal-foo')
+        self.assertEqual([fake_ports['ports'][1]], bmc_ports)
+        self.assertEqual([fake_ports['ports'][3]], bm_ports)

    def _fake_port(self, device_id, ip, mac):
        return {'device_id': device_id,
@ -275,7 +282,11 @@ class TestBuildNodesJson(testtools.TestCase):
        bmc_ports = [{'fixed_ips': [{'ip_address': '1.1.1.1'}]},
                     {'fixed_ips': [{'ip_address': '1.1.1.2'}]}
                     ]
-        bm_ports = [{'device_id': '1'}, {'device_id': '2'}]
+        bm_ports = [{'device_id': '1', 'id': 'port_id_server1'},
+                    {'device_id': '2', 'id': 'port_id_server2'}]
+        provision_net_map = {'port_id_server1': 'provision',
+                             'port_id_server2': 'provision',
+                             'port_id_server3': 'provision', }
        physical_network = False
        nova = mock.Mock()
        servers = [mock.Mock(), mock.Mock(), mock.Mock()]
@ -304,8 +315,8 @@ class TestBuildNodesJson(testtools.TestCase):
         bmc_bm_pairs,
         extra_nodes,
         network_details) = build_nodes_json._build_nodes(
-            nova, glance, bmc_ports, bm_ports, 'provision', 'bm', 'undercloud',
-            'pxe_ipmitool', physical_network)
+            nova, glance, bmc_ports, bm_ports, provision_net_map, 'bm',
+            'undercloud', 'pxe_ipmitool', physical_network)
        expected_nodes = copy.deepcopy(TEST_NODES)
        expected_nodes[1]['disk'] = 100
        self.assertEqual(expected_nodes, nodes)
@ -323,7 +334,11 @@ class TestBuildNodesJson(testtools.TestCase):
        bmc_ports = [{'fixed_ips': [{'ip_address': '1.1.1.1'}]},
                     {'fixed_ips': [{'ip_address': '1.1.1.2'}]}
                     ]
-        bm_ports = [{'device_id': '1'}, {'device_id': '2'}]
+        bm_ports = [{'device_id': '1', 'id': 'port_id_server1'},
+                    {'device_id': '2', 'id': 'port_id_server2'}]
+        provision_net_map = {'port_id_server1': 'provision',
+                             'port_id_server2': 'provision',
+                             'port_id_server3': 'provision', }
        physical_network = False
        nova = mock.Mock()
        servers = [mock.Mock(), mock.Mock(), mock.Mock()]
@ -352,8 +367,8 @@ class TestBuildNodesJson(testtools.TestCase):
         bmc_bm_pairs,
         extra_nodes,
         network_details) = build_nodes_json._build_nodes(
-            nova, glance, bmc_ports, bm_ports, 'provision', 'bm', 'undercloud',
-            'ipmi', physical_network)
+            nova, glance, bmc_ports, bm_ports, provision_net_map, 'bm',
+            'undercloud', 'ipmi', physical_network)
        expected_nodes = copy.deepcopy(TEST_NODES)
        expected_nodes[1]['disk'] = 100
        for node in expected_nodes:
@ -372,7 +387,11 @@ class TestBuildNodesJson(testtools.TestCase):
        bmc_ports = [{'fixed_ips': [{'ip_address': '1.1.1.1'}]},
                     {'fixed_ips': [{'ip_address': '1.1.1.2'}]}
                     ]
-        bm_ports = [{'device_id': '1'}, {'device_id': '2'}]
+        bm_ports = [{'device_id': '1', 'id': 'port_id_server1'},
+                    {'device_id': '2', 'id': 'port_id_server2'}]
+        provision_net_map = {'port_id_server1': 'provision',
+                             'port_id_server2': 'provision',
+                             'port_id_server3': 'provision', }
        physical_network = False
        nova = mock.Mock()
        servers = [mock.Mock(), mock.Mock(), mock.Mock()]
@ -388,8 +407,8 @@ class TestBuildNodesJson(testtools.TestCase):
        glance.images.get.return_value = mock_image_get

        nodes, bmc_bm_pairs, extra_nodes, _ = build_nodes_json._build_nodes(
-            nova, glance, bmc_ports, bm_ports, 'provision', 'bm-foo', None,
-            'pxe_ipmitool', physical_network)
+            nova, glance, bmc_ports, bm_ports, provision_net_map, 'bm-foo',
+            None, 'pxe_ipmitool', physical_network)
        expected_nodes = copy.deepcopy(TEST_NODES)
        expected_nodes[0]['name'] = 'bm-foo-control-0'
        expected_nodes[0]['capabilities'] = ('boot_option:local,'
@ -495,9 +514,9 @@ class TestBuildNodesJson(testtools.TestCase):
        mock_parse_args.return_value = args
        bmc_base = mock.Mock()
        baremetal_base = mock.Mock()
-        provision_net = mock.Mock()
+        provision_net_map = mock.Mock()
        undercloud_name = 'undercloud'
-        mock_get_names.return_value = (bmc_base, baremetal_base, provision_net,
+        mock_get_names.return_value = (bmc_base, baremetal_base,
                                       undercloud_name)
        nova = mock.Mock()
        neutron = mock.Mock()
@ -505,7 +524,7 @@ class TestBuildNodesJson(testtools.TestCase):
        mock_get_clients.return_value = (nova, neutron, glance)
        bmc_ports = mock.Mock()
        bm_ports = mock.Mock()
-        mock_get_ports.return_value = (bmc_ports, bm_ports)
+        mock_get_ports.return_value = (bmc_ports, bm_ports, provision_net_map)
        nodes = mock.Mock()
        pairs = mock.Mock()
        extra_nodes = mock.Mock()
@ -521,7 +540,7 @@ class TestBuildNodesJson(testtools.TestCase):
        mock_get_ports.assert_called_once_with(neutron, bmc_base,
                                               baremetal_base)
        mock_build_nodes.assert_called_once_with(nova, glance, bmc_ports,
-                                                 bm_ports, provision_net,
+                                                 bm_ports, provision_net_map,
                                                 baremetal_base,
                                                 undercloud_name,
                                                 args.driver,
--- a/openstack_virtual_baremetal/tests/test_deploy.py
+++ b/openstack_virtual_baremetal/tests/test_deploy.py
@ -89,14 +89,13 @@ class TestProcessArgs(unittest.TestCase):
        self.assertRaises(ValueError, deploy._process_args, mock_args)


-test_env = u"""parameters:
+test_env = u"""parameter_defaults:
  provision_net: provision
  public_net: public
  baremetal_prefix: baremetal
  bmc_prefix: bmc
 """
-test_env_param_defaults = u"""
-parameter_defaults:
+test_env_extra = u"""
  overcloud_internal_net: internalapi
  role: ''
 """
@ -115,21 +114,13 @@ test_env_output = {

 class TestIdEnv(unittest.TestCase):
    def test_add_identifier(self):
-        env_data = {'parameters': {'foo': 'bar'}}
-        deploy._add_identifier(env_data, 'foo', 'baz')
-        self.assertEqual('bar-baz', env_data['parameters']['foo'])
-        self.assertEqual('bar-baz', env_data['parameter_defaults']['foo'])
-
-    def test_add_identifier_defaults(self):
        env_data = {'parameter_defaults': {'foo': 'bar'}}
        deploy._add_identifier(env_data, 'foo', 'baz')
-        self.assertNotIn('foo', env_data['parameters'])
        self.assertEqual('bar-baz', env_data['parameter_defaults']['foo'])

    def test_add_identifier_different_section(self):
        env_data = {'parameter_defaults': {'foo': 'bar'}}
        deploy._add_identifier(env_data, 'foo', 'baz')
-        self.assertNotIn('foo', env_data['parameters'])
        self.assertEqual('bar-baz', env_data['parameter_defaults']['foo'])

    @mock.patch('openstack_virtual_baremetal.deploy._build_env_data')
@ -138,14 +129,11 @@ class TestIdEnv(unittest.TestCase):
        mock_args = mock.Mock()
        mock_args.id = 'foo'
        mock_args.env = ['foo.yaml']
-        env = test_env + 'parameter_defaults:'
-        mock_bed.return_value = yaml.safe_load(env)
+        mock_bed.return_value = yaml.safe_load(test_env)
        path = deploy._generate_id_env(mock_args)
        self.assertEqual(['foo.yaml', 'env-foo.yaml'], path)
        dumped_dict = mock_safe_dump.call_args_list[0][0][0]
        for k, v in test_env_output.items():
-            if k in mock_bed.return_value['parameters']:
-                self.assertEqual(v, dumped_dict['parameters'][k])
            self.assertEqual(v, dumped_dict['parameter_defaults'][k])

    @mock.patch('openstack_virtual_baremetal.deploy._build_env_data')
@ -154,7 +142,7 @@ class TestIdEnv(unittest.TestCase):
        mock_args = mock.Mock()
        mock_args.id = 'foo'
        mock_args.env = ['foo.yaml']
-        env = (test_env + test_env_param_defaults +
+        env = (test_env + test_env_extra +
               '  undercloud_name: test-undercloud\n')
        mock_bed.return_value = yaml.safe_load(env)
        env_output = dict(test_env_output)
@ -164,8 +152,6 @@ class TestIdEnv(unittest.TestCase):
        self.assertEqual(['foo.yaml', 'env-foo.yaml'], path)
        dumped_dict = mock_safe_dump.call_args_list[0][0][0]
        for k, v in env_output.items():
-            if k in mock_bed.return_value['parameters']:
-                self.assertEqual(v, dumped_dict['parameters'][k])
            self.assertEqual(v, dumped_dict['parameter_defaults'][k])

    @mock.patch('openstack_virtual_baremetal.deploy._build_env_data')
@ -174,7 +160,7 @@ class TestIdEnv(unittest.TestCase):
        mock_args = mock.Mock()
        mock_args.id = 'foo'
        mock_args.env = ['foo.yaml']
-        env = (test_env + test_env_param_defaults)
+        env = (test_env + test_env_extra)
        mock_bed.return_value = yaml.safe_load(env)
        mock_bed.return_value['parameter_defaults']['role'] = 'compute'
        env_output = dict(test_env_output)
@ -184,8 +170,6 @@ class TestIdEnv(unittest.TestCase):
        self.assertEqual(['foo.yaml', 'env-foo.yaml'], path)
        dumped_dict = mock_safe_dump.call_args_list[0][0][0]
        for k, v in env_output.items():
-            if k in mock_bed.return_value['parameters']:
-                self.assertEqual(v, dumped_dict['parameters'][k])
            self.assertEqual(v, dumped_dict['parameter_defaults'][k])


@ -195,25 +179,23 @@ role_base_data = {
        'overcloud_storage_mgmt_net': 'storage_mgmt-foo',
        'overcloud_internal_net': 'internal-foo',
        'overcloud_storage_net': 'storage-foo',
+        'overcloud_tenant_net': 'tenant-foo',
+        'provision_net': 'provision-foo',
+        'public_net': 'public-foo',
+        'private_net': 'private',
        'role': 'control',
-        'overcloud_tenant_net': 'tenant-foo'
-    },
-    'parameters': {
        'os_user': 'admin',
        'key_name': 'default',
        'undercloud_name': 'undercloud-foo',
        'bmc_image': 'bmc-base',
        'baremetal_flavor': 'baremetal',
        'os_auth_url': 'http://1.1.1.1:5000/v2.0',
-        'provision_net': 'provision-foo',
        'os_password': 'password',
        'os_tenant': 'admin',
        'bmc_prefix': 'bmc-foo',
-        'public_net': 'public-foo',
        'undercloud_image': 'centos7-base',
        'baremetal_image': 'ipxe-boot',
        'external_net': 'external',
-        'private_net': 'private',
        'baremetal_prefix': 'baremetal-foo-control',
        'undercloud_flavor': 'undercloud-16',
        'node_count': 3,
@ -223,16 +205,15 @@ role_base_data = {
        'OS::OVB::BaremetalNetworks': 'templates/baremetal-networks-all.yaml',
        'OS::OVB::BaremetalPorts':
            'templates/baremetal-ports-public-bond.yaml',
-        'OS::OVB::BMCPort': 'templates/bmc-port-port-security.yaml'
+        'OS::OVB::BMCPort': 'templates/bmc-port.yaml'
    }
 }
 role_specific_data = {
    'parameter_defaults': {
        'role': 'compute',
-    },
-    'parameters': {
        'key_name': 'default',
        'baremetal_flavor': 'baremetal',
+        'baremetal_image': 'centos',
        'bmc_image': 'bmc-base',
        'bmc_prefix': 'bmc',
        'node_count': 2,
@ -247,23 +228,21 @@ role_original_data = {
    'parameter_defaults': {
        'role': 'control',
        'baremetal_prefix': 'baremetal',
-    },
-    'parameters': {
+        'public_net': 'public',
+        'private_net': 'private',
+        'provision_net': 'provision',
        'os_user': 'admin',
        'key_name': 'default',
        'undercloud_name': 'undercloud',
        'baremetal_flavor': 'baremetal',
        'os_auth_url': 'http://1.1.1.1:5000/v2.0',
-        'provision_net': 'provision',
        'bmc_image': 'bmc-base',
        'os_tenant': 'admin',
        'bmc_prefix': 'bmc',
-        'public_net': 'public',
        'undercloud_image': 'centos7-base',
        'baremetal_image': 'ipxe-boot',
        'external_net': 'external',
        'os_password': 'password',
-        'private_net': 'private',
        'undercloud_flavor': 'undercloud-16',
        'node_count': 3,
        'bmc_flavor': 'bmc'
@ -272,7 +251,7 @@ role_original_data = {
        'OS::OVB::BaremetalNetworks': 'templates/baremetal-networks-all.yaml',
        'OS::OVB::BaremetalPorts':
            'templates/baremetal-ports-public-bond.yaml',
-        'OS::OVB::BMCPort': 'templates/bmc-port-port-security.yaml'
+        'OS::OVB::BMCPort': 'templates/bmc-port.yaml'
    }
 }
 # end _process_role test data
@ -288,8 +267,8 @@ class TestDeploy(testtools.TestCase):
            template_files, template
        )
        env_files = {'templates/resource_registry.yaml': {'bar': 'baz'},
-                     'env.yaml': {'parameters': {}}}
-        env = {'parameters': {}}
+                     'env.yaml': {'parameter_defaults': {}}}
+        env = {'parameter_defaults': {}}
        mock_tu.process_multiple_environments_and_files.return_value = (
            env_files, env
        )
@ -393,13 +372,23 @@ class TestDeploy(testtools.TestCase):
        output = mock_write.call_args[0][0]
        # These values are computed in _process_role
        self.assertEqual('baremetal-foo-compute',
-                         output['parameters']['baremetal_prefix'])
+                         output['parameter_defaults']['baremetal_prefix'])
        self.assertEqual('bmc-foo-compute',
-                         output['parameters']['bmc_prefix'])
+                         output['parameter_defaults']['bmc_prefix'])
        # These should be inherited
-        self.assertEqual('ipxe-boot', output['parameters']['baremetal_image'])
-        self.assertEqual('tenant-foo',
+        self.assertEqual('tenant-' + args.id,
                         output['parameter_defaults']['overcloud_tenant_net'])
+        self.assertEqual('internal-' + args.id,
+                         output['parameter_defaults']['overcloud_internal_net']
+                         )
+        self.assertEqual('storage-' + args.id,
+                         output['parameter_defaults']['overcloud_storage_net'])
+        self.assertEqual('storage_mgmt-' + args.id,
+                         output['parameter_defaults'][
+                             'overcloud_storage_mgmt_net'])
+        # This parameter should be overrideable
+        self.assertEqual('centos',
+                         output['parameter_defaults']['baremetal_image'])
        # This should not be present in a role env, even if set in the file
        self.assertNotIn('OS::OVB::BaremetalNetworks',
                         output['resource_registry'])
@ -408,42 +397,9 @@ class TestDeploy(testtools.TestCase):
            'templates/baremetal-ports-all.yaml',
            output['resource_registry']['OS::OVB::BaremetalPorts'])
        # This should be inherited from the base env
-        self.assertEqual('templates/bmc-port-port-security.yaml',
+        self.assertEqual('templates/bmc-port.yaml',
                         output['resource_registry']['OS::OVB::BMCPort'])

-    @mock.patch('openstack_virtual_baremetal.deploy._write_role_file')
-    @mock.patch('openstack_virtual_baremetal.deploy._load_role_data')
-    def test_process_role_param_defaults(self, mock_load, mock_write):
-        def move_params_to_param_defaults(d):
-            data = copy.deepcopy(d)
-            for k, v in data['parameters'].items():
-                data['parameter_defaults'][k] = v
-            data.pop('parameters', None)
-            return data
-
-        pd_base_data = move_params_to_param_defaults(role_base_data)
-        pd_specific_data = move_params_to_param_defaults(role_specific_data)
-        pd_original_data = move_params_to_param_defaults(role_original_data)
-        pd_specific_data['parameter_defaults']['baremetal_image'] = 'centos'
-        mock_load.return_value = (pd_base_data, pd_specific_data,
-                                  pd_original_data)
-        args = mock.Mock()
-        args.id = 'foo'
-        role_file, role = deploy._process_role('foo-compute.yaml', 'foo.yaml',
-                                               'foo', args)
-        mock_load.assert_called_once_with('foo.yaml', 'foo-compute.yaml', args)
-        self.assertEqual('env-foo-compute.yaml', role_file)
-        self.assertEqual('compute', role)
-        output = mock_write.call_args[0][0]
-        # These values are computed in _process_role
-        self.assertEqual('baremetal-foo-compute',
-                         output['parameters']['baremetal_prefix'])
-        self.assertEqual('bmc-foo-compute',
-                         output['parameters']['bmc_prefix'])
-        # This parameter should be inherited (as tested above) but overrideable
-        self.assertEqual('centos',
-                         output['parameter_defaults']['baremetal_image'])
-
    @mock.patch('openstack_virtual_baremetal.deploy._load_role_data')
    def test_process_role_invalid_name(self, mock_load):
        bad_role_specific_data = copy.deepcopy(role_specific_data)
@ -476,10 +432,10 @@ class TestDeploy(testtools.TestCase):
        deploy._deploy_roles('foo', args, 'foo.yaml')
        mock_process.assert_not_called()

-    def _test_validate_env_ends_with_profile(self, mock_id, mock_bed,
-                                             section='parameters'):
+    def _test_validate_env_ends_with_profile(self, mock_id, mock_bed):
        test_env = dict(role_original_data)
-        test_env[section]['baremetal_prefix'] = 'baremetal-control'
+        test_env['parameter_defaults']['baremetal_prefix'] = (
+            'baremetal-control')
        mock_bed.return_value = test_env
        args = mock.Mock()
        args.id = mock_id
@ -493,11 +449,6 @@ class TestDeploy(testtools.TestCase):
    def test_validate_env_fails(self, mock_bed):
        self._test_validate_env_ends_with_profile(None, mock_bed)

-    @mock.patch('openstack_virtual_baremetal.deploy._build_env_data')
-    def test_validate_env_fails_param_defaults(self, mock_bed):
-        self._test_validate_env_ends_with_profile(None, mock_bed,
-                                                  'parameter_defaults')
-
    @mock.patch('openstack_virtual_baremetal.deploy._build_env_data')
    def test_validate_env_with_id(self, mock_bed):
        self._test_validate_env_ends_with_profile('foo', mock_bed)
--- a/openstack_virtual_baremetal/tests/test_openstackbmc.py
+++ b/openstack_virtual_baremetal/tests/test_openstackbmc.py
@ -23,105 +23,6 @@ import testtools
 from openstack_virtual_baremetal import openstackbmc


-@mock.patch('openstack_virtual_baremetal.openstackbmc.OpenStackBmc.'
-            'log')
-@mock.patch('pyghmi.ipmi.bmc.Bmc.__init__')
-@mock.patch('novaclient.client.Client')
-@mock.patch('openstack_virtual_baremetal.openstackbmc.OpenStackBmc.'
-            '_find_instance')
-class TestOpenStackBmcInitDeprecated(unittest.TestCase):
-    def _test_init(self, mock_find_instance, mock_nova, mock_bmc_init,
-                   mock_log, old_nova=True):
-        mock_client = mock.Mock()
-        mock_server = mock.Mock()
-        mock_server.name = 'foo-instance'
-        mock_client.servers.get.return_value = mock_server
-        mock_nova.return_value = mock_client
-        mock_find_instance.return_value = 'abc-123'
-        bmc = openstackbmc.OpenStackBmc(authdata={'admin': 'password'},
-                                        port=623,
-                                        address='::ffff:127.0.0.1',
-                                        instance='foo',
-                                        user='admin',
-                                        password='password',
-                                        tenant='admin',
-                                        auth_url='http://keystone:5000',
-                                        project='',
-                                        user_domain='',
-                                        project_domain='',
-                                        cache_status=False,
-                                        os_cloud=None
-                                        )
-        if old_nova:
-            mock_nova.assert_called_once_with(2, 'admin', 'password', 'admin',
-                                              'http://keystone:5000')
-        else:
-            mock_nova.assert_called_once_with(2, 'admin', 'password',
-                                              auth_url='http://keystone:5000',
-                                              project_name='admin')
-        mock_find_instance.assert_called_once_with('foo')
-        self.assertEqual('abc-123', bmc.instance)
-        mock_client.servers.get.assert_called_once_with('abc-123')
-        self.assertEqual([mock.call(openstackbmc.NO_OCC_DEPRECATION),
-                          mock.call('Managing instance: %s UUID: %s' %
-                                    ('foo-instance', 'abc-123'))],
-                         mock_log.mock_calls)
-
-    @mock.patch('openstack_virtual_baremetal.openstackbmc.os_client_config',
-                None)
-    @mock.patch('openstack_virtual_baremetal.openstackbmc.nc.__version__',
-                ('6', '0', '0'))
-    def test_init_6(self, mock_find_instance, mock_nova, mock_bmc_init,
-                    mock_log):
-        self._test_init(mock_find_instance, mock_nova, mock_bmc_init, mock_log)
-
-    @mock.patch('openstack_virtual_baremetal.openstackbmc.os_client_config',
-                None)
-    @mock.patch('openstack_virtual_baremetal.openstackbmc.nc.__version__',
-                ('7', '0', '0'))
-    def test_init_7(self, mock_find_instance, mock_nova, mock_bmc_init,
-                    mock_log):
-        self._test_init(mock_find_instance, mock_nova, mock_bmc_init, mock_log,
-                        old_nova=False)
-
-    @mock.patch('openstack_virtual_baremetal.openstackbmc.os_client_config',
-                None)
-    def test_init_v3(self, mock_find_instance, mock_nova, mock_bmc_init,
-                     mock_log, old_nova=True):
-        mock_client = mock.Mock()
-        mock_server = mock.Mock()
-        mock_server.name = 'foo-instance'
-        mock_client.servers.get.return_value = mock_server
-        mock_nova.return_value = mock_client
-        mock_find_instance.return_value = 'abc-123'
-        bmc = openstackbmc.OpenStackBmc(authdata={'admin': 'password'},
-                                        port=623,
-                                        address='::ffff:127.0.0.1',
-                                        instance='foo',
-                                        user='admin',
-                                        password='password',
-                                        tenant='',
-                                        auth_url='http://keystone:5000/v3',
-                                        project='admin',
-                                        user_domain='default',
-                                        project_domain='default',
-                                        cache_status=False,
-                                        os_cloud=None
-                                        )
-        mock_nova.assert_called_once_with(2, 'admin', 'password',
-                                          auth_url='http://keystone:5000/v3',
-                                          project_name='admin',
-                                          user_domain_name='default',
-                                          project_domain_name='default')
-        mock_find_instance.assert_called_once_with('foo')
-        self.assertEqual('abc-123', bmc.instance)
-        mock_client.servers.get.assert_called_once_with('abc-123')
-        self.assertEqual([mock.call(openstackbmc.NO_OCC_DEPRECATION),
-                          mock.call('Managing instance: %s UUID: %s' %
-                                    ('foo-instance', 'abc-123'))],
-                         mock_log.mock_calls)
-
-
@mock.patch('openstack_virtual_baremetal.openstackbmc.OpenStackBmc.'
            'log')
@mock.patch('pyghmi.ipmi.bmc.Bmc.__init__')
@ -129,43 +30,6 @@ class TestOpenStackBmcInitDeprecated(unittest.TestCase):
            '_find_instance')
@mock.patch('os_client_config.make_client')
 class TestOpenStackBmcInit(testtools.TestCase):
-    def test_init_os_client_config(self, mock_make_client, mock_find_instance,
-                                   mock_bmc_init, mock_log):
-        mock_client = mock.Mock()
-        mock_server = mock.Mock()
-        mock_server.name = 'foo-instance'
-        mock_client.servers.get.return_value = mock_server
-        mock_make_client.return_value = mock_client
-        mock_find_instance.return_value = 'abc-123'
-        bmc = openstackbmc.OpenStackBmc(authdata={'admin': 'password'},
-                                        port=623,
-                                        address='::ffff:127.0.0.1',
-                                        instance='foo',
-                                        user='admin',
-                                        password='password',
-                                        tenant='admin',
-                                        auth_url='http://keystone:5000',
-                                        project='',
-                                        user_domain='',
-                                        project_domain='',
-                                        cache_status=False,
-                                        os_cloud=None
-                                        )
-
-        mock_make_client.assert_called_once_with(
-            'compute',
-            os_auth_url='http://keystone:5000',
-            os_password='password',
-            os_project_domain='',
-            os_project_name='admin',
-            os_user_domain='',
-            os_username='admin')
-        mock_find_instance.assert_called_once_with('foo')
-        self.assertEqual('abc-123', bmc.instance)
-        mock_client.servers.get.assert_called_once_with('abc-123')
-        mock_log.assert_called_once_with('Managing instance: %s UUID: %s' %
-                                         ('foo-instance', 'abc-123'))
-
    def test_init_os_cloud(self, mock_make_client, mock_find_instance,
                           mock_bmc_init, mock_log):
        mock_client = mock.Mock()
@ -178,13 +42,6 @@ class TestOpenStackBmcInit(testtools.TestCase):
                                        port=623,
                                        address='::ffff:127.0.0.1',
                                        instance='foo',
-                                        user='',
-                                        password='',
-                                        tenant='',
-                                        auth_url='',
-                                        project='',
-                                        user_domain='',
-                                        project_domain='',
                                        cache_status=False,
                                        os_cloud='bar'
                                        )
@ -210,13 +67,6 @@ class TestOpenStackBmcInit(testtools.TestCase):
                                        port=623,
                                        address='::ffff:127.0.0.1',
                                        instance='foo',
-                                        user='',
-                                        password='',
-                                        tenant='',
-                                        auth_url='',
-                                        project='',
-                                        user_domain='',
-                                        project_domain='',
                                        cache_status=False,
                                        os_cloud='foo'
                                        )
@ -246,15 +96,8 @@ class TestOpenStackBmc(unittest.TestCase):
                                             port=623,
                                             address='::ffff:127.0.0.1',
                                             instance='foo',
-                                             user='admin',
-                                             password='password',
-                                             tenant='admin',
-                                             auth_url='http://keystone:5000',
-                                             project='',
-                                             user_domain='',
-                                             project_domain='',
                                             cache_status=False,
-                                             os_cloud=None
+                                             os_cloud='bar'
                                             )
        self.bmc.novaclient = self.mock_client
        self.bmc.instance = 'abc-123'
@ -462,13 +305,6 @@ class TestMain(unittest.TestCase):
                                         port=111,
                                         address='::ffff:1.2.3.4',
                                         instance='foobar',
-                                         user='',
-                                         password='',
-                                         tenant='',
-                                         auth_url='',
-                                         project='',
-                                         user_domain='',
-                                         project_domain='',
                                         cache_status=False,
                                         os_cloud='foo'
                                         )
@ -479,21 +315,14 @@ class TestMain(unittest.TestCase):
        mock_instance = mock.Mock()
        mock_bmc.return_value = mock_instance
        mock_argv = ['openstackbmc', '--port', '111',
-                     '--instance', 'foobar']
+                     '--instance', 'foobar', '--os-cloud', 'bar']
        with mock.patch.object(sys, 'argv', mock_argv):
            openstackbmc.main()
        mock_bmc.assert_called_once_with({'admin': 'password'},
                                         port=111,
                                         address='::',
                                         instance='foobar',
-                                         user='',
-                                         password='',
-                                         tenant='',
-                                         auth_url='',
-                                         project='',
-                                         user_domain='',
-                                         project_domain='',
                                         cache_status=False,
-                                         os_cloud=None
+                                         os_cloud='bar'
                                         )
        mock_instance.listen.assert_called_once_with()
--- a/overcloud-templates/bond-network-templates/network-environment.yaml
+++ b/overcloud-templates/bond-network-templates/network-environment.yaml
@ -8,8 +8,8 @@ resource_registry:

 parameter_defaults:
  ControlPlaneSubnetCidr: '24'
-  ControlPlaneDefaultRoute: 192.0.2.1
-  EC2MetadataIp: 192.0.2.1
+  ControlPlaneDefaultRoute: 192.168.24.1
+  EC2MetadataIp: 192.168.24.1
  ExternalNetCidr: 10.0.0.0/24
  ExternalAllocationPools: [{"start": "10.0.0.10", "end": "10.0.0.50"}]
  ExternalInterfaceDefaultRoute: 10.0.0.1
--- a/overcloud-templates/bond-network-templates/ui-settings.pickle
+++ b/overcloud-templates/bond-network-templates/ui-settings.pickle
@ -7,14 +7,14 @@ p3
 (dp4
 S'route'
 p5
-V192.0.2.1
+V192.168.24.1
 p6
 sS'mask'
 p7
 I24
 sS'ec2'
 p8
-V192.0.2.1
+V192.168.24.1
 p9
 ssS'major'
 p10
--- a/overcloud-templates/ipv6-network-templates/network-environment.yaml
+++ b/overcloud-templates/ipv6-network-templates/network-environment.yaml
@ -8,8 +8,8 @@ resource_registry:

 parameter_defaults:
  ControlPlaneSubnetCidr: '24'
-  ControlPlaneDefaultRoute: 192.0.2.1
-  EC2MetadataIp: 192.0.2.1
+  ControlPlaneDefaultRoute: 192.168.24.1
+  EC2MetadataIp: 192.168.24.1
  ExternalNetCidr: 2001:db8:fd00:1000::/64
  ExternalAllocationPools: [{"start": "2001:db8:fd00:1000::10", "end": "2001:db8:fd00:1000:ffff:ffff:ffff:fffe"}]
  ExternalInterfaceDefaultRoute: 2001:db8:fd00:1000::1
--- a/overcloud-templates/ipv6-network-templates/ui-settings.pickle
+++ b/overcloud-templates/ipv6-network-templates/ui-settings.pickle
@ -7,14 +7,14 @@ p3
 (dp4
 S'route'
 p5
-V192.0.2.1
+V192.168.24.1
 p6
 sS'mask'
 p7
 I24
 sS'ec2'
 p8
-V192.0.2.1
+V192.168.24.1
 p9
 ssS'major'
 p10
--- a/overcloud-templates/network-templates/network-environment.yaml
+++ b/overcloud-templates/network-templates/network-environment.yaml
@ -8,8 +8,8 @@ resource_registry:

 parameter_defaults:
  ControlPlaneSubnetCidr: '24'
-  ControlPlaneDefaultRoute: 192.0.2.1
-  EC2MetadataIp: 192.0.2.1
+  ControlPlaneDefaultRoute: 192.168.24.1
+  EC2MetadataIp: 192.168.24.1
  ExternalNetCidr: 10.0.0.0/24
  ExternalAllocationPools: [{"start": "10.0.0.10", "end": "10.0.0.50"}]
  ExternalInterfaceDefaultRoute: 10.0.0.1
--- a/overcloud-templates/network-templates/ui-settings.pickle
+++ b/overcloud-templates/network-templates/ui-settings.pickle
@ -7,14 +7,14 @@ p3
 (dp4
 S'route'
 p5
-V192.0.2.1
+V192.168.24.1
 p6
 sS'mask'
 p7
 I24
 sS'ec2'
 p8
-V192.0.2.1
+V192.168.24.1
 p9
 ssS'major'
 p10
--- a/sample-env-generator/environments.yaml
+++ b/sample-env-generator/environments.yaml
@ -14,15 +14,17 @@ environments:
          - bmc_prefix
          - baremetal_prefix
          - node_count
-          - public_net
-          - public_net_shared
-          - provision_net
-          - provision_net_shared
          - undercloud_name
          - undercloud_image
          - undercloud_flavor
          - external_net
          - role
+      templates/undercloud-networks.yaml:
+        parameters:
+          - public_net
+          - public_net_shared
+          - provision_net
+          - provision_net_shared
    sample_values:
      baremetal_image: ipxe-boot
  -
@ -61,7 +63,7 @@ environments:
      baremetal_image: CentOS-7-x86_64-GenericCloud
      node_count: 1
    resource_registry:
-      OS::OVB::BaremetalPorts: ../templates/baremetal-ports-extra-node-port-security.yaml
+      OS::OVB::BaremetalPorts: ../templates/baremetal-ports-extra-node.yaml
  -
    name: all-networks
    title: Deploy with All Networks Enabled
@ -75,18 +77,6 @@ environments:
      OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
      OS::OVB::BaremetalPorts: ../templates/baremetal-ports-all.yaml
    children:
-      -
-        name: all-networks-port-security
-        description: |
-          Deploy an OVB stack that adds interfaces for all the standard TripleO
-          network isolation networks.  This version uses the port-security
-          Neutron extension to allow OVB to be run on clouds with security
-          groups enabled.
-        resource_registry:
-          OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
-          OS::OVB::BaremetalPorts: ../templates/baremetal-ports-all-port-security.yaml
-          OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
-          OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
      -
        name: all-networks-public-bond
        title: Deploy with All Networks Enabled and Two Public Interfaces
@ -98,32 +88,6 @@ environments:
        resource_registry:
          OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
          OS::OVB::BaremetalPorts: ../templates/baremetal-ports-public-bond.yaml
-      -
-        name: all-networks-public-bond-port-security
-        title: Deploy with All Networks Enabled and Two Public Interfaces
-        description: |
-          Deploy an OVB stack that adds interfaces for all the standard TripleO
-          network isolation networks.  This version will deploy duplicate
-          public network interfaces on the baremetal instances so that the
-          public network can be configured as a bond.  It will also use the
-          port-security Neutron extension to allow OVB to be run on clouds with
-          security groups enabled.
-        resource_registry:
-          OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
-          OS::OVB::BaremetalPorts: ../templates/baremetal-ports-public-bond-port-security.yaml
-          OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
-          OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
-  -
-    name: port-security
-    title: Deploy a Basic OVB Environment Using Neutron port-security
-    description: |
-      Deploy an OVB stack that uses the Neutron port-security extension to
-      allow OVB functionality in clouds with security groups enabled.
-    files: {}
-    resource_registry:
-      OS::OVB::BaremetalPorts: ../templates/baremetal-ports-default-port-security.yaml
-      OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
-      OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
  -
    name: create-private-network
    title: Create a Private Network
@ -220,3 +184,68 @@ environments:
          - bmc_use_cache
    sample_values:
      bmc_use_cache: True
+  -
+    name: routed-networks-configuration
+    title: Configuration for Routed Networks
+    description: |
+      Contains the available parameters that need to be configured when using
+      a routed networks environment. Requires the routed-networks.yaml
+      environment.
+    files:
+      templates/dhcp-relay.yaml:
+        parameters:
+          - dhcp_relay_flavor
+          - dhcp_relay_image
+  -
+    name: routed-networks
+    title: Enable Routed Networks
+    description: |
+      Enable use of routed networks, where there may be multiple separate
+      networks connected with a router and DHCP relay. Do not pass any other
+      network configuration environments after this one or they may override
+      the changes made by this environment. When this environment is in use,
+      the routed-networks-configuration environment should usually be
+      included as well.
+    resource_registry:
+      OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml
+      OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml
+      OS::OVB::DHCPRelay: ../templates/dhcp-relay.yaml
+  -
+    name: routed-networks-role
+    title: Base Role Configuration for Routed Networks
+    description: |
+      A base role environment that contains the necessary parameters for
+      deploying with routed networks.
+    files:
+      templates/quintupleo.yaml:
+        parameters:
+          - baremetal_flavor
+          - key_name
+          - node_count
+          - role
+      templates/undercloud-networks.yaml:
+        parameters:
+          - provision_net
+      templates/baremetal-networks-all.yaml:
+        parameters:
+          - overcloud_internal_net
+          - overcloud_storage_net
+          - overcloud_storage_mgmt_net
+          - overcloud_tenant_net
+    sample_values:
+      role: leaf1
+      provision_net: provision2
+      overcloud_internal_net: overcloud_internal2
+      overcloud_storage_net: overcloud_storage2
+      overcloud_storage_mgmt_net: overcloud_storage_mgmt2
+      overcloud_tenant_net: overcloud_tenant2
+  -
+    name: public-router
+    title: Public Network External Router
+    description: |
+      Deploy a router that connects the public and external networks. This
+      allows the public network to be used as a gateway instead of routing all
+      traffic through the undercloud.
+    resource_registry:
+      OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-public-router.yaml
+
--- a/templates/baremetal-networks-all.yaml
+++ b/templates/baremetal-networks-all.yaml
@ -117,3 +117,5 @@ outputs:
      storage_net: {get_resource: storage_network}
      storage_mgmt_net: {get_resource: storage_mgmt_network}
      tenant_net: {get_resource: tenant_network}
+  routers_addresses:
+    value: {}
--- a/templates/baremetal-networks-none.yaml
+++ b/templates/baremetal-networks-none.yaml
@ -3,3 +3,5 @@ heat_template_version: 2014-10-16
 outputs:
  networks:
    value: {}
+  routers_addresses:
+    value: {}
--- a/templates/baremetal-networks-routed.yaml
+++ b/templates/baremetal-networks-routed.yaml
@ -0,0 +1,408 @@
+heat_template_version: 2014-10-16
+
+# Template which creates all networks required for full network isloation.
+
+parameters:
+
+  overcloud_internal_net:
+    type: string
+    description: Name of internal API network
+    default: overcloud_internal
+
+  overcloud_internal_net_cidr:
+    type: string
+    description: |
+      CIDR for internal API network subnet.  This is typically irrelevant and
+      does not need to be changed.
+    default: 172.17.0.0/24
+
+  overcloud_internal_net_router_address:
+    type: string
+    description: Router address for the overcloud_internal_net
+    default: 172.17.0.254
+
+  overcloud_internal_net2:
+    type: string
+    description: Name of internal API network
+    default: overcloud_internal2
+
+  overcloud_internal_net2_cidr:
+    type: string
+    description: |
+      CIDR for internal API network subnet.  This is typically irrelevant and
+      does not need to be changed.
+    default: 172.17.1.0/24
+
+  overcloud_internal_net2_router_address:
+    type: string
+    description: Router address for the overcloud_internal_net2 subnet
+    default: 172.17.1.254
+
+  overcloud_storage_net:
+    type: string
+    description: Name of storage network
+    default: overcloud_storage
+
+  overcloud_storage_net_cidr:
+    type: string
+    description: |
+      CIDR for storage network subnet.  This is typically irrelevant and
+      does not need to be changed.
+    default: 172.18.0.0/24
+
+  overcloud_storage_net_router_address:
+    type: string
+    description: Router address for the overcloud_storage_net subnet
+    default: 172.18.0.254
+
+  overcloud_storage_net2:
+    type: string
+    description: Name of storage network
+    default: overcloud_storage2
+
+  overcloud_storage_net2_cidr:
+    type: string
+    description: |
+      CIDR for storage network subnet.  This is typically irrelevant and
+      does not need to be changed.
+    default: 172.18.1.0/24
+
+  overcloud_storage_net2_router_address:
+    type: string
+    description: Router address for the overcloud_storage_net2 subnet
+    default: 172.18.1.254
+
+  overcloud_storage_mgmt_net:
+    type: string
+    description: Name of storage management network
+    default: overcloud_storage_mgmt
+
+  overcloud_storage_mgmt_net_cidr:
+    type: string
+    description: |
+      CIDR for storage management network subnet.  This is typically irrelevant
+      and does not need to be changed.
+    default: 172.19.0.0/24
+
+  overcloud_storage_mgmt_net_router_address:
+    type: string
+    description: Router address for the overcloud_storage_mgmt_net subnet
+    default: 172.19.0.254
+
+  overcloud_storage_mgmt_net2:
+    type: string
+    description: Name of storage management network
+    default: overcloud_storage_mgmt2
+
+  overcloud_storage_mgmt_net2_cidr:
+    type: string
+    description: |
+      CIDR for storage management network subnet.  This is typically irrelevant
+      and does not need to be changed.
+    default: 172.19.1.0/24
+
+  overcloud_storage_mgmt_net2_router_address:
+    type: string
+    description: Router address for the overcloud_storage_mgmt_net2 subnet
+    default: 172.19.1.254
+
+  overcloud_tenant_net:
+    type: string
+    description: Name of tenant network
+    default: overcloud_tenant
+
+  overcloud_tenant_net_cidr:
+    type: string
+    description: |
+      CIDR for tenant network subnet.  This is typically irrelevant and
+      does not need to be changed.
+    default: 172.16.0.0/24
+
+  overcloud_tenant_net_router_address:
+    type: string
+    description: Router address for the overcloud_tenant_net subnet
+    default: 172.16.0.254
+
+  overcloud_tenant_net2:
+    type: string
+    description: Name of tenant network
+    default: overcloud_tenant2
+
+  overcloud_tenant_net2_cidr:
+    type: string
+    description: |
+      CIDR for tenant network subnet.  This is typically irrelevant and
+      does not need to be changed.
+    default: 172.16.1.0/24
+
+  overcloud_tenant_net2_router_address:
+    type: string
+    description: Router address for the overcloud_tenant_net2 subnet
+    default: 172.16.1.254
+
+resources:
+  internal_router:
+    type: OS::Neutron::Router
+    properties:
+      name: internal-router
+
+  internal_network:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: overcloud_internal_net}
+
+  internal_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: internal_network}
+      name: {get_param: overcloud_internal_net}
+      cidr: {get_param: overcloud_internal_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  internal_subnet_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: internal_network}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: overcloud_internal_net_router_address}
+
+  internal_subnet_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: internal_router}
+      port: {get_resource: internal_subnet_port}
+
+  internal_network2:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: overcloud_internal_net2}
+
+  internal_subnet2:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: internal_network2}
+      name: {get_param: overcloud_internal_net2}
+      cidr: {get_param: overcloud_internal_net2_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  internal_subnet2_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: internal_network2}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: overcloud_internal_net2_router_address}
+
+  internal_subnet2_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: internal_router}
+      port: {get_resource: internal_subnet2_port}
+
+  storage_router:
+    type: OS::Neutron::Router
+    properties:
+      name: storage-router
+
+  storage_network:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: overcloud_storage_net}
+
+  storage_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: storage_network}
+      name: {get_param: overcloud_storage_net}
+      cidr: {get_param: overcloud_storage_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  storage_subnet_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: storage_network}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: overcloud_storage_net_router_address}
+
+  storage_subnet_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: storage_router}
+      port: {get_resource: storage_subnet_port}
+
+  storage_network2:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: overcloud_storage_net2}
+
+  storage_subnet2:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: storage_network2}
+      name: {get_param: overcloud_storage_net2}
+      cidr: {get_param: overcloud_storage_net2_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  storage_subnet2_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: storage_network2}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: overcloud_storage_net2_router_address}
+
+  storage_subnet2_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: storage_router}
+      port: {get_resource: storage_subnet2_port}
+
+  storage_mgmt_router:
+    type: OS::Neutron::Router
+    properties:
+      name: storage-mgmt-router
+
+  storage_mgmt_network:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: overcloud_storage_mgmt_net}
+
+  storage_mgmt_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: storage_mgmt_network}
+      name: {get_param: overcloud_storage_mgmt_net}
+      cidr: {get_param: overcloud_storage_mgmt_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  storage_mgmt_subnet_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: storage_mgmt_network}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: overcloud_storage_mgmt_net_router_address}
+
+  storage_mgmt_subnet_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: storage_mgmt_router}
+      port: {get_resource: storage_mgmt_subnet_port}
+
+  storage_mgmt_network2:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: overcloud_storage_mgmt_net2}
+
+  storage_mgmt_subnet2:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: storage_mgmt_network2}
+      name: {get_param: overcloud_storage_mgmt_net2}
+      cidr: {get_param: overcloud_storage_mgmt_net2_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  storage_mgmt_subnet2_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: storage_mgmt_network2}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: overcloud_storage_mgmt_net2_router_address}
+
+  storage_mgmt_subnet2_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: storage_mgmt_router}
+      port: {get_resource: storage_mgmt_subnet2_port}
+
+  tenant_router:
+    type: OS::Neutron::Router
+    properties:
+      name: tenant-router
+
+  tenant_network:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: overcloud_tenant_net}
+
+  tenant_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: tenant_network}
+      name: {get_param: overcloud_tenant_net}
+      cidr: {get_param: overcloud_tenant_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  tenant_subnet_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: tenant_network}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: overcloud_tenant_net_router_address}
+
+  tenant_subnet_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: tenant_router}
+      port: {get_resource: tenant_subnet_port}
+
+  tenant_network2:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: overcloud_tenant_net2}
+
+  tenant_subnet2:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: tenant_network2}
+      name: {get_param: overcloud_tenant_net2}
+      cidr: {get_param: overcloud_tenant_net2_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  tenant_subnet2_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: tenant_network2}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: overcloud_tenant_net2_router_address}
+
+  tenant_subnet2_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: tenant_router}
+      port: {get_resource: tenant_subnet2_port}
+
+outputs:
+  networks:
+    value:
+      internal_net: {get_resource: internal_network}
+      internal_net2: {get_resource: internal_network2}
+      storage_net: {get_resource: storage_network}
+      storage_net2: {get_resource: storage_network2}
+      storage_mgmt_net: {get_resource: storage_mgmt_network}
+      storage_mgmt_net2: {get_resource: storage_mgmt_network2}
+      tenant_net: {get_resource: tenant_network}
+      tenant_net2: {get_resource: tenant_network2}
+  routers_addresses:
+    value:
+      internal_router_address: {get_attr: [internal_subnet_port, fixed_ips, 0, ip_address]}
+      internal2_router: {get_attr: [internal_subnet2_port, fixed_ips, 0, ip_address]}
+      storage_router_address: {get_attr: [storage_subnet_port, fixed_ips, 0, ip_address]}
+      storage2_router_address: {get_attr: [storage_subnet2_port, fixed_ips, 0, ip_address]}
+      storage_mgmt_router_address: {get_attr: [storage_mgmt_subnet_port, fixed_ips, 0, ip_address]}
+      storage_mgmt2_router_address: {get_attr: [storage_mgmt_subnet2_port, fixed_ips, 0, ip_address]}
+      tenant_router_address: {get_attr: [tenant_subnet_port, fixed_ips, 0, ip_address]}
+      tenant2_router_address: {get_attr: [tenant_subnet2_port, fixed_ips, 0, ip_address]}
--- a/templates/baremetal-ports-all-port-security.yaml
+++ b/templates/baremetal-ports-all-port-security.yaml
@ -1,120 +0,0 @@
-heat_template_version: 2015-10-15
-
-parameters:
-
-  baremetal_prefix:
-    type: string
-
-  provision_net:
-    type: string
-
-  public_net:
-    type: string
-    description: Name of external network
-    default: public
-
-  suffix:
-    type: string
-
-  overcloud_internal_net:
-    type: string
-    description: Name of internal API network
-    default: overcloud_internal
-
-  overcloud_storage_net:
-    type: string
-    description: Name of storage network
-    default: overcloud_storage
-
-  overcloud_storage_mgmt_net:
-    type: string
-    description: Name of storage management network
-    default: overcloud_storage_mgmt
-
-  overcloud_tenant_net:
-    type: string
-    description: Name of tenant network
-    default: overcloud_tenant
-
-resources:
-
-  provision_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: provision_net}
-      port_security_enabled: False
-
-  internal_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - internal_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: overcloud_internal_net}
-      port_security_enabled: False
-
-  storage_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - storage_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: overcloud_storage_net}
-      port_security_enabled: False
-
-  storage_mgmt_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - storage_mgmt_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: overcloud_storage_mgmt_net}
-      port_security_enabled: False
-
-  tenant_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - tenant_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: overcloud_tenant_net}
-      port_security_enabled: False
-
-  public_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - public_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: public_net}
-      port_security_enabled: False
-
-outputs:
-  ports:
-    value:
-    - {port: {get_resource: provision_port}}
-    - {port: {get_resource: public_port}}
-    - {port: {get_resource: internal_port}}
-    - {port: {get_resource: storage_port}}
-    - {port: {get_resource: storage_mgmt_port}}
-    - {port: {get_resource: tenant_port}}
--- a/templates/baremetal-ports-all.yaml
+++ b/templates/baremetal-ports-all.yaml
@ -1,17 +1,12 @@
-heat_template_version: 2014-10-16
+heat_template_version: 2015-10-15

 parameters:

  baremetal_prefix:
    type: string

-  provision_net:
-    type: string
-
-  public_net:
-    type: string
-    description: Name of external network
-    default: public
+  networks:
+    type: json

  suffix:
    type: string
@ -46,7 +41,8 @@ resources:
        - ''
        - - {get_param: baremetal_prefix}
          - {get_param: suffix}
-      network: {get_param: provision_net}
+      network: {get_param: [networks, provision]}
+      port_security_enabled: False

  internal_port:
    type: OS::Neutron::Port
@ -58,6 +54,7 @@ resources:
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
      network: {get_param: overcloud_internal_net}
+      port_security_enabled: False

  storage_port:
    type: OS::Neutron::Port
@ -69,6 +66,7 @@ resources:
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
      network: {get_param: overcloud_storage_net}
+      port_security_enabled: False

  storage_mgmt_port:
    type: OS::Neutron::Port
@ -80,6 +78,7 @@ resources:
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
      network: {get_param: overcloud_storage_mgmt_net}
+      port_security_enabled: False

  tenant_port:
    type: OS::Neutron::Port
@ -91,6 +90,7 @@ resources:
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
      network: {get_param: overcloud_tenant_net}
+      port_security_enabled: False

  public_port:
    type: OS::Neutron::Port
@ -101,7 +101,8 @@ resources:
        - - public_
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
-      network: {get_param: public_net}
+      network: {get_param: [networks, public]}
+      port_security_enabled: False

 outputs:
  ports:
--- a/templates/baremetal-ports-default-port-security.yaml
+++ b/templates/baremetal-ports-default-port-security.yaml
@ -1,35 +0,0 @@
-heat_template_version: 2015-10-15
-
-parameters:
-
-  baremetal_prefix:
-    type: string
-
-  provision_net:
-    type: string
-
-  public_net:
-    type: string
-    description: Name of external network
-    default: public
-
-  suffix:
-    type: string
-
-resources:
-
-  provision_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: provision_net}
-      port_security_enabled: False
-
-outputs:
-  ports:
-    value:
-    - {port: {get_resource: provision_port}}
--- a/templates/baremetal-ports-default.yaml
+++ b/templates/baremetal-ports-default.yaml
@ -1,17 +1,12 @@
-heat_template_version: 2014-10-16
+heat_template_version: 2015-10-15

 parameters:

  baremetal_prefix:
    type: string

-  provision_net:
-    type: string
-
-  public_net:
-    type: string
-    description: Name of external network
-    default: public
+  networks:
+    type: json

  suffix:
    type: string
@ -26,7 +21,8 @@ resources:
        - ''
        - - {get_param: baremetal_prefix}
          - {get_param: suffix}
-      network: {get_param: provision_net}
+      network: {get_param: [networks, provision]}
+      port_security_enabled: False

 outputs:
  ports:
--- a/templates/baremetal-ports-extra-node-port-security-all.yaml
+++ b/templates/baremetal-ports-extra-node-port-security-all.yaml
--- a/templates/baremetal-ports-extra-node-fip-port-security.yaml
+++ b/templates/baremetal-ports-extra-node-fip-port-security.yaml
@ -5,13 +5,8 @@ parameters:
  baremetal_prefix:
    type: string

-  provision_net:
-    type: string
-
-  public_net:
-    type: string
-    description: Name of external network
-    default: public
+  networks:
+    type: json

  private_net:
    type: string
@ -62,7 +57,7 @@ resources:
        - ''
        - - {get_param: baremetal_prefix}
          - {get_param: suffix}
-      network: {get_param: provision_net}
+      network: {get_param: [networks, provision]}
      port_security_enabled: False

  public_port:
@ -74,7 +69,7 @@ resources:
        - - public_
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
-      network: {get_param: public_net}
+      network: {get_param: [networks, public]}
      port_security_enabled: False

  extra_node_fip:
--- a/templates/baremetal-ports-extra-node-port-security.yaml
+++ b/templates/baremetal-ports-extra-node-port-security.yaml
@ -5,13 +5,8 @@ parameters:
  baremetal_prefix:
    type: string

-  provision_net:
-    type: string
-
-  public_net:
-    type: string
-    description: Name of external network
-    default: public
+  networks:
+    type: json

  private_net:
    type: string
@ -59,7 +54,7 @@ resources:
        - ''
        - - {get_param: baremetal_prefix}
          - {get_param: suffix}
-      network: {get_param: provision_net}
+      network: {get_param: [networks, provision]}
      port_security_enabled: False

  public_port:
@ -71,7 +66,7 @@ resources:
        - - public_
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
-      network: {get_param: public_net}
+      network: {get_param: [networks, public]}
      port_security_enabled: False

 outputs:
--- a/templates/baremetal-ports-public-bond-port-security.yaml
+++ b/templates/baremetal-ports-public-bond-port-security.yaml
@ -1,133 +0,0 @@
-heat_template_version: 2015-10-15
-
-parameters:
-
-  baremetal_prefix:
-    type: string
-
-  provision_net:
-    type: string
-
-  public_net:
-    type: string
-    description: Name of external network
-    default: public
-
-  suffix:
-    type: string
-
-  overcloud_internal_net:
-    type: string
-    description: Name of internal API network
-    default: overcloud_internal
-
-  overcloud_storage_net:
-    type: string
-    description: Name of storage network
-    default: overcloud_storage
-
-  overcloud_storage_mgmt_net:
-    type: string
-    description: Name of storage management network
-    default: overcloud_storage_mgmt
-
-  overcloud_tenant_net:
-    type: string
-    description: Name of tenant network
-    default: overcloud_tenant
-
-resources:
-
-  provision_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: provision_net}
-      port_security_enabled: False
-
-  internal_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - internal_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: overcloud_internal_net}
-      port_security_enabled: False
-
-  storage_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - storage_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: overcloud_storage_net}
-      port_security_enabled: False
-
-  storage_mgmt_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - storage_mgmt_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: overcloud_storage_mgmt_net}
-      port_security_enabled: False
-
-  tenant_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - tenant_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: overcloud_tenant_net}
-      port_security_enabled: False
-
-  public_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - public_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: public_net}
-      port_security_enabled: False
-
-  public_bond_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - ''
-        - - public_
-          - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-      network: {get_param: public_net}
-      port_security_enabled: False
-
-outputs:
-  ports:
-    value:
-    - {port: {get_resource: provision_port}}
-    - {port: {get_resource: public_port}}
-    - {port: {get_resource: public_bond_port}}
-    - {port: {get_resource: internal_port}}
-    - {port: {get_resource: storage_port}}
-    - {port: {get_resource: storage_mgmt_port}}
-    - {port: {get_resource: tenant_port}}
--- a/templates/baremetal-ports-public-bond.yaml
+++ b/templates/baremetal-ports-public-bond.yaml
@ -1,17 +1,12 @@
-heat_template_version: 2014-10-16
+heat_template_version: 2015-10-15

 parameters:

  baremetal_prefix:
    type: string

-  provision_net:
-    type: string
-
-  public_net:
-    type: string
-    description: Name of external network
-    default: public
+  networks:
+    type: json

  suffix:
    type: string
@ -46,7 +41,8 @@ resources:
        - ''
        - - {get_param: baremetal_prefix}
          - {get_param: suffix}
-      network: {get_param: provision_net}
+      network: {get_param: [networks, provision]}
+      port_security_enabled: False

  internal_port:
    type: OS::Neutron::Port
@ -58,6 +54,7 @@ resources:
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
      network: {get_param: overcloud_internal_net}
+      port_security_enabled: False

  storage_port:
    type: OS::Neutron::Port
@ -69,6 +66,7 @@ resources:
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
      network: {get_param: overcloud_storage_net}
+      port_security_enabled: False

  storage_mgmt_port:
    type: OS::Neutron::Port
@ -80,6 +78,7 @@ resources:
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
      network: {get_param: overcloud_storage_mgmt_net}
+      port_security_enabled: False

  tenant_port:
    type: OS::Neutron::Port
@ -91,6 +90,7 @@ resources:
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
      network: {get_param: overcloud_tenant_net}
+      port_security_enabled: False

  public_port:
    type: OS::Neutron::Port
@ -101,7 +101,8 @@ resources:
        - - public_
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
-      network: {get_param: public_net}
+      network: {get_param: [networks, public]}
+      port_security_enabled: False

  public_bond_port:
    type: OS::Neutron::Port
@ -112,7 +113,8 @@ resources:
        - - public_
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
-      network: {get_param: public_net}
+      network: {get_param: [networks, public]}
+      port_security_enabled: False

 outputs:
  ports:
--- a/templates/bmc-port-port-security.yaml
+++ b/templates/bmc-port-port-security.yaml
@ -1,29 +0,0 @@
-heat_template_version: 2015-10-15
-
-parameters:
-
-  bmc_prefix:
-    type: string
-
-  private_net:
-    type: string
-
-resources:
-
-  private_bmc_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - '_'
-        - - 'utility'
-          - {get_param: bmc_prefix}
-      network: {get_param: private_net}
-      port_security_enabled: False
-
-outputs:
-  port:
-    value:
-    - {port: {get_resource: private_bmc_port}}
-  ip_address:
-    value: {get_attr: [private_bmc_port, fixed_ips, 0, ip_address]}
--- a/templates/bmc-port.yaml
+++ b/templates/bmc-port.yaml
@ -1,4 +1,4 @@
-heat_template_version: 2014-10-16
+heat_template_version: 2015-10-15

 parameters:

@ -19,6 +19,7 @@ resources:
        - - 'utility'
          - {get_param: bmc_prefix}
      network: {get_param: private_net}
+      port_security_enabled: False

 outputs:
  port:
--- a/templates/dhcp-relay.yaml
+++ b/templates/dhcp-relay.yaml
@ -0,0 +1,189 @@
+heat_template_version: 2016-10-14
+
+parameters:
+
+  key_name:
+    type: string
+    default: default
+    description: Nova keypair to inject into the undercloud and bmc
+
+  dhcp_relay_flavor:
+    type: string
+    default: m1.small
+    description: The Nova flavor to use for the dhcrelay instance
+
+  dhcp_relay_image:
+    type: string
+    default: CentOS-7-x86_64-GenericCloud
+    description: |
+      The base image for the dhcrelay instance.  A CentOS 7 image is currently
+      the only one supported.
+
+  dhcp_relay_provision_address:
+    type: string
+    description: DHCP relay address on the provision network subnet
+    default: 192.168.24.253
+
+  dhcp_relay_provision2_address:
+    type: string
+    description: DHCP relay address on the provision2 network subnet
+    default: 192.168.25.253
+
+  dhcp_relay_provision3_address:
+    type: string
+    description: DHCP relay address on the provision3 network subnet
+    default: 192.168.26.253
+
+  dhcp_ips:
+    type: json
+    description: |
+      The IP addresses of DHCP servers to relay DHCP requests to.
+
+  networks:
+    type: json
+
+  private_net:
+    type: string
+
+
+resources:
+  dhcp_relay_port_private:
+    type: OS::Neutron::Port
+    properties:
+      name: dhcp_relay_port_private
+      network: {get_param: private_net}
+
+  dhcp_relay_port_provision:
+    type: OS::Neutron::Port
+    properties:
+      name: dhcp_relay_port_provision
+      network: {get_param: [networks, provision]}
+      port_security_enabled: False
+      fixed_ips:
+       - ip_address: {get_param: dhcp_relay_provision_address}
+
+  dhcp_relay_port_provision2:
+    type: OS::Neutron::Port
+    properties:
+      name: dhcp_relay_port_provision2
+      network: {get_param: [networks, provision2]}
+      port_security_enabled: False
+      fixed_ips:
+       - ip_address: {get_param: dhcp_relay_provision2_address}
+
+  dhcp_relay_port_provision3:
+    type: OS::Neutron::Port
+    properties:
+      name: dhcp_relay_port_provision3
+      network: {get_param: [networks, provision3]}
+      port_security_enabled: False
+      fixed_ips:
+       - ip_address: {get_param: dhcp_relay_provision3_address}
+
+  init_networks:
+    type: OS::Heat::CloudConfig
+    properties:
+      cloud_config:
+        network:
+          version: 2
+          ethernets:
+            eth0:
+              dhcp4: false
+              addresses:
+                - list_join:
+                    - /
+                    - - {get_attr: [dhcp_relay_port_provision, fixed_ips, 0, ip_address]}
+                      - {str_split: ['/', {get_attr: [dhcp_relay_port_provision, subnets, 0, cidr]}, 1]}
+            eth1:
+              dhcp4: false
+              addresses:
+                - list_join:
+                    - /
+                    - - {get_attr: [dhcp_relay_port_provision2, fixed_ips, 0, ip_address]}
+                      - {str_split: ['/', {get_attr: [dhcp_relay_port_provision2, subnets, 0, cidr]}, 1]}
+            eth2:
+              dhcp4: false
+              addresses:
+                - list_join:
+                    - /
+                    - - {get_attr: [dhcp_relay_port_provision3, fixed_ips, 0, ip_address]}
+                      - {str_split: ['/', {get_attr: [dhcp_relay_port_provision3, subnets, 0, cidr]}, 1]}
+            eth3:
+              dhcp4: true
+
+  init_packages:
+    type: OS::Heat::CloudConfig
+    properties:
+      cloud_config:
+        package_upgrade: true
+        packages:
+          - dhcp
+
+  init_files:
+    type: OS::Heat::CloudConfig
+    properties:
+      cloud_config:
+        write_files:
+          - path: /etc/systemd/system/dhcrelay.service
+            content:
+              str_replace:
+                template: |
+                  [Unit]
+                  Description=DHCP Relay Agent Daemon
+                  Documentation=man:dhcrelay(8)
+                  Wants=network-online.target
+                  After=network-online.target
+
+                  [Service]
+                  Type=simple
+                  ExecStart=/usr/sbin/dhcrelay -d --no-pid $dhcp_ips -i eth1 -i eth2 -i eth3
+                  StandardError=null
+
+                  [Install]
+                  WantedBy=multi-user.target
+                params:
+                  $dhcp_ips:
+                     list_join:
+                      - ' '
+                      - {get_param: dhcp_ips}
+          - path: /etc/sysctl.d/98-rp-filter.conf
+            content: |
+              net.ipv4.conf.eth1.rp_filter = 0
+              net.ipv4.conf.eth2.rp_filter = 0
+              net.ipv4.conf.eth3.rp_filter = 0
+
+  init_runcmd:
+    type: OS::Heat::CloudConfig
+    properties:
+      cloud_config:
+        runcmd:
+          - ['sysctl','--system']
+          - ['systemctl', 'daemon-reload']
+          - ['systemctl', 'enable', 'dhcrelay.service']
+          - ['systemctl', 'start', 'dhcrelay.service']
+          - ['systemctl', 'status', 'dhcrelay.service']
+
+  dhcrelay_init:
+    type: OS::Heat::MultipartMime
+    properties:
+      parts:
+        - config: {get_resource: init_networks}
+        - config: {get_resource: init_packages}
+        - config: {get_resource: init_files}
+        - config: {get_resource: init_runcmd}
+
+  dhcp_relay_server:
+    type: OS::Nova::Server
+    properties:
+      name: dhcrelay
+      flavor: {get_param: dhcp_relay_flavor}
+      image: {get_param: dhcp_relay_image}
+      key_name: {get_param: key_name}
+      networks:
+        - {port: {get_resource: dhcp_relay_port_private}}
+        - {port: {get_resource: dhcp_relay_port_provision}}
+        - {port: {get_resource: dhcp_relay_port_provision2}}
+        - {port: {get_resource: dhcp_relay_port_provision3}}
+      config_drive: true
+      user_data_format: RAW
+      user_data: {get_resource: dhcrelay_init}
--- a/templates/env.yaml.example
+++ b/templates/env.yaml.example
@ -1,59 +0,0 @@
-# DEPRECATED: This sample environment file has been replaced by the one in
-# environments/base.yaml and the other sample environments in that directory.
-# This file should not be used for new OVB deployments.
-
-parameters:
-  bmc_flavor: bmc
-  bmc_image: CentOS-7-x86_64-GenericCloud
-  baremetal_flavor: baremetal
-  baremetal_image: ipxe-boot
-  key_name: default
-  private_net: private
-  bmc_prefix: bmc
-  baremetal_prefix: baremetal
-  node_count: 2
-  public_net: public
-  provision_net: provision
-  # QuintupleO-specific params ignored by virtual-baremetal.yaml
-  undercloud_name: undercloud
-  undercloud_image: CentOS-7-x86_64-GenericCloud
-  undercloud_flavor: m1.xlarge
-  external_net: external
-  public_net_shared: false
-  provision_net_shared: false
-
-#parameter_defaults:
-  # Set a default role for the nodes in this environment.  This parameter is
-  # ignored by Heat, but used by build-nodes-json.
-  #role: control
-
-## Uncomment and customize the following to use an existing floating ip
-#  undercloud_floating_ip_id: 'uuid of floating ip'
-#  undercloud_floating_ip: 'address of floating ip'
-
-#resource_registry:
-## Uncomment the following to use an existing floating ip
-#  OS::OVB::UndercloudFloating: templates/undercloud-floating-existing.yaml
-
-## Uncomment the following to use no floating ip
-#  OS::OVB::UndercloudFloating: templates/undercloud-floating-none.yaml
-
-## Uncomment the following to create a private network
-#  OS::OVB::PrivateNetwork: templates/private-net-create.yaml
-
-## Uncomment to create all networks required for network-isolation.
-## parameter_defaults should be used to override default parameter values
-## in baremetal-networks-all.yaml
-#  OS::OVB::BaremetalNetworks: templates/baremetal-networks-all.yaml
-#  OS::OVB::BaremetalPorts: templates/baremetal-ports-all.yaml
-
-## Uncomment to use the neutron port-security extension to allow DHCP from
-## the undercloud to overcloud nodes.  There are *-port-security.yaml versions
-## of all the standard port resource templates.  The examples below are to use
-## port-security with a minimal deployment (i.e. no network isolation).
-#  OS::OVB::BaremetalPorts: templates/baremetal-ports-default-port-security.yaml
-#  OS::OVB::BMCPort: templates/bmc-port-port-security.yaml
-#  OS::OVB::UndercloudPorts: templates/undercloud-ports-port-security.yaml
-
-## Uncomment to deploy a quintupleo environment without an undercloud.
-#  OS::OVB::UndercloudEnvironment: OS::Heat::None
--- a/templates/quintupleo.yaml
+++ b/templates/quintupleo.yaml
@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: 2016-04-08

 # Template that wraps virtual-baremetal.yaml and does some additional environment
 # setup automatically:
@ -49,36 +49,6 @@ parameters:
    default: external
    description: An external network from which floating ips can be provisioned

-  provision_net:
-    type: string
-    default: provision
-    description: Name of a network that will be used for provisioning traffic
-
-  provision_net_cidr:
-    type: string
-    description: CIDR for provision network subnet
-    default: 192.0.2.0/24
-
-  provision_net_shared:
-    type: boolean
-    description: Whether this network should be shared across all tenants
-    default: false
-
-  public_net:
-    type: string
-    description: Name of the overcloud external network
-    default: public
-
-  public_net_cidr:
-    type: string
-    description: CIDR for external network subnet
-    default: 10.0.0.0/24
-
-  public_net_shared:
-    type: boolean
-    description: Whether this network should be shared across all tenants
-    default: false
-
  bmc_prefix:
    type: string
    default: bmc
@ -171,37 +141,17 @@ parameters:
      ignored by Heat, but used by build-nodes-json.
    default: ''

+  dhcp_ips:
+    type: json
+    default:
+    - 192.168.24.1
+    - 192.168.24.10
+    description: |
+      The IP addresses of DHCP servers to relay DHCP requests to.

 resources:
-  provision_network:
-    type: OS::Neutron::Net
-    properties:
-        name: {get_param: provision_net}
-        shared: {get_param: provision_net_shared}
-
-  provision_subnet:
-    type: OS::Neutron::Subnet
-    properties:
-      network: {get_resource: provision_network}
-      name: {get_param: provision_net}
-      cidr: {get_param: provision_net_cidr}
-      gateway_ip: null
-      enable_dhcp: false
-
-  public_network:
-    type: OS::Neutron::Net
-    properties:
-      name: {get_param: public_net}
-      shared: {get_param: public_net_shared}
-
-  public_subnet:
-    type: OS::Neutron::Subnet
-    properties:
-      network: {get_resource: public_network}
-      name: {get_param: public_net}
-      cidr: {get_param: public_net_cidr}
-      gateway_ip: null
-      enable_dhcp: false
+  undercloud_networks:
+    type: OS::OVB::UndercloudNetworks

  private_network:
    type: OS::OVB::PrivateNetwork
@ -211,7 +161,7 @@ resources:

  undercloud_env:
    type: OS::OVB::UndercloudEnvironment
-    depends_on: [provision_subnet, public_subnet]
+    depends_on: [undercloud_networks, private_network]
    properties:
      undercloud_flavor: {get_param: undercloud_flavor}
      undercloud_image: {get_param: undercloud_image}
@ -220,21 +170,19 @@ resources:
      undercloud_user_data_format: {get_param: undercloud_user_data_format}
      undercloud_user_data: {get_param: undercloud_user_data}
      private_net: {get_attr: [private_network, private_net]}
-      provision_net: {get_resource: provision_network}
-      public_net: {get_resource: public_network}
+      networks: {get_attr: [undercloud_networks, networks]}
      external_net: {get_param: external_net}

  baremetal_env:
    type: OS::OVB::BaremetalEnvironment
-    depends_on: [provision_subnet, public_subnet]
+    depends_on: undercloud_networks
    properties:
      baremetal_flavor: {get_param: baremetal_flavor}
      baremetal_image: {get_param: baremetal_image}
      key_name: {get_param: key_name}
      node_count: {get_param: node_count}
-      public_net: {get_resource: public_network}
      private_net: {get_attr: [private_network, private_net]}
-      provision_net: {get_resource: provision_network}
+      networks: {get_attr: [undercloud_networks, networks]}
      bmc_flavor: {get_param: bmc_flavor}
      bmc_prefix: {get_param: bmc_prefix}
      bmc_image: {get_param: bmc_image}
@ -247,6 +195,7 @@ resources:
      os_user_domain: {get_param: os_user_domain}
      os_project_domain: {get_param: os_project_domain}
      cloud_data: {get_param: cloud_data}
+      dhcp_ips: {get_param: dhcp_ips}

 outputs:
  undercloud_host_floating_ip:
@ -257,3 +206,10 @@ outputs:
    description: "ip of the undercloud instance on the private network"
    value:
      get_attr: [undercloud_env, undercloud_host_private_ip]
+  network_environment_data:
+    description: "Network environment data, router addresses etc."
+    value:
+      map_merge:
+      - get_attr: [undercloud_networks, provision_network_routers]
+      - get_attr: [baremetal_env, baremetal_networks_routers_addresses]
+      - get_attr: [undercloud_networks, public_network_router]
--- a/templates/resource-registry.yaml
+++ b/templates/resource-registry.yaml
@ -8,3 +8,5 @@ resource_registry:
  OS::OVB::BaremetalPorts: baremetal-ports-default.yaml
  OS::OVB::BMCPort: bmc-port.yaml
  OS::OVB::UndercloudPorts: undercloud-ports.yaml
+  OS::OVB::UndercloudNetworks: undercloud-networks.yaml
+  OS::OVB::DHCPRelay: OS::Heat::None
--- a/templates/undercloud-networks-existing.yaml
+++ b/templates/undercloud-networks-existing.yaml
@ -0,0 +1,44 @@
+heat_template_version: 2015-04-30
+
+parameters:
+  provision_net:
+    type: string
+    default: provision
+    description: Name of a network that will be used for provisioning traffic
+
+  provision_net_cidr:
+    type: string
+    description: CIDR for provision network subnet
+    default: 192.0.2.0/24
+
+  provision_net_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+  public_net:
+    type: string
+    description: Name of the overcloud external network
+    default: public
+
+  public_net_cidr:
+    type: string
+    description: CIDR for external network subnet
+    default: 10.0.0.0/24
+
+  public_net_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+
+outputs:
+  networks:
+    value:
+      provision: {get_param: provision_net}
+      public: {get_param: public_net}
+  # The provision and public network routers is here for compatibility only
+  provision_network_routers:
+    value: null
+  public_network_router:
+    value: null
--- a/templates/undercloud-networks-public-router.yaml
+++ b/templates/undercloud-networks-public-router.yaml
@ -0,0 +1,105 @@
+heat_template_version: 2015-04-30
+
+parameters:
+  provision_net:
+    type: string
+    default: provision
+    description: Name of a network that will be used for provisioning traffic
+
+  provision_net_cidr:
+    type: string
+    description: CIDR for provision network subnet
+    default: 192.168.24.0/24
+
+  provision_net_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+  public_net:
+    type: string
+    description: Name of the overcloud external network
+    default: public
+
+  public_net_cidr:
+    type: string
+    description: CIDR for external network subnet
+    default: 10.0.0.0/24
+
+  public_net_router_address:
+    type: string
+    description: Router address for the public network subnet
+    default: 10.0.0.254
+
+  public_net_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+  external_net:
+    type: string
+    description: An external network for the networks to route to
+
+resources:
+  provision_network:
+    type: OS::Neutron::Net
+    properties:
+        name: {get_param: provision_net}
+        shared: {get_param: provision_net_shared}
+
+  provision_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: provision_network}
+      name: {get_param: provision_net}
+      cidr: {get_param: provision_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  public_network:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: public_net}
+      shared: {get_param: public_net_shared}
+
+  public_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: public_network}
+      name: {get_param: public_net}
+      cidr: {get_param: public_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  public_router:
+    type: OS::Neutron::Router
+    properties:
+      name: public-router
+      external_gateway_info:
+        network: {get_param: external_net}
+
+  public_router_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: public_network}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: public_net_router_address}
+
+  public_router_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: public_router}
+      port: {get_resource: public_router_port}
+
+outputs:
+  networks:
+    value:
+      provision: {get_resource: provision_network}
+      public: {get_resource: public_network}
+  # The provision_network_routers is here for compatibility only
+  provision_network_routers:
+    value: {}
+  public_network_router:
+    value:
+      public_router: {get_attr: [public_router_port,  fixed_ips, 0, ip_address]}
--- a/templates/undercloud-networks-routed.yaml
+++ b/templates/undercloud-networks-routed.yaml
@ -0,0 +1,233 @@
+heat_template_version: 2015-04-30
+
+parameters:
+  provision_net:
+    type: string
+    default: provision
+    description: Name of a network that will be used for provisioning traffic
+
+  provision_net_cidr:
+    type: string
+    description: CIDR for provision network subnet
+    default: 192.168.24.0/24
+
+  provision_net_router_address:
+    type: string
+    description: Router address for the provision network subnet
+    default: 192.168.24.254
+
+  provision_net_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+  provision_net2:
+    type: string
+    default: provision2
+    description: Name of a second network that will be used for provisioning traffic
+
+  provision_net2_cidr:
+    type: string
+    description: CIDR for second provision network subnet
+    default: 192.168.25.0/24
+
+  provision_net2_router_address:
+    type: string
+    description: Router address for the provision network subnet
+    default: 192.168.25.254
+
+  provision_net2_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+  provision_net3:
+    type: string
+    default: provision3
+    description: Name of a third network that will be used for provisioning traffic
+
+  provision_net3_cidr:
+    type: string
+    description: CIDR for third provision network subnet
+    default: 192.168.26.0/24
+
+  provision_net3_router_address:
+    type: string
+    description: Router address for the provision network subnet
+    default: 192.168.26.254
+
+  provision_net3_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+  public_net:
+    type: string
+    description: Name of the overcloud external network
+    default: public
+
+  public_net_cidr:
+    type: string
+    description: CIDR for external network subnet
+    default: 10.0.0.0/24
+
+  public_net_router_address:
+    type: string
+    description: Router address for the public network subnet
+    default: 10.0.0.254
+
+  public_net_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+  external_net:
+    type: string
+    description: An external network for the networks to route to
+
+resources:
+  provision_router:
+    type: OS::Neutron::Router
+    properties:
+      name: provision-router
+      external_gateway_info:
+        network: {get_param: external_net}
+
+  provision_network:
+    type: OS::Neutron::Net
+    properties:
+        name: {get_param: provision_net}
+        shared: {get_param: provision_net_shared}
+
+  provision_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: provision_network}
+      name: {get_param: provision_net}
+      cidr: {get_param: provision_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  provision_router_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: provision_network}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: provision_net_router_address}
+
+  provision_router_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: provision_router}
+      port: {get_resource: provision_router_port}
+
+  provision_network2:
+    type: OS::Neutron::Net
+    properties:
+        name: {get_param: provision_net2}
+        shared: {get_param: provision_net2_shared}
+
+  provision_subnet2:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: provision_network2}
+      name: {get_param: provision_net2}
+      cidr: {get_param: provision_net2_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  provision_router_port2:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: provision_network2}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: provision_net2_router_address}
+
+  provision_router_interface2:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: provision_router}
+      port: {get_resource: provision_router_port2}
+
+  provision_network3:
+    type: OS::Neutron::Net
+    properties:
+        name: {get_param: provision_net3}
+        shared: {get_param: provision_net3_shared}
+
+  provision_subnet3:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: provision_network3}
+      name: {get_param: provision_net3}
+      cidr: {get_param: provision_net3_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  provision_router_port3:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: provision_network3}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: provision_net3_router_address}
+
+  provision_router_interface3:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: provision_router}
+      port: {get_resource: provision_router_port3}
+
+  public_network:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: public_net}
+      shared: {get_param: public_net_shared}
+
+  public_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: public_network}
+      name: {get_param: public_net}
+      cidr: {get_param: public_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  public_router:
+    type: OS::Neutron::Router
+    properties:
+      name: public-router
+      external_gateway_info:
+        network: {get_param: external_net}
+
+  public_router_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: public_network}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: public_net_router_address}
+
+  public_router_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: public_router}
+      port: {get_resource: public_router_port}
+
+outputs:
+  networks:
+    value:
+      provision: {get_resource: provision_network}
+      provision2: {get_resource: provision_network2}
+      provision3: {get_resource: provision_network3}
+      public: {get_resource: public_network}
+  provision_network_routers:
+    value:
+      provision_router: {get_attr: [provision_router_port, fixed_ips, 0, ip_address]}
+      provision2_router: {get_attr: [provision_router_port2, fixed_ips, 0, ip_address]}
+      provision3_router: {get_attr: [provision_router_port3, fixed_ips, 0, ip_address]}
+  public_network_router:
+    value:
+      public_router: {get_attr: [public_router_port,  fixed_ips, 0, ip_address]}
--- a/templates/undercloud-networks.yaml
+++ b/templates/undercloud-networks.yaml
@ -0,0 +1,74 @@
+heat_template_version: 2015-04-30
+
+parameters:
+  provision_net:
+    type: string
+    default: provision
+    description: Name of a network that will be used for provisioning traffic
+
+  provision_net_cidr:
+    type: string
+    description: CIDR for provision network subnet
+    default: 192.168.24.0/24
+
+  provision_net_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+  public_net:
+    type: string
+    description: Name of the overcloud external network
+    default: public
+
+  public_net_cidr:
+    type: string
+    description: CIDR for external network subnet
+    default: 10.0.0.0/24
+
+  public_net_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+resources:
+  provision_network:
+    type: OS::Neutron::Net
+    properties:
+        name: {get_param: provision_net}
+        shared: {get_param: provision_net_shared}
+
+  provision_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: provision_network}
+      name: {get_param: provision_net}
+      cidr: {get_param: provision_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  public_network:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: public_net}
+      shared: {get_param: public_net_shared}
+
+  public_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: public_network}
+      name: {get_param: public_net}
+      cidr: {get_param: public_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+outputs:
+  networks:
+    value:
+      provision: {get_resource: provision_network}
+      public: {get_resource: public_network}
+  # The provision and public network routers is here for compatibility only
+  provision_network_routers:
+    value: null
+  public_network_router:
+    value: null
--- a/templates/undercloud-ports-port-security.yaml
+++ b/templates/undercloud-ports-port-security.yaml
@ -1,75 +0,0 @@
-heat_template_version: 2015-10-15
-
-parameters:
-
-  undercloud_name:
-    type: string
-
-  private_net:
-    type: string
-
-  provision_net:
-    type: string
-
-  public_net:
-    type: string
-
-resources:
-  undercloud_sg:
-    type: OS::Neutron::SecurityGroup
-    properties:
-      name:
-        list_join:
-        - '_'
-        - - {get_param: undercloud_name}
-          - 'sg'
-      description: Ping, SSH, and TripleO UI
-      rules:
-      - protocol: icmp
-      - protocol: tcp
-        port_range_min: 22
-        port_range_max: 22
-      - protocol: tcp
-        port_range_min: 3000
-        port_range_max: 3000
-
-  private_undercloud_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - '_'
-        - - {get_param: undercloud_name}
-          - 'private'
-      network: {get_param: private_net}
-      security_groups:
-      - {get_resource: undercloud_sg}
-
-  provision_undercloud_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - '_'
-        - - {get_param: undercloud_name}
-          - 'provision'
-      network: {get_param: provision_net}
-      port_security_enabled: False
-
-  public_undercloud_port:
-    type: OS::Neutron::Port
-    properties:
-      name:
-        list_join:
-        - '_'
-        - - {get_param: undercloud_name}
-          - 'public'
-      network: {get_param: public_net}
-      port_security_enabled: False
-
-outputs:
-  ports:
-    value:
-    - {port: {get_resource: private_undercloud_port}}
-    - {port: {get_resource: provision_undercloud_port}}
-    - {port: {get_resource: public_undercloud_port}}
--- a/templates/undercloud-ports.yaml
+++ b/templates/undercloud-ports.yaml
@ -1,4 +1,4 @@
-heat_template_version: 2014-10-16
+heat_template_version: 2015-10-15

 parameters:

@ -8,11 +8,8 @@ parameters:
  private_net:
    type: string

-  provision_net:
-    type: string
-
-  public_net:
-    type: string
+  networks:
+    type: json

 resources:
  undercloud_sg:
@ -53,7 +50,8 @@ resources:
        - '_'
        - - {get_param: undercloud_name}
          - 'provision'
-      network: {get_param: provision_net}
+      network: {get_param: [networks, provision]}
+      port_security_enabled: False

  public_undercloud_port:
    type: OS::Neutron::Port
@ -63,7 +61,8 @@ resources:
        - '_'
        - - {get_param: undercloud_name}
          - 'public'
-      network: {get_param: public_net}
+      network: {get_param: [networks, public]}
+      port_security_enabled: False

 outputs:
  ports:
--- a/templates/undercloud-volume.yaml
+++ b/templates/undercloud-volume.yaml
@ -19,10 +19,8 @@ parameters:
    description: The size of the volume for the undercloud instance
  private_net:
    type: string
-  provision_net:
-    type: string
-  public_net:
-    type: string
+  networks:
+    type: json
  external_net:
    type: string

@ -32,8 +30,7 @@ resources:
    properties:
      undercloud_name: {get_param: undercloud_name}
      private_net: {get_param: private_net}
-      provision_net: {get_param: provision_net}
-      public_net: {get_param: public_net}
+      networks: {get_param: networks}

  undercloud_volume:
    type: OS::Cinder::Volume
--- a/templates/undercloud.yaml
+++ b/templates/undercloud.yaml
@ -15,10 +15,8 @@ parameters:
    type: string
  private_net:
    type: string
-  provision_net:
-    type: string
-  public_net:
-    type: string
+  networks:
+    type: json
  external_net:
    type: string

@ -28,8 +26,7 @@ resources:
    properties:
      undercloud_name: {get_param: undercloud_name}
      private_net: {get_param: private_net}
-      provision_net: {get_param: provision_net}
-      public_net: {get_param: public_net}
+      networks: {get_param: networks}

  undercloud_server:
    type: OS::Nova::Server
--- a/templates/virtual-baremetal-servers.yaml
+++ b/templates/virtual-baremetal-servers.yaml
@ -14,11 +14,8 @@ parameters:
  baremetal_prefix:
    type: string

-  provision_net:
-    type: string
-
-  public_net:
-    type: string
+  networks:
+    type: json

  suffix:
    type: string
@ -30,8 +27,7 @@ resources:
    properties:
      suffix: {get_param: suffix}
      baremetal_prefix: {get_param: baremetal_prefix}
-      provision_net: {get_param: provision_net}
-      public_net: {get_param: public_net}
+      networks: {get_param: networks}

  baremetal_server:
    type: OS::Nova::Server
--- a/templates/virtual-baremetal.yaml
+++ b/templates/virtual-baremetal.yaml
@ -45,22 +45,15 @@ parameters:
    default: 1
    description: Number of baremetal nodes to deploy

-  public_net:
-    type: string
-    description: |
-      An additional network that will be attached to the baremetal instances,
-      intended to be used for non-provisioning traffic
-    default: public
-
  private_net:
    type: string
    default: private
    description: Name of a private network which can have floating ips associated with it

-  provision_net:
-    type: string
-    default: provision
-    description: Name of a network that will be used for provisioning traffic
+  networks:
+    type: json
+    default: {"private": "private", "provision": "provision"}
+    description: A map of networks to their names.

  bmc_prefix:
    type: string
@ -121,6 +114,14 @@ parameters:
    default: '{}'
    hidden: true

+  dhcp_ips:
+    type: json
+    default:
+    - 192.168.24.1
+    - 192.168.24.10
+    description: |
+      The IP addresses of DHCP servers to relay DHCP requests to.
+
  # Ignored parameters for compatibility with QuintupleO env files
  undercloud_image:
    type: string
@ -162,6 +163,15 @@ resources:
              - _%index%
          network: {get_param: private_net}

+  bmc_handle:
+    type: OS::Heat::WaitConditionHandle
+
+  bmc_wait_condition:
+    type: OS::Heat::WaitCondition
+    properties:
+      handle: {get_resource: bmc_handle}
+      timeout: 600
+
  bmc_server:
    type: OS::Nova::Server
    depends_on: [openstack_baremetal_servers, bmc_other_ports, bmc_port]
@ -190,6 +200,7 @@ resources:
            $private_net: {get_param: private_net}
            $openstackbmc_script: {get_file: ../bin/openstackbmc}
            $cloud_data: {get_param: cloud_data}
+            $signal_command: {get_attr: [bmc_handle, curl_cli]}
          template: {get_file: ../bin/install_openstackbmc.sh}

  baremetal_networks:
@ -206,7 +217,16 @@ resources:
          baremetal_flavor: {get_param: baremetal_flavor}
          baremetal_image: {get_param: baremetal_image}
          key_name: {get_param: key_name}
-          provision_net: {get_param: provision_net}
-          public_net: {get_param: public_net}
+          networks: {get_param: networks}
          suffix: _%index%
          baremetal_prefix: {get_param: baremetal_prefix}
+
+  dhcp_relay:
+    type: OS::OVB::DHCPRelay
+    properties:
+      networks: {get_param: networks}
+      dhcp_ips: {get_param: dhcp_ips}
+
+outputs:
+  baremetal_networks_routers_addresses:
+    value: {get_attr: [baremetal_networks, routers_addresses]}
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -7,5 +7,5 @@ testtools>=0.9.36,!=1.2.0
 mock>=1.0

 # docs
-sphinx>=1.1.2,!=1.2.0,!=1.3b1,<1.3
-sphinx_rtd_theme==0.1.7
+sphinx>=1.6
+sphinx_rtd_theme