Permit specifying VLAN mappings to overclouds.

To use a VLAN based public network we need the ext-net network to be a VLAN with a segmentation id - but we can't do this unless we also have the datacentre physical network marked as allowing vlans. We could make this strictly opt-in, but as this doesn't affect the switch configuration (and thus actual machine capabilities) having it on by default seems reasonable. OTOH we can't force it on, because high security environments may well want a defense in depth setup where neutron admins cannot configure VLANs that they are not meant to have access too (consider that the cloud machine admins may be separate to the folk running the services on top of them...) Change-Id: I9687751753f810896c6d065750910da40132c9fa
2014-07-20 08:03:33 +12:00 · 2014-07-20 08:03:33 +12:00 · 0b306f0037
parent ce07603125
commit 0b306f0037
1 changed files with 10 additions and 1 deletions
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@ -115,6 +115,13 @@ parameters:
      scripts or be sure to keep 'datacentre' as a mapping network name.
    type: string
    default: "datacentre:br-ex"
+  NeutronNetworkVLANRanges:
+    default: 'datacentre'
+    description: |
+      The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
+      Neutron documentation for permitted values. Defaults to permitting any
+      VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
+    type: string
  NeutronPassword:
    default: unset
    description: The password for the neutron service account, used by neutron agents.
@ -351,7 +358,8 @@ resources:
        NeutronEnableTunnelling: "True"
        NeutronFlatNetworks:
            get_param: NeutronFlatNetworks
-        NeutronNetworkVLANRanges: ""
+        NeutronNetworkVLANRanges:
+            get_param: NeutronNetworkVLANRanges
        NeutronPhysicalBridge:
            get_param: HypervisorNeutronPhysicalBridge
        NeutronPublicInterface:
@ -510,6 +518,7 @@ resources:
            enable_tunneling: 'True'
            local_ip:
              get_input: controller_host
+            network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
            bridge_mappings: {get_param: NeutronBridgeMappings}
            public_interface:
              get_param: NeutronPublicInterface