From 6b4a138bc52501a3f894fdc3e432c8b29523c75a Mon Sep 17 00:00:00 2001
From: koneill94 <35918022+koneill94@users.noreply.github.com>
Date: Mon, 20 Jan 2020 17:37:13 +0000
Subject: [PATCH] Portworx node changes (#111)

* adding config to deploy extra volumes for portworx

* adding portworx deployment ansible code and modification

* adding config to iron out network and disk ordering issues

* adding port for lighthouse comms

* adjusting storage volume sizes

* Remove vol2 from portworx nodes and specify new Flavor with Ephemeral device for journal

* Initial changes for net2

* Move the change of medium worker flavor for pwx into all-portworx.yaml

* Revert default net2 worker flavor (now modified in add-portworx.yaml

* Fix to make sure pwx flavor is used (will need enhancement

* Reworking of portworx heat (#102)

* First try replacing keys with comments, need to move more changes into add-portworx.yaml

* Add automatic wiping of ephemeral disk

* Edit deploy.sh to avoid error if deploy_portworx_storage is not defined in environment file

* Update environment_example

* Add kvdb volume for portworx workers

* Remove commented-out old code

* Tweak to wiping code to get around inconsistent behaviour of cloud-init...

* Tweak to wiping code to get around inconsistent behaviour of cloud-init...

* Append controlplane and internet gateway to net2NodeRoutes to fix oauth proxy issue

* Add CIDR to controlplane net2NodeRoute

Co-authored-by: Steve Mulholland <stevemul@users.noreply.github.com>
Co-authored-by: Ben Bacon <benbacon@users.noreply.github.com>
Co-authored-by: gellner <gellner@ukcloud.com>
---
 .gitignore                |   1 +
 add-portworx.yaml         | 337 ++++++++++++++++++++++++++++++++++++++
 bastion-template.yaml     |   9 +
 deploy.sh                 |  10 ++
 environment_example.yaml  |   1 +
 files/setup_bastion.yaml  |  10 +-
 network.yaml              |   5 +-
 node_group.yaml           |   4 +-
 security_groups.yaml      |   8 +
 server_atomic.yaml        |  11 +-
 setup-heat-templates.yaml |   9 +-
 top-level-template.yaml   |  16 +-
 12 files changed, 410 insertions(+), 11 deletions(-)
 create mode 100644 add-portworx.yaml

diff --git a/.gitignore b/.gitignore
index 99f4a9f..47916b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ rhel_reg_creds.yaml
 # auto-generated from openshift-template.yaml: see deploy.sh
 openshift.yaml
 bastion.yaml
+*_pwx.yaml
 
 # Backup filenames as generated by ansible playbooks
 *.yaml.*~
diff --git a/add-portworx.yaml b/add-portworx.yaml
new file mode 100644
index 0000000..6922bf2
--- /dev/null
+++ b/add-portworx.yaml
@@ -0,0 +1,337 @@
+- hosts: localhost
+  vars:
+    deploy_portworx_storage: false
+  tasks:
+# This inserts the parameters and resources necessary for portworx
+# It searchs for comments in the base files which reference
+# add-portworx.yaml
+#
+# We make a copy of each yaml file that is modified - 
+# ... the *_pwx.yaml files are in gitignore.
+#
+
+# Create copies of files to be changed
+  - name: create portworx network file
+    copy:
+      src: ./network.yaml
+      dest: ./network_pwx.yaml
+    when: deploy_portworx_storage|bool
+
+  - name: create portworx node_group file
+    copy:
+      src: ./node_group.yaml
+      dest: ./node_group_pwx.yaml
+    when: deploy_portworx_storage|bool
+
+  - name: create portworx server_atomic file
+    copy:
+      src: ./server_atomic.yaml
+      dest: ./server_atomic_pwx.yaml
+    when: deploy_portworx_storage|bool
+
+# Replace references to point to copied files
+  - name: specify pwx network template
+    replace:
+      path: openshift.yaml
+      regexp: 'network.yaml'
+      replace: 'network_pwx.yaml'
+      backup: yes
+    when: deploy_portworx_storage|bool
+
+  - name: specify pwx node_group template
+    replace:
+      path: openshift.yaml
+      regexp: 'node_group'
+      replace: 'node_group_pwx'
+      after: '  worker_small_nodes_deployment'
+      backup: yes
+    when: deploy_portworx_storage|bool
+
+  - name: specify pwx server_atomic template
+    replace:
+      path: node_group_pwx.yaml
+      regexp: 'server_atomic.yaml'
+      replace: 'server_atomic_pwx.yaml'
+      backup: yes
+    when: deploy_portworx_storage|bool
+
+# Make edits in openshift.yaml
+  - name: add parameters to network stack
+    blockinfile:
+      dest: openshift.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts deploy_storage_networks parameter here"
+      marker: "        # ANSIBLE MANAGED BLOCK - parameters for portworx deployment"
+      block: |2
+                # deploy portworx?
+                deploy_storage_networks: { get_param: deploy_portworx_storage }
+    when: deploy_portworx_storage|bool
+
+  - name: add storage networks parameters
+    blockinfile:
+      dest: openshift.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts {{ item }} tenant worker storage networks here"
+      marker: "        # ANSIBLE MANAGED BLOCK - add_portworx_networks_parameters - worker-{{ item }}"
+      block: |2
+                extra_volumes: { get_param: deploy_portworx_storage }
+                storage_management_network: { get_attr: [internal_network, outputs, storage_management_network] }
+                storage_data_network: { get_attr: [internal_network, outputs, storage_data_network] }
+    loop: [ small, medium, large ]
+    when: deploy_portworx_storage|bool
+
+  - name: add storage networks parameters Net2
+    blockinfile:
+      dest: openshift.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts {{ item }} net2 worker storage networks here"
+      marker: "        # ANSIBLE MANAGED BLOCK - add_portworx_networks_parameters Net2 - {{ purpose_ident }}-{{ item }}"
+      block: |2
+                extra_volumes: { get_param: deploy_portworx_storage }
+                storage_management_network: { get_attr: [internal_network, outputs, storage_management_network] }
+                storage_data_network: { get_attr: [internal_network, outputs, storage_data_network] }
+    loop: [ small, medium, large ]
+    when: deploy_portworx_storage|bool and multinetwork|bool
+
+    #  - name: Change small worker size
+    #    replace:
+    #      path: openshift.yaml
+    #      regexp: 'ocp.t1.xxlarge # add-portworx.yaml replaces this with pwx.t1.xxlarge'
+    #      replace: 'pwx.t1.xxlarge'
+    #      backup: yes
+    #    when: deploy_portworx_storage|bool
+
+  - name: Change medium worker size
+    replace:
+      path: openshift.yaml
+      regexp: 'ocp.m1.large # add-portworx.yaml replaces this with pwx.m1.medium'
+      replace: 'pwx.m1.medium'
+      backup: yes
+    when: deploy_portworx_storage|bool
+
+    #  - name: Change large worker size
+    #    replace:
+    #      path: openshift.yaml
+    #      regexp: 'ocp.r1.large # add-portworx.yaml replaces this with pwx.r1.large'
+    #      replace: 'pwx.r1.large'
+    #      backup: yes
+    #    when: deploy_portworx_storage|bool
+
+# Make edits in network_pwx.yaml
+  - name: add storage networks parameters
+    blockinfile:
+      dest: network_pwx.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts deploy_storage_networks parameter here"
+      marker: "  # ANSIBLE MANAGED BLOCK - add_portworx_networks_parameters"
+      block: |2
+          deploy_storage_networks:
+            type: boolean
+            default: false
+    when: deploy_portworx_storage|bool
+
+  - name: add storage networks
+    blockinfile:
+      dest: network_pwx.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts storage_networks resources here"
+      marker: "  # ANSIBLE MANAGED BLOCK - add_portworx_networks_resources"
+      block: |2
+          storage_management_network:
+            type: OS::Neutron::Net
+            condition: deploy_storage_networks
+            properties:
+              admin_state_up: true
+              name: storage_management_network
+        
+          storage_management_subnet:
+            type: OS::Neutron::Subnet
+            condition: deploy_storage_networks
+            properties:
+              name: storage_management_subnet
+              network: { get_resource: storage_management_network }
+              cidr: "10.254.253.0/24"
+              ip_version: 4
+              gateway_ip: ""
+              dns_nameservers: []
+        
+          storage_data_network:
+            type: OS::Neutron::Net
+            condition: deploy_storage_networks
+            properties:
+              admin_state_up: true
+              name: storage_data_network
+        
+          storage_data_subnet:
+            type: OS::Neutron::Subnet
+            condition: deploy_storage_networks
+            properties:
+              name: storage_data_subnet
+              network: { get_resource: storage_data_network }
+              cidr: "10.254.254.0/24"
+              ip_version: 4
+              gateway_ip: ""
+              dns_nameservers: []
+        conditions:
+          deploy_storage_networks:
+            get_param: deploy_storage_networks
+    when: deploy_portworx_storage|bool
+
+  - name: add storage networks outputs
+    blockinfile:
+      dest: network_pwx.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts storage_networks outputs here"
+      marker: "  # ANSIBLE MANAGED BLOCK - add_portwox_networks_outputs"
+      block: |2
+          storage_data_network: 
+            value: { get_resource: storage_data_network }
+            condition: deploy_storage_networks
+          storage_management_network: 
+            value: { get_resource: storage_management_network }
+            condition: deploy_storage_networks
+    when: deploy_portworx_storage|bool
+
+# Make edits in node_group_pwx.yaml
+  - name: node_group_parameters
+    blockinfile:
+      dest: node_group_pwx.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts network and volume parameters here"
+      marker: "  # ANSIBLE MANAGED BLOCK - add parameters to node_group_pwx.yaml"
+      block: |2
+          extra_volumes:
+            type: boolean
+            description: Deploy extra volumes to non-infra nodes
+            default: false
+          storage_management_network:
+            type: string
+            description: Network for storage management traffic 
+          storage_data_network:
+            type: string
+            description: Network for storage data traffic
+    when: deploy_portworx_storage|bool
+
+  - name: node_group_resources
+    blockinfile:
+      dest: node_group_pwx.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts server group parameters here"
+      marker: "          # ANSIBLE MANAGED BLOCK - add properties to node_group server resources"
+      block: |2
+                  extra_volumes: { get_param: extra_volumes }
+                  storage_management_network: { get_param: storage_management_network }
+                  storage_data_network: { get_param: storage_data_network }
+
+    when: deploy_portworx_storage|bool
+
+# Make changes in server_atomic_pwx.yaml
+  - name: server_atomic parameters
+    blockinfile:
+      dest: server_atomic_pwx.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts atomic network and volume parameters here"
+      marker: "  # ANSIBLE MANAGED BLOCK - add parameters to server_atomic_pwx.yaml"
+      block: |2
+          extra_volumes:
+            type: boolean
+            description: Deploy extra volumes to non-infra nodes
+            default: false
+          storage_management_network:
+            type: string
+            description: Network for storage management traffic 
+          storage_data_network:
+            type: string
+            description: Network for storage data traffic
+    when: deploy_portworx_storage|bool
+
+  - name: server_atomic resources
+    blockinfile:
+      dest: server_atomic_pwx.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts server_atomic network resources here"
+      marker: "        # ANSIBLE MANAGED BLOCK - add properties to server_atomic resources"
+      block: |2
+                - network: { get_param: storage_management_network }
+                - network: { get_param: storage_data_network }
+    when: deploy_portworx_storage|bool
+
+  - name: server_atomic storage resources
+    blockinfile:
+      dest: server_atomic_pwx.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts server_atomic volumes here"
+      marker: "  # ANSIBLE MANAGED BLOCK - add properties to server_atomic resources"
+      block: |2
+          portworx_vol1:
+            type: OS::Cinder::Volume
+            condition: deploy_extra_volumes
+            properties:
+              description: Volume for kvdb
+              name:
+                str_replace:
+                  template: vol_kvdb_servername_1
+                  params:
+                    servername: { get_param: server_name }
+              size: 100
+              volume_type: TIER2
+        
+          vol_attachment_vol1:
+            type: OS::Cinder::VolumeAttachment
+            depends_on: [ server, portworx_vol1 ]
+            condition: deploy_extra_volumes
+            properties:
+              instance_uuid: { get_resource: server }
+              mountpoint: /dev/vdc
+              volume_id: { get_resource: portworx_vol1 }
+
+          portworx_vol2:
+            type: OS::Cinder::Volume
+            condition: deploy_extra_volumes
+            properties:
+              description: Volume for data
+              name:
+                str_replace:
+                  template: vol_data_servername_1
+                  params:
+                    servername: { get_param: server_name }
+              size: 100
+              volume_type: TIER2
+
+          vol_attachment_vol2:
+            type: OS::Cinder::VolumeAttachment
+            depends_on: [ server, portworx_vol2, vol_attachment_vol1 ]
+            condition: deploy_extra_volumes
+            properties:
+              instance_uuid: { get_resource: server }
+              mountpoint: /dev/vdd
+              volume_id: { get_resource: portworx_vol2 }
+
+        conditions:
+          not_infra:
+            not:
+              equals:
+              - get_param: purpose_ident
+              - infra
+          deploy_volumes:
+            equals:
+            - get_param: extra_volumes
+            - true
+          deploy_extra_volumes:
+            and:
+            - not_infra
+            - deploy_volumes
+    when: deploy_portworx_storage|bool
+
+  - name: server_atomic - add code to wipe ephemeral disk
+    blockinfile:
+      dest: server_atomic_pwx.yaml
+      backup: yes
+      insertafter: "# add-portworx.yaml inserts extra code to wipe ephemeral disk here"
+      marker: "             # ANSIBLE MANAGED BLOCK - add code to wipe ephemeral disk"
+      block: |2
+                     EPHDEV="/dev/"`lsblk | grep /var/mnt | awk '{print $1}' | sed 's/[^a-z]*//g'`
+                     sudo umount /mnt; sudo wipefs -af $EPHDEV
+                     grep -v "${EPHDEV}" /etc/fstab > /tmp/fstab; sudo mv /tmp/fstab /etc/fstab
+    when: deploy_portworx_storage|bool
+
diff --git a/bastion-template.yaml b/bastion-template.yaml
index 7defa14..e32a682 100644
--- a/bastion-template.yaml
+++ b/bastion-template.yaml
@@ -151,6 +151,10 @@ parameters:
   multinetwork:
     type: boolean
     description: Deployment is multi-network?
+  deploy_portworx_storage:
+    type: boolean
+    description: Deploy Portworx?
+    default: false
   deploy_extra_gateway:
     type: boolean
     description: Deployment includes extra-gateway?
@@ -198,6 +202,9 @@ parameters:
   ansible_vault_password:
     type: string
     description: Ansible Vault password for decrypting secrets
+  internet_gateway_ip:
+    type: string
+    description: Internet gateway for internal network
 
 resources:
   bastion_port:
@@ -310,6 +317,7 @@ resources:
             __ocp_branding__ : { get_param: ocp_branding }
             __ocp_branding_url__ : { get_param: ocp_branding_url }
             __multinetwork__ : { get_param: multinetwork }
+            __deploy_portworx_storage__ : { get_param: deploy_portworx_storage }
             __deploy_extra_gateway__ : { get_param: deploy_extra_gateway }
             __external_dns__ : { get_param: external_dns }
             __set_node_routes__ : { get_param: set_node_routes }
@@ -330,6 +338,7 @@ resources:
             __neustar_ultradns_password__ : { get_param: neustar_ultradns_password }
             __slack_webhook_url_acme_sh__ : { get_param: slack_webhook_url_acme_sh }
             __ansible_vault_password__: { get_param: ansible_vault_password }
+            __internet_gateway_ip__: { get_param: internet_gateway_ip }
           template: { get_file: 'files/setup_bastion.yaml' }
       outputs:
       - name: result
diff --git a/deploy.sh b/deploy.sh
index 8da50ff..81f2305 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -22,6 +22,9 @@ if [[ $multinetwork == true ]]; then
      tr '[:upper:]' '[:lower:]')
 fi
 
+deploy_portworx_storage=$(python -c "import yaml;d=yaml.load(open('environment.yaml')); print(d['parameter_defaults']['deploy_portworx_storage'] if d['parameter_defaults'].has_key('deploy_portworx_storage') else 'False')" |
+     tr '[:upper:]' '[:lower:]')
+
 function validateSetup() {
   if [[ -z ${OS_PROJECT_ID} ]]; then
     echo -e "\nYou must source your OpenStack RC file so we can access the OpenStack API\n"
@@ -53,6 +56,12 @@ function setupHeatTemplate() {
     --extra-vars "purpose_ident=${purpose_ident}"
 }
 
+function addPortworxStorage() {
+  ansible-playbook ./add-portworx.yaml \
+    --extra-vars "deploy_portworx_storage=${deploy_portworx_storage}" \
+    --extra-vars "purpose_ident=${purpose_ident}" \
+    --extra-vars "multinetwork=${multinetwork}"
+}
 function deployHeatStack() {
   openstack stack create -f yaml -t openshift.yaml openshift-${OS_PROJECT_NAME} \
     -e rhel_reg_creds.yaml \
@@ -77,5 +86,6 @@ validateSetup
 getPassword
 getDataFromOpenstackProject
 setupHeatTemplate
+addPortworxStorage
 deployHeatStack
 showBastionIp
diff --git a/environment_example.yaml b/environment_example.yaml
index cbffc5b..deb1761 100644
--- a/environment_example.yaml
+++ b/environment_example.yaml
@@ -80,6 +80,7 @@ parameter_defaults:
   #  registry_url: "<registry_url>"
   #  registry_user: "<registry_user>"
   #  registry_password: "<registry_password>"
+  #deploy_portworx_storage: <whether to deploy extra volumes, network and prereqs for portworx>
   ansible_branch: "v3.11"
   neustar_ultradns_username: "<neustar_ultradns_username>"
   neustar_ultradns_password: "<neustar_ultradns_password>"
diff --git a/files/setup_bastion.yaml b/files/setup_bastion.yaml
index 2075d3e..54f0a64 100644
--- a/files/setup_bastion.yaml
+++ b/files/setup_bastion.yaml
@@ -33,6 +33,7 @@
     ocpBranding: __ocp_branding__
     ocpBrandingUrl: "__ocp_branding_url__"
     multinetwork: __multinetwork__
+    deploy_portworx_storage: __deploy_portworx_storage__
     deployExtraGateway: __deploy_extra_gateway__
     externalDns: __external_dns__
     setNodeRoutes: __set_node_routes__
@@ -65,6 +66,7 @@
     neustarUltraDnsPassword: __neustar_ultradns_password__
     slackWebhookUrlAcmeSh: __slack_webhook_url_acme_sh__
     ansibleVaultPassword: __ansible_vault_password__
+    internetGatewayIp: __internet_gateway_ip__
 
   tasks:
     - name: Check if stack update or create and register variable
@@ -75,7 +77,12 @@
                 --os-password "{{ openstackOpenshiftPassword }}") = *UPDATE* ]] ; then echo False ; else echo True ; fi
       register: stack_status
 
-    - set_fact: stack_create="{{ stack_status.stdout }}"
+    - set_fact: 
+        stack_create: "{{ stack_status.stdout }}"
+
+    - set_fact:
+        net2NodeRoutes: "{{ net2NodeRoutes + [ { 'gateway': internetGatewayIp, 'route': controlplaneIp + '/32' } ] }}"
+      when: multinetwork
 
     - name: temporarily add host entries before we setup proper DNS
       blockinfile:
@@ -243,6 +250,7 @@
           ocpBranding: {{ ocpBranding }}
           ocpBrandingUrl: {{ ocpBrandingUrl }}
           multinetwork: {{ multinetwork }}
+          deploy_portworx_storage: {{ deploy_portworx_storage }}
           external_dns:
           {% for item in externalDns %}
             - {{ item }}
diff --git a/network.yaml b/network.yaml
index 1d0a230..c6ea118 100644
--- a/network.yaml
+++ b/network.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
 
 parameters:
   allocation_pools:
@@ -20,6 +20,7 @@ parameters:
     type: string
     description: gateway of the network
     default: "10.2.1.254"
+# add-portworx.yaml inserts deploy_storage_networks parameter here
 
 resources:
   InternetGW:
@@ -50,7 +51,9 @@ resources:
       gateway_ip: { get_param: gateway }
       ip_version: 4
 
+# add-portworx.yaml inserts storage_networks resources here
 outputs:
+# add-portworx.yaml inserts storage_networks outputs here    
   network: 
     value: { get_resource: network }
   subnet:
diff --git a/node_group.yaml b/node_group.yaml
index 3bc786f..9bde390 100644
--- a/node_group.yaml
+++ b/node_group.yaml
@@ -69,6 +69,7 @@ parameters:
       GROWPART=true
       ROOT_SIZE=20G
       DATA_SIZE=70G
+# add-portworx.yaml inserts network and volume parameters here
 
 resources:
 
@@ -87,6 +88,7 @@ resources:
                 nodetype: { get_param: node_type }
                 suffix: { get_param: local_domain_suffix }
                 ident: { get_param: purpose_ident }
+          purpose_ident: { get_param: purpose_ident }
           flavor: { get_param: node_flavor }
           image: { get_param: image }
           key_name: { get_param: key_name }
@@ -97,7 +99,7 @@ resources:
           storage_setup: { get_param: storage_setup }
           external_service_subnet: { get_param: external_service_subnet }
           server_group: { get_param: server_group }
-
+          # add-portworx.yaml inserts server group parameters here
 outputs:
   node_list:
     description: host file contents
diff --git a/security_groups.yaml b/security_groups.yaml
index c0b1fb1..a744f53 100644
--- a/security_groups.yaml
+++ b/security_groups.yaml
@@ -322,6 +322,14 @@ resources:
           protocol: tcp
           port_range_min: 9100
           port_range_max: 9100
+          # Portworx ports:
+        - direction: ingress
+          ethertype: IPv4
+          remote_mode: remote_group_id
+          remote_group_id: { get_resource: all_nodes_egress_secgroup }
+          protocol: tcp
+          port_range_min: 9001
+          port_range_max: 9022
 
   infra_nodes_secgroup:
     type: OS::Neutron::SecurityGroup
diff --git a/server_atomic.yaml b/server_atomic.yaml
index a9e8989..fa3bdda 100644
--- a/server_atomic.yaml
+++ b/server_atomic.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
 
 parameters:
   flavor:
@@ -19,6 +19,9 @@ parameters:
   server_name:
     type: string
     description: Name of the server
+  purpose_ident:
+    type: string
+    description: Server purpose
   port_network:
     type: string
   sec_groups:
@@ -50,6 +53,7 @@ parameters:
   external_service_subnet:
     type: string
     description: Subnet to be used for external services
+  # add-portworx.yaml inserts atomic network and volume parameters here
 
 resources:
   resize_lv:
@@ -73,7 +77,7 @@ resources:
             __satellite_fqdn__: { get_param: satellite_fqdn }
             __satellite_deploy__: { get_param: satellite_deploy }                  
           template: |
-            #!/bin/bash -x
+             #!/bin/bash -x
              cd /home/cloud-user
              if [[ "__satellite_deploy__" = True ]] 
              then
@@ -85,6 +89,7 @@ resources:
              subscription-manager repos --disable=*
              subscription-manager repos --enable=rhel-7-server-rpms
              ln -sf /usr/share/zoneinfo/UTC /etc/localtime
+             # add-portworx.yaml inserts extra code to wipe ephemeral disk here
 
   server_init:
     type: OS::Heat::MultipartMime
@@ -102,6 +107,7 @@ resources:
       key_name: { get_param: key_name }
       networks:
         - port: { get_resource: port }
+        # add-portworx.yaml inserts server_atomic network resources here    
       scheduler_hints:
         group: { get_param: server_group }
       user_data_format: SOFTWARE_CONFIG
@@ -118,6 +124,7 @@ resources:
       network: { get_param: port_network }
       security_groups: { get_param: sec_groups }
       allowed_address_pairs: [ ip_address: { get_param: external_service_subnet } ]
+      # add-portworx.yaml inserts server_atomic volumes here
 
 outputs:
   server_ip:
diff --git a/setup-heat-templates.yaml b/setup-heat-templates.yaml
index 7dc0a8e..dada24a 100644
--- a/setup-heat-templates.yaml
+++ b/setup-heat-templates.yaml
@@ -141,10 +141,11 @@
               template: { get_file: node_group.yaml }
               parameters:
                 node_type: worker
-                node_flavor: ocp.t1.xxlarge
+                node_flavor: ocp.t1.xxlarge # add-portworx.yaml replaces this with pwx.t1.xxlarge
                 key_name: { get_param: key_name }
                 node_scale: { get_param: net2_worker_small_scale }
                 purpose_ident: {{ purpose_ident }}-s
+                # add-portworx.yaml inserts small net2 worker storage networks here
                 local_domain_suffix: { get_param: local_domain_suffix }
                 internal_network: { get_attr: [internal_network, outputs, network] }
                 internal_network_subnet: { get_attr: [internal_network, outputs, subnet] }
@@ -167,10 +168,11 @@
               template: { get_file: node_group.yaml }
               parameters:
                 node_type: worker
-                node_flavor: ocp.m1.large
+                node_flavor: ocp.m1.large # add-portworx.yaml replaces this with pwx.m1.medium
                 key_name: { get_param: key_name }
                 node_scale: { get_param: net2_worker_medium_scale }
                 purpose_ident: {{ purpose_ident }}-m
+                # add-portworx.yaml inserts medium net2 worker storage networks here
                 local_domain_suffix: { get_param: local_domain_suffix }
                 internal_network: { get_attr: [internal_network, outputs, network] }
                 internal_network_subnet: { get_attr: [internal_network, outputs, subnet] }
@@ -193,10 +195,11 @@
               template: { get_file: node_group.yaml }
               parameters:
                 node_type: worker
-                node_flavor: ocp.r1.large
+                node_flavor: ocp.r1.large # add-portworx.yaml replaces this with pwx.r1.large
                 key_name: { get_param: key_name }
                 node_scale: { get_param: net2_worker_large_scale }
                 purpose_ident: {{ purpose_ident }}-l
+                # add-portworx.yaml inserts large net2 worker storage networks here
                 local_domain_suffix: { get_param: local_domain_suffix }
                 internal_network: { get_attr: [internal_network, outputs, network] }
                 internal_network_subnet: { get_attr: [internal_network, outputs, subnet] }
diff --git a/top-level-template.yaml b/top-level-template.yaml
index 5dcf942..5bfab7c 100644
--- a/top-level-template.yaml
+++ b/top-level-template.yaml
@@ -105,6 +105,10 @@ parameters:
   multinetwork:
     type: boolean
     description: Whether to deploy a secondary external network
+  deploy_portworx_storage:
+    type: boolean
+    description: Deploy Portworx?
+    default: false  
   deploy_extra_gateway:
     type: boolean
     description: Whether to deploy an extra gateway for a VRF for example
@@ -198,6 +202,7 @@ resources:
       template: { get_file: network.yaml }
       parameters:
         allocation_pools: { get_param: [ network_config, allocation_pool ] }
+        # add-portworx.yaml inserts deploy_storage_networks parameter here
         cidr: { get_param: [ network_config, cidr ] }
         dns: { get_param: [ network_config, dns ] }
         external_network: { get_param: external_network_cp }
@@ -346,10 +351,11 @@ resources:
       template: { get_file: node_group.yaml }
       parameters:
         node_type: worker
-        node_flavor: ocp.t1.xxlarge
+        node_flavor: ocp.t1.xxlarge # add-portworx.yaml replaces this with pwx.t1.xxlarge
         key_name: { get_param: key_name }
         node_scale: { get_param: worker_small_scale }
         purpose_ident: tenant-s
+        # add-portworx.yaml inserts small tenant worker storage networks here
         local_domain_suffix: { get_param: local_domain_suffix }
         internal_network: { get_attr: [internal_network, outputs, network] }
         internal_network_subnet: { get_attr: [internal_network, outputs, subnet] }
@@ -372,10 +378,11 @@ resources:
       template: { get_file: node_group.yaml }
       parameters:
         node_type: worker
-        node_flavor: ocp.m1.large
+        node_flavor: ocp.m1.large # add-portworx.yaml replaces this with pwx.m1.medium
         key_name: { get_param: key_name }
         node_scale: { get_param: worker_medium_scale }
         purpose_ident: tenant-m
+        # add-portworx.yaml inserts medium tenant worker storage networks here
         local_domain_suffix: { get_param: local_domain_suffix }
         internal_network: { get_attr: [internal_network, outputs, network] }
         internal_network_subnet: { get_attr: [internal_network, outputs, subnet] }
@@ -398,10 +405,11 @@ resources:
       template: { get_file: node_group.yaml }
       parameters:
         node_type: worker
-        node_flavor: ocp.r1.large
+        node_flavor: ocp.r1.large # add-portworx.yaml replaces this with pwx.r1.large
         key_name: { get_param: key_name }
         node_scale: { get_param: worker_large_scale }
         purpose_ident: tenant-l
+        # add-portworx.yaml inserts large tenant worker storage networks here
         local_domain_suffix: { get_param: local_domain_suffix }
         internal_network: { get_attr: [internal_network, outputs, network] }
         internal_network_subnet: { get_attr: [internal_network, outputs, subnet] }
@@ -474,6 +482,7 @@ resources:
           - { get_attr: [ security_groups, outputs, bastion_external_security_group ] }
           - { get_attr: [ security_groups, outputs, bastion_internal_ssh_security_group ] }
         multinetwork: { get_param: multinetwork }
+        deploy_portworx_storage: { get_param: deploy_portworx_storage }
         deploy_extra_gateway: { get_param: deploy_extra_gateway }
         install_logging: { get_param: install_logging }
         logging_cluster_size: { get_param: logging_cluster_size }
@@ -501,6 +510,7 @@ resources:
         neustar_ultradns_password: { get_param: neustar_ultradns_password }
         slack_webhook_url_acme_sh: { get_param: slack_webhook_url_acme_sh }
         ansible_vault_password: { get_param: ansible_vault_password }
+        internet_gateway_ip: { get_param: [ network_config, gateway ] }
 
 conditions:
   multinetwork: