summaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/profile/base/aodh.pp2
-rw-r--r--manifests/profile/base/aodh/api.pp26
-rw-r--r--manifests/profile/base/aodh/evaluator.pp15
-rw-r--r--manifests/profile/base/aodh/listener.pp15
-rw-r--r--manifests/profile/base/aodh/notifier.pp15
-rw-r--r--manifests/profile/base/ceilometer/api.pp5
-rw-r--r--manifests/profile/base/ceilometer/collector.pp8
-rw-r--r--manifests/profile/base/cinder/backup.pp36
-rw-r--r--manifests/profile/base/cinder/backup/ceph.pp36
-rw-r--r--manifests/profile/base/cinder/backup/swift.pp36
-rw-r--r--manifests/profile/base/database/mongodbcommon.pp2
-rw-r--r--manifests/profile/base/horizon.pp4
-rw-r--r--manifests/profile/base/kernel.pp10
-rw-r--r--manifests/profile/base/neutron/sriov.pp42
-rw-r--r--manifests/profile/base/nova.pp4
-rw-r--r--manifests/profile/base/rabbitmq.pp4
-rw-r--r--manifests/profile/base/swift/storage.pp1
-rw-r--r--manifests/profile/pacemaker/ceilometer.pp16
-rw-r--r--manifests/profile/pacemaker/ceilometer/api.pp5
-rw-r--r--manifests/profile/pacemaker/cinder/backup.pp54
-rw-r--r--manifests/profile/pacemaker/database/mysql.pp2
-rw-r--r--manifests/trusted_ca.pp39
-rw-r--r--manifests/trusted_cas.pp28
23 files changed, 319 insertions, 86 deletions
diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp
index 28156a0..07c0a88 100644
--- a/manifests/profile/base/aodh.pp
+++ b/manifests/profile/base/aodh.pp
@@ -42,7 +42,7 @@ class tripleo::profile::base::aodh (
include ::aodh::db::mysql
}
- if $step >= 4 and $sync_db {
+ if $step >= 4 or ($step >= 3 and $sync_db) {
include ::aodh
include ::aodh::auth
include ::aodh::config
diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp
index 3aa436d..2dcf802 100644
--- a/manifests/profile/base/aodh/api.pp
+++ b/manifests/profile/base/aodh/api.pp
@@ -23,25 +23,27 @@
# for more details.
# Defaults to hiera('step')
#
-# [*bootstrap_node*]
-# (Optional) The hostname of the node responsible for bootstrapping tasks
-# Defaults to hiera('bootstrap_nodeid')
+# [*enable_combination_alarms*]
+# (optional) Setting to enable combination alarms
+# Defaults to: false
#
+
class tripleo::profile::base::aodh::api (
- $step = hiera('step'),
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+ $enable_combination_alarms = false,
) {
- if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
- } else {
- $sync_db = false
- }
-
include ::tripleo::profile::base::aodh
- if $step >= 4 and $sync_db {
+ if $step >= 4 {
include ::aodh::api
include ::aodh::wsgi::apache
+
+ #NOTE: Combination alarms are deprecated in newton and disabled by default.
+ # we need a way to override this setting for users still using this type
+ # of alarms.
+ aodh_config {
+ 'api/enable_combination_alarms' : value => $enable_combination_alarms;
+ }
}
}
diff --git a/manifests/profile/base/aodh/evaluator.pp b/manifests/profile/base/aodh/evaluator.pp
index 46d1d14..610d5a8 100644
--- a/manifests/profile/base/aodh/evaluator.pp
+++ b/manifests/profile/base/aodh/evaluator.pp
@@ -23,24 +23,13 @@
# for more details.
# Defaults to hiera('step')
#
-# [*bootstrap_node*]
-# (Optional) The hostname of the node responsible for bootstrapping tasks
-# Defaults to hiera('bootstrap_nodeid')
-#
class tripleo::profile::base::aodh::evaluator (
- $step = hiera('step'),
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
) {
- if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
- } else {
- $sync_db = false
- }
-
include ::tripleo::profile::base::aodh
- if $step >= 4 and $sync_db {
+ if $step >= 4 {
include ::aodh::evaluator
}
diff --git a/manifests/profile/base/aodh/listener.pp b/manifests/profile/base/aodh/listener.pp
index 93f37fa..d36e1bb 100644
--- a/manifests/profile/base/aodh/listener.pp
+++ b/manifests/profile/base/aodh/listener.pp
@@ -23,24 +23,13 @@
# for more details.
# Defaults to hiera('step')
#
-# [*bootstrap_node*]
-# (Optional) The hostname of the node responsible for bootstrapping tasks
-# Defaults to hiera('bootstrap_nodeid')
-#
class tripleo::profile::base::aodh::listener (
- $step = hiera('step'),
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
) {
- if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
- } else {
- $sync_db = false
- }
-
include ::tripleo::profile::base::aodh
- if $step >= 4 and $sync_db {
+ if $step >= 4 {
include ::aodh::listener
}
diff --git a/manifests/profile/base/aodh/notifier.pp b/manifests/profile/base/aodh/notifier.pp
index 0686012..d2a3945 100644
--- a/manifests/profile/base/aodh/notifier.pp
+++ b/manifests/profile/base/aodh/notifier.pp
@@ -23,24 +23,13 @@
# for more details.
# Defaults to hiera('step')
#
-# [*bootstrap_node*]
-# (Optional) The hostname of the node responsible for bootstrapping tasks
-# Defaults to hiera('bootstrap_nodeid')
-#
class tripleo::profile::base::aodh::notifier (
- $step = hiera('step'),
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
) {
- if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
- } else {
- $sync_db = false
- }
-
include ::tripleo::profile::base::aodh
- if $step >= 4 and $sync_db {
+ if $step >= 4 {
include ::aodh::notifier
}
diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp
index b300a91..b6419c2 100644
--- a/manifests/profile/base/ceilometer/api.pp
+++ b/manifests/profile/base/ceilometer/api.pp
@@ -30,6 +30,9 @@ class tripleo::profile::base::ceilometer::api (
if $step >= 4 {
include ::ceilometer::api
+ #NOTE: remove conditional once tht changes are merged
+ if hiera('ceilometer_wsgi', false) {
+ include ::ceilometer::wsgi::apache
+ }
}
-
}
diff --git a/manifests/profile/base/ceilometer/collector.pp b/manifests/profile/base/ceilometer/collector.pp
index a8ca88b..baaf4c8 100644
--- a/manifests/profile/base/ceilometer/collector.pp
+++ b/manifests/profile/base/ceilometer/collector.pp
@@ -44,12 +44,12 @@ class tripleo::profile::base::ceilometer::collector (
# without the brackets as 'members' argument for the 'mongodb_replset'
# resource.
if str2bool(hiera('mongodb::server::ipv6', false)) {
- $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[')
+ $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[')
$mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
- $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongodb_node_ips'), ':27017')
} else {
- $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
- $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongodb_node_ips'), ':27017')
}
$mongo_node_string = join($mongo_node_ips_with_port, ',')
diff --git a/manifests/profile/base/cinder/backup.pp b/manifests/profile/base/cinder/backup.pp
new file mode 100644
index 0000000..df015f7
--- /dev/null
+++ b/manifests/profile/base/cinder/backup.pp
@@ -0,0 +1,36 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::cinder::backup
+#
+# Cinder Backup profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::cinder::backup (
+ $step = hiera('step'),
+) {
+
+ include ::tripleo::profile::base::cinder
+
+ if $step >= 4 {
+ include ::cinder::backup
+ }
+
+}
diff --git a/manifests/profile/base/cinder/backup/ceph.pp b/manifests/profile/base/cinder/backup/ceph.pp
new file mode 100644
index 0000000..67a666e
--- /dev/null
+++ b/manifests/profile/base/cinder/backup/ceph.pp
@@ -0,0 +1,36 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::cinder::backup::ceph
+#
+# Cinder Backup Ceph profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::cinder::backup::ceph (
+ $step = hiera('step'),
+) {
+
+ include ::tripleo::profile::base::cinder::backup
+
+ if $step >= 4 {
+ include ::cinder::backup::ceph
+ }
+
+}
diff --git a/manifests/profile/base/cinder/backup/swift.pp b/manifests/profile/base/cinder/backup/swift.pp
new file mode 100644
index 0000000..12561bf
--- /dev/null
+++ b/manifests/profile/base/cinder/backup/swift.pp
@@ -0,0 +1,36 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::cinder::backup::swift
+#
+# Cinder Backup Ceph profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::cinder::backup::swift (
+ $step = hiera('step'),
+) {
+
+ include ::tripleo::profile::base::cinder::backup
+
+ if $step >= 4 {
+ include ::cinder::backup::swift
+ }
+
+}
diff --git a/manifests/profile/base/database/mongodbcommon.pp b/manifests/profile/base/database/mongodbcommon.pp
index 13af899..c61e692 100644
--- a/manifests/profile/base/database/mongodbcommon.pp
+++ b/manifests/profile/base/database/mongodbcommon.pp
@@ -27,7 +27,7 @@
#
class tripleo::profile::base::database::mongodbcommon (
$mongodb_ipv6_enabled = false,
- $mongodb_node_ips = hiera('mongo_node_ips'),
+ $mongodb_node_ips = hiera('mongodb_node_ips'),
) {
$port = '27017'
diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp
index 1b7df19..be07c0e 100644
--- a/manifests/profile/base/horizon.pp
+++ b/manifests/profile/base/horizon.pp
@@ -38,9 +38,9 @@ class tripleo::profile::base::horizon (
$neutron_options = {'profile_support' => $_profile_support }
$memcached_ipv6 = hiera('memcached_ipv6', false)
if $memcached_ipv6 {
- $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]')
+ $horizon_memcached_servers = hiera('memcached_node_ips_v6', '[::1]')
} else {
- $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1')
+ $horizon_memcached_servers = hiera('memcached_node_ips', '127.0.0.1')
}
class { '::horizon':
cache_server_ip => $horizon_memcached_servers,
diff --git a/manifests/profile/base/kernel.pp b/manifests/profile/base/kernel.pp
index db0280f..df13a98 100644
--- a/manifests/profile/base/kernel.pp
+++ b/manifests/profile/base/kernel.pp
@@ -19,8 +19,12 @@
#
class tripleo::profile::base::kernel {
- create_resources(kmod::load, hiera('kernel_modules'), { })
- create_resources(sysctl::value, hiera('sysctl_settings'), { })
- Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
+ if hiera('kernel_modules', undef) {
+ create_resources(kmod::load, hiera('kernel_modules'), { })
+ }
+ if hiera('sysctl_settings', undef) {
+ create_resources(sysctl::value, hiera('sysctl_settings'), { })
+ }
+ Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
}
diff --git a/manifests/profile/base/neutron/sriov.pp b/manifests/profile/base/neutron/sriov.pp
new file mode 100644
index 0000000..9b5f34c
--- /dev/null
+++ b/manifests/profile/base/neutron/sriov.pp
@@ -0,0 +1,42 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::neutron::sriov
+#
+# Neutron SR-IOV nic Agent profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+# [*mechanism_drivers*]
+# (Optional) The mechanism drivers to use with the Ml2 plugin
+# Defaults to hiera('neutron::plugins::ml2::mechanism_drivers')
+#
+
+class tripleo::profile::base::neutron::sriov(
+ $step = hiera('step'),
+ $mechanism_drivers = hiera('neutron::plugins::ml2::mechanism_drivers'),
+) {
+
+ if $step >= 4 {
+ if 'sriovnicswitch' in $mechanism_drivers {
+ include ::neutron::agents::ml2::sriov
+ }
+ }
+
+}
diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp
index 07c3be1..b43b8e8 100644
--- a/manifests/profile/base/nova.pp
+++ b/manifests/profile/base/nova.pp
@@ -52,9 +52,9 @@ class tripleo::profile::base::nova (
}
if hiera('nova::use_ipv6', false) {
- $memcache_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
+ $memcache_servers = suffix(hiera('memcached_node_ips_v6'), ':11211')
} else {
- $memcache_servers = suffix(hiera('memcache_node_ips'), ':11211')
+ $memcache_servers = suffix(hiera('memcached_node_ips'), ':11211')
}
if hiera('step') >= 4 or (hiera('step') >= 3 and $sync_db) {
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index dc6ea4d..2fd2347 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -36,7 +36,7 @@
#
# [*nodes*]
# (Optional) Array of host(s) for RabbitMQ nodes.
-# Defaults to hiera('rabbit_node_ips', []).
+# Defaults to hiera('rabbitmq_node_ips', []).
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
@@ -48,7 +48,7 @@ class tripleo::profile::base::rabbitmq (
$environment = hiera('rabbitmq_environment'),
$ipv6 = str2bool(hiera('rabbit_ipv6', false)),
$kernel_variables = hiera('rabbitmq_kernel_variables'),
- $nodes = hiera('rabbit_node_ips', []),
+ $nodes = hiera('rabbitmq_node_ips', []),
$step = hiera('step'),
) {
# IPv6 environment, necessary for RabbitMQ.
diff --git a/manifests/profile/base/swift/storage.pp b/manifests/profile/base/swift/storage.pp
index 5e266a9..0b09ea6 100644
--- a/manifests/profile/base/swift/storage.pp
+++ b/manifests/profile/base/swift/storage.pp
@@ -34,6 +34,7 @@ class tripleo::profile::base::swift::storage (
) {
if $step >= 4 {
if $enable_swift_storage {
+ include ::swift::storage::disks
include ::swift::storage::all
if(!defined(File['/srv/node'])) {
file { '/srv/node':
diff --git a/manifests/profile/pacemaker/ceilometer.pp b/manifests/profile/pacemaker/ceilometer.pp
index 531b4bc..a31128d 100644
--- a/manifests/profile/pacemaker/ceilometer.pp
+++ b/manifests/profile/pacemaker/ceilometer.pp
@@ -87,22 +87,6 @@ class tripleo::profile::pacemaker::ceilometer (
require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]],
}
- pacemaker::constraint::base { 'ceilometer-collector-then-ceilometer-api-constraint':
- constraint_type => 'order',
- first_resource => "${::ceilometer::params::collector_service_name}-clone",
- second_resource => "${::ceilometer::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name],
- Pacemaker::Resource::Service[$::ceilometer::params::api_service_name]],
- }
- pacemaker::constraint::colocation { 'ceilometer-api-with-ceilometer-collector-colocation':
- source => "${::ceilometer::params::api_service_name}-clone",
- target => "${::ceilometer::params::collector_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name],
- Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]],
- }
}
}
diff --git a/manifests/profile/pacemaker/ceilometer/api.pp b/manifests/profile/pacemaker/ceilometer/api.pp
index 0eddaec..169121b 100644
--- a/manifests/profile/pacemaker/ceilometer/api.pp
+++ b/manifests/profile/pacemaker/ceilometer/api.pp
@@ -34,10 +34,11 @@ class tripleo::profile::pacemaker::ceilometer::api (
include ::ceilometer::params
include ::tripleo::profile::pacemaker::ceilometer
include ::tripleo::profile::base::ceilometer::api
+ include ::tripleo::profile::pacemaker::apache
if $step >= 5 and downcase($::hostname) == $pacemaker_master {
- pacemaker::resource::service { $::ceilometer::params::api_service_name :
- clone_params => 'interleave=true',
+ class { '::tripleo::profile::base::ceilometer::api':
+ step => $step,
}
}
diff --git a/manifests/profile/pacemaker/cinder/backup.pp b/manifests/profile/pacemaker/cinder/backup.pp
new file mode 100644
index 0000000..20a0104
--- /dev/null
+++ b/manifests/profile/pacemaker/cinder/backup.pp
@@ -0,0 +1,54 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::pacemaker::cinder::backup
+#
+# Cinder Backup Pacemaker HA profile for tripleo
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::pacemaker::cinder::backup (
+ $bootstrap_node = hiera('bootstrap_nodeid'),
+ $step = hiera('step'),
+) {
+
+ Service <| tag == 'cinder::backup' |> {
+ hasrestart => true,
+ restart => '/bin/true',
+ start => '/bin/true',
+ stop => '/bin/true',
+ }
+
+ if $::hostname == downcase($bootstrap_node) {
+ $pacemaker_master = true
+ } else {
+ $pacemaker_master = false
+ }
+
+ include ::tripleo::profile::base::cinder::backup
+
+ if $step >= 5 and $pacemaker_master {
+ pacemaker::resource::service { $::cinder::params::backup_service : }
+ }
+
+}
diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp
index 529aeac..31d7d80 100644
--- a/manifests/profile/pacemaker/database/mysql.pp
+++ b/manifests/profile/pacemaker/database/mysql.pp
@@ -71,7 +71,7 @@ class tripleo::profile::pacemaker::database::mysql (
mysql_server_options => $mysqld_options,
}
- if $step >= 2 and $pacemaker_master {
+ if $step >= 2 {
if $pacemaker_master {
pacemaker::resource::ocf { 'galera' :
ocf_agent_name => 'heartbeat:galera',
diff --git a/manifests/trusted_ca.pp b/manifests/trusted_ca.pp
new file mode 100644
index 0000000..4e62418
--- /dev/null
+++ b/manifests/trusted_ca.pp
@@ -0,0 +1,39 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::trusted_ca
+#
+# Does the necessary action to deploy and trust a CA certificate.
+#
+# === Parameters
+#
+# [*content*]
+# The content of the CA certificate in PEM format.
+#
+define tripleo::trusted_ca(
+ $content,
+) {
+ file { "/etc/pki/ca-trust/source/anchors/${name}.pem":
+ content => $content,
+ mode => '0644',
+ owner => 'root',
+ group => 'root',
+ }
+ exec { "trust-ca-${name}":
+ command => 'update-ca-trust extract',
+ path => '/usr/bin',
+ subscribe => File["/etc/pki/ca-trust/source/anchors/${name}.pem"],
+ refreshonly => true,
+ }
+}
diff --git a/manifests/trusted_cas.pp b/manifests/trusted_cas.pp
new file mode 100644
index 0000000..265a700
--- /dev/null
+++ b/manifests/trusted_cas.pp
@@ -0,0 +1,28 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::trusted_cas
+#
+# Does the necessary actions to deploy and trust a set of CA certificates.
+#
+# === Parameters
+#
+# [*ca_map*]
+# The content of the CA certificate in PEM format.
+#
+class tripleo::trusted_cas(
+ $ca_map = {},
+) {
+ create_resources('::tripleo::trusted_ca', $ca_map)
+}