5 files changed, 48 insertions, 18 deletions

diff --git a/block-storage.yaml b/block-storage.yaml
index ae0d6543..172944aa 100644
--- a/block-storage.yaml
+++ b/block-storage.yaml
@@ -27,6 +27,7 @@ resources:
     depends_on: [BlockStorage0Deployment,BlockStorage0PassthroughSpecific]
     type: OS::Heat::StructuredDeployment
     properties:
+      signal_transport: {get_param: DefaultSignalTransport}
       config: {get_resource: allNodesConfig}
       server: {get_resource: BlockStorage0}
   BlockStorage0Deployment:
diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index 55300062..742429f1 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -173,6 +173,15 @@ parameters:
     description: Keystone key for signing tokens.
     type: string
     hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
   LiveUpdateComputeImage:
     type: string
     description: The image ID for live-updates to the overcloud compute nodes.
@@ -334,6 +343,16 @@ parameters:
     default: guest
     description: The username for RabbitMQ
     type: string
+  RabbitClientUseSSL:
+    default: false
+    description: >
+        Rabbit client subscriber parameter to specify
+        an SSL connection to the RabbitMQ host.
+    type: string
+  RabbitClientPort:
+    default: 5672
+    description: Set rabbit subscriber port, change this if using SSL
+    type: number
   SnmpdReadonlyUserName:
     default: ro_snmp_user
     description: The user name for SNMPd with readonly rights running on all Overcloud nodes
@@ -351,6 +370,7 @@ resources:
       network_id: {get_param: NeutronControlPlaneID}
       fixed_ips:
         get_param: ControlFixedIPs
+      replacement_policy: AUTO
   MysqlClusterUniquePart:
     type: OS::Heat::RandomString
     properties:
@@ -366,6 +386,7 @@ resources:
       network: {get_param: PublicVirtualNetwork}
       fixed_ips:
         get_param: PublicVirtualFixedIPs
+      replacement_policy: AUTO
   RabbitCookie:
     type: OS::Heat::RandomString
     properties:
@@ -558,6 +579,9 @@ resources:
           ca_certificate: {get_param: KeystoneCACertificate}
           signing_key: {get_param: KeystoneSigningKey}
           signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
         mysql:
           innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
           local_bind: true
@@ -646,6 +670,8 @@ resources:
             get_attr:
             - RabbitCookie
             - value
+          rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
+          rabbit_port: {get_param: RabbitClientPort}
         ntp:
           servers:
               - {server: {get_param: NtpServer}, fudge: "stratum 0"}
@@ -694,42 +720,33 @@ resources:
                 ip: {get_attr: [controller0, networks, ctlplane, 0]}
                 name: {get_attr: [controller0, name]}
           net_binds:
-            - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+            - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}}
+            - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}}
           services:
             - name: keystone_admin
               port: 35357
-              net_binds: &public_binds
-                - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
-                - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
             - name: keystone_public
               port: 5000
-              net_binds: *public_binds
             - name: horizon
               port: 80
-              net_binds: *public_binds
             - name: neutron
               port: 9696
-              net_binds: *public_binds
             - name: cinder
               port: 8776
-              net_binds: *public_binds
             - name: glance_api
               port: 9292
-              net_binds: *public_binds
             - name: glance_registry
               port: 9191
-              net_binds: *public_binds
             - name: heat_api
               port: 8004
-              net_binds: *public_binds
             - name: heat_cloudwatch
               port: 8003
-              net_binds: *public_binds
             - name: heat_cfn
               port: 8000
-              net_binds: *public_binds
             - name: mysql
               port: 3306
+              net_binds:
+                - *control_vip
               extra_server_params:
                 - backup
               options:
@@ -739,21 +756,18 @@ resources:
               port: 8773
             - name: nova_osapi
               port: 8774
-              net_binds: *public_binds
             - name: nova_metadata
               port: 8775
-              net_binds: *public_binds
             - name: nova_novncproxy
               port: 6080
-              net_binds: *public_binds
             - name: ceilometer
               port: 8777
-              net_binds: *public_binds
             - name: swift_proxy_server
               port: 8080
-              net_binds: *public_binds
             - name: rabbitmq
               port: 5672
+              net_binds:
+                - *control_vip
               options:
                 - timeout client 0
                 - timeout server 0
diff --git a/overcloud-vlan-port.yaml b/overcloud-vlan-port.yaml
index 71b444fb..8f6f6937 100644
--- a/overcloud-vlan-port.yaml
+++ b/overcloud-vlan-port.yaml
@@ -36,3 +36,4 @@ resources:
     properties:
       name: controller0_vlan
       network: public
+      replacement_policy: AUTO
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index 94770a86..4df8587d 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -641,6 +641,7 @@ resources:
       name: control_virtual_ip
       network_id: {get_param: NeutronControlPlaneID}
       fixed_ips: {get_param: ControlFixedIPs}
+      replacement_policy: AUTO
 
   PublicVirtualIP:
     type: OS::Neutron::Port
@@ -648,6 +649,7 @@ resources:
       name: public_virtual_ip
       network: {get_param: PublicVirtualNetwork}
       fixed_ips: {get_param: PublicVirtualFixedIPs}
+      replacement_policy: AUTO
 
   ControllerBootstrapNodeConfig:
     type: OS::Heat::StructuredConfig
diff --git a/undercloud-source.yaml b/undercloud-source.yaml
index 94795934..67c3e6d6 100644
--- a/undercloud-source.yaml
+++ b/undercloud-source.yaml
@@ -115,6 +115,15 @@ parameters:
     description: Keystone key for signing tokens.
     type: string
     hidden: true
+  KeystoneSSLCertificate:
+    default: ''
+    description: Keystone certificate for verifying token validity.
+    type: string
+  KeystoneSSLCertificateKey:
+    default: ''
+    description: Keystone key for signing tokens.
+    type: string
+    hidden: true
   HeatPassword:
     default: unset
     description: The password for the Heat service account, used by the Heat services.
@@ -291,6 +300,9 @@ resources:
           ca_certificate: {get_param: KeystoneCACertificate}
           signing_key: {get_param: KeystoneSigningKey}
           signing_certificate: {get_param: KeystoneSigningCertificate}
+          ssl:
+              certificate: {get_param: KeystoneSSLCertificate}
+              certificate_key: {get_param: KeystoneSSLCertificateKey}
         mysql:
           innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
           root-password: {get_resource: MysqlRootPassword}