9 files changed, 55 insertions, 8 deletions

diff --git a/README.rst b/README.rst
index 4eed715e..6a753c0f 100644
--- a/README.rst
+++ b/README.rst
@@ -78,6 +78,8 @@ and should be executed according to the following table:
 +----------------+-------------+-------------+-------------+-------------+-----------------+
 | neutron-bgpvpn |             |             |             |      X      |                 |
 +----------------+-------------+-------------+-------------+-------------+-----------------+
+| neutron-l2gw   |             |             |             |      X      |                 |
++----------------+-------------+-------------+-------------+-------------+-----------------+
 | rabbitmq       |      X      |      X      |      X      |      X      |        X        |
 +----------------+-------------+-------------+-------------+-------------+-----------------+
 | mongodb        |      X      |      X      |             |             |                 |
diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml
index 24fb2bf4..a5c6fa31 100644
--- a/ci/environments/scenario004-multinode.yaml
+++ b/ci/environments/scenario004-multinode.yaml
@@ -13,6 +13,8 @@ resource_registry:
   OS::TripleO::Services::ManilaShare: ../../puppet/services/pacemaker/manila-share.yaml
   OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
   OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
+  OS::TripleO::Services::NeutronL2gwApi: ../../puppet/services/neutron-l2gw-api.yaml
+  OS::TripleO::Services::NeutronL2gwAgent: ../../puppet/services/neutron-l2gw-agent.yaml
   # These enable Pacemaker
   OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
   OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
@@ -44,6 +46,8 @@ parameter_defaults:
     - OS::TripleO::Services::NeutronBgpVpnApi
     - OS::TripleO::Services::NeutronDhcpAgent
     - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronL2gwApi
+    - OS::TripleO::Services::NeutronL2gwAgent
     - OS::TripleO::Services::NeutronMetadataAgent
     - OS::TripleO::Services::NeutronServer
     - OS::TripleO::Services::NeutronCorePlugin
@@ -87,5 +91,6 @@ parameter_defaults:
   CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   SwiftCeilometerPipelineEnabled: false
-  NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+  NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin'
   BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
+  L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index e7a0c8cb..c99fa3f1 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -124,7 +124,7 @@ resource_registry:
   OS::TripleO::Services::Congress: OS::Heat::None
   OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
   OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
-  OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry.yaml
+  OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry-disabled.yaml
   OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml
   OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
   OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
@@ -189,8 +189,8 @@ resource_registry:
   OS::TripleO::Services::Tacker: OS::Heat::None
   OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml
   OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml
-  OS::TripleO::Services::CeilometerCollector: puppet/services/disabled/ceilometer-collector.yaml
-  OS::TripleO::Services::CeilometerExpirer: puppet/services/disabled/ceilometer-expirer.yaml
+  OS::TripleO::Services::CeilometerCollector: puppet/services/disabled/ceilometer-collector-disabled.yaml
+  OS::TripleO::Services::CeilometerExpirer: puppet/services/disabled/ceilometer-expirer-disabled.yaml
   OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml
   OS::TripleO::Services::CeilometerAgentNotification: puppet/services/ceilometer-agent-notification.yaml
   OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 5bd621d2..968d4355 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -40,6 +40,13 @@ parameters:
       format: >-
         /(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4})
         (?<message>.*)$/
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
   MongoDbBase:
@@ -79,6 +86,28 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
+          -
+            if:
+              - internal_tls_enabled
+              -
+                generate_service_certificates: true
+                mongodb::server::ssl: true
+                mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+                mongodb_certificate_specs:
+                  service_pem: '/etc/pki/tls/certs/mongodb.pem'
+                  service_certificate: '/etc/pki/tls/certs/mongodb.crt'
+                  service_key: '/etc/pki/tls/private/mongodb.key'
+                  hostname:
+                    str_replace:
+                      template: "%{hiera('fqdn_NETWORK')}"
+                      params:
+                        NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
+                  principal:
+                    str_replace:
+                      template: "mongodb/%{hiera('fqdn_NETWORK')}"
+                      params:
+                        NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
+              - {}
       step_config: |
         include ::tripleo::profile::base::database::mongodb
       upgrade_tasks:
@@ -88,3 +117,11 @@ outputs:
         - name: Start mongodb service
           tags: step4
           service: name=mongod state=started
+      metadata_settings:
+        if:
+          - internal_tls_enabled
+          -
+            - service: mongodb
+              network: {get_param: [ServiceNetMap, MongodbNetwork]}
+              type: node
+          - null
diff --git a/puppet/services/disabled/ceilometer-collector.yaml b/puppet/services/disabled/ceilometer-collector-disabled.yaml
index 64fd476d..18092a8f 100644
--- a/puppet/services/disabled/ceilometer-collector.yaml
+++ b/puppet/services/disabled/ceilometer-collector-disabled.yaml
@@ -31,7 +31,7 @@ outputs:
   role_data:
     description: Role data for the disabled Ceilometer Collector role.
     value:
-      service_name: ceilometer_collector
+      service_name: ceilometer_collector_disabled
       upgrade_tasks:
         - name: Stop and disable ceilometer_collector service on upgrade
           tags: step1
diff --git a/puppet/services/disabled/ceilometer-expirer.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml
index 182193ec..e6d8ee6e 100644
--- a/puppet/services/disabled/ceilometer-expirer.yaml
+++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml
@@ -31,7 +31,7 @@ outputs:
   role_data:
     description: Role data for the disabled Ceilometer Expirer role.
     value:
-      service_name: ceilometer_expirer
+      service_name: ceilometer_expirer_disabled
       upgrade_tasks:
         - name: Stop and disable ceilometer_expirer service on upgrade
           tags: step1
diff --git a/puppet/services/disabled/glance-registry.yaml b/puppet/services/disabled/glance-registry-disabled.yaml
index b2cd03ee..85a5c5ef 100644
--- a/puppet/services/disabled/glance-registry.yaml
+++ b/puppet/services/disabled/glance-registry-disabled.yaml
@@ -31,7 +31,7 @@ outputs:
   role_data:
     description: Role data for the disabled Glance Registry role.
     value:
-      service_name: glance_registry
+      service_name: glance_registry_disabled
       upgrade_tasks:
         - name: Stop and disable glance_registry service on upgrade
           tags: step1
diff --git a/roles_data.yaml b/roles_data.yaml
index 3e0ef752..68d0b9e2 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -99,6 +99,9 @@
     - OS::TripleO::Services::Sshd
     - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::Timezone
+    # FIXME: This service was disabled in Pike and this entry should be removed
+    # in Queens.
+    - OS::TripleO::Services::CeilometerExpirer
     - OS::TripleO::Services::CeilometerAgentCentral
     - OS::TripleO::Services::CeilometerAgentNotification
     - OS::TripleO::Services::Horizon
diff --git a/test-requirements.txt b/test-requirements.txt
index 1c9e3b42..c30101f2 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4,6 +4,6 @@
 PyYAML>=3.10.0 # MIT
 Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
 six>=1.9.0 # MIT
-sphinx>=1.5.1 # BSD
+sphinx!=1.6.1,>=1.5.1 # BSD
 oslosphinx>=4.7.0 # Apache-2.0
 reno>=1.8.0 # Apache-2.0