28 files changed, 271 insertions, 73 deletions

diff --git a/environments/ceph-radosgw.yaml b/environments/ceph-radosgw.yaml
new file mode 100644
index 00000000..a9221a2a
--- /dev/null
+++ b/environments/ceph-radosgw.yaml
@@ -0,0 +1,5 @@
+resource_registry:
+  OS::TripleO::Services::CephRgw: ../puppet/services/ceph-rgw.yaml
+  OS::TripleO::Services::SwiftProxy: OS::Heat::None
+  OS::TripleO::Services::SwiftStorage: OS::Heat::None
+  OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
diff --git a/environments/cinder-netapp-config.yaml b/environments/cinder-netapp-config.yaml
index 0437cc67..b9a84342 100644
--- a/environments/cinder-netapp-config.yaml
+++ b/environments/cinder-netapp-config.yaml
@@ -25,5 +25,5 @@ parameter_defaults:
   CinderNetappControllerIps: ''
   CinderNetappSaPassword: ''
   CinderNetappStoragePools: ''
-  CinderNetappEseriesHostType: 'linux_dm_mp'
+  CinderNetappHostType: ''
   CinderNetappWebservicePath: '/devmgr/v2'
diff --git a/environments/debug.yaml b/environments/debug.yaml
new file mode 100644
index 00000000..b938555c
--- /dev/null
+++ b/environments/debug.yaml
@@ -0,0 +1,5 @@
+# A Heat environment file which can be used to enable the debug
+# setting in the overcloud openstack services configuration.
+
+parameter_defaults:
+  Debug: true
diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml
new file mode 100644
index 00000000..5116c6da
--- /dev/null
+++ b/environments/enable-internal-tls.yaml
@@ -0,0 +1,6 @@
+# A Heat environment file which can be used to enable a
+# a TLS for in the internal network via certmonger
+parameter_defaults:
+  EnableInternalTLS: true
+resource_registry:
+  OS::TripleO::Services::ApacheTLS: ../../puppet/services/apache-internal-tls-certmonger.yaml
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
new file mode 100644
index 00000000..cee4ae4a
--- /dev/null
+++ b/environments/hyperconverged-ceph.yaml
@@ -0,0 +1,11 @@
+# If not using an isolated StorageMgmt network, the following regitry mapping
+# should be commented.
+resource_registry:
+  OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
+
+parameter_defaults:
+  ComputeServices:
+    - OS::TripleO::Services::CephOSD
+
+parameter_merge_strategies:
+  ComputeServices: merge
\ No newline at end of file
diff --git a/environments/logging-environment.yaml b/environments/logging-environment.yaml
new file mode 100644
index 00000000..c583ca79
--- /dev/null
+++ b/environments/logging-environment.yaml
@@ -0,0 +1,29 @@
+## A Heat environment file which can be used to set up
+## logging agents
+
+resource_registry:
+  OS::TripleO::Services::FluentdClient: ../puppet/services/logging/fluentd-client.yaml
+
+#parameter_defaults:
+
+## Simple configuration
+#
+# LoggingServers:
+#   - host: log0.example.com
+#     port: 24224
+#   - host: log1.example.com
+#     port: 24224
+#
+## Example SSL configuration
+## (note the use of port 24284 for ssl connections)
+#
+# LoggingServers:
+#   - host: 192.0.2.11
+#     port: 24284
+# LoggingUsesSSL: true
+# LoggingSharedKey: secret
+# LoggingSSLCertificate: |
+#   -----BEGIN CERTIFICATE-----
+#   ...certificate data here...
+#   -----END CERTIFICATE-----
+
diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml
new file mode 100644
index 00000000..47b2003d
--- /dev/null
+++ b/environments/low-memory-usage.yaml
@@ -0,0 +1,18 @@
+# Lower the memory usage of overcloud.
+parameter_defaults:
+  CeilometerWorkers: 1
+  CinderWorkers: 1
+  GlanceWorkers: 1
+  HeatWorkers: 1
+  KeystoneWorkers: 1
+  NeutronWorkers: 1
+  NovaWorkers: 1
+  SaharaWorkers: 1
+  SwiftWorkers: 1
+  GnocchiMetricdWorkers: 1
+
+  ApacheMaxRequestWorkers: 32
+  ApacheServerLimit: 32
+
+  ControllerExtraConfig:
+      'nova::network::neutron::neutron_url_timeout': '60'
diff --git a/environments/major-upgrade-aodh-migration.yaml b/environments/major-upgrade-aodh-migration.yaml
index c1dbde42..9d6ce73e 100644
--- a/environments/major-upgrade-aodh-migration.yaml
+++ b/environments/major-upgrade-aodh-migration.yaml
@@ -3,8 +3,4 @@ resource_registry:
   OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml
 
   # no-op the rest
-  OS::TripleO::ControllerPostDeployment: OS::Heat::None
-  OS::TripleO::ComputePostDeployment: OS::Heat::None
-  OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None
-  OS::TripleO::BlockStoragePostDeployment: OS::Heat::None
-  OS::TripleO::CephStoragePostDeployment: OS::Heat::None
+  OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml
new file mode 100644
index 00000000..6798c255
--- /dev/null
+++ b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml
@@ -0,0 +1,7 @@
+resource_registry:
+
+  # This initiates the upgrades for ceilometer api to run under apache wsgi
+  OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml
+
+  # no-op the rest
+  OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/major-upgrade-pacemaker-converge.yaml b/environments/major-upgrade-pacemaker-converge.yaml
index f023cb32..e9a5f9be 100644
--- a/environments/major-upgrade-pacemaker-converge.yaml
+++ b/environments/major-upgrade-pacemaker-converge.yaml
@@ -1,2 +1,6 @@
 parameter_defaults:
   UpgradeLevelNovaCompute: ''
+
+resource_registry:
+  OS::TripleO::Services::SaharaApi: ../puppet/services/sahara-api.yaml
+  OS::TripleO::Services::SaharaEngine: ../puppet/services/sahara-engine.yaml
diff --git a/environments/major-upgrade-pacemaker-init.yaml b/environments/major-upgrade-pacemaker-init.yaml
index d97f8fc1..f4f361df 100644
--- a/environments/major-upgrade-pacemaker-init.yaml
+++ b/environments/major-upgrade-pacemaker-init.yaml
@@ -3,8 +3,4 @@ parameter_defaults:
 
 resource_registry:
   OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml
-  OS::TripleO::ControllerPostDeployment: OS::Heat::None
-  OS::TripleO::ComputePostDeployment: OS::Heat::None
-  OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None
-  OS::TripleO::BlockStoragePostDeployment: OS::Heat::None
-  OS::TripleO::CephStoragePostDeployment: OS::Heat::None
+  OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/major-upgrade-pacemaker.yaml b/environments/major-upgrade-pacemaker.yaml
index 95f09666..9fb51a4d 100644
--- a/environments/major-upgrade-pacemaker.yaml
+++ b/environments/major-upgrade-pacemaker.yaml
@@ -3,8 +3,4 @@ parameter_defaults:
 
 resource_registry:
   OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker.yaml
-  OS::TripleO::ControllerPostDeployment: OS::Heat::None
-  OS::TripleO::ComputePostDeployment: OS::Heat::None
-  OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None
-  OS::TripleO::BlockStoragePostDeployment: OS::Heat::None
-  OS::TripleO::CephStoragePostDeployment: OS::Heat::None
+  OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/major-upgrade-remove-sahara.yaml b/environments/major-upgrade-remove-sahara.yaml
new file mode 100644
index 00000000..e0aaf130
--- /dev/null
+++ b/environments/major-upgrade-remove-sahara.yaml
@@ -0,0 +1,6 @@
+parameter_defaults:
+  KeepSaharaServicesOnUpgrade: false
+resource_registry:
+  OS::TripleO::Services::SaharaApi: OS::Heat::None
+  OS::TripleO::Services::SaharaEngine: OS::Heat::None
+
diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml
deleted file mode 100644
index 5d48698e..00000000
--- a/environments/manage-firewall.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-parameter_defaults:
-  ManageFirewall: true
diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml
new file mode 100644
index 00000000..5632d8d6
--- /dev/null
+++ b/environments/manila-cephfsnative-config.yaml
@@ -0,0 +1,17 @@
+# A Heat environment file which can be used to enable a
+# a Manila CephFS Native driver backend.
+resource_registry:
+  OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml
+  OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+  # Only manila-share is pacemaker managed:
+  OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+  OS::TripleO::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml
+
+
+parameter_defaults:
+  ManilaCephFSNativeBackendName: cephfsnative
+  ManilaCephFSNativeDriverHandlesShareServers: false
+  ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf'
+  ManilaCephFSNativeCephFSAuthId: 'manila'
+  ManilaCephFSNativeCephFSClusterName: 'ceph'
+  ManilaCephFSNativeCephFSEnableSnapshots: true
diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml
index 74011c66..65884a94 100644
--- a/environments/manila-generic-config.yaml
+++ b/environments/manila-generic-config.yaml
@@ -1,14 +1,16 @@
-# A Heat environment file which can be used to enable a
-# a Manila generic driver backend.
+# This environment file enables Manila with the Generic backend.
 resource_registry:
-  OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml
-  OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+  OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml
+  OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
   # Only manila-share is pacemaker managed:
-  OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
-
+  OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+  OS::TripleO::Services::ManilaBackendGeneric: ../puppet/services/manila-backend-generic.yaml
 
 parameter_defaults:
-  ManilaGenericEnableBackend: true
+  ManilaServiceInstanceUser: ''
+  ManilaServiceInstancePassword: ''
+  ManilaServiceInstanceFlavorId: 2
+  ManilaServiceNetworkCidr: '172.16.0.0/16'
   ManilaGenericBackendName: tripleo_generic
   ManilaGenericDriverHandlesShareServers: true
   ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf'
@@ -20,7 +22,3 @@ parameter_defaults:
   ManilaGenericServiceInstanceSmbConfigPath: '$share_mount_path/smb.conf'
   ManilaGenericShareVolumeFsType: 'ext4'
   ManilaGenericCinderVolumeType: ''
-  ManilaGenericServiceInstanceUser: ''
-  ManilaGenericServiceInstancePassword: ''
-  ManilaGenericServiceInstanceFlavorId: 2
-  ManilaGenericServiceNetworkCidr: '172.16.0.0/16'
diff --git a/environments/manila-netapp-config.yaml b/environments/manila-netapp-config.yaml
new file mode 100644
index 00000000..7eb14941
--- /dev/null
+++ b/environments/manila-netapp-config.yaml
@@ -0,0 +1,29 @@
+# This environment file enables Manila with the Netapp backend.
+resource_registry:
+  OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml
+  OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+  # Only manila-share is pacemaker managed:
+  OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+  OS::TripleO::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml
+
+parameter_defaults:
+  ManilaNetappBackendName: tripleo_netapp
+  ManilaNetappDriverHandlesShareServers: true
+  ManilaNetappLogin: ''
+  ManilaNetappPassword: ''
+  ManilaNetappServerHostname: ''
+  ManilaNetappTransportType: 'http'
+  ManilaNetappStorageFamily: 'ontap_cluster'
+  ManilaNetappServerPort: 80
+  ManilaNetappVolumeNameTemplate: 'share_%(share_id)s'
+  ManilaNetappVserver: ''
+  ManilaNetappVserverNameTemplate: 'os_%s'
+  ManilaNetappLifNameTemplate: 'os_%(net_allocation_id)s'
+  ManilaNetappAggrNameSearchPattern: '(.*)'
+  ManilaNetappRootVolumeAggr: ''
+  ManilaNetappRootVolume: 'root'
+  ManilaNetappPortNameSearchPattern: '(.*)'
+  ManilaNetappTraceFlags: ''
+  ManilaNetappEnabledShareProtocols: 'nfs3, nfs4.0'
+  ManilaNetappVolumeSnapshotReservePercent: 5
+  ManilaNetappSnapmirrorQuiesceTimeout: 3600
diff --git a/environments/monitoring-environment.yaml b/environments/monitoring-environment.yaml
index a8ad2084..f4aa67a9 100644
--- a/environments/monitoring-environment.yaml
+++ b/environments/monitoring-environment.yaml
@@ -1,30 +1,16 @@
-## A Heat environment file which can be used to set up monitoring
-## and logging agents
+## A Heat environment file which can be used to set up monitoring agents
 
 resource_registry:
   OS::TripleO::Services::SensuClient: ../puppet/services/monitoring/sensu-client.yaml
 
-parameter_defaults:
-  #### Sensu settings ####
-  ##MonitoringRabbitHost: 10.10.10.10
-  ##MonitoringRabbitPort: 5672
-  ##MonitoringRabbitUserName: sensu
-  ##MonitoringRabbitPassword: sensu
-  ##MonitoringRabbitUseSSL: false
-  ##MonitoringRabbitVhost: "/sensu"
-  ##SensuClientCustomConfig:
-  ##  - api:
-  ##    - warning: 10
-  ##      critical: 20
-  ##    openstack:
-  ##    - username: admin
-  ##      password: changeme
-  ##      project_name: admin
-  ##      auth_url: http://controller:5000/v2.0
-  ##      region_name: RegionOne
-
-  #### EFK settings ####
-  ## TBD
-
-  #### Grafana/Graphite settings ####
-  ## TBD
+#parameter_defaults:
+#  MonitoringRabbitHost: 10.10.10.10
+#  MonitoringRabbitPort: 5672
+#  MonitoringRabbitUserName: sensu
+#  MonitoringRabbitPassword: sensu
+#  MonitoringRabbitUseSSL: false
+#  MonitoringRabbitVhost: "/sensu"
+#  SensuClientCustomConfig:
+#    api:
+#      warning: 10
+#      critical: 20
diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml
index e157ae35..74899246 100644
--- a/environments/neutron-nuage-config.yaml
+++ b/environments/neutron-nuage-config.yaml
@@ -19,7 +19,7 @@ parameter_defaults:
   NeutronNuageBaseURIVersion: 'default_uri_version'
   NeutronNuageCMSId: ''
   UseForwardedFor: true
-  NeutronCorePlugin: 'neutron.plugins.nuage.plugin.NuagePlugin'
+  NeutronCorePlugin: 'nuage_neutron.plugins.nuage.plugin.NuagePlugin'
   NeutronEnableDHCPAgent: false
   NeutronServicePlugins: []
   NovaOVSBridge: 'alubr0'
diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml
index d61270b2..00be3048 100644
--- a/environments/neutron-opendaylight-l3.yaml
+++ b/environments/neutron-opendaylight-l3.yaml
@@ -2,12 +2,12 @@
 resource_registry:
   OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
-  OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml
-  OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml
+  OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+  OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
+  OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
   OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
 
 parameter_defaults:
-  EnableOpenDaylightOnController: true
   NeutronEnableForceMetadata: true
   NeutronMechanismDrivers: 'opendaylight'
   NeutronServicePlugins: "networking_odl.l3.l3_odl.OpenDaylightL3RouterPlugin"
diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml
index 8fa2e542..35c90aab 100644
--- a/environments/neutron-opendaylight.yaml
+++ b/environments/neutron-opendaylight.yaml
@@ -2,10 +2,10 @@
 resource_registry:
   OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
-  OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml
-  OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml
+  OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+  OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
+  OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
 
 parameter_defaults:
-  EnableOpenDaylightOnController: true
   NeutronEnableForceMetadata: true
   NeutronMechanismDrivers: 'opendaylight'
diff --git a/environments/services/barbican.yaml b/environments/services/barbican.yaml
new file mode 100644
index 00000000..1735646a
--- /dev/null
+++ b/environments/services/barbican.yaml
@@ -0,0 +1,4 @@
+# A Heat environment file which can be used to enable
+# Barbican with the default secret store backend.
+resource_registry:
+  OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml
diff --git a/environments/services/haproxy-internal-tls-certmonger.yaml b/environments/services/haproxy-internal-tls-certmonger.yaml
new file mode 100644
index 00000000..074fec4d
--- /dev/null
+++ b/environments/services/haproxy-internal-tls-certmonger.yaml
@@ -0,0 +1,4 @@
+# A Heat environment file which can be used to enable a
+# a TLS for HAProxy via certmonger
+resource_registry:
+  OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml
diff --git a/environments/services/haproxy-public-tls-certmonger.yaml b/environments/services/haproxy-public-tls-certmonger.yaml
new file mode 100644
index 00000000..d3ad3ad4
--- /dev/null
+++ b/environments/services/haproxy-public-tls-certmonger.yaml
@@ -0,0 +1,4 @@
+# A Heat environment file which can be used to enable a
+# a TLS for HAProxy via certmonger
+resource_registry:
+  OS::TripleO::Services::HAProxyPublicTLS: ../../puppet/services/haproxy-public-tls-certmonger.yaml
diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml
index 8cf34622..8e02c300 100644
--- a/environments/storage-environment.yaml
+++ b/environments/storage-environment.yaml
@@ -34,18 +34,18 @@ parameter_defaults:
   # CinderNfsServers: ''
 
 
-  #### GLANCE FILE BACKEND PACEMAKER SETTINGS (used for mounting NFS) ####
+  #### GLANCE NFS SETTINGS ####
 
-  ## Whether to make Glance 'file' backend a mount managed by Pacemaker
-  # GlanceFilePcmkManage: false
-  ## File system type of the mount
-  # GlanceFilePcmkFstype: nfs
-  ## Pacemaker mount point, e.g. '192.168.122.1:/export/glance' for NFS
-  ##  (If using IPv6, use both double- and single-quotes,
-  ##  e.g. "'[fdd0::1]:/export/glance'")
-  # GlanceFilePcmkDevice: ''
-  ## Options for the mount managed by Pacemaker
-  # GlanceFilePcmkOptions: ''
+  ## Make sure to set `GlanceBackend: file` when enabling NFS
+  ##
+  ## Whether to make Glance 'file' backend a NFS mount
+  # GlanceNfsEnabled: false
+  ## NFS share for image storage, e.g. '192.168.122.1:/export/glance'
+  ## (If using IPv6, use both double- and single-quotes,
+  ## e.g. "'[fdd0::1]:/export/glance'")
+  # GlanceNfsShare: ''
+  ## Mount options for the NFS image storage mount point
+  # GlanceNfsOptions: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
 
 
   #### CEPH SETTINGS ####
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
index 7c8e850c..79c7599f 100644
--- a/environments/tls-endpoints-public-dns.yaml
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -5,9 +5,15 @@ parameter_defaults:
     AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
     AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
     AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+    BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+    BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+    BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
     CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
     CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
     CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+    CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
     CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
     CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
     CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
@@ -34,6 +40,9 @@ parameter_defaults:
     ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
     ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
     ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+    MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+    MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+    MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
     MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
     NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
     NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
index 80595c6c..a49ca343 100644
--- a/environments/tls-endpoints-public-ip.yaml
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -5,9 +5,15 @@ parameter_defaults:
     AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
     AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
     AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
+    BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+    BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+    BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
     CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
     CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
     CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
+    CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+    CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
     CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
     CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
     CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
@@ -34,6 +40,9 @@ parameter_defaults:
     ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
     ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
     ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
+    MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+    MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+    MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
     MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
     NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
     NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml
new file mode 100644
index 00000000..cc1915fe
--- /dev/null
+++ b/environments/tls-everywhere-endpoints-dns.yaml
@@ -0,0 +1,61 @@
+# Use this environment when deploying an overcloud where all the endpoints are
+# DNS names and there's TLS in all endpoint types.
+parameter_defaults:
+  EndpointMap:
+    AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
+    AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
+    AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+    BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
+    BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
+    BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
+    CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
+    CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
+    CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+    CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+    CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+    CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+    CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
+    CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
+    CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+    GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
+    GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
+    GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
+    GlanceRegistryInternal: {protocol: 'https', port: '9191', host: 'CLOUDNAME'}
+    GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
+    GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
+    GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
+    HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
+    HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
+    HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
+    HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
+    HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
+    HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
+    HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+    IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
+    IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
+    IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+    KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
+    KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
+    KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+    ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
+    ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
+    ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+    MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
+    MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
+    MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+    MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
+    NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
+    NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
+    NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
+    NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
+    NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
+    NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+    NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
+    NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
+    NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+    SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
+    SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
+    SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
+    SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+    SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+    SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}