4 files changed, 137 insertions, 4 deletions
diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
index 312d49a0..5942088c 100644
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ b/puppet/extraconfig/ceph/ceph-external-config.yaml
@@ -38,6 +38,9 @@ parameters:
   GlanceRbdPoolName:
     default: images
     type: string
+  GnocchiRbdPoolName:
+    default: metrics
+    type: string
   CephClientUserName:
     default: openstack
     type: string
@@ -68,7 +71,7 @@ resources:
                         secret: 'CLIENT_KEY',
                         mode: '0644',
                         cap_mon: 'allow r',
-                        cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL'
+                        cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
                       }
                     }"
                     params:
@@ -77,10 +80,13 @@ resources:
                       NOVA_POOL: {get_param: NovaRbdPoolName}
                       CINDER_POOL: {get_param: CinderRbdPoolName}
                       GLANCE_POOL: {get_param: GlanceRbdPoolName}
+                      GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
                 ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
                 nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
                 cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
                 glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+                gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
+                gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
                 nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
                 glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
                 nova::compute::rbd::rbd_keyring:
@@ -88,11 +94,17 @@ resources:
                   - '.'
                   - - 'client'
                     - {get_param: CephClientUserName}
+                gnocchi::storage::ceph::ceph_keyring:
+                  list_join:
+                  - '.'
+                  - - 'client'
+                    - {get_param: CephClientUserName}
                 ceph_client_user_name: {get_param: CephClientUserName}
                 ceph_pools:
                   - {get_param: CinderRbdPoolName}
                   - {get_param: NovaRbdPoolName}
                   - {get_param: GlanceRbdPoolName}
+                  - {get_param: GnocchiRbdPoolName}
 
 outputs:
   config_id:
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml
new file mode 100755
index 00000000..7c0a7ad2
--- /dev/null
+++ b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml
@@ -0,0 +1,113 @@
+heat_template_version: 2015-04-30
+
+description: Controller hieradata for Neutron PLUMgrid configuration
+
+parameters:
+  server:
+    description: ID of the controller node to apply this config to
+    type: string
+  PLUMgridDirectorServer:
+    description: IP address of the PLUMgrid Director Server
+    type: string
+    default: 127.0.0.1
+  PLUMgridDirectorServerPort:
+    description: Port of the PLUMgrid Director Server
+    type: string
+    default: 443
+  PLUMgridUsername:
+    description: Username for PLUMgrid platform
+    type: string
+  PLUMgridPassword:
+    description: Password for PLUMgrid platform
+    type: string
+    hidden: true
+  PLUMgridServerTimeOut:
+    description: Request timeout duration (seconds) to PLUMgrid platform
+    type: string
+    default: 99
+  PLUMgridNovaMetadataIP:
+    description: IP address of Nova Metadata
+    type: string
+    default: 169.254.169.254
+  PLUMgridNovaMetadataPort:
+    description: Port of Nova Metadata
+    type: string
+    default: 8775
+  PLUMgridL2GatewayVendor:
+    description: Vendor for L2 Gateway Switch
+    type: string
+    default: vendor
+  PLUMgridL2GatewayUsername:
+    description: Username for L2 Gateway Switch
+    type: string
+    default: username
+  PLUMgridL2GatewayPassword:
+    description: Password for L2 Gateway Switch
+    type: string
+    hidden: true
+  PLUMgridIdentityVersion:
+    description: Keystone Identity version
+    type: string
+    default: v2.0
+  PLUMgridConnectorType:
+    description: Neutron Network Connector Type
+    type: string
+    default: distributed
+  PLUMgridNeutronPluginVersion:
+    description: PLUMgrid Neutron Plugin version
+    type: string
+    default: present
+  PLUMgridPlumlibVersion:
+    description: PLUMgrid Plumlib version
+    type: string
+    default: present
+
+
+resources:
+  ControllerPLUMgridConfig:
+    type: OS::Heat::StructuredConfig
+    properties:
+      group: os-apply-config
+      config:
+        hiera:
+          datafiles:
+            neutron_plumgrid_data:
+              mapped_data:
+                neutron::plugins::plumgrid::director_server: {get_input: plumgrid_director_server}
+                neutron::plugins::plumgrid::director_server_port: {get_input: plumgrid_director_server_port}
+                neutron::plugins::plumgrid::username: {get_input: plumgrid_username}
+                neutron::plugins::plumgrid::password: {get_input: plumgrid_password}
+                neutron::plugins::plumgrid::nova_metadata_ip: {get_input: plumgrid_nova_metadata_ip}
+                neutron::plugins::plumgrid::nova_metadata_port: {get_input: plumgrid_nova_metadata_port}
+                neutron::plugins::plumgrid::l2gateway_vendor: {get_input: plumgrid_l2gateway_vendor}
+                neutron::plugins::plumgrid::l2gateway_sw_username: {get_input: plumgrid_l2gateway_sw_username}
+                neutron::plugins::plumgrid::l2gateway_sw_password: {get_input: plumgrid_l2gateway_sw_password}
+                neutron::plugins::plumgrid::connector_type: {get_input: plumgrid_connector_type}
+                neutron::plugins::plumgrid::identity_version: {get_input: plumgrid_identity_version}
+                neutron::plugins::plumgrid::package_ensure: {get_input: plumgrid_neutron_plugin_version}
+                neutron::plugins::plumgrid::plumlib_package_ensure: {get_input: plumgrid_plumlib_version}
+
+  ControllerPLUMgridDeployment:
+    type: OS::Heat::StructuredDeployment
+    properties:
+      config: {get_resource: ControllerPLUMgridConfig}
+      server: {get_param: server}
+      input_values:
+        plumgrid_director_server: {get_param: PLUMgridDirectorServer}
+        plumgrid_director_server_port: {get_param: PLUMgridDirectorServerPort}
+        plumgrid_username: {get_param: PLUMgridUsername}
+        plumgrid_password: {get_param: PLUMgridPassword}
+        plumgrid_nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP}
+        plumgrid_nova_metadata_port: {get_param: PLUMgridNovaMetadataPort}
+        plumgrid_l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor}
+        plumgrid_l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername}
+        plumgrid_l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword}
+        plumgrid_identity_version: {get_param: PLUMgridIdentityVersion}
+        plumgrid_connector_type: {get_param: PLUMgridConnectorType}
+        plumgrid_neutron_plugin_version: {get_param: PLUMgridNeutronPluginVersion}
+        plumgrid_plumlib_version: {get_param: PLUMgridPlumlibVersion}
+
+outputs:
+  deploy_stdout:
+    description: Deployment reference, used to trigger puppet apply on changes
+    value: {get_attr: [ControllerPLUMgridDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml
index aab42849..f955034d 100644
--- a/puppet/extraconfig/tls/ca-inject.yaml
+++ b/puppet/extraconfig/tls/ca-inject.yaml
@@ -4,7 +4,7 @@ description: >
   This is a template which will inject the trusted anchor.
 
 parameters:
-  # Can be overriden via parameter_defaults in the environment
+  # Can be overridden via parameter_defaults in the environment
   SSLRootCertificate:
     description: >
       The content of a CA's SSL certificate file in PEM format.
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 20bb3737..e281ef51 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -5,7 +5,7 @@ description: >
   for the load balancer using the given parameters.
 
 parameters:
-  # Can be overriden via parameter_defaults in the environment
+  # Can be overridden via parameter_defaults in the environment
   SSLCertificate:
     description: >
       The content of the SSL certificate (without Key) in PEM format.
@@ -21,7 +21,7 @@ parameters:
     type: string
     hidden: true
 
-  # Can be overriden by parameter_defaults if the user wants to try deploying
+  # Can be overridden by parameter_defaults if the user wants to try deploying
   # this in a distro that doesn't support this path.
   DeployedSSLCertificatePath:
     default: '/etc/pki/tls/private/overcloud_endpoint.pem'
@@ -63,6 +63,14 @@ resources:
         openssl rsa -noout -modulus -in ${cert_path} \
           | openssl md5 | cut -c 10- \
           > ${heat_outputs_path}.key_modulus
+        # We need to reload haproxy in case the certificate changed because
+        # puppet doesn't know the contents of the cert file.  The pacemaker
+        # case is handled separately in a pacemaker-specific resource.
+        pacemaker_status=$(systemctl is-active pacemaker)
+        haproxy_status=$(systemctl is-active haproxy)
+        if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+            systemctl reload haproxy
+        fi
 
   ControllerTLSDeployment:
     type: OS::Heat::SoftwareDeployment