2 files changed, 68 insertions, 0 deletions

diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml
index d8e942d0..0a7659e0 100644
--- a/puppet/services/pacemaker/database/mysql.yaml
+++ b/puppet/services/pacemaker/database/mysql.yaml
@@ -27,6 +27,11 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 resources:
 
@@ -61,6 +66,8 @@ outputs:
             # internal_api_subnet - > IP/CIDR
             tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
               get_param: [ServiceNetMap, MysqlNetwork]
+            tripleo::profile::pacemaker::database::mysql::ca_file:
+              get_param: InternalTLSCAFile
       step_config: |
         include ::tripleo::profile::pacemaker::database::mysql
       metadata_settings:
diff --git a/puppet/services/pacemaker/ovn-dbs.yaml b/puppet/services/pacemaker/ovn-dbs.yaml
new file mode 100644
index 00000000..1cbb4763
--- /dev/null
+++ b/puppet/services/pacemaker/ovn-dbs.yaml
@@ -0,0 +1,61 @@
+heat_template_version: ocata
+
+description: >
+  OVN databases configured with puppet in HA mode
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  OVNNorthboundServerPort:
+    description: Port of the OVN Northbound DB server
+    type: number
+    default: 6641
+  OVNSouthboundServerPort:
+    description: Port of the OVN Southbound DB server
+    type: number
+    default: 6642
+
+resources:
+
+  OVNDBsBase:
+    type: ../ovn-dbs.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the OVN northd service
+    value:
+      service_name: ovn_dbs
+      config_settings:
+        map_merge:
+          - get_attr: [OVNDBsBase, role_data, config_settings]
+          - tripleo::haproxy::ovn_dbs_manage_lb: false
+            tripleo::profile::pacemaker::ovn_northd::nb_db_port: {get_param: OVNNorthboundServerPort}
+            tripleo::profile::pacemaker::ovn_northd::sb_db_port: {get_param: OVNSouthboundServerPort}
+      step_config: |
+        include ::tripleo::profile::pacemaker::ovn_northd