7 files changed, 154 insertions, 7 deletions

diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index 074d941d..28c3e5df 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -38,7 +38,7 @@ parameters:
       {
         "volumes": {
           "size": 5,
-          "pg_num: 128,
+          "pg_num": 128,
           "pgp_num": 128
          }
       }
diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml
new file mode 100644
index 00000000..25e82c87
--- /dev/null
+++ b/puppet/services/cinder-backup.yaml
@@ -0,0 +1,47 @@
+heat_template_version: 2016-04-08
+
+description: >
+  OpenStack Cinder Backup service configured with Puppet
+
+parameters:
+  CinderBackupBackend:
+    default: swift
+    description: The short name of the Cinder Backup backend to use.
+    type: string
+    constraints:
+    - allowed_values: ['swift', 'ceph']
+  CinderBackupRbdPoolName:
+    default: backups
+    type: string
+  CephClientUserName:
+    default: openstack
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+resources:
+
+  CinderBase:
+    type: ./cinder-base.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Cinder Backup role.
+    value:
+      service_name: cinder_backup
+      config_settings:
+        map_merge:
+          - get_attr: [CinderBase, role_data, config_settings]
+          - cinder::backup::ceph::backup_ceph_user: {get_param: CephClientUserName}
+            cinder::backup::ceph::backup_ceph_pool: {get_param: CinderBackupRbdPoolName}
+            cinder::backup::swift::backup_swift_container: volumebackups
+      step_config:
+        str_replace:
+          template: "include ::tripleo::profile::base::cinder::backup::DRIVER"
+          params:
+            DRIVER: {get_param: CinderBackupBackend}
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 949cdf31..a85c0c55 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -35,9 +35,18 @@ outputs:
           # the VIP, but rather a real IP of the controller.
           - ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]}
             ironic::api::admin_password: {get_param: IronicPassword}
-            ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]}
-            ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]}
+            ironic::api::admin_tenant_name: 'service'
+            ironic::api::admin_user: 'ironic'
+            ironic::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+            ironic::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+            ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
+            # This is used to build links in responses
+            ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
             ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]}
+            ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]}
+            ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]}
+            ironic::keystone::auth::auth_name: 'ironic'
             ironic::keystone::auth::password: {get_param: IronicPassword }
+            ironic::keystone::auth::tenant: 'service'
       step_config: |
         include ::tripleo::profile::base::ironic::api
diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml
index 508694ee..ea7e7ee3 100644
--- a/puppet/services/ironic-base.yaml
+++ b/puppet/services/ironic-base.yaml
@@ -51,7 +51,6 @@ outputs:
               - '@'
               - {get_param: [EndpointMap, MysqlInternal, host]}
               - '/ironic'
-        ironic::admin_tenant_name: 'service'
         ironic::debug: {get_param: Debug}
         ironic::rabbit_userid: {get_param: RabbitUserName}
         ironic::rabbit_password: {get_param: RabbitPassword}
@@ -64,7 +63,5 @@ outputs:
         ironic::db::mysql::allowed_hosts:
           - '%'
           - "%{hiera('mysql_bind_host')}"
-
-        ironic::keystone::auth::tenant: 'service'
       step_config: |
         include ::tripleo::profile::base::ironic
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index a3bce305..01325333 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -28,7 +28,10 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [IronicBase, role_data, config_settings]
-          - ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
+          # FIXME: I have no idea why neutron_url is in "api" manifest
+          - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+            ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+            ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
             # Prevent tftp_server from defaulting to my_ip setting, which is
             # controller VIP, not a real IP.
             ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network}
diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml
new file mode 100644
index 00000000..7373c404
--- /dev/null
+++ b/puppet/services/nova-ironic.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+  OpenStack Nova Compute service configured with Puppet and using Ironic
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  IronicPassword:
+    description: The password for the Ironic service and db account, used by the Ironic services
+    type: string
+    hidden: true
+
+resources:
+  NovaBase:
+    type: ./nova-base.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Nova Compute service with Ironic.
+    value:
+      service_name: nova_ironic
+      config_settings:
+        map_merge:
+          - get_attr: [NovaBase, role_data, config_settings]
+          - nova::compute::force_config_drive: true
+            nova::compute::reserved_host_memory: '0'
+            nova::compute::vnc_enabled: false
+            nova::ironic::common::admin_password: {get_param: IronicPassword}
+            nova::ironic::common::admin_tenant_name: 'service'
+            nova::ironic::common::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri]}
+            nova::ironic::common::admin_username: 'ironic'
+            nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]}
+            nova::network::neutron::dhcp_domain: ''
+            nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
+      step_config: |
+        include tripleo::profile::base::nova::compute::ironic
diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml
new file mode 100644
index 00000000..706717e4
--- /dev/null
+++ b/puppet/services/pacemaker/cinder-backup.yaml
@@ -0,0 +1,49 @@
+heat_template_version: 2016-04-08
+
+description: >
+  OpenStack Cinder Backup service with Pacemaker configured with Puppet
+
+parameters:
+  CinderBackupBackend:
+    default: swift
+    description: The short name of the Cinder Backup backend to use.
+    type: string
+    constraints:
+    - allowed_values: ['swift', 'ceph']
+  CinderBackupRbdPoolName:
+    default: backups
+    type: string
+  CephClientUserName:
+    default: openstack
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+resources:
+
+  CinderBackupBase:
+    type: ../cinder-backup.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      CinderBackupBackend: {get_param: CinderBackupBackend}
+      CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName}
+      CephClientUserName: {get_param: CephClientUserName}
+
+outputs:
+  role_data:
+    description: Role data for the Cinder Backup role.
+    value:
+      service_name: cinder_backup
+      config_settings:
+        map_merge:
+          - get_attr: [CinderBackupBase, role_data, config_settings]
+          - cinder::backup::manage_service: false
+            cinder::backup::enabled: false
+      step_config:
+        list_join:
+          - "\n"
+          - - get_attr: [CinderBackupBase, role_data, step_config]
+            - "include ::tripleo::profile::pacemaker::cinder::backup"