5 files changed, 22 insertions, 19 deletions

diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 0813cb7e..c8edade5 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -34,16 +34,6 @@ parameters:
     description: The password for Redis
     type: string
     hidden: true
-  ControlVirtualInterface:
-    default: 'br-ex'
-    description: Interface where virtual ip will be assigned.
-    type: string
-  PublicVirtualInterface:
-    default: 'br-ex'
-    description: >
-        Specifies the interface where the public-facing virtual ip will be assigned.
-        This should be int_public when a VLAN is being used.
-    type: string
   MonitoringSubscriptionHaproxy:
     default: 'overcloud-haproxy'
     type: string
@@ -81,8 +71,6 @@ outputs:
             tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
             tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
             tripleo::haproxy::redis_password: {get_param: RedisPassword}
-            tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface}
-            tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface}
             tripleo::profile::base::haproxy::certificates_specs:
               map_merge:
                 - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 017bb76f..8eaf4044 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -59,12 +59,14 @@ outputs:
                 - 80
                 - 443
           horizon::disable_password_reveal: true
+          horizon::enforce_password_check: true
           horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
           horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
           horizon::vhost_extra_params:
             add_listen: false
             priority: 10
             access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
+            options: ['FollowSymLinks','MultiViews']
           horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
           horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
           horizon::secret_key:
diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml
index 38cfbe22..fb0d32b6 100644
--- a/puppet/services/keepalived.yaml
+++ b/puppet/services/keepalived.yaml
@@ -19,14 +19,18 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
   ControlVirtualInterface:
-    default: 'br-ex'
-    description: Interface where virtual ip will be assigned.
+    default: ''
+    description: >
+        Interface where virtual ip will be assigned.  This value will be
+        automatically set by the deployment tool.  Overriding here will
+        override automatic setting.
     type: string
   PublicVirtualInterface:
-    default: 'br-ex'
+    default: ''
     description: >
-        Specifies the interface where the public-facing virtual ip will be assigned.
-        This should be int_public when a VLAN is being used.
+        Interface where virtual ip will be assigned.  This value will be
+        automatically set by the deployment tool.  Overriding here will
+        override automatic setting.
     type: string
   MonitoringSubscriptionKeepalived:
     default: 'overcloud-keepalived'
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index d819e043..fe023a6a 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -99,6 +99,12 @@ parameters:
   KeystoneCredential1:
     type: string
     description: The second Keystone credential key. Must be a valid key.
+  KeystoneFernetKey0:
+    type: string
+    description: The first Keystone fernet key. Must be a valid key.
+  KeystoneFernetKey1:
+    type: string
+    description: The second Keystone fernet key. Must be a valid key.
   KeystoneLoggingSource:
     type: json
     default:
@@ -156,6 +162,11 @@ outputs:
                 content: {get_param: KeystoneCredential0}
               '/etc/keystone/credential-keys/1':
                 content: {get_param: KeystoneCredential1}
+            keystone::fernet_keys:
+              '/etc/keystone/fernet-keys/0':
+                content: {get_param: KeystoneFernetKey0}
+              '/etc/keystone/fernet-keys/1':
+                content: {get_param: KeystoneFernetKey1}
             keystone::debug: {get_param: Debug}
             keystone::rabbit_userid: {get_param: RabbitUserName}
             keystone::rabbit_password: {get_param: RabbitPassword}
diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml
index 52104a71..e4115d64 100644
--- a/puppet/services/pacemaker/haproxy.yaml
+++ b/puppet/services/pacemaker/haproxy.yaml
@@ -38,7 +38,5 @@ outputs:
           - get_attr: [LoadbalancerServiceBase, role_data, config_settings]
           - tripleo::haproxy::haproxy_service_manage: false
             tripleo::haproxy::mysql_clustercheck: true
-            enable_keepalived: false
-            tripleo::haproxy::keepalived: false
       step_config: |
         include ::tripleo::profile::pacemaker::haproxy