9 files changed, 270 insertions, 0 deletions

diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
new file mode 100644
index 00000000..ab51212c
--- /dev/null
+++ b/puppet/services/aodh-api.yaml
@@ -0,0 +1,37 @@
+heat_template_version: 2016-04-08
+
+description: >
+  OpenStack Aodh API service configured with Puppet
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+resources:
+  AodhBase:
+    type: ./aodh-base.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Aodh API service.
+    value:
+      service_name: aodh_api
+      config_settings:
+        map_merge:
+          - get_attr: [AodhBase, role_data, config_settings]
+          - aodh::wsgi::apache::ssl: false
+            aodh::api::service_name: 'httpd'
+            aodh::api::keystone_tenant: 'service'
+          - tripleo.aodh_api.firewall_rules:
+              '128 aodh-api':
+                dport:
+                  - 8042
+                  - 13042
+
+      step_config: |
+        include tripleo::profile::base::aodh::api
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
new file mode 100644
index 00000000..30c3f416
--- /dev/null
+++ b/puppet/services/aodh-base.yaml
@@ -0,0 +1,94 @@
+heat_template_version: 2016-04-08
+
+description: >
+  OpenStack Aodh service configured with Puppet
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  AodhPassword:
+    description: The password for the aodh services.
+    type: string
+    hidden: true
+  RedisPassword:
+    description: The password for the redis service account.
+    type: string
+    hidden: true
+  RabbitPassword:
+    description: The password for RabbitMQ
+    type: string
+    hidden: true
+  RabbitUserName:
+    default: guest
+    description: The username for RabbitMQ
+    type: string
+  RabbitClientUseSSL:
+    default: false
+    description: >
+        Rabbit client subscriber parameter to specify
+        an SSL connection to the RabbitMQ host.
+    type: string
+  RabbitClientPort:
+    default: 5672
+    description: Set rabbit subscriber port, change this if using SSL
+    type: number
+  Debug:
+    default: ''
+    description: Set to True to enable debugging on all services.
+    type: string
+  KeystoneRegion:
+    type: string
+    default: 'regionOne'
+    description: Keystone region for endpoint
+
+outputs:
+  role_data:
+    description: Role data for the Aodh role.
+    value:
+      service_name: aodh_base
+      config_settings:
+        aodh::evaluator::coordination_url:
+          list_join:
+            - ''
+            - - 'redis://:'
+              - {get_param: RedisPassword}
+              - '@'
+              - "%{hiera('redis_vip')}"
+              - ':6379/'
+        aodh::db::database_connection:
+          list_join:
+            - ''
+            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+              - '://aodh:'
+              - {get_param: AodhPassword}
+              - '@'
+              - {get_param: [EndpointMap, MysqlInternal, host]}
+              - '/aodh'
+        aodh::debug: {get_param: Debug}
+        aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] }
+        aodh::rabbit_userid: {get_param: RabbitUserName}
+        aodh::rabbit_password: {get_param: RabbitPassword}
+        aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+        aodh::rabbit_port: {get_param: RabbitClientPort}
+        aodh::api::keystone_password: {get_param: AodhPassword}
+        aodh::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+        aodh::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+        aodh::auth::auth_password: {get_param: AodhPassword}
+        aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
+        aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
+        aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
+        aodh::keystone::auth::password: {get_param: AodhPassword}
+        aodh::keystone::auth::region: {get_param: KeystoneRegion}
+        aodh::keystone::auth::tenant: 'service'
+        aodh::db::mysql::user: aodh
+        aodh::db::mysql::password: {get_param: AodhPassword}
+        aodh::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]}
+        aodh::db::mysql::dbname: aodh
+        aodh::db::mysql::allowed_hosts:
+          - '%'
+          - "%{hiera('mysql_bind_host')}"
+        aodh::auth::auth_region: 'regionOne'
+        aodh::auth::auth_tenant_name: 'service'
diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml
new file mode 100644
index 00000000..103f691a
--- /dev/null
+++ b/puppet/services/aodh-evaluator.yaml
@@ -0,0 +1,27 @@
+heat_template_version: 2016-04-08
+
+description: >
+  OpenStack Aodh Evaluator service configured with Puppet
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+resources:
+  AodhBase:
+    type: ./aodh-base.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Aodh Evaluator service.
+    value:
+      service_name: aodh_evaluator
+      config_settings:
+        get_attr: [AodhBase, role_data, config_settings]
+      step_config: |
+        include tripleo::profile::base::aodh::evaluator
diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml
new file mode 100644
index 00000000..01caf8b5
--- /dev/null
+++ b/puppet/services/aodh-listener.yaml
@@ -0,0 +1,27 @@
+heat_template_version: 2016-04-08
+
+description: >
+  OpenStack Aodh Listener service configured with Puppet
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+resources:
+  AodhBase:
+    type: ./aodh-base.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Aodh Listener service.
+    value:
+      service_name: aodh_listener
+      config_settings:
+        get_attr: [AodhBase, role_data, config_settings]
+      step_config: |
+        include tripleo::profile::base::aodh::listener
diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml
new file mode 100644
index 00000000..de07f780
--- /dev/null
+++ b/puppet/services/aodh-notifier.yaml
@@ -0,0 +1,27 @@
+heat_template_version: 2016-04-08
+
+description: >
+  OpenStack Aodh Notifier service configured with Puppet
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+resources:
+  AodhBase:
+    type: ./aodh-base.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Aodh Notifier service.
+    value:
+      service_name: aodh_notifier
+      config_settings:
+        get_attr: [AodhBase, role_data, config_settings]
+      step_config: |
+        include tripleo::profile::base::aodh::notifier
diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml
new file mode 100644
index 00000000..f10b5922
--- /dev/null
+++ b/puppet/services/neutron-l3-compute-dvr.yaml
@@ -0,0 +1,37 @@
+heat_template_version: 2016-04-08
+
+description: >
+  OpenStack Neutron L3 agent for DVR enabled compute nodes
+  configured with Puppet
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  Debug:
+    type: string
+    default: ''
+  NeutronExternalNetworkBridge:
+    description: Name of bridge used for external network traffic.
+    type: string
+    default: 'br-ex'
+
+resources:
+
+  NeutronBase:
+    type: ./neutron-base.yaml
+
+outputs:
+  role_data:
+    description: Role data for DVR L3 Agent on Compute Nodes
+    value:
+      service_name: neutron_l3_compute_dvr
+      config_settings:
+        map_merge:
+          - get_attr: [NeutronBase, role_data, config_settings]
+          - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
+            neutron::agents::l3::agent_mode : 'dvr'
+      step_config: |
+        include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index a7232a39..ede41935 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -16,6 +16,15 @@ parameters:
     description: Name of bridge used for external network traffic.
     type: string
     default: 'br-ex'
+  NeutronL3AgentMode:
+    description: |
+      Agent mode for L3 agent. Must be one of legacy or dvr_snat.
+    default: 'legacy'
+    type: string
+    constraints:
+      - allowed_values:
+        - legacy
+        - dvr_snat
 
 resources:
 
@@ -32,5 +41,6 @@ outputs:
           - get_attr: [NeutronBase, role_data, config_settings]
           - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
             neutron::agents::l3::router_delete_namespaces: True
+            neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode}
       step_config: |
         include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index d8679f2e..7a97cd84 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -37,6 +37,11 @@ parameters:
     description: |
         Comma-separated list of extensions enabled for the Neutron agents.
     type: comma_delimited_list
+  NeutronEnableDVR:
+    default: False
+    description: |
+      Enable support for distributed routing in the OVS Agent.
+    type: boolean
 
 resources:
 
@@ -53,6 +58,7 @@ outputs:
           - get_attr: [NeutronBase, role_data, config_settings]
             neutron::agents::ml2::ovs::enable_tunneling: {get_param: NeutronEnableTunnelling}
             neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
+            neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
             neutron::agents::ml2::ovs::bridge_mappings:
               str_replace:
                 template: MAPPINGS
diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml
index 1c7cef49..d64fd66d 100644
--- a/puppet/services/neutron-server.yaml
+++ b/puppet/services/neutron-server.yaml
@@ -29,6 +29,10 @@ parameters:
     description: The password for the nova service and db account, used by nova-api.
     type: string
     hidden: true
+  NeutronEnableDVR:
+    description: Enable Neutron DVR.
+    default: false
+    type: boolean
 
 resources:
 
@@ -85,5 +89,6 @@ outputs:
                 dport: 4789
               '106 vrrp':
                 proto: vrrp
+            neutron::server::router_distributed: {get_param: NeutronEnableDVR}
       step_config: |
         include tripleo::profile::base::neutron::server