4 files changed, 211 insertions, 2 deletions

diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index 9bd282f8..6e53b1f7 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -77,13 +77,15 @@ outputs:
               - "%{hiera('apache_remote_proxy_ips_network')}"
           -
             generate_service_certificates: true
+            tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
+            tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
             apache_certificates_specs:
               map_merge:
                 repeat:
                   template:
                     httpd-NETWORK:
-                      service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt'
-                      service_key: '/etc/pki/tls/private/httpd-NETWORK.key'
+                      service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
+                      service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
                       hostname: "%{hiera('fqdn_NETWORK')}"
                       principal: "HTTP/%{hiera('fqdn_NETWORK')}"
                   for_each:
diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml
new file mode 100644
index 00000000..29a0ce1b
--- /dev/null
+++ b/puppet/services/cinder-backend-netapp.yaml
@@ -0,0 +1,129 @@
+heat_template_version: ocata
+
+description: Openstack Cinder Netapp backend
+
+parameters:
+  CinderEnableNetappBackend:
+    type: boolean
+    default: true
+  CinderNetappBackendName:
+    type: string
+    default: 'tripleo_netapp'
+  CinderNetappLogin:
+    type: string
+  CinderNetappPassword:
+    type: string
+    hidden: true
+  CinderNetappServerHostname:
+    type: string
+  CinderNetappServerPort:
+    type: string
+    default: '80'
+  CinderNetappSizeMultiplier:
+    type: string
+    default: '1.2'
+  CinderNetappStorageFamily:
+    type: string
+    default: 'ontap_cluster'
+  CinderNetappStorageProtocol:
+    type: string
+    default: 'nfs'
+  CinderNetappTransportType:
+    type: string
+    default: 'http'
+  CinderNetappVfiler:
+    type: string
+    default: ''
+  CinderNetappVolumeList:
+    type: string
+    default: ''
+  CinderNetappVserver:
+    type: string
+    default: ''
+  CinderNetappPartnerBackendName:
+    type: string
+    default: ''
+  CinderNetappNfsShares:
+    type: string
+    default: ''
+  CinderNetappNfsSharesConfig:
+    type: string
+    default: '/etc/cinder/shares.conf'
+  CinderNetappNfsMountOptions:
+    type: string
+    default: ''
+  CinderNetappCopyOffloadToolPath:
+    type: string
+    default: ''
+  CinderNetappControllerIps:
+    type: string
+    default: ''
+  CinderNetappSaPassword:
+    type: string
+    default: ''
+    hidden: true
+  CinderNetappStoragePools:
+    type: string
+    default: ''
+  CinderNetappHostType:
+    type: string
+    default: ''
+  CinderNetappWebservicePath:
+    type: string
+    default: '/devmgr/v2'
+  # DEPRECATED options for compatibility with older versions
+  CinderNetappEseriesHostType:
+    type: string
+    default: 'linux_dm_mp'
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    type: json
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+
+parameter_groups:
+- label: deprecated
+  description: Do not use deprecated params, they will be removed.
+  parameters:
+  - CinderNetappEseriesHostType
+
+outputs:
+  role_data:
+    description: Role data for the Cinder NetApp backend.
+    value:
+      service_name: cinder_backend_netapp
+      config_settings:
+        tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_param: CinderEnableNetappBackend}
+        cinder::backend::netapp::title: {get_param: CinderNetappBackendName}
+        cinder::backend::netapp::netapp_login: {get_param: CinderNetappLogin}
+        cinder::backend::netapp::netapp_password: {get_param: CinderNetappPassword}
+        cinder::backend::netapp::netapp_server_hostname: {get_param: CinderNetappServerHostname}
+        cinder::backend::netapp::netapp_server_port: {get_param: CinderNetappServerPort}
+        cinder::backend::netapp::netapp_size_multiplier: {get_param: CinderNetappSizeMultiplier}
+        cinder::backend::netapp::netapp_storage_family: {get_param: CinderNetappStorageFamily}
+        cinder::backend::netapp::netapp_storage_protocol: {get_param: CinderNetappStorageProtocol}
+        cinder::backend::netapp::netapp_transport_type: {get_param: CinderNetappTransportType}
+        cinder::backend::netapp::netapp_vfiler: {get_param: CinderNetappVfiler}
+        cinder::backend::netapp::netapp_volume_list: {get_param: CinderNetappVolumeList}
+        cinder::backend::netapp::netapp_vserver: {get_param: CinderNetappVserver}
+        cinder::backend::netapp::netapp_partner_backend_name: {get_param: CinderNetappPartnerBackendName}
+        cinder::backend::netapp::nfs_shares: {get_param: CinderNetappNfsShares}
+        cinder::backend::netapp::nfs_shares_config: {get_param: CinderNetappNfsSharesConfig}
+        cinder::backend::netapp::nfs_mount_options: {get_param: CinderNetappNfsMountOptions}
+        cinder::backend::netapp::netapp_copyoffload_tool_path: {get_param: CinderNetappCopyOffloadToolPath}
+        cinder::backend::netapp::netapp_controller_ips: {get_param: CinderNetappControllerIps}
+        cinder::backend::netapp::netapp_sa_password: {get_param: CinderNetappSaPassword}
+        cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools}
+        cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType}
+        cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath}
+      step_config: |
+        include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/external-swift-proxy.yaml b/puppet/services/external-swift-proxy.yaml
new file mode 100644
index 00000000..75f5b6a0
--- /dev/null
+++ b/puppet/services/external-swift-proxy.yaml
@@ -0,0 +1,70 @@
+heat_template_version: ocata
+
+description: >
+  External Swift Proxy endpoint configured with Puppet
+
+parameters:
+  ExternalPublicUrl:
+    description: Public endpoint url for the external swift proxy
+    type: string
+  ExternalInternalUrl:
+    description: Internal endpoint url for the external swift proxy
+    type: string
+  ExternalAdminUrl:
+    description: External endpoint url for the external swift proxy
+    type: string
+  ExternalSwiftUserTenant:
+    description: Tenant where swift user will be set as admin
+    type: string
+    default: 'service'
+  SwiftPassword:
+    description: The password for the swift service account, used by the swift proxy services.
+    type: string
+    hidden: true
+  KeystoneRegion:
+    type: string
+    default: 'regionOne'
+    description: Keystone region for endpoint
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+resources:
+
+outputs:
+  role_data:
+    description: Role data for External Swift proxy.
+    value:
+      service_name: external_swift_proxy
+      config_settings:
+
+      step_config:
+
+      service_config_settings:
+        keystone:
+          swift::keystone::auth::public_url: {get_param: ExternalPublicUrl}
+          swift::keystone::auth::internal_url: {get_param: ExternalInternalUrl}
+          swift::keystone::auth::admin_url: {get_param: ExternalAdminUrl}
+          swift::keystone::auth::public_url_s3: ''
+          swift::keystone::auth::internal_url_s3: ''
+          swift::keystone::auth::admin_url_s3: ''
+          swift::keystone::auth::password: {get_param: SwiftPassword}
+          swift::keystone::auth::region: {get_param: KeystoneRegion}
+          swift::keystone::auth::tenant: {get_param: ExternalSwiftUserTenant}
+          swift::keystone::auth::configure_s3_endpoint: false
+          swift::keystone::auth::operator_roles:
+            - admin
+            - swiftoperator
+            - ResellerAdmin
+
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 94b15d4b..2a335b67 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -22,6 +22,10 @@ parameters:
     default: 1048576
     description: Configures sysctl kernel.pid_max key
     type: number
+  KernelDisableIPv6:
+    default: 0
+    description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys
+    type: number
 
 outputs:
   role_data:
@@ -57,6 +61,10 @@ outputs:
             value: 500000
           net.netfilter.nf_conntrack_max:
             value: 500000
+          net.ipv6.conf.default.disable_ipv6:
+            value: {get_param: KernelDisableIPv6}
+          net.ipv6.conf.all.disable_ipv6:
+            value: {get_param: KernelDisableIPv6}
           # prevent neutron bridges from autoconfiguring ipv6 addresses
           net.ipv6.conf.all.accept_ra:
             value: 0