6 files changed, 149 insertions, 6 deletions

diff --git a/puppet/services/ceilometer-agent-ipmi.yaml b/puppet/services/ceilometer-agent-ipmi.yaml
new file mode 100644
index 00000000..26647dfd
--- /dev/null
+++ b/puppet/services/ceilometer-agent-ipmi.yaml
@@ -0,0 +1,77 @@
+heat_template_version: ocata
+
+description: >
+  OpenStack Ceilometer Ipmi Agent service configured with Puppet
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  RedisPassword:
+    description: The password for the redis service account.
+    type: string
+    hidden: true
+  MonitoringSubscriptionCeilometerIpmi:
+    default: 'overcloud-ceilometer-agent-ipmi'
+    type: string
+  CeilometerAgentIpmiLoggingSource:
+    type: json
+    default:
+      tag: openstack.ceilometer.agent.ipmi
+      path: /var/log/ceilometer/ipmi.log
+
+resources:
+  CeilometerServiceBase:
+    type: ./ceilometer-base.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Ceilometer Agent Ipmi role.
+    value:
+      service_name: ceilometer_agent_ipmi
+      monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerIpmi}
+      logging_source: {get_param: CeilometerAgentIpmiLoggingSource}
+      logging_groups:
+        - ceilometer
+      config_settings:
+        map_merge:
+          - get_attr: [CeilometerServiceBase, role_data, config_settings]
+          - ceilometer_redis_password: {get_param: RedisPassword}
+            ipmi_namespace: true
+      step_config: |
+        include ::tripleo::profile::base::ceilometer::agent::polling
+      upgrade_tasks:
+        - name: Check if ceilometer-agent-ipmi is deployed
+          command: systemctl is-enabled openstack-ceilometer-ipmi
+          tags: common
+          ignore_errors: True
+          register: ceilometer_ipmi_enabled
+        - name: "PreUpgrade step0,validation: Check if openstack-ceilometer-ipmi is running"
+          shell: >
+            /usr/bin/systemctl show 'openstack-ceilometer-ipmi' --property ActiveState |
+            grep '\bactive\b'
+          when: ceilometer_ipmi_enabled.rc == 0
+          tags: step0,validation
+        - name: Stop openstack-ceilometer-ipmi service
+          tags: step1
+          when: ceilometer_ipmi_enabled.rc == 0
+          service: name=openstack-ceilometer-ipmi state=stopped
+        - name: Install openstack-ceilometer-ipmi package if it was disabled
+          tags: step3
+          yum: name=openstack-ceilometer-ipmi state=latest
+          when: ceilometer_ipmi_enabled.rc != 0
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 63ec4446..50597216 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -19,6 +19,10 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  MongodbMemoryLimit:
+    default: '20G'
+    description: Limit the amount of memory mongodb uses with systemd.
+    type: string
   MongoDbLoggingSource:
     type: json
     description: Fluentd logging configuration for mongodb.
@@ -49,6 +53,7 @@ outputs:
         map_merge:
           - get_attr: [MongoDbBase, role_data, config_settings]
           - tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]}
+            tripleo::profile::base::database::mongodb::memory_limit: {get_param: MongodbMemoryLimit}
             mongodb::server::service_manage: True
             tripleo.mongodb.firewall_rules:
               '101 mongodb_config':
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index ee4c771f..bc4380a5 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -58,5 +58,7 @@ outputs:
             value: {get_param: KernelPidMax}
           kernel.dmesg_restrict:
             value: 1
+          fs.suid_dumpable:
+            value: 0
       step_config: |
         include ::tripleo::profile::base::kernel
diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml
index 04431e28..ea717690 100644
--- a/puppet/services/neutron-compute-plugin-nuage.yaml
+++ b/puppet/services/neutron-compute-plugin-nuage.yaml
@@ -22,6 +22,10 @@ parameters:
     description: The password for the nova service account, used by nova-api.
     type: string
     hidden: true
+  NuageMetadataPort:
+    description: TCP Port to listen for metadata server requests
+    type: string
+    default: '9697'
 
 outputs:
   role_data:
@@ -32,5 +36,11 @@ outputs:
         tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service'
         tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword}
         tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]}
+        tripleo.neutron_compute_plugin_nuage.firewall_rules:
+          '118 neutron vxlan networks':
+            proto: 'udp'
+            dport: 4789
+          '100 metadata agent':
+            dport: {get_param: NuageMetadataPort}
       step_config: |
         include ::tripleo::profile::base::neutron::agents::nuage
diff --git a/puppet/services/neutron-l2gw-api.yaml b/puppet/services/neutron-l2gw-api.yaml
new file mode 100644
index 00000000..b6f0d281
--- /dev/null
+++ b/puppet/services/neutron-l2gw-api.yaml
@@ -0,0 +1,54 @@
+heat_template_version: ocata
+
+description: >
+  L2 Gateway service plugin configured with Puppet
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  L2gwServiceDefaultInterfaceName:
+    default: 'FortyGigE1/0/1'
+    description: default interface name of the L2 gateway
+    type: string
+  L2gwServiceDefaultDeviceName:
+    default: 'Switch1'
+    description: default device name of the L2 gateway
+    type: string
+  L2gwServiceQuotaL2Gateway:
+    default: 5
+    description: quota of the L2 gateway
+    type: number
+  L2gwServicePeriodicMonitoringInterval:
+    default: 5
+    description: The periodic interval at which the plugin
+    type: number
+  L2gwServiceProvider:
+    default: ["L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default"]
+    description: Backend to use as a service provider for L2 Gateway
+    type: comma_delimited_list
+
+outputs:
+  role_data:
+    description: Role data for the L2 Gateway role.
+    value:
+      service_name: neutron_l2gw_api
+      config_settings:
+        neutron::services::l2gw::default_interface_name: {get_param: L2gwServiceDefaultInterfaceName}
+        neutron::services::l2gw::default_device_name: {get_param: L2gwServiceDefaultDeviceName}
+        neutron::services::l2gw::quota_l2_gateway: {get_param: L2gwServiceQuotaL2Gateway}
+        neutron::services::l2gw::periodic_monitoring_interval: {get_param: L2gwServicePeriodicMonitoringInterval}
+        neutron::services::l2gw::service_providers: {get_param: L2gwServiceProvider}
+      step_config: |
+        include tripleo::profile::base::neutron::l2gw
diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml
index e09cd704..6229a3f1 100644
--- a/puppet/services/neutron-plugin-nuage.yaml
+++ b/puppet/services/neutron-plugin-nuage.yaml
@@ -19,10 +19,6 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
   # Config specific parameters, to be provided via parameter_defaults
-  NeutronNuageOSControllerIp:
-    description: IP address of the OpenStack Controller
-    type: string
-
   NeutronNuageNetPartitionName:
     description: Specifies the title that you will see on the VSD
     type: string
@@ -76,8 +72,7 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [NeutronBase, role_data, config_settings]
-          - neutron::plugins::nuage::nuage_oscontroller_ip: {get_param: NeutronNuageOSControllerIp}
-            neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
+          - neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
             neutron::plugins::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp}
             neutron::plugins::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername}
             neutron::plugins::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword}