6 files changed, 82 insertions, 20 deletions

diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml
new file mode 100644
index 00000000..b68567fb
--- /dev/null
+++ b/puppet/services/ceph-mds.yaml
@@ -0,0 +1,49 @@
+heat_template_version: ocata
+
+description: >
+  Ceph MDS service.
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  CephMdsKey:
+    description: The cephx key for the MDS service. Can be created
+                 with ceph-authtool --gen-print-key.
+    type: string
+    hidden: true
+
+resources:
+  CephBase:
+    type: ./ceph-base.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Ceph MDS service.
+    value:
+      service_name: ceph_mds
+      config_settings:
+        map_merge:
+          - get_attr: [CephBase, role_data, config_settings]
+          - ceph::profile::params::mds_key: {get_param: CephMdsKey}
+            tripleo.ceph_mds.firewall_rules:
+              '112 ceph_mds':
+                dport:
+                  - '6800-7300'
+      step_config: |
+        include ::tripleo::profile::base::ceph::mds
diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml
index 3f6dba60..a933a94b 100644
--- a/puppet/services/heat-base.yaml
+++ b/puppet/services/heat-base.yaml
@@ -57,6 +57,7 @@ outputs:
         heat::rabbit_port: {get_param: RabbitClientPort}
         heat::debug: {get_param: Debug}
         heat::enable_proxy_headers_parsing: true
+        heat::rpc_response_timeout: 600
         # We need this because the default heat policy.json no longer works on TripleO
         # https://git.openstack.org/cgit/openstack/heat/commit/?id=ac86702172ddf01f5bdc3f3cd99d2e32ad9b7024
         heat::policy::policies:
@@ -77,6 +78,8 @@ outputs:
         heat::cron::purge_deleted::destination: '/dev/null'
         heat::db::database_db_max_retries: -1
         heat::db::database_max_retries: -1
+        heat::yaql_memory_quota: 100000
+        heat::yaql_limit_iterators: 1000
       service_config_settings:
         keystone:
           tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack'
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index 4e35703d..8faccd2b 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -48,6 +48,15 @@ parameters:
     default:
       tag: openstack.heat.engine
       path: /var/log/heat/heat-engine.log
+  HeatConvergenceEngine:
+    type: boolean
+    default: true
+    description: Enables the heat engine with the convergence architecture.
+  HeatMaxResourcesPerStack:
+    type: number
+    default: 1000
+    description: Maximum resources allowed per top-level stack. -1 stands for unlimited.
+
 
 resources:
   HeatBase:
@@ -72,6 +81,8 @@ outputs:
           - heat::engine::num_engine_workers: {get_param: HeatWorkers}
             heat::engine::configure_delegated_roles: false
             heat::engine::trusts_delegated_roles: []
+            heat::engine::max_nested_stack_depth: 6
+            heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack}
             heat::engine::heat_metadata_server_url:
               list_join:
                 - ''
@@ -89,6 +100,7 @@ outputs:
                   - ':'
                   - {get_param: [EndpointMap, HeatCfnPublic, port]}
                   - '/v1/waitcondition'
+            heat::engine::convergence_engine: {get_param: HeatConvergenceEngine}
             tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge}
             heat::database_connection:
               list_join:
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index d928e4ea..d2ca841f 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -137,6 +137,23 @@ outputs:
       step_config: |
         include tripleo::profile::base::nova::api
       service_config_settings:
+        mysql:
+          map_merge:
+          - {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
+          - nova::db::mysql::password: {get_param: NovaPassword}
+            nova::db::mysql::user: nova
+            nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+            nova::db::mysql::dbname: nova
+            nova::db::mysql::allowed_hosts:
+              - '%'
+              - "%{hiera('mysql_bind_host')}"
+            nova::db::mysql_api::password: {get_param: NovaPassword}
+            nova::db::mysql_api::user: nova_api
+            nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+            nova::db::mysql_api::dbname: nova_api
+            nova::db::mysql_api::allowed_hosts:
+              - '%'
+              - "%{hiera('mysql_bind_host')}"
         keystone:
           nova::keystone::auth::tenant: 'service'
           nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
@@ -144,18 +161,3 @@ outputs:
           nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
           nova::keystone::auth::password: {get_param: NovaPassword}
           nova::keystone::auth::region: {get_param: KeystoneRegion}
-        mysql:
-          nova::db::mysql::password: {get_param: NovaPassword}
-          nova::db::mysql::user: nova
-          nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
-          nova::db::mysql::dbname: nova
-          nova::db::mysql::allowed_hosts:
-            - '%'
-            - "%{hiera('mysql_bind_host')}"
-          nova::db::mysql_api::password: {get_param: NovaPassword}
-          nova::db::mysql_api::user: nova_api
-          nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
-          nova::db::mysql_api::dbname: nova_api
-          nova::db::mysql_api::allowed_hosts:
-            - '%'
-            - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml
index 89842115..0ed9d206 100644
--- a/puppet/services/opendaylight-api.yaml
+++ b/puppet/services/opendaylight-api.yaml
@@ -17,10 +17,6 @@ parameters:
     type: string
     description: The password for the opendaylight server.
     hidden: true
-  OpenDaylightEnableL3:
-    description: Knob to enable/disable ODL L3
-    type: string
-    default: 'no'
   OpenDaylightEnableDHCP:
     description: Knob to enable/disable ODL DHCP Server
     type: boolean
@@ -56,7 +52,6 @@ outputs:
         opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
         opendaylight::username: {get_param: OpenDaylightUsername}
         opendaylight::password: {get_param: OpenDaylightPassword}
-        opendaylight::enable_l3: {get_param: OpenDaylightEnableL3}
         opendaylight::extra_features: {get_param: OpenDaylightFeatures}
         opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP}
         opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index a32dec1e..5526a6f2 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -69,6 +69,7 @@ outputs:
         rabbitmq::delete_guest_user: false
         rabbitmq::wipe_db_on_cookie_change: true
         rabbitmq::port: '5672'
+        rabbitmq::package_provider: yum
         rabbitmq::package_source: undef
         rabbitmq::repos_ensure: false
         rabbitmq::tcp_keepalive: true