46 files changed, 2037 insertions, 0 deletions

diff --git a/AUTHORS b/AUTHORS
new file mode 100644
index 0000000..7aaa45e
--- /dev/null
+++ b/AUTHORS
@@ -0,0 +1,2 @@
+Adam Gandelman <adamg@ubuntu.com>
+Eric Lopez <eric.lopez@akanda.io>
diff --git a/INSTALL.rst b/INSTALL.rst
new file mode 100644
index 0000000..86ea99f
--- /dev/null
+++ b/INSTALL.rst
@@ -0,0 +1,27 @@
+Create Manually Installed Astara Fuel 8.0 Plugin on Ubuntu Trusty 14.04
+=======================================================================
+
+``https://wiki.openstack.org/wiki/Fuel/Plugins#Preparing_an_environment_for_plugin_development``
+
+    sudo apt-get install createrepo rpm dpkg-dev
+    easy_install pip
+    pip install fuel-plugin-builder
+    git clone https://github.com/stackforge/fuel-plugins.git
+    cd fuel-plugins/fuel_plugin_builder/
+    sudo python setup.py develop
+
+``https://wiki.openstack.org/wiki/Fuel/Plugins#Using_Fuel_Plugin_Builder_tool``
+
+    fpb --create fuel-plugin-astara
+    fpb --build fuel-plugin-astara
+    
+
+Debug UI
+--------
+
+blah blah
+
+Debug Deployment
+----------------
+
+blah blah
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..e06d208
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,202 @@
+Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..6a65327
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,135 @@
+Astara plugin for Mirantis Fuel
+===============================
+
+Astara is a network orchestration service designed for provisioning Neutron 
+managed virtual network functions in an OpenStack deployment.
+
+Limitations:
+------------
+        Currently this plugin is not compatible with the following features:
+
+        - Neutron DVR
+        - FWaaS
+        - LBaaSv1
+        - other SDN solutions
+
+
+Compatible versions:
+--------------------
+
+        - Mirantis Fuel 8.0
+        - Akanda Astara 8.0
+
+To obtain the plugin:
+---------------------
+
+The Astara plugin can be downloaded from the [Fuel Plugin Catalog](
+https://www.mirantis.com/products/openstack-drivers-and-plugins/fuel-plugins/).
+
+
+To install the plugin:
+----------------------
+
+- Prepare a clean fuel master node.
+
+- Copy the plugin onto the fuel master node:
+
+                scp astara-fuel-plugin-1.0-1.0.0-0.noarch.rpm root@<Fuel_Master_Node_IP>:/tmp
+
+- Install the plugin on the fuel master node:
+
+                cd /tmp
+
+                fuel plugins --install astara-fuel-plugin-1.0-1.0.0-0.noarch.rpm
+
+- Check the plugin was installed:
+
+                fuel plugins --list
+
+
+User Guide
+----------
+
+To deploy a cluster with the Astara plugin, use the Fuel web UI to deploy an
+OpenStack cluster in the usual way, with the following guidelines:
+
+- Create a new OpenStack environment, selecting:
+
+        Liberty on Ubuntu Trusty
+
+        "Neutron with VLAN segmentation" or "Neutron with tunneling segmentation" as the networking setup
+
+- Under the network tab, configure the 'Network' settings for your environment. For example (exact values will
+  depend on your setup):
+
+        Public (External):
+
+        - IP Range: 172.16.0.2 - 172.16.0.126
+        - CIDR: 172.16.0.0/24
+        - Use VLAN tagging: No
+        - Gateway: 172.16.0.1 
+        - Floating IP range: 172.16.0.130 - 172.16.0.254
+
+
+        Management (Management):
+
+- Under the settings tab, make sure the following options are checked:
+
+        "Use Astara Network Orchestrator"
+
+- Under the setting tab, configure Astara Management Service Port, API Port, and Management IPv6 prefix
+
+        - Astara Management IPv6 Prefix
+        - Astara Management Service Port
+        - Astara API Service Port
+
+- Add nodes 
+
+- Deploy changes
+
+
+Deployment details
+------------------
+Deployment of Openstack using Astara Network Orchestrator does the following:
+
+- Configures Nova:
+
+        Enable Metadata Service
+
+        Enable IPv6
+
+        Enables Nova to attach external networks to an VM Instance
+        
+- Configures Neutron: 
+
+        Disables Metadata Agent, L3 Agent, and DHCP Agent
+
+        Enables Astara API extensions
+
+        Enables Astara service plugin
+
+        Enables Astara core plugin
+
+- Uploads Astara Router Service VM into Openstack Image Service (glance)
+
+- Configure Horizon:
+
+        Enable Astara dashboard extensions
+
+        Configure Astara management service details
+
+- Create Public and Management Networks for Openstack deployment
+
+
+Known issues
+------------
+
+None.
+
+Release Notes
+-------------
+
+**1.0.0**
+
+* Initial release of the plugin
+
diff --git a/components.yaml b/components.yaml
new file mode 100644
index 0000000..692cc44
--- /dev/null
+++ b/components.yaml
@@ -0,0 +1,29 @@
+# This file contains wizard components descriptions that are pretty similar to
+# the `environment_config.yaml`.
+# Please, take a look at following link for the details:
+# - https://blueprints.launchpad.net/fuel/+spec/component-registry
+# - https://specs.openstack.org/openstack/fuel-specs/specs/8.0/component-registry.html
+
+- name: 'additional_service:astara'
+  label: "Install Astara (Openstack Network Orchestrator)"
+  description: "If selected, Astara's Network Orchestrator will be installed. Astara
+    is a production grade L3-L7 Network Service Platform for Neutron"
+  bind: !!pairs
+    - "cluster:net_provider": "neutron"
+  requires:
+    - name: 'network:neutron:core:ml2'
+  compatible:
+    - name: 'hypervisor:libvirt:*'
+    - name: 'hypervisor:kvm'
+    - name: 'hypervisor:qemu'
+    - name: 'network:neutron:vlan'
+    - name: 'network:neutron:tun'
+    - name: "storage:block:lvm"
+    - name: "storage:image:ceph"
+    - name: "storage:object:ceph"
+    - name: "additional_service:ceilometer"
+    - name: "storage:block:ceph"
+    - name: "storage:ephemeral:ceph"
+  incompatible:
+    - name: 'hypervisor:vmware'
+      description: 'Astara is not compatible with VMware vSphere'
diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_astara_neutron_install.pp b/deployment_scripts/puppet/manifests/network_orchestrator_astara_neutron_install.pp
new file mode 100644
index 0000000..58f0ecc
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/network_orchestrator_astara_neutron_install.pp
@@ -0,0 +1,5 @@
+notice('MODULE: astara-neutron install')
+
+include astara
+
+class { 'astara::astara_neutron::install': }
diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_configure.pp b/deployment_scripts/puppet/manifests/network_orchestrator_configure.pp
new file mode 100644
index 0000000..fdf475a
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/network_orchestrator_configure.pp
@@ -0,0 +1,123 @@
+notice('MODULAR: astara config')
+
+$astara_settings = hiera('fuel-plugin-astara')
+
+# pass through fuel plugin config
+astara_config {
+    'DEFAULT/astara_api_port': value => $astara_settings['astara_api_port'];
+    'DEFAULT/astara_mgt_service_port': value => $astara_settings['astra_mgmt_service_port'];
+    'DEFAULT/management_prefix': value => $astara_settings['astra_mgmt_ipv6_prefix'];
+}
+
+# piece together authtoken config from hiera, using neutron's service creds.
+$neutron_settings = hiera('quantum_settings')
+$neutron_keystone_settings = $neutron_settings['keystone']
+$keystone_settings = hiera_hash('keystone', {})
+$service_endpoint = hiera('service_endpoint')
+$management_vip = hiera('management_vip')
+
+$ssl_hash = hiera_hash('use_ssl', {})
+$internal_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
+$internal_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
+$internal_port     = '5000'
+
+$public_url   = "${public_protocol}://${public_address}:${public_port}"
+$admin_url    = "${admin_protocol}://${admin_address}:${admin_port}"
+$internal_url = "${internal_protocol}://${internal_address}:${internal_port}"
+
+$admin_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
+
+$auth_suffix  = pick($keystone_settings['auth_suffix'], '/')
+$auth_url     = "${internal_url}${auth_suffix}"
+
+# XXX need to replace with zookeeper
+$memcache_addresses = hiera('memcached_addresses')
+$memcache_address = $memcache_addresses[0]
+
+$region = hiera('region', 'RegionOne')
+
+# setup keystone authtoken middleware
+astara_config {
+    'keystone_authtoken/auth_plugin': value => 'password';
+    'DEFAULT/auth_url': value => $auth_url;
+    'keystone_authtoken/auth_uri': value => $auth_url;
+    'keystone_authtoken/auth_url': value => $internal_url;
+    'keystone_authtoken/project_domain_id': value => 'default';
+    'keystone_authtoken/user_domain_id': value => 'default';
+    'keystone_authtoken/project_name': value => 'services';
+    'keystone_authtoken/username': value => 'neutron';
+    'keystone_authtoken/password': value => $neutron_keystone_settings['admin_password'];
+    'keystone_authtoken/auth_region': value => $region;
+}
+
+
+# setup db access to the controller with the known password
+$database_vip               = hiera('database_vip', $management_vip)
+$db_host                    = pick($astara_settings['db_host'], $database_vip)
+$db_user                    = pick($astara_settings['db_user'], 'astara')
+$db_name                    = pick($astara_settings['db_name'], 'astara')
+#$db_password                = pick($astara_settings['astara_db_password'], 'astara')
+$db_password                 = 'astara'
+$database_connection        = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?charset=utf8"
+astara_config {
+    'database/connection': value => $database_connection;
+}
+
+# setup access to neutron's rabbit queue
+# matching neutron's rabbit setup here -- it uses nova's credentials?
+$rabbit_settings = hiera('rabbit')
+$rabbit_user = 'nova'
+$rabbit_password  = $rabbit_settings['password']
+$rabbit_host = hiera('amqp_hosts')
+
+astara_config {
+    'DEFAULT/control_exchange': value => 'neturon';
+    'DEFAULT/rpc_backend': value => 'rabbit';
+    'oslo_messaging_rabbit/rabbit_userid': value => $rabbit_user;
+    'oslo_messaging_rabbit/rabbit_password': value => $rabbit_password, secret => true;
+    'oslo_messaging_rabbit/rabbit_hosts': value => $rabbit_host;
+}
+
+# setup the neutron L3 agent
+neutron_config {
+    'agent/root_helper': value => 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf';
+    'oslo_messaging_rabbit/rabbit_userid': value => $rabbit_user;
+    'oslo_messaging_rabbit/rabbit_password': value => $rabbit_password, secret => true;
+    # XXX note sure where non-default 5673 comes from?
+    'oslo_messaging_rabbit/rabbit_hosts': value => $rabbit_host;
+}
+
+
+# drop an openrc for the neutron service tenant
+class { 'openstack::auth_file':
+  admin_user          => 'neutron',
+  admin_password      => $neutron_keystone_settings['admin_password'],
+  admin_tenant        => 'services',
+  region_name         => $region,
+  auth_url            => $auth_url,
+}
+
+astara_config {
+    'DEFAULT/endpoint_type': value => 'internalURL';
+    'DEFAULT/log_file': value => '/var/log/astara/astara-orchestrator.log';
+}
+
+# Setup coordination cluster services.
+# NOTE: we use memcache here for testing until a zookeeper module is available in feul
+astara_config {
+    'coordination/enabled': value => 'True';
+    'coordination/url': value => "memcached://${memcache_address}:11211";
+}
+
+# setup metadata proxy access
+astara_config {
+        'DEFAULT/nova_metadata_ip': value => $management_vip;
+        'DEFAULT/neutron_metadata_proxy_shared_secret': value => $neutron_settings["metadata"]["metadata_proxy_shared_secret"];
+}
+
+# TODO(adam_g): flavor ids are hard-coded as params to astara::flavor::create,
+# should be centralized somewhere.
+astara_config {
+        'router/instance_flavor': value => "511";
+        'loadbalancer/instance_flavor': value => "511";
+}
diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_create_resources.pp b/deployment_scripts/puppet/manifests/network_orchestrator_create_resources.pp
new file mode 100644
index 0000000..46d7426
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/network_orchestrator_create_resources.pp
@@ -0,0 +1,5 @@
+
+class { 'astara::db::sync': }
+class { 'astara::flavor::create': }
+class { 'astara::networks::create': }
+
diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_db.pp b/deployment_scripts/puppet/manifests/network_orchestrator_db.pp
new file mode 100644
index 0000000..f2faee6
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/network_orchestrator_db.pp
@@ -0,0 +1,58 @@
+
+notice('MODULAR: astara/db.pp')
+
+$node_name      = hiera('node_name')
+
+$astara_settings = hiera('fuel-plugin-astara')
+$mysql_hash     = hiera_hash('mysql_hash', {})
+
+$database_vip   = hiera('database_vip')
+
+$mysql_root_user     = pick($mysql_hash['root_user'], 'root')
+$mysql_db_create     = pick($mysql_hash['db_create'], true)
+$mysql_root_password = $mysql_hash['root_password']
+
+$db_user     = 'astara'
+$db_name     = 'astara'
+#$db_password = pick($astara_settings['astara_db_password'], $mysql_root_password)
+# XXX TODO pull generated passwd from environment config
+$db_password = 'astara'
+
+$db_host          = pick($astara_settings['metadata']['db_host'], $database_vip)
+$db_create        = pick($astara_settings['metadata']['db_create'], $mysql_db_create)
+$db_root_user     = pick($astara_settings['metadata']['root_user'], $mysql_root_user)
+$db_root_password = pick($astara_settings['metadata']['root_password'], $mysql_root_password)
+
+$allowed_hosts = [ $node_name, 'localhost', '127.0.0.1', '%' ]
+
+validate_string($mysql_root_user)
+
+if $db_create {
+
+  class { 'galera::client':
+    custom_setup_class => hiera('mysql_custom_setup_class', 'galera'),
+  }
+
+  class { 'astara::db::mysql':
+    user          => $db_user,
+    password      => $db_password,
+    dbname        => $db_name,
+    allowed_hosts => $allowed_hosts,
+  }
+
+  class { 'osnailyfacter::mysql_access':
+    db_host     => $db_host,
+    db_user     => $db_root_user,
+    db_password => $db_root_password,
+  }
+
+  Class['galera::client'] ->
+  Class['osnailyfacter::mysql_access'] ->
+  Class['astara::db::mysql']
+
+}
+
+class mysql::config {}
+include mysql::config
+class mysql::server {}
+include mysql::server
diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_hiera_override.pp b/deployment_scripts/puppet/manifests/network_orchestrator_hiera_override.pp
new file mode 100644
index 0000000..1ad4b86
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/network_orchestrator_hiera_override.pp
@@ -0,0 +1,103 @@
+notice('MODULAR: network-orchestrator-node/network_hiera_override.pp')
+
+$network_node_plugin = hiera('astara', undef)
+$hiera_dir = '/etc/hiera/override'
+$plugin_name = 'network-orchestrator-node'
+$plugin_yaml = "${plugin_name}.yaml"
+
+if $network_orchestrator_node_plugin {
+  $network_metadata = hiera_hash('network_metadata')
+  $network_roles = ['primary-network-orchestrator-node', 'network-orchestrator-node']
+  $network_nodes = get_nodes_hash_by_roles($network_metadata, $network_roles)
+  $management_vip = $network_metadata['vips']['management']['ipaddr']
+  $public_vip = $network_metadata['vips']['public']['ipaddr']
+
+  $quantum_hash = hiera_hash('quantum_settings')
+
+  case hiera_array('role', 'none') {
+    /network-orchestartor-node/: {
+
+      if hiera('role', 'none') == 'primary-network-orchestrator-node' {
+        $primary_controller = true
+      } else {
+        $primary_controller = false
+      }
+      $use_neutron = true
+      $corosync_roles = $network_roles
+      $deploy_vrouter = false
+      $haproxy_nodes = false
+      $corosync_nodes = $network_nodes
+      $new_quantum_settings_hash = {
+        'neutron_agents' => [''],
+        'neutron_server_enable' => false,
+        'conf_nova' => false
+      }
+      $neutron_settings = merge($quantum_hash, $new_quantum_settings_hash)
+    }
+    /controller/: {
+      $use_neutron = true
+      $new_quantum_settings_hash = {
+        'neutron_agents' => [''],
+      }
+      $neutron_settings = merge($quantum_hash, $new_quantum_settings_hash)
+
+      if hiera('role', 'none') =~ /^primary/ {
+        $primary_controller = 'true'
+      } else {
+        $primary_controller = 'false'
+      }
+    }
+    default: {
+      $use_neutron = true
+    }
+  }
+
+###################
+  $calculated_content = inline_template('
+<% if @corosync_nodes -%>
+<% require "yaml" -%>
+corosync_nodes:
+<%= YAML.dump(@corosync_nodes).sub(/--- *$/,"") %>
+<% end -%>
+<% if @corosync_roles -%>
+corosync_roles:
+<%
+@corosync_roles.each do |crole|
+%>  - <%= crole %>
+<% end -%>
+<% end -%>
+<% if @neutron_settings -%>
+<% require "yaml" -%>
+quantum_settings:
+<%= YAML.dump(@neutron_settings).sub(/--- *$/,"") %>
+<% end -%>
+deploy_vrouter: <%= @deploy_vrouter %>
+primary_controller: <%= @primary_controller %>
+management_vip: <%= @management_vip %>
+database_vip:  <%= @management_vip %>
+service_endpoint: <%= @management_vip %>
+public_vip: <%= @public_vip %>
+use_neutron: <%= @use_neutron %>
+  ')
+
+###################
+
+  file {'/etc/hiera/override':
+    ensure  => directory,
+  } ->
+  file { '/etc/hiera/override/common.yaml':
+    ensure  => file,
+    content => "${calculated_content}\n",
+  }
+
+  package {'ruby-deep-merge':
+    ensure  => 'installed',
+  }
+
+  file_line {'hiera.yaml':
+    path  => '/etc/hiera.yaml',
+      line  => "  - override/${plugin_name}",
+      after => '  - override/module/%{calling_module}',
+  }
+
+}
diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_image.pp b/deployment_scripts/puppet/manifests/network_orchestrator_image.pp
new file mode 100644
index 0000000..e5ac513
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/network_orchestrator_image.pp
@@ -0,0 +1,2 @@
+
+class { 'astara::image': }
diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_install.pp b/deployment_scripts/puppet/manifests/network_orchestrator_install.pp
new file mode 100644
index 0000000..b7beb93
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/network_orchestrator_install.pp
@@ -0,0 +1,5 @@
+notice('MODULAR: astara install')
+
+include astara
+
+class { 'astara::install': }
diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_pre_deployment.pp b/deployment_scripts/puppet/manifests/network_orchestrator_pre_deployment.pp
new file mode 100644
index 0000000..4283453
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/network_orchestrator_pre_deployment.pp
@@ -0,0 +1 @@
+notice('MODULAR: no-op astara pre-deployment task')
diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_set_resources.pp b/deployment_scripts/puppet/manifests/network_orchestrator_set_resources.pp
new file mode 100644
index 0000000..c9f5142
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/network_orchestrator_set_resources.pp
@@ -0,0 +1,3 @@
+
+class { 'astara::networks::set': }
+
diff --git a/deployment_scripts/puppet/modules/astara/lib/puppet/provider/astara_config/ini_setting.rb b/deployment_scripts/puppet/modules/astara/lib/puppet/provider/astara_config/ini_setting.rb
new file mode 100644
index 0000000..87ffbe3
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/lib/puppet/provider/astara_config/ini_setting.rb
@@ -0,0 +1,27 @@
+Puppet::Type.type(:astara_config).provide(
+  :ini_setting,
+  :parent => Puppet::Type.type(:ini_setting).provider(:ruby)
+) do
+
+  def section
+    resource[:name].split('/', 2).first
+  end
+
+  def setting
+    resource[:name].split('/', 2).last
+  end
+
+  def separator
+    '='
+  end
+
+  def self.file_path
+    '/etc/astara/orchestrator.ini'
+  end
+
+  # added for backwards compatibility with older versions of inifile
+  def file_path
+    self.class.file_path
+  end
+
+end
diff --git a/deployment_scripts/puppet/modules/astara/lib/puppet/type/astara_config.rb b/deployment_scripts/puppet/modules/astara/lib/puppet/type/astara_config.rb
new file mode 100644
index 0000000..02fd347
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/lib/puppet/type/astara_config.rb
@@ -0,0 +1,47 @@
+Puppet::Type.newtype(:astara_config) do
+
+  ensurable
+
+  newparam(:name, :namevar => true) do
+    desc 'Section/setting name to manage from /etc/astara/orchestrator.ini'
+    newvalues(/\S+\/\S+/)
+  end
+
+  newproperty(:value) do
+    desc 'The value of the setting to be defined.'
+    munge do |value|
+      value = value.to_s.strip
+      value.capitalize! if value =~ /^(true|false)$/i
+      value
+    end
+
+    def is_to_s( currentvalue )
+      if resource.secret?
+        return '[old secret redacted]'
+      else
+        return currentvalue
+      end
+    end
+
+    def should_to_s( newvalue )
+      if resource.secret?
+        return '[new secret redacted]'
+      else
+        return newvalue
+      end
+    end
+  end
+
+  newparam(:secret, :boolean => true) do
+    desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
+
+    newvalues(:true, :false)
+
+    defaultto false
+  end
+
+  autorequire(:package) do
+    'astara-common'
+  end
+
+end
diff --git a/deployment_scripts/puppet/modules/astara/manifests/astara_neutron/install.pp b/deployment_scripts/puppet/modules/astara/manifests/astara_neutron/install.pp
new file mode 100644
index 0000000..afe16e2
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/manifests/astara_neutron/install.pp
@@ -0,0 +1,21 @@
+
+notice('MODULAR: astara::astara_neutron::install')
+
+class astara::astara_neutron::install {
+        class { 'astara::repo::liberty': }
+
+        package { 'neutron-plugin-astara':
+        ensure => present,
+        require => Class['astara::repo::liberty'],
+        }
+
+    # TODO: These will need to be special cased for when we deploy the Mitaka
+    # version (akanda -> astara)
+    neutron_config {
+        'DEFAULT/core_plugin': value => 'akanda.neutron.plugins.ml2_neutron_plugin.Ml2Plugin';
+        'DEFAULT/api_extensions_path': value => '/usr/lib/python2.7/dist-packages/akanda/neutron/extensions';
+        'DEFAULT/service_plugins': value => 'akanda.neutron.plugins.ml2_neutron_plugin.L3RouterPlugin';
+        'DEFAULT/notification_driver': value => 'neutron.openstack.common.notifier.rpc_notifier';
+        'DEFAULT/astara_auto_add_resources': value => 'False';
+    }
+}
diff --git a/deployment_scripts/puppet/modules/astara/manifests/db/mysql.pp b/deployment_scripts/puppet/modules/astara/manifests/db/mysql.pp
new file mode 100644
index 0000000..3c584ff
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/manifests/db/mysql.pp
@@ -0,0 +1,55 @@
+# The astara::db::mysql class creates a MySQL database for astara.
+# It must be used on the MySQL server
+#
+# == Parameters
+#
+#  [*password*]
+#    password to connect to the database. Mandatory.
+#
+#  [*dbname*]
+#    name of the database. Optional. Defaults to astara.
+#
+#  [*user*]
+#    user to connect to the database. Optional. Defaults to astara.
+#
+#  [*host*]
+#    the default source host user is allowed to connect from.
+#    Optional. Defaults to 'localhost'
+#
+#  [*allowed_hosts*]
+#    other hosts the user is allowd to connect from.
+#    Optional. Defaults to undef.
+#
+#  [*charset*]
+#    the database charset. Optional. Defaults to 'utf8'
+#
+#  [*collate*]
+#    the database collation. Optional. Defaults to 'utf8_general_ci'
+#
+#  [*mysql_module*]
+#   (optional) Deprecated. Does nothing.
+#
+#  [*cluster_id*]
+#   (optional) Deprecated. Does nothing.
+
+class astara::db::mysql(
+  $password,
+  $dbname        = 'astara',
+  $user          = 'astara',
+  $host          = '127.0.0.1',
+  $charset       = 'utf8',
+  $collate       = 'utf8_general_ci',
+  $allowed_hosts = undef,
+) {
+
+  ::openstacklib::db::mysql { 'astara':
+    user          => $user,
+    password_hash => mysql_password($password),
+    dbname        => $dbname,
+    host          => $host,
+    charset       => $charset,
+    collate       => $collate,
+    allowed_hosts => $allowed_hosts,
+  }
+
+}
diff --git a/deployment_scripts/puppet/modules/astara/manifests/db/sync.pp b/deployment_scripts/puppet/modules/astara/manifests/db/sync.pp
new file mode 100644
index 0000000..e28aa23
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/manifests/db/sync.pp
@@ -0,0 +1,10 @@
+notice('MODULAR: astara::db::sync')
+
+class astara::db::sync {
+  exec {  'astara-db-sync':
+    command     => 'astara-dbsync --config-file /etc/astara/orchestrator.ini upgrade head',
+    path        => '/usr/bin',
+    user        => 'astara',
+    logoutput   => on_failure,
+  }
+}
diff --git a/deployment_scripts/puppet/modules/astara/manifests/flavor/create.pp b/deployment_scripts/puppet/modules/astara/manifests/flavor/create.pp
new file mode 100644
index 0000000..8d252c1
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/manifests/flavor/create.pp
@@ -0,0 +1,15 @@
+notice('MODULAR: astara::flavor::create')
+
+class astara::flavor::create (
+        $ram = '512',
+        $disk = '3',
+        $vcpus = '1',
+        $flavor_name = 'm1.astara',
+        $flavor_id = '511',
+) {
+    exec { 'create':
+        path => '/bin:/usr/bin',
+        command => '/bin/bash ./scripts/create_nova_flavor.sh ${ram} ${disk} ${vcpus} ${flavor_name} ${id}',
+        logoutput => true,
+    }
+}
diff --git a/deployment_scripts/puppet/modules/astara/manifests/image.pp b/deployment_scripts/puppet/modules/astara/manifests/image.pp
new file mode 100644
index 0000000..eda790c
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/manifests/image.pp
@@ -0,0 +1,25 @@
+notice('MODULAR: Grabbing astara appliance image')
+
+class astara::image {
+
+  $astara_settings = hiera('fuel-plugin-astara')
+  $image_url = $astara_settings['astara_appliance_image_location']
+  
+  exec { 'need_image':
+      command => '/bin/true',
+      onlyif => '/usr/bin/test ! -e /root/astara_appliance.qcow2',
+  }
+  notice("Downloading astara applinace from ${image_url}")
+
+  exec { "/usr/bin/wget -O astara_appliance.qcow2 --timestamping ${image_url}":
+      alias => "get-image",
+      cwd => "/tmp",
+      require => Exec['need_image'],
+  }
+
+  file { "/root/astara_appliance.qcow2":
+      ensure => present,
+      source => "/tmp/astara_appliance.qcow2",
+      require => Exec["get-image"] }
+
+}
diff --git a/deployment_scripts/puppet/modules/astara/manifests/init.pp b/deployment_scripts/puppet/modules/astara/manifests/init.pp
new file mode 100644
index 0000000..76ca939
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/manifests/init.pp
@@ -0,0 +1,100 @@
+#
+# Copyright (c) 2016, Akanda Inc, http://akanda.io
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+notice('MODULAR: astara/init.pp')
+
+# Parameters for configuring Astara Fuel plugin
+class astara {
+    $astara_settings = hiera('fuel-plugin-astara')
+    $mgt_service_port = $astara_settings['astara_mgmt_service_port']
+}
+#
+#  $astara_settings = hiera('astara', {})
+#  $management_vip = hiera('management_vip')
+#
+#  # Settings for Neutron 
+#  $neutron_settings = hiera_hash('quantum_settings', {})
+#
+#  # Setting for Authenication
+#  $ssl_hash               = hiera_hash('use_ssl', {})
+#  $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
+#  $internal_auth_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [hiera('service_endpoint', ''), $management_vip])
+#  $admin_auth_protocol    = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
+#  $admin_auth_address     = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [hiera('service_endpoint', ''), $management_vip])
+#
+#  $auth_uri          = "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0/"
+#  $auth_url          = "${admin_auth_protocol}://${admin_auth_address}:35357/"
+#  $identity_uri      = "${admin_auth_protocol}://${admin_auth_address}:35357/"
+#  $auth_region       = hiera('region', 'RegionOne')
+#  $project_domain_id = hiera('project_domain', 'default')
+#  $project_name      = hiera('$hiera workloads_collector['tenant']', 'services')
+#  $user_domain_id    = hiera('user_domain', 'default')
+#  $neutron_user      = hiera('neutron_user', 'neutron')
+#  $neutron_password  = hiera('neutron_user_password')
+#
+#  # Settings for Database
+#  $database_vip = hiera('database_vip', undef)
+#  $db_type      = 'mysql'
+#  $db_host      = pick($astara_settings['db_host'], $database_vip)
+#  $db_user      = pick($astara_settings['username'], 'astara')
+#  $db_password  = $astara_settings['db_password']
+#  $db_name      = pick($astara_settings['db_name'], 'astara')
+#  $db_connection = os_database_connection({
+#    'dialect'  => $db_type,
+#    'host'     => $db_host,
+#    'database' => $db_name,
+#    'username' => $db_user,
+#    'password' => $db_password,
+#    'charset'  => 'utf8'
+#  })
+#
+#  # Settings for RabbitMQ 
+#  $rabbit             = hiera_hash('rabbit_hash')
+#  $rabbit_user        = $rabbit['user']
+#  $rabbit_password    = $rabbit['password']
+#  $rabbit_hosts       = split(hiera('amqp_hosts',''), ',')
+#
+#  # Settings for Astara
+##  $mangement_network_id = 
+##  $management_subnet_id =
+#  $management_prefix = $astara_settings['astara-mgmt-ipv6-prefix']
+##  $external_network_id = 
+##  $external_subnet_id = 
+#  $external_prefix = $neutron_settings['predefined_networks']['admin_floating_net']['L3']['subnet']
+#  $enable_drivers = pick($astara_settings['enable_drivers'], 'router')
+#  $interface_driver = pick($astara_settings['interface_driver'], 'astara.common.linux.interface.OVSInterfaceDriver')
+#  $instance_provider = pick($astara_settings['instance_provider'], 'on-demand')
+#  $bind_api_port = $astara_settings['astara-api-port']
+#  $bind_mgmt_port = $astara_settings['astara-mgmt-service-port']
+#
+#  #$appliance_router_image = {
+#  #  "os_name" => "astara_router",
+#  #  "loc_path" => $settings['astara_appliance_image_loc']
+#  #  "container_format" => "bare",
+#  #  "disk_format" => "qcow2",
+#  #  "glance_properties" => "",
+#  #  "img_name" => "astara_router",
+#  #  "public" => "true"
+#  #}
+#  #$appliance_lb_image = {
+#  #  "os_name" => "astara_nginx",
+#  #  "loc_path" => $settings['astara_appliance_image_loc']
+#  #  "container_format" => "bare",
+#  #  "disk_format" => "qcow2",
+#  #  "glance_properties" => "",
+#  #  "img_name" => "astara_nginx",
+#  #  "public" => "true"
+#  #}
+#}
diff --git a/deployment_scripts/puppet/modules/astara/manifests/install.pp b/deployment_scripts/puppet/modules/astara/manifests/install.pp
new file mode 100644
index 0000000..6c1a2eb
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/manifests/install.pp
@@ -0,0 +1,24 @@
+
+# dependency issues between liberty and mitaka  prevent a packaged
+# installation right now
+#class astara::install {
+#    class { 'astara::repo': }
+#
+#    package { 'astara-orchestrator':
+#       ensure => 'present',
+#       require => Class['astara::repo'],
+#       tag => ['openstack', 'astara-orchestrator-package'],
+#    }
+#}
+
+
+# install from src in a venv instead.
+class astara::install {
+        $astara_settings = hiera('fuel-plugin-astara')
+        $astara_repo_url = pick($astara_settings['git_repo_url'], 'https://github.com/openstack/astara.git')
+        $astara_repo_branch = pick($astara_settings['git_branch'], 'stable/mitaka')
+        $repo_dir = '/opt/astara'
+        exec { 'install-from-src':
+                command => "/bin/bash ./scripts/install_astara_from_src.sh ${astara_repo_url} ${astara_repo_branch} ${$repo_dir}"
+        }
+}
diff --git a/deployment_scripts/puppet/modules/astara/manifests/networks/create.pp b/deployment_scripts/puppet/modules/astara/manifests/networks/create.pp
new file mode 100644
index 0000000..2ca599c
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/manifests/networks/create.pp
@@ -0,0 +1,13 @@
+notice('MODULAR: astara::networks::create')
+
+$astara_settings = hiera('fuel-plugin-astara')
+$mgt_net_name = $astara_settings['astara_mgmt_name']
+$mgt_prefix = $astara_settings['astara_mgmt_ipv6_prefix']
+
+class astara::networks::create {
+    exec { 'create networks':
+        path => '/bin:/usr/bin',
+        command => '/bin/bash ./scripts/create_neutron_networks.sh ${mgt_net_name} ${mgt_prefix}',
+        logoutput => true,
+    }
+}
diff --git a/deployment_scripts/puppet/modules/astara/manifests/networks/set.pp b/deployment_scripts/puppet/modules/astara/manifests/networks/set.pp
new file mode 100644
index 0000000..bf428ef
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/manifests/networks/set.pp
@@ -0,0 +1,14 @@
+notice('MODULAR: astara::networks::set')
+
+$astara_settings = hiera('fuel-plugin-astara')
+
+$mgt_net_name = $astara_settings['astara_mgmt_name']
+$mgt_prefix = $astara_settings['astara_mgmt_ipv6_prefix']
+
+class astara::networks::set {
+    exec { 'set networks':
+        path => '/bin:/usr/bin',
+        command => '/bin/bash ./scripts/set_neutron_networks.sh ${mgt_net_name} ${mgt_prefix}',
+        logoutput => true,
+    }
+}
diff --git a/deployment_scripts/puppet/modules/astara/manifests/repo/liberty.pp b/deployment_scripts/puppet/modules/astara/manifests/repo/liberty.pp
new file mode 100644
index 0000000..d5b1940
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/manifests/repo/liberty.pp
@@ -0,0 +1,15 @@
+class astara::repo::liberty {
+    include apt
+    if hiera('fuel_version') != '8.0' {
+        fail('Currently Astara deployment supported only with Fuel 8.0/liberty')
+    }
+
+    # we install liberty on all nodes except the astara nodes
+    notice('MODULAR: astara - Installing controller version for Liberty')
+    apt::ppa { 'ppa:astara-drivers/astara-liberty': }
+    exec {
+        'apt-get update':
+        path => '/usr/bin/',
+        require => Apt::Ppa['ppa:astara-drivers/astara-liberty']
+    }
+}
diff --git a/deployment_scripts/puppet/modules/astara/templates/orchestrator.ini.erb b/deployment_scripts/puppet/modules/astara/templates/orchestrator.ini.erb
new file mode 100644
index 0000000..f958c06
--- /dev/null
+++ b/deployment_scripts/puppet/modules/astara/templates/orchestrator.ini.erb
@@ -0,0 +1,74 @@
+[DEFAULT] <% settings = scope.lookupvar('@fuel-plugin-astara') %>
+debug = False
+
+log_dir = /var/log/astara
+log_file = /var/log/astara/orchestrator.log
+
+auth_region = <%= @astara_settings['auth_region'] %>
+auth_url = <%= @astara_settings['auth_url'] %>
+
+instance_provider = <%= @astara_settings['instance_provider'] %>
+management_network_id = <%= @astara_settings['management_network_id'] %>
+management_subnet_id = <%= @astara_settings['management_subnet_id'] %>
+management_prefix = <%= @astara_settings['management_prefix'] %>
+
+enabled_drivers = <%= @astara_settings['enabled_drivers'] %> 
+
+external_network_id = <%= @astara_settings['external_network_id'] %>
+external_subnet_id = <%= @astara_settings['external_subnet_id'] %>
+external_prefix = <%= @astara_settings['external_prefix'] %>
+
+interface_driver = <%= @astara_settings['interface_driver'] %>
+
+plug_external_port = True
+
+ssh_public_key = /etc/astara/id_rsa.pub
+
+provider_rules_path = /etc/astara/provider_rules.json
+
+reboot_error_threshold =32
+num_worker_threads = 2
+num_worker_processes = 2
+boot_timeout = 3000
+
+host = <%= @astara_settings['controller'] %>
+
+[AGENT]
+root_helper = sudo /usr/bin/astara-rootwrap /etc/astara/rootwrap.conf
+
+[ceilometer]
+
+[coordination]
+
+[database]
+connection = <%= @astara_settings['db_connection'] %>
+
+[keystone_authtoken]
+auth_plugin = password
+auth_uri = <%= @astara_settings['auth_uri'] %>
+auth_url = <%= @astara_settings['auth_url'] %>
+identity_uri = <%= @astara_settings['identity_uri'] %>
+project_domain_id = <%= @astara_settings['project_domain_id'] %>
+project_name = <%= @astara_settings['project_name'] %>
+user_domain_id = <%= @astara_settings['user_domain_id'] %>
+password = <%= @astara_settings['keystone_passwd'] %>
+username = <%= @astara_settings['keystone_user'] %>
+
+[loadbalancer]
+# image_uuid = <%= @astara_settings['lb_image_uuid'] %>
+# instance_flavor = <%= @astara_settings['lb_instance_flavor'] %>
+
+[matchmaker_redis]
+
+[oslo_messaging_amqp]
+
+[oslo_messaging_rabbit]
+rabbit_host = <%= @astara_settings['rabbit_host'] %>
+rabbit_userid = <%= @astara_settings['rabbit_user'] %>
+rabbit_password = <%= @astara_settings['rabbit_password'] %>
+
+[pez]
+
+[router]
+image_uuid = <%= @astara_settings['router_image_uuid'] %>
+instance_flavor = <%= @astara_settings['router_instance_flavor'] %>
diff --git a/deployment_scripts/scripts/astara_post_deploy.sh b/deployment_scripts/scripts/astara_post_deploy.sh
new file mode 100755
index 0000000..33ecfad
--- /dev/null
+++ b/deployment_scripts/scripts/astara_post_deploy.sh
@@ -0,0 +1,111 @@
+#!/bin/bash -e
+
+# Publish or find the astara image, set its id in config
+# Install the fuel public ssh pub key as the astara ssh key
+# Restart astara + neutron l2
+
+source $(dirname $0)/functions
+source /root/openrc
+export OS_ENDPOINT_TYPE=internalURL
+
+ROLE=${1:-"network-orchestrator-node"}
+
+echo "Running post-deployment task for $role"
+
+TIMEOUT=600
+
+IMG_FILE="/root/astara_appliance.qcow2"
+IMG_NAME="astara_appliance"
+
+if [[ ! -e $IMG_FILE ]]; then
+        echo "No image file found at $IMG_FILE" && exit 1
+fi
+
+if ! which glance; then
+        sudo apt-get install -y python-glanceclient
+fi
+
+if ! which openstack; then
+        sudo apt-get install -y python-openstackclient
+fi
+
+if ! which neutron; then
+        sudo apt-get -y install python-neutronclient
+fi
+
+# glanceclient + openstack clients are a mess and cannot request at the internal
+# url.... :(
+internal_url=`openstack catalog show image -c endpoints -f value | grep internal | awk '{ print $2 }'`
+OS_IMG_URL="--os-image-url=$internal_url"
+
+function publish_image {
+    if glance $OS_IMG_URL image-list | grep $IMG_NAME; then
+        return
+    fi
+    echo "Publishing astara image into glance"
+    glance $OS_IMG_URL image-create --name $IMG_NAME --visibility=public --container-format=bare --disk-format=qcow2 --file $IMG_FILE
+    echo "Published astara image $IMG_FILE into glance"
+}
+
+
+function find_image {
+    echo "Finding astara image in glance"
+    for i in $(seq 0 $TIMEOUT); do
+        IMG_ID=$(glance $OS_IMG_URL image-list | grep $IMG_NAME | awk '{ print $2 }')
+        echo $IMG_ID
+        if [[ -n "$IMG_ID" ]]; then
+            echo "Found astara applinace image in glance /w id $IMG_ID"
+            return
+        fi
+        echo 'zzz'
+        sleep 1
+    done
+    echo "Did not find astara appliance image in glance after $TIMEOUT seconds"
+    exit 1
+}
+
+function scrub_neutron {
+    # scrub the fuel created routers and ports that existed before the l3 agent was
+    # removed
+    for router in $(neutron router-list -c id -f value); do
+        subnets=$(neutron router-port-list -c id -c fixed_ips -f value $router | awk '{ print $3 }' | sed -e 's/,//g')
+        for subnet in $subnets; do
+        subnet=$(echo $subnet | sed -e's/"//g')
+            neutron router-gateway-clear $router $subnet || true
+            neutron router-interface-delete $router $subnet || true
+        done
+    done
+
+    for router in $(neutron router-list -c id -f value); do
+        neutron router-delete $router
+    done
+    sleep 3
+    for port in $(neutron port-list -c id -f value); do
+        neutron port-delete $port
+    done
+}
+
+if [[ "$ROLE" == "primary-network-orchestrator-node" ]]; then
+    publish_image
+    scrub_neutron
+fi
+
+find_image
+
+iniset /etc/astara/orchestrator.ini router image_uuid $IMG_ID
+iniset /etc/astara/orchestrator.ini loadbalancer image_uuid $IMG_ID
+
+# ssh key installation
+echo "$(cat /root/.ssh/authorized_keys)" >/etc/astara/appliance_key.pub
+iniset /etc/astara/orchestrator.ini DEFAULT ssh_public_key /etc/astara/appliance_key.pub
+
+service astara-orchestrator stop || true
+
+service neutron-plugin-openvswitch-agent restart
+
+# ensure bridges get created first
+sleep 5
+
+service astara-orchestrator start
+
+exit 0
diff --git a/deployment_scripts/scripts/controller_post_deploy.sh b/deployment_scripts/scripts/controller_post_deploy.sh
new file mode 100755
index 0000000..34b68cd
--- /dev/null
+++ b/deployment_scripts/scripts/controller_post_deploy.sh
@@ -0,0 +1,21 @@
+#!/bin/bash -e
+
+source /root/openrc
+
+for agent in dhcp metadata l3; do
+        echo "Disablng $agent neutron agent in pacemaker cluster."
+        pcs resource disable clone_p_neutron-${agent}-agent
+        for id in $(neutron agent-list | grep $agent | awk '{ print $2 }'); do
+                echo "Deleting $agent $id from neutron."
+                neutron agent-delete $id
+        done
+done
+
+# The debian/ubuntu packaging has a bug that makes it impossible to gracefully
+# load your specific config files without mangling its upstart conf.
+sed -i 's/\$CONF_ARG$/--config-file \/etc\/neutron\/plugins\/ml2\/ml2_conf.ini/g' /etc/init/neutron-server.conf
+
+# Kick neutron-server after everythings been installed + configured
+service neutron-server restart || true
+
+exit 0
diff --git a/deployment_scripts/scripts/create_neutron_networks.sh b/deployment_scripts/scripts/create_neutron_networks.sh
new file mode 100755
index 0000000..fe0cdda
--- /dev/null
+++ b/deployment_scripts/scripts/create_neutron_networks.sh
@@ -0,0 +1,39 @@
+#!/bin/bash -e
+
+if ! which neutron; then
+  sudo apt-get -y install python-neutronclient
+fi
+
+source /root/openrc
+
+source $(dirname $0)/functions
+
+
+mgt_name=${1:-"astara_mgmt"}
+mgt_prefix=${2:-"fdca:3ba5:a17a:acda::/64"}
+
+
+net_id="$(neutron net-list | grep " $mgt_name " | awk '{ print $2 }')"
+if [[ -z "$net_id" ]]; then
+        echo "Creating astara mgt net: $mgt_name"
+        net_id=$(neutron net-create $mgt_name | grep " id " | awk '{ print $4 }')
+        echo "Created astara mgt net: $net_id"
+else
+        echo "Found existing astara mgt net: $net_id"
+fi
+
+subnet_id="$(neutron subnet-list | grep " $mgt_prefix " | awk '{ print $2 }')"
+if [[ -z "$subnet_id" ]]; then
+        echo "Creating new astara mgt subnet for $mgt_prefix"
+        if [[ "$mgt_prefix" =~ ':' ]]; then
+                subnet_create_args="--name astara_mgmt --ip-version=6 --ipv6_address_mode=slaac --enable_dhcp"
+        fi
+        subnet_id=$(neutron subnet-create $mgt_name $mgt_prefix $subnet_create_args | grep ' id ' | awk '{ print $4 }')
+
+else
+        echo "Found existing mgt subnet for $mgt_prefix; $subnet_id"
+fi
+
+
+iniset /etc/astara/orchestrator.ini DEFAULT management_network_id $net_id
+iniset /etc/astara/orchestrator.ini DEFAULT management_subnet_id $subnet_id
diff --git a/deployment_scripts/scripts/create_nova_flavor.sh b/deployment_scripts/scripts/create_nova_flavor.sh
new file mode 100755
index 0000000..be0174f
--- /dev/null
+++ b/deployment_scripts/scripts/create_nova_flavor.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if ! which nova; then
+  sudo apt-get -y install python-novaclient
+fi
+
+ram=${1:-512}
+disk=${2:-3}
+vcpus=${3:-1}
+flavor_name=${4:-m1.astara}
+id=${5:-511}
+
+source /root/openrc
+
+if ! nova flavor-list | awk '{ print $4 }' | grep "^$flavor_name" ; then
+        nova flavor-create $flavor_name $id $ram $disk $vcpus
+fi
diff --git a/deployment_scripts/scripts/functions b/deployment_scripts/scripts/functions
new file mode 100644
index 0000000..58386e2
--- /dev/null
+++ b/deployment_scripts/scripts/functions
@@ -0,0 +1,258 @@
+#!/bin/bash
+#
+# **inc/ini-config** - Configuration/INI functions
+#
+# Support for manipulating INI-style configuration files
+#
+# These functions have no external dependencies and no side-effects
+
+# Save trace setting
+INC_CONF_TRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Config Functions
+# ================
+
+# Append a new option in an ini file without replacing the old value
+# iniadd [-sudo] config-file section option value1 value2 value3 ...
+function iniadd {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="-sudo "
+        shift
+    fi
+    local file=$1
+    local section=$2
+    local option=$3
+    shift 3
+
+    local values="$(iniget_multiline $file $section $option) $@"
+    iniset_multiline $sudo $file $section $option $values
+    $xtrace
+}
+
+# Comment an option in an INI file
+# inicomment [-sudo] config-file section option
+function inicomment {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
+    local file=$1
+    local section=$2
+    local option=$3
+
+    $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=.*$\)|#\1|" "$file"
+    $xtrace
+}
+
+# Get an option from an INI file
+# iniget config-file section option
+function iniget {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    local line
+
+    line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
+    echo ${line#*=}
+    $xtrace
+}
+
+# Get a multiple line option from an INI file
+# iniget_multiline config-file section option
+function iniget_multiline {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    local values
+
+    values=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { s/^$option[ \t]*=[ \t]*//gp; }" "$file")
+    echo ${values}
+    $xtrace
+}
+
+# Determinate is the given option present in the INI file
+# ini_has_option config-file section option
+function ini_has_option {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    local line
+
+    line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
+    $xtrace
+    [ -n "$line" ]
+}
+
+# Add another config line for a multi-line option.
+# It's normally called after iniset of the same option and assumes
+# that the section already exists.
+#
+# Note that iniset_multiline requires all the 'lines' to be supplied
+# in the argument list. Doing that will cause incorrect configuration
+# if spaces are used in the config values.
+#
+# iniadd_literal [-sudo] config-file section option value
+function iniadd_literal {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
+    local file=$1
+    local section=$2
+    local option=$3
+    local value=$4
+
+    if [[ -z $section || -z $option ]]; then
+        $xtrace
+        return
+    fi
+
+    # Add it
+    $sudo sed -i -e "/^\[$section\]/ a\\
+$option = $value
+" "$file"
+
+    $xtrace
+}
+
+# Remove an option from an INI file
+# inidelete [-sudo] config-file section option
+function inidelete {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
+    local file=$1
+    local section=$2
+    local option=$3
+
+    if [[ -z $section || -z $option ]]; then
+        $xtrace
+        return
+    fi
+
+    # Remove old values
+    $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
+
+    $xtrace
+}
+
+# Set an option in an INI file
+# iniset [-sudo] config-file section option value
+#  - if the file does not exist, it is created
+function iniset {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
+    local file=$1
+    local section=$2
+    local option=$3
+    local value=$4
+
+    if [[ -z $section || -z $option ]]; then
+        $xtrace
+        return
+    fi
+
+    if ! grep -q "^\[$section\]" "$file" 2>/dev/null; then
+        # Add section at the end
+        echo -e "\n[$section]" | $sudo tee --append "$file" > /dev/null
+    fi
+    if ! ini_has_option "$file" "$section" "$option"; then
+        # Add it
+        $sudo sed -i -e "/^\[$section\]/ a\\
+$option = $value
+" "$file"
+    else
+        local sep=$(echo -ne "\x01")
+        # Replace it
+        $sudo sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file"
+    fi
+    $xtrace
+}
+
+# Set a multiple line option in an INI file
+# iniset_multiline [-sudo] config-file section option value1 value2 valu3 ...
+function iniset_multiline {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
+    local file=$1
+    local section=$2
+    local option=$3
+
+    shift 3
+    local values
+    for v in $@; do
+        # The later sed command inserts each new value in the line next to
+        # the section identifier, which causes the values to be inserted in
+        # the reverse order. Do a reverse here to keep the original order.
+        values="$v ${values}"
+    done
+    if ! grep -q "^\[$section\]" "$file"; then
+        # Add section at the end
+        echo -e "\n[$section]" | $sudo tee --append "$file" > /dev/null
+    else
+        # Remove old values
+        $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
+    fi
+    # Add new ones
+    for v in $values; do
+        $sudo sed -i -e "/^\[$section\]/ a\\
+$option = $v
+" "$file"
+    done
+    $xtrace
+}
+
+# Uncomment an option in an INI file
+# iniuncomment config-file section option
+function iniuncomment {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
+    local file=$1
+    local section=$2
+    local option=$3
+    $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ s|[^ \t]*#[ \t]*\($option[ \t]*=.*$\)|\1|" "$file"
+    $xtrace
+}
+
+# Restore xtrace
+$INC_CONF_TRACE
+
+# Local variables:
+# mode: shell-script
+# End:
diff --git a/deployment_scripts/scripts/install_astara_from_src.sh b/deployment_scripts/scripts/install_astara_from_src.sh
new file mode 100755
index 0000000..6391a95
--- /dev/null
+++ b/deployment_scripts/scripts/install_astara_from_src.sh
@@ -0,0 +1,87 @@
+#!/bin/bash -ex
+
+repo=$1
+branch=$2
+dest=$3
+venv=/opt/venv/astara
+
+apt-get -y install python-dev libmysqlclient-dev
+
+if ! which pip ; then
+        apt-get -y install python-pip
+fi
+
+if ! which git; then
+        apt-get -y install git
+fi
+
+if ! which virtualenv ; then
+        pip install virtualenv
+fi
+
+if [[ ! -d $dest ]] ; then
+        git clone $repo $dest
+        (cd $dest && git checkout $branch)
+fi
+
+dirs="/var/log/astara /var/lib/astara /etc/astara"
+for dir in $dirs; do
+        mkdir -p $dir
+done
+
+if ! getent group astara > /dev/null 2>&1
+then
+        addgroup --system astara >/dev/null
+fi
+
+if ! getent passwd astara > /dev/null 2>&1
+then
+        adduser --system --home /var/lib/astara --ingroup astara --no-create-home --shell /bin/false astara
+fi
+
+for i in $(ls $dest/etc/); do
+        if [[ ! -e /etc/astara/$i ]]; then
+                cp -r $dest/etc/$i /etc/astara
+        fi
+done
+
+chown -R astara:adm /var/log/astara/
+chmod 0750 /var/log/astara/
+chown astara:astara -R /var/lib/astara/ /etc/astara/
+chmod 0750 /etc/astara/
+
+cat >/etc/sudoers.d/astara_sudoers <<END
+Defaults:astara !requiretty
+astara ALL = (root) NOPASSWD: /usr/bin/astara-rootwrap
+END
+chmod 0440 /etc/sudoers.d/astara_sudoers
+
+if [[ ! -d $venv ]]; then
+        mkdir -p $(dirname $venv)
+        virtualenv $venv
+fi
+
+cat >/etc/init/astara-orchestrator.conf <<END
+description "Astara Network Orchestrator server"
+author "Eric Lopez <eric.lopez@akanda.io>"
+
+start on runlevel [2345]
+stop on runlevel [!2345]
+
+respawn
+
+chdir /var/run
+
+exec start-stop-daemon --start --chuid astara --exec /usr/bin/astara-orchestrator -- --config-file=/etc/astara/orchestrator.ini
+END
+
+if ! which astara-orchestrator; then
+        $venv/bin/pip install -r $dest/requirements.txt $dest
+        $venv/bin/pip install "PyMySQL>=0.6.2"
+        $venv/bin/pip install "MySQL-python;python_version=='2.7'"
+        for bin in $(ls $venv/bin/astara*) ; do
+    if [[ ! -e /usr/bin/$(basename $bin) ]]; then
+      ln -s $bin /usr/bin/$(basename $bin)
+    fi
+        done
+fi
diff --git a/deployment_scripts/scripts/set_neutron_networks_config.sh b/deployment_scripts/scripts/set_neutron_networks_config.sh
new file mode 100755
index 0000000..975452f
--- /dev/null
+++ b/deployment_scripts/scripts/set_neutron_networks_config.sh
@@ -0,0 +1,39 @@
+#!/bin/bash -e
+# Spin indefinitely until our mgt net and subnet show up in neutron. This will
+# be timed out by deployment_tasks if it does not succeed.
+
+source /root/openrc
+
+source $(dirname $0)/functions
+
+if ! which neutron; then
+    sudo apt-get -y install python-neutronclient
+fi
+
+mgt_name=${1:-"astara_mgmt"}
+mgt_prefix=${2:-"fdca:3ba5:a17a:acda::/64"}
+
+while [[ -z "$net_id" ]]; do
+        net_id="$(neutron net-list | grep " $mgt_name " | awk '{ print $2 }')"
+        if [[ -z "$net_id" ]]; then
+                echo "Still waiting on mgt net"
+                sleep 1
+        else
+                echo "Found astara mgt net: $net_id"
+                break
+        fi
+done
+
+while [[ -z "$subnet_id" ]]; do
+        subnet_id="$(neutron subnet-list | grep " $mgt_prefix" | awk '{ print $2 }')"
+        if [[ -z "$subnet_id" ]]; then
+                echo "Still waiting on mgt subnet"
+                sleep 1
+        else
+                echo "Found astara mgt subnet: $subnet_id"
+                break
+        fi
+done
+
+iniset /etc/astara/orchestrator.ini DEFAULT management_network_id $net_id
+iniset /etc/astara/orchestrator.ini DEFAULT management_subnet_id $subnet_id
diff --git a/deployment_scripts/scripts/set_nova_flavor.sh b/deployment_scripts/scripts/set_nova_flavor.sh
new file mode 100755
index 0000000..e5f15e0
--- /dev/null
+++ b/deployment_scripts/scripts/set_nova_flavor.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+ram=${1:-512}
+disk=${2:-3}
+vcpus=${3:-1}
+flavor_name=${4:-m1.astara}
+id=${5:-511}
+
+source /root/openrc
+
+if ! nova flavor-list | awk '{ print $4 }' | grep "^$flavor_name" ; then
+        nova flavor-create $flavor_name $id $ram $disk $vcpus
+fi
diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml
new file mode 100644
index 0000000..3358668
--- /dev/null
+++ b/deployment_tasks.yaml
@@ -0,0 +1,177 @@
+# These tasks will be merged into deployment graph. Here you
+# can specify new tasks for any roles, even built-in ones.
+
+# Deployment Groups
+
+- id: primary-network-orchestrator-node
+  type: group
+  role: [primary-network-orchestrator-node]
+  requires: [primary-controller, controller]
+  required_for: [deploy_end]
+  tasks: [fuel_pkgs, hiera, globals, tools, logging, netconfig,
+    hosts, firewall, deploy_start]
+  parameters:
+    strategy:
+      type: one_by_one
+
+- id: network-orchestrator-node
+  type: group
+  role: [primary-network-orchestrator-node]
+  requires: [primary-controller, controller, primary-network-orchestrator-node]
+  required_for: [deploy_end]
+  tasks: [fuel_pkgs, hiera, globals, tools, logging, netconfig,
+    hosts, firewall, deploy_start]
+  parameters:
+    strategy:
+      type: parallel
+
+# Deployment Tasks
+# No idea what purpose this hiera override task serves.
+- id: network-orchestrator-pre-deployment-task
+  type: puppet
+  groups: [primary-controller, controller, primary-network-orchestrator-node, network-orchestrator-node]
+  requires: [pre_deployment_start]
+  required_for: [pre_deployment_end]
+  parameters:
+    puppet_manifest: puppet/manifests/network_orchestrator_pre_deployment.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 1800
+
+- id: network-orchestrator-hiera-override
+  type: puppet
+  groups: [primary-controller, controller, primary-network-orchestrator-node, network-orchestrator-node]
+  requires: [globals]
+  required_for: [logging]
+  parameters:
+    puppet_manifest: puppet/manifests/network_orchestrator_hiera_override.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 1800
+
+# These tasks execute on the controller
+- id: network-orchestrator-node-db-task
+  type: puppet
+  groups: [primary-controller]
+  requires: [primary-database, database]
+  required_for: [deploy_end]
+  cross-depends:
+    - name: /(primary-)?database/
+  parameters:
+    puppet_manifest: puppet/manifests/network_orchestrator_db.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 1800
+
+- id: network-orchestrator-node-astara-neutron-install-task
+  type: puppet
+  role: [primary-controller, controller]
+  requires: [post_deployment_start]
+  required_for: [post_deployment_end]
+  parameters:
+    puppet_manifest: puppet/manifests/network_orchestrator_astara_neutron_install.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 1800
+
+- id: network-orchestrator-node-astara-neutron-configure-task
+  type: shell
+  role: [primary-controller, controller]
+  requires: [post_deployment_start, network-orchestrator-node-astara-neutron-install-task]
+  required_for: [post_deployment_end]
+  parameters:
+    cmd: ./scripts/controller_post_deploy.sh
+    timeout: 1800
+
+# These tasks execute on the astara node
+- id: network-orchestrator-node-install-task
+  type: puppet
+  groups: [primary-network-orchestrator-node, network-orchestrator-node]
+  requires: [network-orchestrator-hiera-override, netconfig]
+  required_for: [deploy_end]
+  parameters:
+    puppet_manifest: puppet/manifests/network_orchestrator_install.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 1800
+
+- id: network-orchestrator-node-ml2-task
+  type: puppet
+  groups: [primary-network-orchestrator-node, network-orchestrator-node]
+  requires: [network-orchestrator-node-install-task]
+  required_for: [deploy_end]
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/plugins/ml2.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 1800
+
+- id: network-orchestrator-node-ml2-config-task
+  type: puppet
+  groups: [primary-network-orchestrator-node, network-orchestrator-node]
+  requires: [network-orchestrator-node-ml2-task]
+  required_for: [deploy_end]
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/common-config.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 1800
+
+- id: network-orchestrator-node-configure-task
+  type: puppet
+  groups: [primary-network-orchestrator-node, network-orchestrator-node]
+  requires: [network-orchestrator-node-install-task, network-orchestrator-node-ml2-task]
+  required_for: [deploy_end]
+  parameters:
+    puppet_manifest: puppet/manifests/network_orchestrator_configure.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 1800
+
+- id: network-orchestrator-node-image-task
+  type: puppet
+  groups: [primary-network-orchestrator-node]
+  requires: [network-orchestrator-node-install-task]
+  required_for: [deploy_end]
+  parameters:
+    puppet_manifest: puppet/manifests/network_orchestrator_image.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 3800
+
+# This task creates neutron networks, nova flavors and syncs db
+# on the primary
+- id: network-orchestrator-node-create-resources-task
+  type: puppet
+  groups: [primary-network-orchestrator-node]
+  requires: [network-orchestrator-node-configure-task]
+  required_for: [network-orchestrator-node-set-resources-task]
+  parameters:
+    puppet_manifest: puppet/manifests/network_orchestrator_create_resources.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 1800
+
+# This task configures non-primary nodes to use those created resources
+- id: network-orchestrator-node-set-resources-task
+  type: puppet
+  groups: [network-orchestrator-node]
+  requires: [network-orchestrator-node-create-resources-task]
+  required_for: [deploy_end]
+  parameters:
+    puppet_manifest: puppet/manifests/network_orchestrator_set_resources.pp
+    puppet_modules:  puppet/modules:/etc/puppet/modules
+    timeout: 1800
+
+
+- id: network-orchestrator-primary-node-post-deployment-task
+  type: shell
+  role: [primary-network-orchestrator-node]
+  requires: [post_deployment_start, upload_cirros]
+  required_for: [network-orchestrator-node-post-deployment-task]
+  parameters:
+    cmd: ./scripts/astara_post_deploy.sh primary-network-orchestrator-node
+    timeout: 1800
+    retries: 3
+    interval: 20
+
+- id: network-orchestrator-node-post-deployment-task
+  type: shell
+  role: [network-orchestrator-node]
+  requires: [network-orchestrator-primary-node-post-deployment-task]
+  required_for: [post_deployment_end]
+  parameters:
+    cmd: ./scripts/astara_post_deploy.sh network-orchestrator-node
+    timeout: 1800
+    retries: 3
+    interval: 20
diff --git a/environment_config.yaml b/environment_config.yaml
new file mode 100644
index 0000000..0db8339
--- /dev/null
+++ b/environment_config.yaml
@@ -0,0 +1,55 @@
+attributes:
+  metadata:
+    restrictions:
+      - action: hide
+        condition: "cluster:net_provider != 'neutron'"
+      - condition: "settings:neutron_advanced_configuration.neutron_dvr.value == true"
+        message: "Neutron DVR must be disabled in order to use Astara plugin"
+      - condition: "settings:neutron_advanced_configuration.neutron_l3_ha.value == true"
+        message: "Neutron L3 HA must be disabled in order to use Astara plugin"
+      - condition: "settings:public_network_assignment.assign_to_all_nodes.value == false"
+        message: "Enable Public Network Access for all nodes"
+      - condition: "settings:neutron_advanced_configuration.neutron_l2_pop.value == false and networking_parameters:segmentation_type != 'vlan'"
+        message: "Enable Neutron L2 Population"
+    group: network
+    astara_db_password:
+        generator: "password"
+  astara_mgmt_name:
+    value: 'astara_mgmt'
+    label: 'Astara Management Network Name'
+    weight: 15
+    description: 'Set the Astara Management Neutron Network Name'
+    type: "text"
+  astara_mgmt_ipv6_prefix:
+    value: 'fdca:3ba5:a17a:acda::/64'
+    label: 'Astara Management IPv6 Prefix'
+    description: 'Set the IPv6 Prefix for the Management Network'
+    weight: 20
+    type: "text"
+    regex:
+      source: '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
+      error: "Invalid IPv6 Prefix"
+  astara_mgmt_service_port:
+    value: '5000'
+    label: 'Astara Management Service Port'
+    description: 'Set the Astara Managment Service Port'
+    weight: 25
+    type: "text"
+    regex:
+      source: '^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$'
+      error: "Must specify a management port (ie, 5000)"
+  astara_api_port:
+    value: '44250'
+    label: 'Astara API Service Port'
+    description: 'Set the Astara API Service Port'
+    weight: 30
+    type: "text"
+    regex:
+      source: '^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$'
+      error: "Empty API Service Port"
+  astara_appliance_image_location:
+    value: 'http://tarballs.openstack.org/astara-appliance/images/astara_appliance_mitaka.qcow2'
+    label: 'Astara Appliance Image URL'
+    description: 'Set the Astara Appliance Image Download URL'
+    weight: 35
+    type: "text"
diff --git a/metadata.yaml b/metadata.yaml
new file mode 100644
index 0000000..8430bf5
--- /dev/null
+++ b/metadata.yaml
@@ -0,0 +1,34 @@
+# Plugin name
+name: fuel-plugin-astara
+# Human-readable name for your plugin
+title: Use Astara Network Orchestrator
+# Plugin version
+version: '1.0.32'
+# Description
+description: Enable to use Openstack Astara Network Orchestrator for Neutron Networking
+# Required fuel version
+fuel_version: ['8.0']
+# Specify license of your plugin
+licenses: ['Apache License Version 2.0']
+# Specify author or company name
+authors: ['Akanda, Inc.']
+# A link to the plugin's page
+homepage: 'https://github.com/openstack/fuel-plugins-astara'
+# Specify a group which your plugin implements, possible options:
+# network, storage, storage::cinder, storage::glance, hypervisor,
+# equipment
+groups: ['network']
+# Change `false` to `true` if the plugin can be installed in the environment
+# after the deployment.
+is_hotpluggable: false
+
+# The plugin is compatible with releases in the list
+releases:
+  - os: ubuntu
+    version: liberty-8.0
+    mode: ['ha','multinode']
+    deployment_scripts_path: deployment_scripts/
+    repository_path: repositories/ubuntu
+
+# Version of plugin package
+package_version: '4.0.0'
diff --git a/network_roles.yaml b/network_roles.yaml
new file mode 100644
index 0000000..781c3d6
--- /dev/null
+++ b/network_roles.yaml
@@ -0,0 +1,17 @@
+# Unique network role name
+- id: "astara_neutron"
+  # Role mapping to network
+  default_mapping: "management"
+  properties:
+    # Should be true if network role requires subnet being set
+    subnet: true
+    # Should be true if network role requires gateway being set
+    gateway: false
+    # List of VIPs to be allocated
+    vip:
+         # Unique VIP name
+       - name: "astara_orchestrator_vip"
+         # Optional linux namespace for VIP
+         namespace: "haproxy"
+         alias: "rug_vip"
+         node_roles: ["primary-network-controller", "network-controller"]
diff --git a/node_roles.yaml b/node_roles.yaml
new file mode 100644
index 0000000..b9e0572
--- /dev/null
+++ b/node_roles.yaml
@@ -0,0 +1,17 @@
+network-orchestrator-node:
+  # Role name
+  name: "Network Orchestrator Node"
+  # Role description
+  description: "Role to create a seperate Node for Astara Network Orchestartor Service"
+  # If primary then during orchestration this role will be
+  # separated into primary-role and role
+  has_primary: true
+  # Assign public IP to node if true
+  public_ip_required: false
+  # Weight that will be used to sort out the
+  # roles on the Fuel web UI
+  weight: 1000
+  conflicts:
+    - compute
+  limits:
+    min: 1
diff --git a/pre_build_hook b/pre_build_hook
new file mode 100755
index 0000000..72f9a71
--- /dev/null
+++ b/pre_build_hook
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -eux
+
+ROOT="$(dirname `readlink -f $0`)"
+RPM_REPO="${ROOT}"/repositories/centos/
+DEB_REPO="${ROOT}"/repositories/ubuntu/
+
+# DEB Package Files
+# RPM Package Files
+# wget -P "${RPM_REPO}" "${ASTARA_MITAKA_REPO_LOC}/"
+
diff --git a/repositories/centos/.gitignore b/repositories/centos/.gitignore
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/repositories/centos/.gitignore
diff --git a/repositories/centos/.gitkeep b/repositories/centos/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/repositories/centos/.gitkeep
diff --git a/repositories/ubuntu/.gitignore b/repositories/ubuntu/.gitignore
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/repositories/ubuntu/.gitignore
diff --git a/repositories/ubuntu/.gitkeep b/repositories/ubuntu/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/repositories/ubuntu/.gitkeep
diff --git a/tasks.yaml b/tasks.yaml
new file mode 100644
index 0000000..fe51488
--- /dev/null
+++ b/tasks.yaml
@@ -0,0 +1 @@
+[]