diff --git a/elements/puppet-stack-config/install.d/02-puppet-stack-config b/elements/puppet-stack-config/install.d/02-puppet-stack-config
index 9aac23fec..e1c11fb3b 100755
--- a/elements/puppet-stack-config/install.d/02-puppet-stack-config
+++ b/elements/puppet-stack-config/install.d/02-puppet-stack-config
@@ -45,6 +45,11 @@ for _, group in undercloud.list_opts():
         upper_name = opt.name.upper()
         context[upper_name] = os.environ[upper_name]
 
+# Mustache conditional logic requires ENABLE_NOVAJOIN to be undefined
+# when novajoin is not enabled.
+if context['ENABLE_NOVAJOIN'].lower() == 'false':
+    del context['ENABLE_NOVAJOIN']
+
 endpoint_context = {}
 for k, v in os.environ.items():
     if k.startswith('UNDERCLOUD_ENDPOINT_'):
diff --git a/elements/puppet-stack-config/puppet-stack-config.pp b/elements/puppet-stack-config/puppet-stack-config.pp
index f9547803d..c023f650a 100644
--- a/elements/puppet-stack-config/puppet-stack-config.pp
+++ b/elements/puppet-stack-config/puppet-stack-config.pp
@@ -624,3 +624,8 @@ Service[$needless_services] {
   enable => false,
   ensure => stopped,
 }
+
+# novajoin install
+if str2bool(hiera('enable_novajoin', false)) {
+  include ::nova::metadata::novajoin::api
+}
diff --git a/elements/puppet-stack-config/puppet-stack-config.yaml.template b/elements/puppet-stack-config/puppet-stack-config.yaml.template
index 61b8d6680..78fab394c 100644
--- a/elements/puppet-stack-config/puppet-stack-config.yaml.template
+++ b/elements/puppet-stack-config/puppet-stack-config.yaml.template
@@ -683,6 +683,20 @@ tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
 tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
 tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}
 
+# Novajoin
+{{#ENABLE_NOVAJOIN}}
+nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
+nova::metadata::novajoin::api::nova_password: {{UNDERCLOUD_NOVA_PASSWORD}}
+nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
+ipaclient::password: {{IPA_OTP}}
+ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
+enable_novajoin: true
+nova::api::vendordata_jsonfile_path: '/etc/nova/cloud-config-novajoin.json'
+nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
+nova::api::vendordata_dynamic_targets: ['join@http://127.0.0.1:9999/v1/']
+nova::notification_topics: 'notifications'
+nova::notify_on_state_change: 'vm_state'
+{{/ENABLE_NOVAJOIN}}
 
 # Firewall
 tripleo::firewall::manage_firewall: true
diff --git a/instack_undercloud/undercloud.py b/instack_undercloud/undercloud.py
index c719893c7..004d1a5da 100644
--- a/instack_undercloud/undercloud.py
+++ b/instack_undercloud/undercloud.py
@@ -313,6 +313,17 @@ _opts = [
                       'removed in future release. Please consider moving to '
                       'gnocchi/Aodh/Panko API instead.')
                 ),
+    cfg.BoolOpt('enable_novajoin',
+                default=False,
+                help=('Whether to install novajoin metadata service in '
+                      'the Undercloud.')
+                ),
+    cfg.StrOpt('ipa_otp',
+               default='',
+               help=('One Time Password to register Undercloud node with '
+                     'an IPA server.  '
+                     'Required when enable_novajoin = True.')
+               ),
     cfg.BoolOpt('ipxe_enabled',
                 default=True,
                 help=('Whether to use iPXE for deploy and inspection.'),
diff --git a/undercloud.conf.sample b/undercloud.conf.sample
index 5cf06ae09..432cd6e63 100644
--- a/undercloud.conf.sample
+++ b/undercloud.conf.sample
@@ -146,7 +146,7 @@
 # Whether to install Zaqar services in the Undercloud. (boolean value)
 #enable_zaqar = true
 
-# Whether to install Telemetry services (ceilometer, aodh, gnocchi) in the
+# Whether to install Telemetry services (ceilometer, aodh) in the
 # Undercloud. (boolean value)
 #enable_telemetry = true
 
@@ -161,10 +161,20 @@
 # from remote volumes. (boolean value)
 #enable_cinder = false
 
-# Whether to enable legacy ceilometer api service in the
-# Undercloud. (boolean value)
+# Whether to enable legacy ceilometer api in the Undercloud. Note:
+# Ceilometer API has been deprecated and will be removed in future
+# release. Please consider moving to gnocchi/Aodh/Panko API instead.
+# (boolean value)
 #enable_legacy_ceilometer_api = true
 
+# Whether to install novajoin metadata service in the Undercloud.
+# (boolean value)
+#enable_novajoin = false
+
+# One Time Password to register Undercloud node with an IPA server.
+# Required when enable_novajoin = True. (string value)
+#ipa_otp =
+
 # Whether to use iPXE for deploy and inspection. (boolean value)
 # Deprecated group/name - [DEFAULT]/ipxe_deploy
 #ipxe_enabled = true