diff --git a/README.md b/README.md
index 18c8feb..af9f9b9 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ Installation Guide
 Https plugin installation
 ----------------------------
 
-1. Clone the fuel-plugin repo from: https://github.com/stackforge/fuel-plugin-tls.git
+1. Clone the Fuel-plugin repo from: https://github.com/stackforge/fuel-plugin-tls.git
 
     ``git clone``
 
@@ -56,7 +56,7 @@ Https plugin installation
 
 6. Install the tls plugin:
 
-   ``fuel plugins --install tls-<x.x.x>.rpm``
+   ``Fuel plugins --install tls-<x.x.x>.rpm``
 
 6. Plugin is ready to use and can be enabled on the Settings tab of the Fuel web UI.
 
@@ -78,8 +78,8 @@ https plugin configuration
     - the certificate .key content
 
 	
-You must pass your .crt, .key, .ca files via fuel UI (settings tab)
-When you pass the content of the files in fuel ui, some "space" characters will appear, don't care about this puppet will remove it.
+You must pass your .crt, .key, .ca files via Fuel UI (settings tab)
+When you pass the content of the files in Fuel ui, some "space" characters will appear, don't care about this puppet will remove it.
 
 CRT file must be in the following format : 
 
@@ -136,7 +136,7 @@ X43ceACVpWiv5DmBtEUrB8dbwxEJFaoPGqEswwdh1FDxzfsPdapyqGI5B8zRjnpa
 SR2QEYok/8lZeDgUOhXkGg==
 -----END PRIVATE KEY-----
 
-CA file must be in the following format : 
+CA file must be in the following format :
 
 -----BEGIN CERTIFICATE-----
 MIIDXTCCAkWgAwIBAgIJAJHydV1v41XIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
diff --git a/deployment_scripts/puppet/manifests/site.pp b/deployment_scripts/puppet/manifests/site.pp
index 8eb2b57..4189b6a 100644
--- a/deployment_scripts/puppet/manifests/site.pp
+++ b/deployment_scripts/puppet/manifests/site.pp
@@ -1,19 +1,47 @@
-$tls_hash    			= hiera('tls')
-$horizon_crt			= $tls_hash['horizon_crt']
-$horizon_key			= $tls_hash['horizon_key']
-$horizon_ca				= $tls_hash['horizon_ca']
-$nodes_hash       		= hiera('nodes')
-$controllers 			= hiera('controllers')
-$public_virtual_ip  	= hiera('public_vip')
-$internal_virtual_ip 	= hiera('management_vip')
+$tls_hash               = hiera('tls')
+$horizon_crt            = $tls_hash['horizon_crt']
+$horizon_key            = $tls_hash['horizon_key']
+$horizon_ca             = $tls_hash['horizon_ca']
+
+#do not use hiera for node parameters (see bug 1476957)
+$fuel_settings          = parseyaml(file('/etc/astute.yaml')) 
+$nodes_hash             = $::fuel_settings['nodes']
+$controllers            = concat(filter_nodes($nodes_hash,'role','primary-controller'), filter_nodes($nodes_hash,'role','controller'))
+$public_virtual_ip      = $::fuel_settings['public_vip']
+$internal_virtual_ip    = $::fuel_settings['management_vip']
+
+$servername             = hiera('public_vip')
+$horizon_hash           = hiera_hash('horizon',{})
+$cache_server_ip        = hiera('memcache_servers', $controller_nodes)
+$cache_server_port      = hiera('memcache_server_port', '11211')
+$neutron                = hiera('use_neutron')
+$keystone_host          = hiera('management_vip')
+$verbose                = hiera('verbose', true)
+$debug                  = hiera('debug')
+$package_ensure         = hiera('horizon_package_ensure', 'installed')
+$use_syslog             = hiera('use_syslog', true)
+$nova_quota             = hiera('nova_quota')
+
 class { 'tls::controller':
 	controllers			=> $controllers,
 	public_virtual_ip	=> $public_virtual_ip,
 	internal_virtual_ip	=> $internal_virtual_ip,
-    horizon_crt         =>  $horizon_crt,
-    horizon_key         =>  $horizon_key,
-    horizon_ca          =>  $horizon_ca,
-    external_ip         =>  $public_virtual_ip
+    horizon_crt         => $horizon_crt,
+    horizon_key         => $horizon_key,
+    horizon_ca          => $horizon_ca,
+    external_ip         => $public_virtual_ip,
+    nodes_hash          => $nodes_hash,
+    servername          => $servername,
+    horizon_hash        => $horizon_hash,
+    cache_server_ip     => $cache_server_ip,
+    cache_server_port   => $cache_server_port,
+    neutron             => $neutron,
+    keystone_host       => $keystone_host,
+    verbose             => $verbose,
+    debug               => $debug,
+    package_ensure      => $package_ensure,
+    use_syslog          => $use_syslog,
+    nova_quota          => $nova_quota
 }
   
   
diff --git a/deployment_scripts/puppet/manifests/site_compute.pp b/deployment_scripts/puppet/manifests/site_compute.pp
index 18bdf88..aa11a8b 100644
--- a/deployment_scripts/puppet/manifests/site_compute.pp
+++ b/deployment_scripts/puppet/manifests/site_compute.pp
@@ -1,9 +1,14 @@
-$tls_hash    			  = hiera('tls')
-$horizon_crt				= $tls_hash['horizon_crt']
-$horizon_key				= $tls_hash['horizon_key']
-$nodes_hash       	= hiera('nodes')
-$public_ip  	      = hiera('public_vip')
-$internal_ip 	      = hiera('management_vip')
+$tls_hash           = hiera('tls')
+$horizon_crt        = $tls_hash['horizon_crt']
+$horizon_key        = $tls_hash['horizon_key']
+$nodes_hash         = hiera('nodes')
+$public_ip          = hiera('public_vip')
+$internal_ip        = hiera('management_vip')
+
+#do not use hiera for node parameters (see bug 1476957)
+$fuel_settings          = parseyaml(file('/etc/astute.yaml')) 
+$public_virtual_ip      = $::fuel_settings['public_vip']
+$internal_virtual_ip    = $::fuel_settings['management_vip']
 
 class { 'tls::compute':
   public_virtual_ip   => $public_ip,
diff --git a/deployment_scripts/puppet/modules/tls/manifests/controller.pp b/deployment_scripts/puppet/modules/tls/manifests/controller.pp
index e7cfbd1..606d111 100644
--- a/deployment_scripts/puppet/modules/tls/manifests/controller.pp
+++ b/deployment_scripts/puppet/modules/tls/manifests/controller.pp
@@ -5,16 +5,27 @@ class tls::controller(
   $horizon_crt,
   $horizon_key,
   $horizon_ca,
-  $external_ip
+  $external_ip,
+  $nodes_hash,
+  $servername,
+  $horizon_hash,
+  $cache_server_ip,
+  $cache_server_port,
+  $neutron,
+  $keystone_host,
+  $verbose,
+  $debug,
+  $package_ensure,
+  $use_syslog,
+  $nova_quota
 ) {
-  $nodes_hash = hiera('nodes')
   $node = filter_nodes($nodes_hash,'name',$::hostname)
   $internal_address = $node[0]['internal_address']
   $bind_address = $internal_address
   $server_hostname = $external_ip
   include tls::params
   $apache_tls_path = $tls::params::apache_tls_path
-  
+
   #format crt and key files
   file { "$apache_tls_path" :
         ensure  => directory,
@@ -50,10 +61,21 @@ class tls::controller(
     httpd_service   =>  $tls::params::httpd_service_name
   }->
   class { 'tls::horizon::horizon':
-    bind_address   =>  $bind_address,
+    bind_address          =>  $bind_address,
     controllers           =>  $controllers,
     public_virtual_ip     =>  $public_virtual_ip,
     internal_virtual_ip   =>  $internal_virtual_ip,
+    servername            => $servername,
+    horizon_hash          => $horizon_hash,
+    cache_server_ip       => $cache_server_ip,
+    cache_server_port     => $cache_server_port,
+    neutron               => $neutron,
+    keystone_host         => $keystone_host,
+    verbose               => $verbose,
+    debug                 => $debug,
+    package_ensure        => $package_ensure,
+    use_syslog            => $use_syslog,
+    nova_quota            => $nova_quota,
   }->  
   exec { "ha_proxy_restart":
     command => "/usr/sbin/crm resource restart p_haproxy",
diff --git a/deployment_scripts/puppet/modules/tls/manifests/horizon/horizon.pp b/deployment_scripts/puppet/modules/tls/manifests/horizon/horizon.pp
index 378dfc4..eeecbb2 100644
--- a/deployment_scripts/puppet/modules/tls/manifests/horizon/horizon.pp
+++ b/deployment_scripts/puppet/modules/tls/manifests/horizon/horizon.pp
@@ -3,35 +3,35 @@ class tls::horizon::horizon(
   $controllers,
   $public_virtual_ip,
   $internal_virtual_ip,
+  $servername,
+  $horizon_hash,
+  $cache_server_ip,
+  $cache_server_port,
+  $neutron,
+  $keystone_host,
+  $verbose,
+  $debug,
+  $package_ensure,
+  $use_syslog,
+  $nova_quota  
 ) {
   include tls::params
   $ssl_port                       = 443
-  $horizon_hash                   = hiera_hash('horizon',{})
   $root_url                       = $tls::params::root_url
   $horizon_cert                   = $tls::params::tls_cert_file
   $horizon_key                    = $tls::params::tls_key_file
   $horizon_ca                     = $tls::params::tls_ca_file
   $controller_internal_addresses  = nodes_to_hash($controllers,'name','internal_address')
   $controller_nodes               = ipsort(values($controller_internal_addresses))
-  $cache_server_ip                = hiera('memcache_servers', $controller_nodes)
-  $cache_server_port              = hiera('memcache_server_port', '11211')
   $swift                          = false
-  $neutron                        = hiera('use_neutron')
   $horizon_app_links              = undef
-  $keystone_host                  = hiera('management_vip')
   $keystone_scheme                = 'http'
   $keystone_default_role          = '_member_'
-  $verbose                        = hiera('verbose', true)
-  $debug                          = hiera('debug')
   $api_result_limit               = 1000
-  $package_ensure                 = hiera('horizon_package_ensure', 'installed')
   $use_ssl                        = true
-  $use_syslog                     = hiera('use_syslog', true)
   $log_level                      = 'WARNING'
-  $nova_quota                     = hiera('nova_quota')
   $local_settings_template        = 'openstack/horizon/local_settings.py.erb'
   $django_session_engine          = 'django.contrib.sessions.backends.cache'
-  $servername                     = hiera('public_vip')
   $cache_backend                  = 'horizon.backends.memcached.HorizonMemcached'
   $cache_options                  = ["'SOCKET_TIMEOUT': 1","'SERVER_RETRIES': 1","'DEAD_RETRY': 1"]
   
@@ -128,15 +128,24 @@ class tls::horizon::horizon(
     horizon_ca             => $horizon_ca
   }
 
+  # Performance optimization for wsgi
+  if ($::memorysize_mb < 1200 or $::processorcount <= 3) {
+    $wsgi_processes = 2
+    $wsgi_threads = 9
+  } else {
+    $wsgi_processes = $::processorcount
+    $wsgi_threads = 15
+  }
+
   class { '::horizon::wsgi::apache':
     priority       => false,
     servername     => $public_virtual_ip,
     bind_address   => $bind_address,
     wsgi_processes => $wsgi_processes,
     wsgi_threads   => $wsgi_threads,
-    horizon_cert           => $horizon_cert ,
-    horizon_key            => $horizon_key,
-    horizon_ca            => $horizon_ca,
+    horizon_cert   => $horizon_cert ,
+    horizon_key    => $horizon_key,
+    horizon_ca     => $horizon_ca,
     listen_ssl     => $use_ssl,
     extra_params      => {
       default_vhost   => true,
diff --git a/deployment_scripts/puppet/modules/tls/manifests/params.pp b/deployment_scripts/puppet/modules/tls/manifests/params.pp
index 18d17b0..9138301 100644
--- a/deployment_scripts/puppet/modules/tls/manifests/params.pp
+++ b/deployment_scripts/puppet/modules/tls/manifests/params.pp
@@ -9,10 +9,7 @@ class tls::params {
     $tls_cert_file			    = '/etc/apache2/TLS/horizon.crt'
     $tls_key_file			      = '/etc/apache2/TLS/horizon.key'
     $tls_ca_file            = '/etc/apache2/TLS/horizon.ca'
-    $root_url               = '/horizon'	
-    $apache_conf_file 		  = '/etc/apache2/conf-available/openstack-dashboard.conf'
-    $apache_vhost_file      = '/etc/apache2/sites-available/openstack-dashboard.conf'
-    $apache_port_file		    = '/etc/apache2/ports.conf'	
+    $root_url               = '/horizon'
   } elsif($::osfamily == 'RedHat') {
     $httpd_service_name 	  = 'httpd'
     $horizon_settings_file 	= '/etc/openstack-dashboard/local_settings'
@@ -23,10 +20,7 @@ class tls::params {
     $tls_cert_file			    = '/etc/httpd/TLS/horizon.crt'
     $tls_key_file			      = '/etc/httpd/TLS/horizon.key'
     $tls_ca_file            = '/etc/httpd/TLS/horizon.ca'
-    $root_url               = '/dashboard'	
-    $apache_conf_file 		  = '/etc/httpd/conf.d/openstack-dashboard.conf'
-    $apache_vhost_file      = '/etc/httpd/conf.d/ssl.conf'
-    $apache_port_file		    = '/etc/httpd/conf.d/ports.conf'	
+    $root_url               = '/dashboard'
   } else {
     fail("unsupported family ${::osfamily}")
   }