Merge "Fix virtual router type values"
diff --git a/.kitchen.yml b/.kitchen.yml
index 113ee81..e9ab514 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -72,10 +72,10 @@
   #   provisioner:
   #     pillars-from-files:
   #       opencontrail.sls: tests/pillar/cluster<%= ENV['OC_VERSION'] || '' %>.sls
-  - name: tor<%= ENV['OC_VERSION'] || '' %>
-    provisioner:
-      pillars-from-files:
-        opencontrail.sls: tests/pillar/tor<%= ENV['OC_VERSION'] || '' %>.sls
+  # - name: tor<%= ENV['OC_VERSION'] || '' %>
+  #   provisioner:
+  #     pillars-from-files:
+  #       opencontrail.sls: tests/pillar/tor<%= ENV['OC_VERSION'] || '' %>.sls
   - name: vrouter<%= ENV['OC_VERSION'] || '' %>
     provisioner:
       pillars-from-files:
diff --git a/README.rst b/README.rst
index da9d0b4..945aed3 100644
--- a/README.rst
+++ b/README.rst
@@ -590,6 +590,21 @@
         gateway_mode: server
 
 
+Set up metadata secret for the Vrouter
+-------------------------------------
+
+In order to get cloud-init within the instance to properly fetch 
+instance metadata, metadata_proxy_secret in the Vrouter agent config
+should match the value in nova.conf. The administrator should define
+it in the pillar:
+
+.. code-block:: yaml
+
+    opencontrail:
+      compute:
+        metadata:
+          secret: opencontrail
+
 Keystone v3
 -----------
 
diff --git a/metadata/service/compute/tor/cluster.yml b/metadata/service/compute/tor/cluster.yml
new file mode 100644
index 0000000..5115598
--- /dev/null
+++ b/metadata/service/compute/tor/cluster.yml
@@ -0,0 +1,16 @@
+applications:
+- opencontrail
+parameters:
+  opencontrail:
+    compute:
+      tor:
+        enabled: true
+        bind:
+          port: 8086
+        agent:
+          tor01:
+            id: 0
+            address: ${_param:single_address}
+            port: 6632
+            ssl:
+              enabled: True
diff --git a/metadata/service/compute/tor/single.yml b/metadata/service/compute/tor/single.yml
new file mode 100644
index 0000000..969b1ef
--- /dev/null
+++ b/metadata/service/compute/tor/single.yml
@@ -0,0 +1,15 @@
+applications:
+- opencontrail
+parameters:
+  opencontrail:
+    compute:
+      tor:
+        enabled: true
+        bind:
+          port: 8086
+        agent:
+          tor01:
+            id: 0
+            port: 6632
+            host: ${_param:tor_device01_address}
+            address: ${_param:single_address}
diff --git a/metadata/service/tor/single.yml b/metadata/service/tor/single.yml
deleted file mode 100644
index 7dc070c..0000000
--- a/metadata/service/tor/single.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-applications:
-- opencontrail
-parameters:
-  _param:
-    opencontrail_version: 2.2
-    opencontrail_tor_agents: 1
-  opencontrail:
-    common:
-      version: ${_param:opencontrail_version}
-      identity:
-        engine: keystone
-        host: 127.0.0.1
-        port: 35357
-        token: token
-        password: password
-      network:
-        engine: neutron
-        host: 127.0.0.1
-        port: 9696
-    tor:
-      enabled: true
-      version: ${_param:opencontrail_version}
-      agents: ${_param:opencontrail_tor_agents}
-      control:
-        address: ${_param:single_address}
-      interface:
-        address: ${_param:single_address}
-      device:
-        host: ${_param:tor_device_address}
\ No newline at end of file
diff --git a/opencontrail/collector.sls b/opencontrail/collector.sls
index ca5333d..9a0dd28 100644
--- a/opencontrail/collector.sls
+++ b/opencontrail/collector.sls
@@ -65,7 +65,7 @@
   - require:
     - pkg: opencontrail_collector_packages
 
-{%- if collector.version >= 3.0 %}
+{%- if collector.version >= 3.0 and grains.get('init') != 'systemd' %}
 
 /etc/contrail/supervisord_analytics_files/contrail-analytics-nodemgr.ini:
   file.managed:
diff --git a/opencontrail/compute.sls b/opencontrail/compute.sls
index 7df9d2b..c410cd1 100644
--- a/opencontrail/compute.sls
+++ b/opencontrail/compute.sls
@@ -69,6 +69,8 @@
 
 {%- if compute.version >= 3.0 %}
 
+{%- if compute.version <= 4.0 or grains.get('init') != 'systemd' %}
+
 /etc/contrail/supervisord_vrouter_files/contrail-vrouter-nodemgr.ini:
   file.managed:
   - source: salt://opencontrail/files/{{ compute.version }}/contrail-vrouter-nodemgr.ini
@@ -77,6 +79,8 @@
   - require_in:
     - service: opencontrail_compute_services
 
+{%- endif %}
+
 /etc/udev/rules.d/vhost-net.rules:
   file.managed:
   - contents: 'KERNEL=="vhost-net", GROUP="kvm", MODE="0660"'
@@ -101,6 +105,8 @@
   - require_in:
     - pkg: opencontrail_compute_packages
 
+{%- if compute.version <= 4.0 or grains.get('init') != 'systemd' %}
+
 /etc/contrail/supervisord_vrouter_files/contrail-vrouter-dpdk.ini:
   file.managed:
   - source: salt://opencontrail/files/{{ compute.version }}/contrail-vrouter-dpdk.ini
@@ -111,6 +117,8 @@
   - require_in:
     - service: opencontrail_compute_services
 
+{%- endif %}
+
 modules_dpdk:
   file.append:
   - name: /etc/modules
@@ -151,8 +159,37 @@
 {%- endif %}
 {%- endif %}
 
+{%- if compute.get('tor', {}).get('enabled', False) %}
+
+{% for agent_name, agent in compute.tor.agent.iteritems() %}
+
+/etc/contrail/contrail-tor-agent-{{ agent.id }}.conf:
+  file.managed:
+  - source: salt://opencontrail/files/{{ compute.version }}/contrail-tor-agent.conf
+  - template: jinja
+  - defaults:
+      agent_name: {{ agent_name }}
+  - watch_in:
+    - service: opencontrail_compute_services
+
+{%- if compute.version <= 4.0 or grains.get('init') != 'systemd' %}
+
+/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ agent.id }}.ini:
+  file.managed:
+  - source: salt://opencontrail/files/{{ compute.version }}/tor/contrail-tor-agent.ini
+  - template: jinja
+  - defaults:
+      agent_name: {{ agent_name }}
+  - watch_in:
+    - service: opencontrail_compute_services
+
+{%- endif %}
+
+{%- endfor %}
+{%- endif %}
+
 opencontrail_compute_services:
-  service.enabled:
+  service.running:
   - names: {{ compute.services }}
   {%- if grains.get('noservices') %}
   - onlyif: /bin/false
diff --git a/opencontrail/config.sls b/opencontrail/config.sls
index dc035e5..84998e7 100644
--- a/opencontrail/config.sls
+++ b/opencontrail/config.sls
@@ -44,6 +44,8 @@
   - require:
     - pkg: opencontrail_config_packages
 
+{%- if grains.get('init') != 'systemd' %}
+
 /etc/contrail/supervisord_config_files/contrail-discovery.ini:
   file.managed:
   - source: salt://opencontrail/files/{{ config.version }}/config/contrail-discovery.ini
@@ -57,6 +59,8 @@
   - require:
     - pkg: opencontrail_config_packages
 
+{%- endif %}
+
 /etc/contrail/contrail-discovery.conf:
   file.managed:
   - source: salt://opencontrail/files/{{ config.version }}/contrail-discovery.conf
@@ -66,6 +70,8 @@
 
 {%- endif %}
 
+{%- if grains.get('init') != 'systemd' %}
+
 /etc/contrail/supervisord_config_files/contrail-api.ini:
   file.managed:
   - source: salt://opencontrail/files/{{ config.version }}/config/contrail-api.ini
@@ -79,6 +85,8 @@
   - require:
     - pkg: opencontrail_config_packages
 
+{%- endif %}
+
 /etc/contrail/contrail-api.conf:
   file.managed:
   - source: salt://opencontrail/files/{{ config.version }}/contrail-api.conf
@@ -143,7 +151,7 @@
   - require:
     - pkg: opencontrail_config_packages
 
-{%- if config.version >= 3.0 %}
+{%- if config.version >= 3.0 and grains.get('init') != 'systemd' %}
 
 /etc/contrail/supervisord_config_files/contrail-config-nodemgr.ini:
   file.managed:
diff --git a/opencontrail/control.sls b/opencontrail/control.sls
index e89e6f8..8de19e4 100644
--- a/opencontrail/control.sls
+++ b/opencontrail/control.sls
@@ -43,7 +43,7 @@
   - require:
     - pkg: opencontrail_control_packages
 
-{%- if control.version >= 3.0 %}
+{%- if control.version >= 3.0 and grains.get('init') != 'systemd' %}
 
 /etc/contrail/supervisord_control_files/contrail-control-nodemgr.ini:
   file.managed:
diff --git a/opencontrail/database.sls b/opencontrail/database.sls
index 036201a..7de47b5 100644
--- a/opencontrail/database.sls
+++ b/opencontrail/database.sls
@@ -113,6 +113,8 @@
     - service: opencontrail_database_services
     - service: opencontrail_zookeeper_service
 
+{%- if database.version <= 4.0 or grains.get('init') != 'systemd' %}
+
 /etc/contrail/supervisord_database_files/contrail-database-nodemgr.ini:
   file.managed:
   - source: salt://opencontrail/files/{{ database.version }}/database/contrail-database-nodemgr.ini
@@ -123,6 +125,7 @@
     - service: opencontrail_zookeeper_service
 
 {%- endif %}
+{%- endif %}
 
 {% if grains.os_family == "Debian" %}
 #Stop cassandra started by init script - replaced by contrail-database
@@ -162,7 +165,7 @@
 opencontrail_database_services:
   service.running:
   - enable: true
-{%- if common.vendor == "juniper" %}
+{%- if common.vendor == "juniper" or (database.version >= 4.0 and grains.get('init') == 'systemd') %}
   - name: contrail-database
 {%- else %}
   - name: supervisor-database
diff --git a/opencontrail/files/2.2/contrail-vrouter-agent.conf b/opencontrail/files/2.2/contrail-vrouter-agent.conf
index 0e4f1fc..0aa2672 100644
--- a/opencontrail/files/2.2/contrail-vrouter-agent.conf
+++ b/opencontrail/files/2.2/contrail-vrouter-agent.conf
@@ -123,6 +123,9 @@
 [METADATA]
 # Shared secret for metadata proxy service (Optional)
 # metadata_proxy_secret=contrail
+{%- if compute.metadata is defined %}
+metadata_proxy_secret={{ compute.metadata.secret }}
+{%- endif %}
 
 [NETWORKS]
 # control-channel IP address used by WEB-UI to connect to vnswad to fetch
diff --git a/opencontrail/files/3.0/config.global.js b/opencontrail/files/3.0/config.global.js
index 402cc35..e4397c3 100644
--- a/opencontrail/files/3.0/config.global.js
+++ b/opencontrail/files/3.0/config.global.js
@@ -276,7 +276,7 @@
  * Default: false
  *
 ******************************************************************************/
-config.getDomainProjectsFromApiServer = false;
+config.getDomainProjectsFromApiServer = {{ web.get('projects_from_api', 'false')|lower }};
 /*****************************************************************************
 * Boolean flag L2_enable indicates the default forwarding-mode of a network.
 * Allowed values : true / false
diff --git a/opencontrail/files/3.0/contrail-database-nodemgr.conf b/opencontrail/files/3.0/contrail-database-nodemgr.conf
index 117c751..3cd6e74 100644
--- a/opencontrail/files/3.0/contrail-database-nodemgr.conf
+++ b/opencontrail/files/3.0/contrail-database-nodemgr.conf
@@ -2,6 +2,11 @@
 [DEFAULT]
 hostip={{ database.bind.host }}
 minimum_diskGB={{ database.minimum_disk }}
+{%- if pillar.opencontrail.control is defined %}
+contrail_databases=config
+{%- else %}
+contrail_databases=Analytics
+{%- endif %}
 
 [DISCOVERY]
 server={{ database.discovery.host }}
diff --git a/opencontrail/files/3.0/contrail-tor-agent.conf b/opencontrail/files/3.0/contrail-tor-agent.conf
index 598a6d5..bb19a6c 100644
--- a/opencontrail/files/3.0/contrail-tor-agent.conf
+++ b/opencontrail/files/3.0/contrail-tor-agent.conf
@@ -1,7 +1,7 @@
-{%- from "opencontrail/map.jinja" import tor with context %}
 {%- from "opencontrail/map.jinja" import compute with context %}
-{%- set port = tor.bind.port + number %}
-#
+
+{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
+{%- set port = compute.tor.bind.port + agent.id %}
 # Vnswad configuration options
 #
 
@@ -12,7 +12,7 @@
 # server=10.0.0.1 10.0.0.2
 
 [DEFAULT]
-agent_name={{ pillar.linux.system.name }}-{{ number }}
+agent_name={{ pillar.linux.system.name }}-{{ agent.id }}
 # Everything in this section is optional
 
 # IP address and port to be used to connect to collector. If these are not
@@ -34,7 +34,7 @@
 # log_category=
 
 # Local log file name
-log_file=/var/log/contrail/contrail-tor-agent-{{ number }}.log
+log_file=/var/log/contrail/contrail-tor-agent-{{ agent.id }}.log
 
 # Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
 # SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
@@ -54,7 +54,7 @@
 # headless_mode=
 
 # Define agent mode. Only supported value is "tor"
-  agent_mode=tor
+agent_mode=tor
 
 
 # Http server port for inspecting vnswad state (useful for debugging)
@@ -81,24 +81,42 @@
 [NETWORKS]
 # control-channel IP address used by WEB-UI to connect to vnswad to fetch
 # required information (Optional)
-control_network_ip={{ tor.control.address }}
+{%- if compute.bind is defined %}
+control_network_ip={{ compute.bind.address }}
+{%- else %}
+control_network_ip={{ compute.interface.address }}
+{%- endif %}
 
 [TOR]
+{%- if agent.ssl is not defined %}
 # IP address of the TOR to manage
-tor_ip={{ tor.device.host }}
+tor_ip={{ agent.host }}
+{%- endif %}
 
 # Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
-tor_id={{ number }}
+tor_id={{ agent.id }}
 
 # ToR management scheme is based on this type. Only supported value is "ovs"
 tor_type=ovs
 
 # OVS server port number on the ToR
-tor_ovs_port=6632
+tor_ovs_port={{ agent.port }}
 
 # IP-Transport protocol used to connect to tor. Only supported value is "tcp"
+{%- if agent.ssl is defined %}
+tor_ovs_protocol=pssl
+{%- else %}
 tor_ovs_protocol=tcp
+{%- endif %}
 
-tsn_ip={{ tor.interface.address }}
+tsn_ip={{ compute.interface.address }}
 
+tor_keepalive_interval={{ agent.get('tor_keepalive_interval', 10000) }}
 
+{%- if agent.ssl is defined %}
+ssl_cert={{ agent.ssl.get('cert', '/etc/contrail/ssl/certs/tor.crt') }}
+
+ssl_privkey={{ agent.ssl.get('key', '/etc/contrail/ssl/certs/tor.key') }}
+
+ssl_cacert={{ agent.ssl.get('ca', '/etc/contrail/ssl/certs/ca.crt') }}
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/3.0/contrail-vrouter-agent.conf b/opencontrail/files/3.0/contrail-vrouter-agent.conf
index c3f94d4..0a66be5 100644
--- a/opencontrail/files/3.0/contrail-vrouter-agent.conf
+++ b/opencontrail/files/3.0/contrail-vrouter-agent.conf
@@ -81,7 +81,7 @@
 # DHCP relay mode (true or false) to determine if a DHCP request in fabric
 # interface with an unconfigured IP should be relayed or not
 # dhcp_relay_mode=
-{%- if pillar.opencontrail.tor is defined %}
+{%- if compute.get('tor', {}).get('enabled', False) %}
 agent_mode = tsn
 {%- endif %}
 
@@ -140,6 +140,9 @@
 [METADATA]
 # Shared secret for metadata proxy service (Optional)
 # metadata_proxy_secret=contrail
+{%- if compute.metadata is defined %}
+metadata_proxy_secret={{ compute.metadata.secret }}
+{%- endif %}
 
 [NETWORKS]
 # control-channel IP address used by WEB-UI to connect to vnswad to fetch
diff --git a/opencontrail/files/3.0/tor/contrail-tor-agent.ini b/opencontrail/files/3.0/tor/contrail-tor-agent.ini
index 3443c3a..22a8918 100644
--- a/opencontrail/files/3.0/tor/contrail-tor-agent.ini
+++ b/opencontrail/files/3.0/tor/contrail-tor-agent.ini
@@ -1,14 +1,14 @@
-{%- from "opencontrail/map.jinja" import tor with context %}
-
-[program:contrail-tor-agent-{{ number }}]
-command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ number }}.conf
+{%- from "opencontrail/map.jinja" import compute with context %}
+{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
+[program:contrail-tor-agent-{{ agent.id }}]
+command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ agent.id }}.conf
 priority=420
 autostart=true
 killasgroup=true
 stopsignal=KILL
 stdout_capture_maxbytes=1MB
 redirect_stderr=true
-stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ number }}-stdout.log
+stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ agent.id }}-stdout.log
 stderr_logfile=/dev/null
 startsecs=5
 exitcodes=0                   ; 'expected' exit codes for process (default 0,2)
\ No newline at end of file
diff --git a/opencontrail/files/4.0/config.global.js b/opencontrail/files/4.0/config.global.js
index 8e80e58..dcbd92f 100644
--- a/opencontrail/files/4.0/config.global.js
+++ b/opencontrail/files/4.0/config.global.js
@@ -344,7 +344,7 @@
  * Default: false
  *
 ******************************************************************************/
-config.getDomainProjectsFromApiServer = false;
+config.getDomainProjectsFromApiServer =  {{ web.get('projects_from_api', 'false')|lower }};
 /*****************************************************************************
 * Boolean flag L2_enable indicates the default forwarding-mode of a network.
 * Allowed values : true / false
diff --git a/opencontrail/files/4.0/contrail-database-nodemgr.conf b/opencontrail/files/4.0/contrail-database-nodemgr.conf
index 5ccad47..492fd8f 100644
--- a/opencontrail/files/4.0/contrail-database-nodemgr.conf
+++ b/opencontrail/files/4.0/contrail-database-nodemgr.conf
@@ -2,6 +2,11 @@
 [DEFAULT]
 hostip={{ database.bind.host }}
 minimum_diskGB={{ database.minimum_disk }}
+{%- if pillar.opencontrail.control is defined %}
+contrail_databases=config
+{%- else %}
+contrail_databases=Analytics
+{%- endif %}
 
 [COLLECTOR]
 server_list={% for member in database.analytics.members %}{{ member.host }}:8086 {% endfor %}
diff --git a/opencontrail/files/4.0/contrail-tor-agent.conf b/opencontrail/files/4.0/contrail-tor-agent.conf
index b239bc7..cc8c05d 100644
--- a/opencontrail/files/4.0/contrail-tor-agent.conf
+++ b/opencontrail/files/4.0/contrail-tor-agent.conf
@@ -1,7 +1,7 @@
-{%- from "opencontrail/map.jinja" import tor with context %}
 {%- from "opencontrail/map.jinja" import compute with context %}
-{%- set port = tor.bind.port + number %}
-#
+
+{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
+{%- set port = compute.tor.bind.port + agent.id %}
 # Vnswad configuration options
 #
 
@@ -12,7 +12,7 @@
 # server=10.0.0.1 10.0.0.2
 
 [DEFAULT]
-agent_name={{ pillar.linux.system.name }}-{{ number }}
+agent_name={{ pillar.linux.system.name }}-{{ agent.id }}
 # Everything in this section is optional
 
 # IP address and port to be used to connect to collector. If these are not
@@ -34,7 +34,7 @@
 # log_category=
 
 # Local log file name
-log_file=/var/log/contrail/contrail-tor-agent-{{ number }}.log
+log_file=/var/log/contrail/contrail-tor-agent-{{ agent.id }}.log
 
 # Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
 # SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
@@ -54,7 +54,7 @@
 # headless_mode=
 
 # Define agent mode. Only supported value is "tor"
-  agent_mode=tor
+agent_mode=tor
 
 
 # Http server port for inspecting vnswad state (useful for debugging)
@@ -70,24 +70,42 @@
 [NETWORKS]
 # control-channel IP address used by WEB-UI to connect to vnswad to fetch
 # required information (Optional)
-control_network_ip={{ tor.control.address }}
+{%- if compute.bind is defined %}
+control_network_ip={{ compute.bind.address }}
+{%- else %}
+control_network_ip={{ compute.interface.address }}
+{%- endif %}
 
 [TOR]
+{%- if agent.ssl is not defined %}
 # IP address of the TOR to manage
-tor_ip={{ tor.device.host }}
+tor_ip={{ agent.host }}
+{%- endif %}
 
 # Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
-tor_id={{ number }}
+tor_id={{ agent.id }}
 
 # ToR management scheme is based on this type. Only supported value is "ovs"
 tor_type=ovs
 
 # OVS server port number on the ToR
-tor_ovs_port=6632
+tor_ovs_port={{ agent.get('port', 6632) }}
 
 # IP-Transport protocol used to connect to tor. Only supported value is "tcp"
+{%- if agent.ssl is defined %}
+tor_ovs_protocol=pssl
+{%- else %}
 tor_ovs_protocol=tcp
+{%- endif %}
 
-tsn_ip={{ tor.interface.address }}
+tsn_ip={{ compute.interface.address }}
 
+tor_keepalive_interval={{ agent.get('tor_keepalive_interval', 10000) }}
 
+{%- if agent.ssl is defined %}
+ssl_cert={{ agent.ssl.get('cert', '/etc/contrail/ssl/certs/tor.crt') }}
+
+ssl_privkey={{ agent.ssl.get('key', '/etc/contrail/ssl/certs/tor.key') }}
+
+ssl_cacert={{ agent.ssl.get('ca', '/etc/contrail/ssl/certs/ca.crt') }}
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/4.0/contrail-vrouter-agent.conf b/opencontrail/files/4.0/contrail-vrouter-agent.conf
index 94d170d..f8c6933 100644
--- a/opencontrail/files/4.0/contrail-vrouter-agent.conf
+++ b/opencontrail/files/4.0/contrail-vrouter-agent.conf
@@ -17,7 +17,7 @@
 
 # Agent mode : can be vrouter / tsn / tor (default is vrouter)
 # agent_mode=
-{%- if pillar.opencontrail.tor is defined %}
+{%- if compute.get('tor', {}).get('enabled', False) %}
 agent_mode = tsn
 {%- endif %}
 
@@ -196,6 +196,9 @@
 [METADATA]
 # Shared secret for metadata proxy service (Optional)
 # metadata_proxy_secret=contrail
+{%- if compute.metadata is defined %}
+metadata_proxy_secret={{ compute.metadata.secret }}
+{%- endif %}
 
 # Metadata proxy port on which agent listens (Optional)
 # metadata_proxy_port=
diff --git a/opencontrail/files/4.0/tor/contrail-tor-agent.ini b/opencontrail/files/4.0/tor/contrail-tor-agent.ini
index 3443c3a..22a8918 100644
--- a/opencontrail/files/4.0/tor/contrail-tor-agent.ini
+++ b/opencontrail/files/4.0/tor/contrail-tor-agent.ini
@@ -1,14 +1,14 @@
-{%- from "opencontrail/map.jinja" import tor with context %}
-
-[program:contrail-tor-agent-{{ number }}]
-command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ number }}.conf
+{%- from "opencontrail/map.jinja" import compute with context %}
+{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
+[program:contrail-tor-agent-{{ agent.id }}]
+command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ agent.id }}.conf
 priority=420
 autostart=true
 killasgroup=true
 stopsignal=KILL
 stdout_capture_maxbytes=1MB
 redirect_stderr=true
-stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ number }}-stdout.log
+stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ agent.id }}-stdout.log
 stderr_logfile=/dev/null
 startsecs=5
 exitcodes=0                   ; 'expected' exit codes for process (default 0,2)
\ No newline at end of file
diff --git a/opencontrail/files/telegraf.conf b/opencontrail/files/telegraf.conf
new file mode 100644
index 0000000..a1faefa
--- /dev/null
+++ b/opencontrail/files/telegraf.conf
@@ -0,0 +1,19 @@
+[[inputs.contrail]]
+{%- if values.interval is defined %}
+  interval = "{{ values.interval }}"
+{%- endif %}
+  ifmap_count = {{ values.ifmap_count|default("false")|lower }}
+{%- for tag_name, tag_value in values.get('checks', {}).iteritems() %}
+  {%- if tag_value.url is defined and tag_value.xml_element is defined %}
+  [[inputs.contrail.checks]]
+    url = "{{ tag_value.url }}"
+    xml_element = "{{ tag_value.xml_element }}"
+    name = "{{ tag_name }}"
+      {%- if tag_value.result_type is defined %}
+    result_type = "{{ tag_value.result_type }}"
+      {%- endif %}
+      {%- if tag_value.state is defined %}
+    state = "{{ tag_value.state }}"
+      {%- endif %}
+  {%- endif %}
+{%- endfor %}
diff --git a/opencontrail/init.sls b/opencontrail/init.sls
index 863a72d..ee862a7 100644
--- a/opencontrail/init.sls
+++ b/opencontrail/init.sls
@@ -18,9 +18,6 @@
 {% if pillar.opencontrail.web is defined %}
 - opencontrail.web
 {% endif %}
-{% if pillar.opencontrail.tor is defined %}
-- opencontrail.tor
-{% endif %}
 {%- if pillar.opencontrail.client is defined %}
 - opencontrail.client
 {%- endif %}
diff --git a/opencontrail/map.jinja b/opencontrail/map.jinja
index e98c2f4..cbfae68 100644
--- a/opencontrail/map.jinja
+++ b/opencontrail/map.jinja
@@ -1,4 +1,5 @@
 {%- set vendor = salt['pillar.get']('opencontrail:common:vendor', 'opencontrail') %}
+{%- set version = salt['pillar.get']('opencontrail:common:version') %}
 
 {%- load_yaml as base_defaults %}
 {%- if vendor in ['opencontrail'] %}
@@ -19,26 +20,42 @@
         ['contrail-analytics', 'python-cassandra']
     redis_config: '/etc/redis/redis.conf'
     services:
+    {%- if grains.get('init') != 'systemd' %}
         ['supervisor-analytics', 'redis-server']
+    {%- else %}
+        ['contrail-collector', 'contrail-analytics-api', 'contrail-query-engine', 'contrail-alarm-gen', 'contrail-snmp-collector', 'contrail-topology', 'contrail-analytics-nodemgr', 'redis-server']
+    {%- endif %}
   RedHat:
     pkgs:
         ['contrail-analytics']
     redis_config: '/etc/redis.conf'
     services:
+    {%- if grains.get('init') != 'systemd' %}
         ['supervisor-analytics', 'redis']
+    {%- else %}
+        ['contrail-collector', 'contrail-analytics-api', 'contrail-query-engine', 'contrail-alarm-gen', 'contrail-snmp-collector', 'contrail-topology', 'contrail-analytics-nodemgr', 'redis']
+    {%- endif %}
 compute:
   Debian:
     pkgs:
         ['contrail-utils', 'iproute2', 'haproxy']
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
         ['supervisor-vrouter']
+    {%- else %}
+        ['contrail-vrouter-agent', 'contrail-vrouter-nodemgr']
+    {%- endif %}
     dpdk:
         enabled: False
   RedHat:
     pkgs:
         ['contrail-openstack-vrouter', 'contrail-utils', 'haproxy', 'contrail-vrouter-source']
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
         ['supervisor-vrouter']
+    {%- else %}
+        ['contrail-vrouter-agent', 'contrail-vrouter-nodemgr']
+    {%- endif %}
     dpdk:
         enabled: False
 config:
@@ -46,43 +63,70 @@
     pkgs:
         ['contrail-config-openstack', 'ifmap-server']
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
         ['supervisor-config']
+    {%- else %}
+        ['contrail-api', 'contrail-schema', 'contrail-svc-monitor', 'contrail-device-manager', 'contrail-config-nodemgr']
+    {%- endif %}
   RedHat:
     pkgs:
         ['contrail-openstack-config']
     services:
+    {%- if grains.get('init') != 'systemd' %}
         ['supervisor-config']
+    {%- else %}
+        ['contrail-api', 'contrail-schema', 'contrail-svc-monitor', 'contrail-device-manager', 'contrail-config-nodemgr']
+    {%- endif %}
 control:
   Debian:
     pkgs:
         ['contrail-control', 'contrail-dns']
     services:
+    {%- if grains.get('init') != 'systemd' %}
         ['contrail-control', 'supervisor-control']
+    {%- else %}
+        ['contrail-control', 'contrail-named', 'contrail-dns', 'contrail-control-nodemgr']
+    {%- endif %}
   RedHat:
     pkgs:
          ['contrail-openstack-control']
     services:
-         ['contrail-control', 'supervisor-control']
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
+        ['contrail-control', 'supervisor-control']
+    {%- else %}
+        ['contrail-control', 'contrail-named', 'contrail-dns', 'contrail-control-nodemgr']
+    {%- endif %}
 database:
   Debian:
     {%- if grains.get('oscodename') == 'trusty' %}
     pkgs:
          ['cassandra', 'zookeeper', 'supervisor', 'openjdk-7-jre-headless', 'contrail-database']
-    {%- else %}
+    {%- elif version < 4.0 %}
     pkgs:
          ['cassandra', 'zookeeper', 'supervisor', 'openjdk-8-jre-headless', 'contrail-database']
+    {%- else %}
+    pkgs:
+         ['cassandra', 'zookeeper', 'openjdk-8-jre-headless', 'contrail-database']
     {%- endif %}
     cassandra_config: '/etc/cassandra/'
     compaction_throughput_mb_per_sec: 16
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
          ['supervisord-contrail-database', 'zookeeper']
+    {%- else %}
+         ['contrail-database', 'contrail-database-nodemgr', 'zookeeper']
+    {%- endif %}
   RedHat:
     pkgs:
          ['contrail-openstack-database', 'zookeeper', 'supervisor', 'java-1.7.0-openjdk-headless']
     cassandra_config: '/etc/cassandra/conf/'
     compaction_throughput_mb_per_sec: 16
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
          ['supervisord-contrail-database', 'zookeeper']
+    {%- else %}
+         ['contrail-database', 'contrail-database-nodemgr', 'zookeeper']
+    {%- endif %}
 web:
   Debian:
     pkgs:
@@ -107,11 +151,6 @@
   RedHat:
     pkgs:
          []
-tor:
-  Debian:
-    agents: 1
-    bind:
-      port: 8086
 
 {%- elif vendor == 'juniper' -%}
 
@@ -132,26 +171,42 @@
          ['contrail-analytics', 'python-cassandra-driver']
     redis_config: '/etc/redis/redis.conf'
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
         ['supervisor-analytics', 'redis-server']
+    {%- else %}
+        ['contrail-collector', 'contrail-analytics-api', 'contrail-query-engine', 'contrail-alarm-gen', 'contrail-snmp-collector', 'contrail-topology', 'contrail-analytics-nodemgr', 'redis-server']
+    {%- endif %}
   RedHat:
     pkgs:
          ['contrail-analytics', 'python-cassandra-driver']
     redis_config: '/etc/redis.conf'
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
         ['supervisor-analytics', 'redis']
+    {%- else %}
+        ['contrail-collector', 'contrail-analytics-api', 'contrail-query-engine', 'contrail-alarm-gen', 'contrail-snmp-collector', 'contrail-topology', 'contrail-analytics-nodemgr', 'redis']
+    {%- endif %}
 compute:
   Debian:
     pkgs:
          ['contrail-utils', 'iproute2', 'haproxy']
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
         ['supervisor-vrouter']
+    {%- else %}
+        ['contrail-vrouter-agent', 'contrail-vrouter-nodemgr']
+    {%- endif %}
     dpdk:
         enabled: False
   RedHat:
     pkgs:
          ['contrail-openstack-vrouter', 'contrail-utils', 'haproxy', 'contrail-vrouter-source']
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
         ['supervisor-vrouter']
+    {%- else %}
+        ['contrail-vrouter-agent', 'contrail-vrouter-nodemgr']
+    {%- endif %}
     dpdk:
         enabled: False
 config:
@@ -159,23 +214,39 @@
     pkgs:
          ['contrail-config-openstack', 'ifmap-server']
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
         ['supervisor-config']
+    {%- else %}
+        ['contrail-api', 'contrail-schema', 'contrail-svc-monitor', 'contrail-device-manager', 'contrail-config-nodemgr']
+    {%- endif %}
   RedHat:
     pkgs:
          ['contrail-openstack-config']
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
         ['supervisor-config']
+    {%- else %}
+        ['contrail-api', 'contrail-schema', 'contrail-svc-monitor', 'contrail-device-manager', 'contrail-config-nodemgr']
+    {%- endif %}
 control:
   Debian:
     pkgs:
          ['contrail-control', 'contrail-dns']
     services:
-         ['contrail-control', 'supervisor-control']
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
+        ['contrail-control', 'supervisor-control']
+    {%- else %}
+        ['contrail-control', 'contrail-named', 'contrail-dns', 'contrail-control-nodemgr']
+    {%- endif %}
   RedHat:
     pkgs:
          ['contrail-openstack-control']
     services:
-         ['contrail-control', 'supervisor-control']
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
+        ['contrail-control', 'supervisor-control']
+    {%- else %}
+        ['contrail-control', 'contrail-named', 'contrail-dns', 'contrail-control-nodemgr']
+    {%- endif %}
 database:
   Debian:
     {%- if grains.get('oscodename') == 'trusty' %}
@@ -188,14 +259,22 @@
     cassandra_config: '/etc/cassandra/'
     compaction_throughput_mb_per_sec: 16
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
          ['supervisord-contrail-database', 'zookeeper']
+    {%- else %}
+         ['contrail-database', 'contrail-database-nodemgr', 'zookeeper']
+    {%- endif %}
   RedHat:
     pkgs:
          ['contrail-openstack-database', 'zookeeper', 'supervisor', 'java-1.7.0-openjdk-headless']
     cassandra_config: '/etc/cassandra/conf/'
     compaction_throughput_mb_per_sec: 16
     services:
+    {%- if grains.get('init') != 'systemd' or version < 4.0 %}
          ['supervisord-contrail-database', 'zookeeper']
+    {%- else %}
+         ['contrail-database', 'contrail-database-nodemgr', 'zookeeper']
+    {%- endif %}
 web:
   Debian:
     pkgs:
@@ -220,11 +299,6 @@
   RedHat:
     pkgs:
          []
-tor:
-  Debian:
-    agents: 1
-    bind:
-     port: 8086
 
 {%- endif %}
 {%- endload %}
@@ -237,7 +311,6 @@
 {% set database  = salt['grains.filter_by'](base_defaults['database'], merge=salt['pillar.get']('opencontrail:database', {}), base='database') %}
 {% set web       = salt['grains.filter_by'](base_defaults['web'], merge=salt['pillar.get']('opencontrail:web', {}), base='web') %}
 {% set client    = salt['grains.filter_by'](base_defaults['client'], merge=salt['pillar.get']('opencontrail:client', {}), base='client') %}
-{% set tor       = salt['grains.filter_by'](base_defaults['tor'], merge=salt['pillar.get']('opencontrail:tor', {}), base='tor') %}
 
 {% set monitoring = salt['grains.filter_by']({
     'default': {
diff --git a/opencontrail/meta/telegraf.yml b/opencontrail/meta/telegraf.yml
index e43dc93..51f7a40 100644
--- a/opencontrail/meta/telegraf.yml
+++ b/opencontrail/meta/telegraf.yml
@@ -111,8 +111,11 @@
   {%- endif %}
   {%- if control.get('enabled', False) or compute.get('enabled', False) %}
     contrail:
+      template: opencontrail/files/telegraf.conf
     {%- if control.get('enabled', False) %}
-      ifmap_count: "true"
+      # ifmap_count is always disabled because it puts too much load on the IF-MAP server
+      # and the metric is pretty much useless.
+      ifmap_count: "false"
     {%- endif %}
       checks:
     {%- if control.get('enabled', False) %}
diff --git a/opencontrail/tor.sls b/opencontrail/tor.sls
deleted file mode 100644
index f425087..0000000
--- a/opencontrail/tor.sls
+++ /dev/null
@@ -1,24 +0,0 @@
-{%- from "opencontrail/map.jinja" import tor with context %}
-{%- if tor.enabled %}
-
-include:
-- opencontrail.common
-
-{% for number in range(tor.agents) %}
-
-/etc/contrail/contrail-tor-agent-{{ number }}.conf:
-  file.managed:
-  - source: salt://opencontrail/files/{{ tor.version }}/contrail-tor-agent.conf
-  - template: jinja
-  - defaults:
-    number: {{ number }}
-
-/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ number }}.ini:
-  file.managed:
-  - source: salt://opencontrail/files/{{ tor.version }}/tor/contrail-tor-agent.ini
-  - template: jinja
-  - defaults:
-    number: {{ number }}
-
-{%- endfor %}
-{%- endif %}
\ No newline at end of file
diff --git a/tests/pillar/tor.sls b/tests/pillar/tor.sls
deleted file mode 100644
index 04ecba0..0000000
--- a/tests/pillar/tor.sls
+++ /dev/null
@@ -1,35 +0,0 @@
-opencontrail:
-  common:
-    version: 3.0
-    identity:
-      engine: keystone
-      host: 127.0.0.1
-      port: 35357
-      token: token
-      password: password
-    network:
-      engine: neutron
-      host: 127.0.0.1
-      port: 9696
-  tor:
-    enabled: true
-    version: 3.0
-    agents: 1
-    control:
-      address: 127.0.0.1
-    interface:
-      address: 127.0.0.1
-    device:
-      host: 127.0.0.1
-  compute:
-    enabled: true
-    version: 3.0
-    discovery:
-      host: 127.0.0.1
-    interface:
-      address: 127.0.0.1
-      dev: eth0
-      gateway: 127.0.0.1
-      mask: /24
-      dns: 127.0.0.1
-      mtu: 9000
diff --git a/tests/pillar/tor4_0.sls b/tests/pillar/tor4_0.sls
deleted file mode 100644
index 16b59fc..0000000
--- a/tests/pillar/tor4_0.sls
+++ /dev/null
@@ -1,43 +0,0 @@
-opencontrail:
-  common:
-    version: 4.0
-    identity:
-      engine: keystone
-      host: 127.0.0.1
-      port: 35357
-      token: token
-      password: password
-    network:
-      engine: neutron
-      host: 127.0.0.1
-      port: 9696
-  tor:
-    enabled: true
-    version: 4.0
-    agents: 1
-    control:
-      address: 127.0.0.1
-    interface:
-      address: 127.0.0.1
-    device:
-      host: 127.0.0.1
-  compute:
-    enabled: true
-    version: 4.0
-    collector:
-      members:
-      - host: 127.0.0.1
-      - host: 127.0.0.1
-      - host: 127.0.0.1
-    control:
-      members:
-      - host: 127.0.0.1
-      - host: 127.0.0.1
-      - host: 127.0.0.1
-    interface:
-      address: 127.0.0.1
-      dev: eth0
-      gateway: 127.0.0.1
-      mask: /24
-      dns: 127.0.0.1
-      mtu: 9000
diff --git a/tests/pillar/vrouter.sls b/tests/pillar/vrouter.sls
index 45418a0..13e05e5 100644
--- a/tests/pillar/vrouter.sls
+++ b/tests/pillar/vrouter.sls
@@ -25,3 +25,14 @@
       mask: /24
       dns: 127.0.0.1
       mtu: 9000
+    tor:
+      enabled: true
+      bind:
+        port: 8086
+      agent:
+        tor01:
+          id: 0
+          address: 127.0.0.1
+          port: 6632
+          ssl:
+            enabled: True
\ No newline at end of file
diff --git a/tests/pillar/vrouter4_0.sls b/tests/pillar/vrouter4_0.sls
index c875642..f19ce4e 100644
--- a/tests/pillar/vrouter4_0.sls
+++ b/tests/pillar/vrouter4_0.sls
@@ -33,3 +33,14 @@
       mask: /24
       dns: 127.0.0.1
       mtu: 9000
+    tor:
+      enabled: true
+      bind:
+        port: 8086
+      agent:
+        tor01:
+          id: 0
+          address: 127.0.0.1
+          port: 6632
+          ssl:
+            enabled: True