Merge pull request #36 from Mirantis/fix_calico_deploy

Fix calico deploy
diff --git a/tcp_tests/fixtures/stacklight_fixtures.py b/tcp_tests/fixtures/stacklight_fixtures.py
new file mode 100644
index 0000000..82b7c88
--- /dev/null
+++ b/tcp_tests/fixtures/stacklight_fixtures.py
@@ -0,0 +1,110 @@
+#    Copyright 2016 Mirantis, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import os
+
+import pytest
+import yaml
+
+from tcp_tests import logger
+from tcp_tests.helpers import ext
+from tcp_tests import settings
+from tcp_tests.managers import sl_manager
+from tcp_tests.helpers import utils
+
+LOG = logger.logger
+
+
+@pytest.fixture(scope='function')
+def sl_actions(config, underlay, salt_deployed):
+    """Fixture that provides various actions for K8S
+
+    :param config: fixture provides oslo.config
+    :param underlay: fixture provides underlay manager
+    :rtype: SLManager
+
+    For use in tests or fixtures to deploy a custom K8S
+    """
+    return sl_manager.SLManager(config, underlay, salt_deployed)
+
+
+@pytest.mark.revert_snapshot(ext.SNAPSHOT.sl_deployed)
+@pytest.fixture(scope='function')
+def sl_deployed(revert_snapshot, request, config,
+                       hardware, underlay, common_services_deployed,
+                       sl_actions):
+    """Fixture to get or install SL services on environment
+
+    :param revert_snapshot: fixture that reverts snapshot that is specified
+                            in test with @pytest.mark.revert_snapshot(<name>)
+    :param request: fixture provides pytest data
+    :param config: fixture provides oslo.config
+    :param hardware: fixture provides enviromnet manager
+    :param underlay: fixture provides underlay manager
+    :param tcp_actions: fixture provides SLManager instance
+    :rtype: SLManager
+    """
+    # Create Salt cluster
+    if not config.stack_light.sl_installed:
+        steps_path = config.sl_deploy.sl_steps_path
+        commands = underlay.read_template(steps_path)
+        sl_actions.install(commands)
+        hardware.create_snapshot(ext.SNAPSHOT.sl_deployed)
+
+    else:
+        # 1. hardware environment created and powered on
+        # 2. config.underlay.ssh contains SSH access to provisioned nodes
+        #    (can be passed from external config with TESTS_CONFIGS variable)
+        # 3. config.tcp.* options contain access credentials to the already
+        #    installed TCP API endpoint
+        pass
+
+    return sl_actions
+
+
+@pytest.mark.revert_snapshot(ext.SNAPSHOT.sl_deployed)
+@pytest.fixture(scope='function')
+def deploy_sl(revert_snapshot, request, config,
+              hardware, underlay, common_services_deployed,
+              sl_actions):
+    """Fixture to get or install OpenStack services on environment
+
+    :param revert_snapshot: fixture that reverts snapshot that is specified
+                            in test with @pytest.mark.revert_snapshot(<name>)
+    :param request: fixture provides pytest data
+    :param config: fixture provides oslo.config
+    :param hardware: fixture provides enviromnet manager
+    :param underlay: fixture provides underlay manager
+    :param tcp_actions: fixture provides OpenstackManager instance
+    :rtype: SLManager
+
+    If you want to revert 'sl_deployed' snapshot, please use mark:
+    @pytest.mark.revert_snapshot("sl_deployed")
+    """
+    # Create Salt cluster
+    if not config.stack_light.sl_installed:
+        steps_path = config.sl_deploy.sl_steps_path
+        commands = utils.read_template(steps_path)
+        sl_actions.install(commands)
+        hardware.create_snapshot(ext.SNAPSHOT.sl_deployed)
+
+    else:
+        # 1. hardware environment created and powered on
+        # 2. config.underlay.ssh contains SSH access to provisioned nodes
+        #    (can be passed from external config with TESTS_CONFIGS variable)
+        # 3. config.tcp.* options contain access credentials to the already
+        #    installed TCP API endpoint
+        pass
+
+    return sl_actions
diff --git a/tcp_tests/managers/sl_manager.py b/tcp_tests/managers/sl_manager.py
new file mode 100644
index 0000000..41259a3
--- /dev/null
+++ b/tcp_tests/managers/sl_manager.py
@@ -0,0 +1,34 @@
+#    Copyright 2016 Mirantis, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tcp_tests.managers.execute_commands import ExecuteCommandsMixin
+
+
+class SLManager(ExecuteCommandsMixin):
+    """docstring for OpenstackManager"""
+
+    __config = None
+    __underlay = None
+
+    def __init__(self, config, underlay, salt):
+        self.__config = config
+        self.__underlay = underlay
+        self._salt = salt
+        super(SLManager, self).__init__(
+            config=config, underlay=underlay)
+
+    def install(self, commands):
+        self.execute_commands(commands,
+                              label='Install SL services')
+        self.__config.common_services.common_services_installed = True
diff --git a/tcp_tests/settings_oslo.py b/tcp_tests/settings_oslo.py
index f51f8ce..cec2081 100644
--- a/tcp_tests/settings_oslo.py
+++ b/tcp_tests/settings_oslo.py
@@ -40,6 +40,9 @@
 _default_opencontrail_prepare_tests_steps_path = pkg_resources.resource_filename(
     __name__, 'templates/{0}/opencontrail.yaml'.format(
         settings.LAB_CONFIG_NAME))
+_default_sl_prepare_tests_steps_path = pkg_resources.resource_filename(
+    __name__, 'templates/{0}/sl.yaml'.format(
+        settings.LAB_CONFIG_NAME))
 
 
 hardware_opts = [
@@ -134,6 +137,17 @@
            default=_default_opencontrail_prepare_tests_steps_path),
 ]
 
+sl_deploy_opts = [
+    ct.Cfg('sl_steps_path', ct.String(),
+           help="Path to YAML with steps to deploy sl",
+           default=_default_sl_prepare_tests_steps_path),
+]
+sl_opts = [
+    ct.Cfg('sl_installed', ct.Boolean(),
+           help="", default=False),
+]
+
+
 _group_opts = [
     ('hardware', hardware_opts),
     ('underlay', underlay_opts),
@@ -144,6 +158,8 @@
     ('openstack_deploy', openstack_deploy_opts),
     ('openstack', openstack_opts),
     ('opencontrail', opencontrail_opts),
+    ('stack_light', sl_opts),
+    ('sl_deploy', sl_deploy_opts),
 ]
 
 
@@ -188,6 +204,15 @@
     config.register_group(cfg.OptGroup(name='opencontrail',
                           title="Options for Juniper contrail-tests", help=""))
     config.register_opts(group='opencontrail', opts=opencontrail_opts)
+    config.register_group(cfg.OptGroup(name='stack_light',
+                                       title="StackLight config and credentials", help=""))
+    config.register_opts(group='stack_light', opts=openstack_opts)
+    config.register_group(
+        cfg.OptGroup(name='sl_deploy',
+                 title="SL deploy config and credentials",
+                 help=""))
+    config.register_opts(group='sl_deploy', opts=sl_deploy_opts)
+
     return config
 
 
diff --git a/tcp_tests/templates/virtual-mcp-ocata-ovs/salt.yaml b/tcp_tests/templates/virtual-mcp-ocata-ovs/salt.yaml
index c370134..868a2e8 100644
--- a/tcp_tests/templates/virtual-mcp-ocata-ovs/salt.yaml
+++ b/tcp_tests/templates/virtual-mcp-ocata-ovs/salt.yaml
@@ -140,7 +140,7 @@
     wget -O - "${FORMULA_GPG}" | apt-key add -;
     apt-get clean; apt-get update;
     [ ! -d /srv/salt/reclass/classes/service ] && mkdir -p /srv/salt/reclass/classes/service;
-    declare -a formula_services=("linux" "reclass" "salt" "openssh" "ntp" "git" "nginx" "collectd" "sensu" "heka" "sphinx" "keystone" "mysql" "grafana" "haproxy" "rsyslog" "horizon");
+    declare -a formula_services=("linux" "reclass" "salt" "openssh" "ntp" "git" "nginx" "collectd" "sensu" "heka" "sphinx" "keystone" "mysql" "grafana" "haproxy" "rsyslog" "horizon" "prometheus" "telegraf");
     echo -e "\nInstalling all required salt formulas\n";
     eatmydata apt-get install -y "${formula_services[@]/#/salt-formula-}";
     for formula_service in "${formula_services[@]}"; do
diff --git a/tcp_tests/templates/virtual-mcp11-k8s-calico/common-services.yaml b/tcp_tests/templates/virtual-mcp11-k8s-calico/common-services.yaml
index e9d3b71..5ad38d6 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-calico/common-services.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-calico/common-services.yaml
@@ -1,4 +1,4 @@
-{% from 'virtual-mcp11-k8s-calico/map.jinja' import HOSTNAME_CFG01 with context %}
+{% from 'virtual-mcp11-k8s-calico/underlay.yaml' import HOSTNAME_CFG01 with context %}
 
 # Install support services
 - description: Create and distribute SSL certificates for services using salt state
@@ -14,14 +14,6 @@
   retry: {count: 1, delay: 10}
   skip_fail: true
 
-- description: Check the VIP
-  cmd: salt --hard-crash --state-output=mixed --state-verbose=False
-    -C 'I@keepalived:cluster' cmd.run 'ip a | grep 172.16.10.2' | grep -B1 172.16.10.2
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 1, delay: 5}
-  skip_fail: false
-
-
 - description: Install haproxy
   cmd: salt --hard-crash --state-output=mixed --state-verbose=False
     -C 'I@haproxy:proxy' state.sls haproxy
diff --git a/tcp_tests/templates/virtual-mcp11-k8s-calico/map.jinja b/tcp_tests/templates/virtual-mcp11-k8s-calico/map.jinja
deleted file mode 100644
index 8776f86..0000000
--- a/tcp_tests/templates/virtual-mcp11-k8s-calico/map.jinja
+++ /dev/null
@@ -1,2 +0,0 @@
-{% set DOMAIN_NAME = os_env('LAB_CONFIG_NAME', 'virtual-mcp11-k8s-calico.local') + '.local' %}
-{% set HOSTNAME_CFG01 = os_env('HOSTNAME_CFG01', 'cfg01.' + DOMAIN_NAME) %}
diff --git a/tcp_tests/templates/virtual-mcp11-k8s-calico/openstack.yaml b/tcp_tests/templates/virtual-mcp11-k8s-calico/openstack.yaml
index bfe2775..21c99b3 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-calico/openstack.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-calico/openstack.yaml
@@ -1,9 +1,9 @@
-{% from 'virtual-mcp11-k8s-calico/map.jinja' import HOSTNAME_CFG01 with context %}
+{% from 'virtual-mcp11-k8s-calico/underlay.yaml' import HOSTNAME_CFG01 with context %}
 
 # Install OpenStack control services
 
 - description: Run tests
-  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'ctl01*' cmd.run "docker run --rm --net=host -e API_SERVER='http://127.0.0.1:8080' docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.6.1-1_1491395924598 >> e2e.output"
+  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'ctl01*' cmd.run "docker run --rm --net=host -e API_SERVER='http://127.0.0.1:8080' docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.6.2-2_1493800192393 >> e2e.output"
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 1, delay: 5}
   skip_fail: false
diff --git a/tcp_tests/templates/virtual-mcp11-k8s-calico/salt.yaml b/tcp_tests/templates/virtual-mcp11-k8s-calico/salt.yaml
index 2c00949..eadc4c1 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-calico/salt.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-calico/salt.yaml
@@ -1,41 +1,28 @@
-{% from 'virtual-mcp11-k8s-calico/map.jinja' import HOSTNAME_CFG01 with context %}
+{% from 'virtual-mcp11-k8s-calico/underlay.yaml' import HOSTNAME_CFG01 with context %}
+{% from 'virtual-mcp11-k8s-calico/underlay.yaml' import REPOSITORY_SUITE with context %}
+
+{% set SALT_MODELS_REPOSITORY = os_env('SALT_MODELS_REPOSITORY','https://gerrit.mcp.mirantis.net/salt-models/mcp-virtual-lab') %}
+{% set SALT_MODELS_COMMIT = os_env('SALT_MODELS_COMMIT','master') %}
+
+# Address pools for reclass cluster model are taken in the following order:
+# 1. environment variables,
+# 2. config.underlay.address_pools based on fuel-devops address pools
+#    (see generated '.ini' file after underlay is created),
+# 3. defaults
+{% set address_pools = config.underlay.address_pools %}
+{% set IPV4_NET_ADMIN = os_env('IPV4_NET_ADMIN', address_pools.get('admin-pool01', '172.16.10.0/24')) %}
+{% set IPV4_NET_CONTROL = os_env('IPV4_NET_CONTROL', address_pools.get('private-pool01', '192.168.10.0/24')) %}
+
+{% set IPV4_NET_ADMIN_PREFIX = '.'.join(IPV4_NET_ADMIN.split('.')[0:3]) %}
+{% set IPV4_NET_CONTROL_PREFIX = '.'.join(IPV4_NET_CONTROL.split('.')[0:3]) %}
 
 # Install salt to the config node
-
-
-- description: Configure repository on the cfg01 node
-  cmd:
-    echo "172.18.248.114    jenkins.mcp.mirantis.net  gerrit.mcp.mirantis.net" >> /etc/hosts;
-    echo "185.135.196.10    apt-mk.mirantis.com" >> /etc/hosts;
-    echo "nameserver 172.18.208.44" >> /etc/resolv.conf;
-    echo "nameserver 8.8.8.8" >> /etc/resolv.conf;
-    which wget >/dev/null || (apt-get update; apt-get install -y wget);
-    echo "deb [arch=amd64] http://apt-mk.mirantis.com/xenial nightly salt extra" > /etc/apt/sources.list.d/mcp_salt.list;
-    wget -O - http://apt-mk.mirantis.com/public.gpg | apt-key add -;
-    echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main" > /etc/apt/sources.list.d/saltstack.list;
-    wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | apt-key add -;
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 1, delay: 1}
-  skip_fail: false
-
-- description: Update packages on cfg01
-  cmd: apt-get clean; apt-get update
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 1, delay: 1}
-  skip_fail: false
-
 - description: Installing salt master on cfg01
   cmd:  apt-get install -y reclass git; apt-get install -y salt-master
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 1, delay: 1}
   skip_fail: false
 
-- description: Install common packages on cfg01
-  cmd: apt-get install -y python-pip wget curl tmux byobu iputils-ping traceroute htop tree
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 1, delay: 1}
-  skip_fail: false
-
 - description: Configure salt-master on cfg01
   cmd: |
     cat << 'EOF' >> /etc/salt/master.d/master.conf
@@ -70,30 +57,56 @@
   retry: {count: 1, delay: 1}
   skip_fail: false
 
-
 - description: Clone reclass models with submodules
   cmd: |
     ssh-keyscan -H github.com >> ~/.ssh/known_hosts;
-    git clone --recursive https://gerrit.mcp.mirantis.net/salt-models/mcp-virtual-lab /srv/salt/reclass;
-    git clone -b $reclass_branch --recurse-submodules https://gerrit.mcp.mirantis.net/salt-models/mcp-virtual-lab /srv/salt/reclass
+    git clone -b {{ SALT_MODELS_COMMIT }} --recurse-submodules {{ SALT_MODELS_REPOSITORY }} /srv/salt/reclass;
+
     mkdir -p /srv/salt/reclass/classes/service;
+
+    # Replace firstly to an intermediate value to avoid intersection between
+    # already replaced and replacing networks.
+    # For example, if generated IPV4_NET_ADMIN_PREFIX=10.16.0 , then there is a risk of replacing twice:
+    # 192.168.10 -> 10.16.0 (generated network for admin)
+    # 10.16.0 -> <external network>
+    # So let's replace constant networks to the keywords, and then keywords to the desired networks.
+    find /srv/salt/reclass/ -type f -exec sed -i 's/192\.168\.10\./==IPV4_NET_ADMIN_PREFIX==/g' {} +
+    find /srv/salt/reclass/ -type f -exec sed -i 's/172\.16\.10\./==IPV4_NET_CONTROL_PREFIX==/g' {} +
+
+    find /srv/salt/reclass/ -type f -exec sed -i 's/==IPV4_NET_ADMIN_PREFIX==/{{ IPV4_NET_ADMIN_PREFIX }}./g' {} +
+    find /srv/salt/reclass/ -type f -exec sed -i 's/==IPV4_NET_CONTROL_PREFIX==/{{ IPV4_NET_CONTROL_PREFIX }}./g' {} +
+
+    find /srv/salt/reclass/ -type f -exec sed -i 's/apt_mk_version:.*/apt_mk_version: {{ REPOSITORY_SUITE }}/g' {} +
+
+    # Disable checkouting the model from remote repository
+    cat << 'EOF' >> /srv/salt/reclass/nodes/{{ HOSTNAME_CFG01 }}.yml
+    # local storage
+      reclass:
+        storage:
+          data_source:
+            engine: local
+    EOF
+
+    # Show the changes to the console
+    cd /srv/salt/reclass/; git diff
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 1, delay: 1}
   skip_fail: false
 
+
 - description: Configure reclass
   cmd: |
     FORMULA_PATH=${FORMULA_PATH:-/usr/share/salt-formulas};
-    FORMULA_REPOSITORY=${FORMULA_REPOSITORY:-deb [arch=amd64] http://apt-mk.mirantis.com/xenial nightly salt extra};
+    FORMULA_REPOSITORY=${FORMULA_REPOSITORY:-deb [arch=amd64] http://apt-mk.mirantis.com/xenial {{ REPOSITORY_SUITE }} salt};
     FORMULA_GPG=${FORMULA_GPG:-http://apt-mk.mirantis.com/public.gpg};
     which wget > /dev/null || (apt-get update; apt-get install -y wget);
     echo "${FORMULA_REPOSITORY}" > /etc/apt/sources.list.d/mcp_salt.list;
     wget -O - "${FORMULA_GPG}" | apt-key add -;
     apt-get clean; apt-get update;
     [ ! -d /srv/salt/reclass/classes/service ] && mkdir -p /srv/salt/reclass/classes/service;
-    declare -a formula_services=("linux" "reclass" "salt" "openssh" "ntp" "git" "nginx" "collectd" "sensu" "heka" "sphinx" "keystone" "mysql" "grafana" "haproxy" "rsyslog" "horizon" "telegraf" "prometheus");
+    declare -a formula_services=("linux" "reclass" "salt" "openssh" "ntp" "git" "nginx" "collectd" "sensu" "heka" "sphinx" "keystone" "mysql" "grafana" "haproxy" "rsyslog" "horizon" "prometheus" "telegraf");
     echo -e "\nInstalling all required salt formulas\n";
-    apt-get install -y "${formula_services[@]/#/salt-formula-}";
+    eatmydata apt-get install -y "${formula_services[@]/#/salt-formula-}";
     for formula_service in "${formula_services[@]}"; do
       echo -e "\nLink service metadata for formula ${formula_service} ...\n";
       [ ! -L "/srv/salt/reclass/classes/service/${formula_service}" ] && ln -s ${FORMULA_PATH}/reclass/service/${formula_service} /srv/salt/reclass/classes/service/${formula_service};
@@ -112,17 +125,35 @@
   retry: {count: 1, delay: 1}
   skip_fail: false
 
-- description: Configure salt-minion on cfg01
+- description: Restart salt-master service
+  cmd: |
+     systemctl restart salt-master;
+  node_name: {{ HOSTNAME_CFG01 }}
+  retry: {count: 1, delay: 5}
+  skip_fail: false
+
+{% for ssh in config.underlay.ssh %}
+- description: Configure salt-minion on {{ ssh['node_name'] }}
   cmd: |
     [ ! -d /etc/salt/minion.d ] && mkdir -p /etc/salt/minion.d;
     cat << "EOF" >> /etc/salt/minion.d/minion.conf
-    id: {{ HOSTNAME_CFG01 }}
-    master: 127.0.0.1
+    id: {{ ssh['node_name'] }}
+    master: {{ config.salt.salt_master_host }}
     EOF
-    apt-get install -y salt-minion;
-  node_name: {{ HOSTNAME_CFG01 }}
+    eatmydata apt-get install -y salt-minion;
+    echo "Check for system info and metadata availability ...";
+    salt-call --no-color grains.items;
+    salt-call --no-color pillar.items;
+  node_name: {{ ssh['node_name'] }}
   retry: {count: 1, delay: 1}
   skip_fail: false
+{% endfor %}
+
+- description: Accept salt keys from all the nodes
+  cmd: salt-key -A -y
+  node_name: {{ HOSTNAME_CFG01 }}
+  retry: {count: 1, delay: 5}
+  skip_fail: true
 
 - description: Configure salt adoptors on cfg01
   cmd: |
@@ -132,17 +163,6 @@
   retry: {count: 1, delay: 1}
   skip_fail: false
 
-- description: Restart services
-  cmd: |
-     systemctl restart salt-master;
-     systemctl restart salt-minion;
-     echo "Showing system info and metadata ...";
-     salt-call --no-color grains.items;
-     salt-call --no-color pillar.data;
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 1, delay: 5}
-  skip_fail: false
-
 # Prepare salt services and nodes settings
 - description: Run 'linux' formula on cfg01
   cmd: salt --hard-crash --state-output=mixed --state-verbose=False
@@ -168,28 +188,20 @@
   retry: {count: 1, delay: 1}
   skip_fail: false
 
-- description: Run 'reclass' formula on cfg01
-  cmd: timeout 120 salt --hard-crash --state-output=mixed --state-verbose=False
-    -C 'I@salt:master' reclass;
-    salt-call --no-color state.sls salt.master;
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 1, delay: 5}
-  skip_fail: true
-
-
-- description: Run 'salt' formula on cfg01
+- description: Run 'salt.master' formula on cfg01
   cmd: timeout 120 salt --hard-crash --state-output=mixed --state-verbose=False
     -C 'I@salt:master' state.sls salt.master.service;
-    salt-call --no-color state.sls salt.master,salt.api,salt.minion.ca;
-    systemctl restart salt-minion;
   node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 1, delay: 5}
-  skip_fail: true
+  retry: {count: 2, delay: 5}
+  skip_fail: false
 
-- description: Accept salt keys from all the nodes
-  cmd: salt-key -A -y
+- description: Run 'salt' formula on cfg01 with workaround proposed in PROD-10894
+  cmd: salt --hard-crash --state-output=mixed --state-verbose=False
+    -C 'I@salt:master' state.sls salt;
+    salt --hard-crash --state-output=mixed --state-verbose=False
+    -C 'I@salt:master' saltutil.sync_all
   node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 1, delay: 5}
+  retry: {count: 5, delay: 5}
   skip_fail: false
 
 - description: Generate inventory for all the nodes to the /srv/salt/reclass/nodes/_generated
@@ -212,71 +224,38 @@
   skip_fail: false
 
 - description: Show  reclass-salt --top
-  cmd: reclass-salt --top; salt-call --no-color state.sls salt.minion.cert -l info;
+  cmd: reclass-salt --top
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 1, delay: 5}
   skip_fail: false
 
+- description: Execute salt.minion.cert
+  cmd: salt-call --no-color state.sls salt.minion.cert -l info;
+  node_name: {{ HOSTNAME_CFG01 }}
+  retry: {count: 1, delay: 5}
+  skip_fail: false
 
 # Bootstrap all nodes
 
-- description: Configure linux on controllers
-  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'ctl*' state.sls
-    linux
+- description: Configure linux on other nodes
+  cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
+    cfg01*' state.sls linux
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 1, delay: 5}
   skip_fail: false
 
-- description: Configure linux on cmp
-  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'cmp*' state.sls
-    linux
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 3, delay: 20}
-  skip_fail: false
-
-- description: Configure linux on mon
-  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'mon*' state.sls
-    linux
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 3, delay: 20}
-  skip_fail: false
-
-- description: Configure linux on prx
-  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'prx*' state.sls
-    linux
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 3, delay: 20}
-  skip_fail: false
-
 - description: Configure openssh on all nodes
   cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
-    cfg*' state.sls openssh;salt --hard-crash --state-output=mixed --state-verbose=False
+    cfg01*' state.sls openssh;salt --hard-crash --state-output=mixed --state-verbose=False
     -C '* and not cfg*' cmd.run "sed -i 's/PasswordAuthentication no/PasswordAuthentication
     yes/' /etc/ssh/sshd_config && service ssh restart"
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 1, delay: 5}
   skip_fail: false
 
-- description: Configure salt.minion on ctl
-  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'ctl*' state.sls salt.minion
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 3, delay: 5}
-  skip_fail: false
-
-- description: Configure salt.minion on cmp
-  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'cmp*' state.sls salt.minion
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 3, delay: 5}
-  skip_fail: false
-
-- description: Configure salt.minion on mon
-  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'mon*' state.sls salt.minion
-  node_name: {{ HOSTNAME_CFG01 }}
-  retry: {count: 3, delay: 5}
-  skip_fail: false
-
-- description: Configure salt.minion on prx
-  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'prx*' state.sls salt.minion
+- description: Configure salt.minion on other nodes
+  cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
+    cfg01*' state.sls salt.minion
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 3, delay: 5}
   skip_fail: false
diff --git a/tcp_tests/templates/virtual-mcp11-k8s-calico/sl.yaml b/tcp_tests/templates/virtual-mcp11-k8s-calico/sl.yaml
new file mode 100644
index 0000000..2d0adc5
--- /dev/null
+++ b/tcp_tests/templates/virtual-mcp11-k8s-calico/sl.yaml
@@ -0,0 +1,22 @@
+{% from 'virtual-mcp11-k8s-calico/underlay.yaml' import HOSTNAME_CFG01 with context %}
+
+# Install docker swarm
+- description: Install docker swarm
+  cmd: cd /srv/salt/reclass/scripts; bash docker_swarm_install.sh;
+  node_name: {{ HOSTNAME_CFG01 }}
+  retry: {count: 1, delay: 10}
+  skip_fail: true
+
+# Install slv2 infra
+- description: Install slv2 infra
+  cmd: cd /srv/salt/reclass/scripts; bash stacklight_infra_install.sh;
+  node_name: {{ HOSTNAME_CFG01 }}
+  retry: {count: 1, delay: 10}
+  skip_fail: true
+
+# Install slv2 monitor
+- description: Install slv2 monitor
+  cmd: cd /srv/salt/reclass/scripts; bash stacklight_monitor_install.sh;
+  node_name: {{ HOSTNAME_CFG01 }}
+  retry: {count: 1, delay: 10}
+  skip_fail: true
diff --git a/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data-cfg01.yaml b/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data-cfg01.yaml
index 443e50c..479fd38 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data-cfg01.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data-cfg01.yaml
@@ -41,6 +41,27 @@
    - swapon /swapfile
    - echo "/swapfile   none    swap    defaults    0   0" >> /etc/fstab
 
+   ############## TCP Cloud cfg01 node ##################
+   #- sleep 120
+   - echo "Preparing base OS"
+
+   - echo "172.18.248.114    jenkins.mcp.mirantis.net  gerrit.mcp.mirantis.net" >> /etc/hosts;
+   - echo "185.135.196.10    apt-mk.mirantis.com" >> /etc/hosts;
+   - echo "nameserver 172.18.208.44 >> /etc/resolv.conf;
+   - echo "nameserver 8.8.8.8 >> /etc/resolv.conf;
+   - which wget >/dev/null || (apt-get update; apt-get install -y wget);
+
+   - echo "deb [arch=amd64] http://apt-mk.mirantis.com/xenial {{ REPOSITORY_SUITE }} salt extra" > /etc/apt/sources.list.d/mcp_salt.list;
+   - wget -O - http://apt-mk.mirantis.com/public.gpg | apt-key add -;
+   - echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main" > /etc/apt/sources.list.d/saltstack.list;
+   - wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | apt-key add -;
+
+   - apt-get clean
+   - apt-get update
+
+   # Install common packages
+   - eatmydata apt-get install -y python-pip git curl tmux byobu iputils-ping traceroute htop tree
+
    ########################################################
    # Node is ready, allow SSH access
    - echo "Allow SSH access ..."
diff --git a/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data1604.yaml b/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data1604.yaml
index 1013571..757fb84 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data1604.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data1604.yaml
@@ -43,50 +43,28 @@
    - swapon /swapfile
    - echo "/swapfile   none    swap    defaults   0   0" >> /etc/fstab
 
-   ########################################################
-   # Node is ready, allow SSH access
-   - echo "Allow SSH access ..."
-   - sudo iptables -D INPUT -p tcp --dport 22 -j DROP
-   ########################################################
 
    ############## TCP Cloud cfg01 node ##################
    #- sleep 120
    - echo "Preparing base OS"
    - which wget >/dev/null || (apt-get update; apt-get install -y wget)
-   - echo "deb [arch=amd64] http://apt.tcpcloud.eu/nightly/ xenial main security extra tcp tcp-salt" > /etc/apt/sources.list
-   - wget -O - http://apt.tcpcloud.eu/public.gpg | apt-key add -
-   # saltstack repo is for minions that have the same version in the xenial and trusty (2016.3.3)
-   #- echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list
-   #- wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add -
-   - echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main" > /etc/apt/sources.list.d/saltstack.list
-   - wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | apt-key add -
+
+   - echo "deb [arch=amd64] http://apt-mk.mirantis.com/xenial {{ REPOSITORY_SUITE }} salt extra" > /etc/apt/sources.list.d/mcp_salt.list;
+   - wget -O - http://apt-mk.mirantis.com/public.gpg | apt-key add -;
+   - echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main" > /etc/apt/sources.list.d/saltstack.list;
+   - wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | apt-key add -;
 
    - apt-get clean
-   - apt-get update
-   - apt-get -y upgrade
+   - eatmydata apt-get update && apt-get -y upgrade
 
    # Install common packages
-   - apt-get install -y python-pip git
-   - apt-get install -y curl tmux byobu iputils-ping traceroute htop tree
+   - eatmydata apt-get install -y python-pip git curl tmux byobu iputils-ping traceroute htop tree mc
 
-   - apt-get install -y salt-minion
-
-   # To be configured from inventory/fuel-devops by operator or autotests
-   - 'echo "id: {hostname}" >> /etc/salt/minion'
-   - 'echo "master: 192.168.10.100" >> /etc/salt/minion'
-
-   - echo "Restarting minion service with workarounds..."
-   - rm -f /etc/salt/pki/minion/minion_master.pub
-   - service salt-minion restart
-   - sleep 5
-   - rm -f /etc/salt/pki/minion/minion_master.pub
-   - service salt-minion restart
-
-   #- echo "Showing node metadata..."
-   #- salt-call pillar.data
-
-   #- echo "Running complete state ..."
-   #- salt-call state.sls linux,openssh,salt
+   ########################################################
+   # Node is ready, allow SSH access
+   - echo "Allow SSH access ..."
+   - sudo iptables -D INPUT -p tcp --dport 22 -j DROP
+   ########################################################
 
   write_files:
    - path: /etc/network/interfaces
@@ -95,4 +73,3 @@
           iface ens3 inet dhcp
           auto ens4
           iface ens4 inet dhcp
-
diff --git a/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay.yaml b/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay.yaml
index 822d556..f5e4802 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay.yaml
@@ -1,7 +1,16 @@
+# Set the repository suite, one of the: 'nightly', 'testing', 'stable', or any other required
+{% set REPOSITORY_SUITE = os_env('REPOSITORY_SUITE', 'stable') %}
+
+{% import 'virtual-mcp11-k8s-calico/underlay--meta-data.yaml' as CLOUDINIT_META_DATA with context %}
+{% import 'virtual-mcp11-k8s-calico/underlay--user-data-cfg01.yaml' as CLOUDINIT_USER_DATA_CFG01 with context %}
+{% import 'virtual-mcp11-k8s-calico/underlay--user-data1604.yaml' as CLOUDINIT_USER_DATA_1604 with context %}
+
 ---
 aliases:
-  default_interface_model:
-    - &interface_model !os_env INTERFACE_MODEL, virtio
+ - &interface_model {{ os_env('INTERFACE_MODEL', 'virtio') }}
+ - &cloudinit_meta_data {{ CLOUDINIT_META_DATA }}
+ - &cloudinit_user_data_cfg01 {{ CLOUDINIT_USER_DATA_CFG01 }}
+ - &cloudinit_user_data_1604 {{ CLOUDINIT_USER_DATA_1604 }}
 
 {% set DOMAIN_NAME = os_env('LAB_CONFIG_NAME', 'virtual-mcp11-k8s-calico.local') + '.local' %}
 {% set HOSTNAME_CFG01 = os_env('HOSTNAME_CFG01', 'cfg01.' + DOMAIN_NAME) %}
@@ -17,11 +26,11 @@
 
 template:
   devops_settings:
-    env_name: {{ os_env('ENV_NAME', 'virtual-mcp11-k8s-calico.local') }}
+    env_name: {{ os_env('ENV_NAME', 'virtual-mcp11-k8s-calico_' + REPOSITORY_SUITE + "_" + os_env('BUILD_NUMBER', '')) }}
 
     address_pools:
       admin-pool01:
-        net: 172.16.10.0/24:24
+        net: {{ os_env('ADMIN_ADDRESS_POOL01', '10.70.0.0/16:24') }}
         params:
           ip_reserved:
             gateway: +1
@@ -40,7 +49,7 @@
             dhcp: [+90, -10]
 
       private-pool01:
-        net: 192.168.10.0/24:24
+        net: {{ os_env('PRIVATE_ADDRESS_POOL01', '10.60.0.0/16:24') }}
         params:
           ip_reserved:
             gateway: +1
@@ -86,10 +95,6 @@
               mode: nat
 
         group_volumes:
-         - name: cloudimage1404    # This name is used for 'backing_store' option for node volumes.
-           source_image: !os_env IMAGE_PATH1404  # https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img or
-                                             # http://apt.tcpcloud.eu/images/ubuntu-14-04-x64-201608231134.qcow2
-           format: qcow2
          - name: cloudimage1604    # This name is used for 'backing_store' option for node volumes.
            source_image: !os_env IMAGE_PATH1604  # https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img or
                                              # http://apt.tcpcloud.eu/images/ubuntu-16-04-x64-201608231004.qcow2