Merge "Revert "Drop ipmi ip for cz7756""
diff --git a/bm_mcc_mosk/child/kaas_workloads/coredns.yaml b/bm_mcc_mosk/child/kaas_workloads/coredns.yaml
index 5587647..5dfb062 100644
--- a/bm_mcc_mosk/child/kaas_workloads/coredns.yaml
+++ b/bm_mcc_mosk/child/kaas_workloads/coredns.yaml
@@ -42,14 +42,14 @@
         - name: forward
           parameters: . /etc/resolv.conf
         - name: file
-          parameters: /etc/coredns/subdomain.team.sustaining.db subdomain.team.sustaining
+          parameters: /etc/coredns/mnt-bm.mirantis.net.db mnt-bm.mirantis.net
       serviceType: LoadBalancer
       zoneFiles:
-      - filename: subdomain.team.sustaining.db
-        domain: subdomain.team.sustaining
+      - filename: mnt-bm.mirantis.net.db
+        domain: mnt-bm.mirantis.net
         contents: |
-          subdomain.team.sustaining.            IN      SOA     sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
-          subdomain.team.sustaining.            IN      NS      b.iana-servers.net.
-          subdomain.team.sustaining.            IN      NS      a.iana-servers.net.
-          subdomain.team.sustaining.            IN      A       !!!EXT_DNS_IP
-          *.subdomain.team.sustaining.          IN      A       !!!EXT_DNS_IP
\ No newline at end of file
+          mnt-bm.mirantis.net.            IN      SOA     sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
+          mnt-bm.mirantis.net.            IN      NS      b.iana-servers.net.
+          mnt-bm.mirantis.net.            IN      NS      a.iana-servers.net.
+          mnt-bm.mirantis.net.            IN      A       !!!EXT_DNS_IP
+          *.mnt-bm.mirantis.net.          IN      A       !!!EXT_DNS_IP
\ No newline at end of file
diff --git a/bm_mcc_mosk/child/kaas_workloads/osdpl.yaml b/bm_mcc_mosk/child/kaas_workloads/osdpl.yaml
index 168f14e..8f0c149 100644
--- a/bm_mcc_mosk/child/kaas_workloads/osdpl.yaml
+++ b/bm_mcc_mosk/child/kaas_workloads/osdpl.yaml
@@ -8,7 +8,7 @@
   preset: compute
   local_volume_storage_class: openstack-operator-bind-mounts
   persistent_volume_storage_class: kubernetes-ssd
-  public_domain_name: subdomain.team.sustaining
+  public_domain_name: mnt-bm.mirantis.net
   internal_domain_name: cluster.local
   size: tiny
   features:
diff --git a/bm_mcc_mosk/kaas-mgmt/cluster.yaml b/bm_mcc_mosk/kaas-mgmt/cluster.yaml
index 5e39da4..b600fe4 100644
--- a/bm_mcc_mosk/kaas-mgmt/cluster.yaml
+++ b/bm_mcc_mosk/kaas-mgmt/cluster.yaml
@@ -2,28 +2,27 @@
 apiVersion: cluster.k8s.io/v1alpha1
 kind: Cluster
 metadata:
+  name: kaas-mgmt
   labels:
     kaas.mirantis.com/provider: baremetal
-  name: kaas-mgmt
   namespace: default
 spec:
   clusterNetwork:
-    pods:
-      cidrBlocks:
-      - 10.200.0.0/16
     services:
       cidrBlocks:
-      - 10.201.0.0/16
+        - 10.201.0.0/16
+    pods:
+      cidrBlocks:
+        - 10.200.0.0/16
   providerSpec:
     value:
-      kind: BaremetalClusterProviderSpec
-      #release: mke-16-1-0-3-7-5
       apiVersion: baremetal.k8s.io/v1alpha1
-      dedicatedControlPlane: false
-      dedicatedMetallbPools: true
-      loadBalancerHost: ""
+      kind: BaremetalClusterProviderSpec
+      release: %MKE_RELEASE%
       dnsNameservers:
       - 172.18.176.6
+      dedicatedControlPlane: false
+      dedicatedMetallbPools: true
       helmReleases:
       - name: metallb
         values: {}
@@ -37,11 +36,10 @@
           prometheusServer:
             persistentVolumeClaimSize: 16Gi
       kaas:
-        #release: kaas-2-26-0
-        management:
-          enabled: true
+        release: %KAAS_RELEASE%
         regional:
-        - helmReleases:
+        - provider: baremetal
+          helmReleases:
           - name: baremetal-operator
             values: {}
           - name: baremetal-provider
@@ -51,4 +49,5 @@
                 dynamic_bootp: true
           - name: kaas-ipam
             values: {}
-          provider: baremetal
+        management:
+          enabled: true
diff --git a/bm_mcc_mosk/kaas-mgmt/ipam-objects.yaml b/bm_mcc_mosk/kaas-mgmt/ipam-objects.yaml
index 2a88aa8..73234f7 100644
--- a/bm_mcc_mosk/kaas-mgmt/ipam-objects.yaml
+++ b/bm_mcc_mosk/kaas-mgmt/ipam-objects.yaml
@@ -70,23 +70,6 @@
     - 172.16.181.51-172.16.181.100
 
 ---
-apiVersion: ipam.mirantis.com/v1alpha1
-kind: MetalLBConfigTemplate
-metadata:
-  labels:
-    kaas.mirantis.com/provider: baremetal
-    cluster.sigs.k8s.io/cluster-name: kaas-mgmt
-  name: kaas-mgmt-metallb
-  namespace: default
-spec:
-  templates:
-    l2Advertisements: |
-      - name: default
-        spec:
-          ipAddressPools:
-            - default
-            - services-pxe
----
 # L2Template allows you to create advanced host networking
 # configurations for your management cluster. For example,
 # you can create bond interfaces on top of physical interfaces
diff --git a/bm_mcc_mosk/kaas-mgmt/serviceuser.yaml b/bm_mcc_mosk/kaas-mgmt/serviceuser.yaml
new file mode 100644
index 0000000..a709102
--- /dev/null
+++ b/bm_mcc_mosk/kaas-mgmt/serviceuser.yaml
@@ -0,0 +1,10 @@
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: ServiceUserList
+items:
+- apiVersion: kaas.mirantis.com/v1alpha1
+  kind: ServiceUser
+  metadata:
+    name: admin
+  spec:
+    password:
+      value: admin
\ No newline at end of file
diff --git a/bm_mcc_mosk/mcc_seed_2401_userdata.yaml b/bm_mcc_mosk/mcc_seed_2401_userdata.yaml
index 17292d1..503e018 100644
--- a/bm_mcc_mosk/mcc_seed_2401_userdata.yaml
+++ b/bm_mcc_mosk/mcc_seed_2401_userdata.yaml
@@ -106,14 +106,14 @@
     sudo cp /home/ubuntu/.ssh/authorized_keys /home/regional/.ssh/authorized_keys
     sudo chmod 600 /home/regional/.ssh/authorized_keys
     sudo chown -R regional:regional /home/regional
-    apt-get ${APT_OPTS} -y install bridge-utils docker.io ipmitool wget golang-cfssl jq
+    apt-get ${APT_OPTS} -y install bridge-utils docker.io ipmitool wget golang-cfssl jq python3-pip
+    pip install yq virtualenv
+    virtualenv openstack_clients
+    source openstack_clients/bin/activate
+      pip install python-openstackclient python-heatclient
+    deactivate
     usermod -aG docker ubuntu
-    cd /root/
-    wget https://binary.mirantis.com/releases/get_container_cloud.sh
-    chmod 0755 get_container_cloud.sh
-    ./get_container_cloud.sh
-    cp /root/mirantis.lic kaas-bootstrap/
-
+    
     echo "Sending wait_condition signal"
     wait_condition_send "SUCCESS" "Instance is UP and running"
 
@@ -170,57 +170,10 @@
             parameters:
                 forward-delay: 4
                 stp: false
-  - path: /root/do_deploy_mcc_mgmt.sh
-    content: |
-      set -e
-      source /root/env_vars.sh
-      while [ ! -d "${OUT_DIR}" ] ; do sleep 4 ; done
-      [[ "$(sed -n 693p /root/kaas-bootstrap/bootstrap.sh)" -eq "configure" ]] && sed -i "693d" /root/kaas-bootstrap/bootstrap.sh
-      # PROD-44779
-      set +e -o pipefail
-      /root/kaas-bootstrap/bootstrap.sh all 2>&1 | tee deploy_mcc_mgmt_output.log
-      retcode=$?
-      set -e
-      if [[ $retcode -ne 0 ]] ; then
-        grep "Keycloak service is unavailable" deploy_mcc_mgmt_output.log && echo "PRODX-44779 is still there, ignoring" || exit $retcode
-      else
-        echo 'REMOVE PRODX-44779 WORKAROUND'
-      fi
-      export KUBECONFIG=/root/kubeconfig
-      echo r00tme | /root/kaas-bootstrap/container-cloud bootstrap user add --username root --roles global-admin,management-admin,reader,writer,operator --kubeconfig kubeconfig --password-stdin
-  - path: /root/do_deploy_child.sh
-    content: |
-      set -e
-      while [ ! -d /root/bm_mcc_mosk/child/cluster ] ; do echo 'no child templates!' ; sleep 4 ; done
-      export KUBECONFIG=/root/kubeconfig
-      /root/kaas-bootstrap/bin/kubectl apply -f /root/bm_mcc_mosk/child/cluster/project.yaml
-      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml
-      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/cluster.yaml
-      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/baremetalhosts.yaml
-      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/baremetalhostprofiles.yaml
-      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/subnets.yaml
-      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/l2_templates.yaml
-      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/metallbconfig.yaml
-      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/machines.yaml
-      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/kaascephcluster.yaml
-
   - path: /etc/udev/rules.d/60-ssd-scheduler.rules
     content: |
         ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"
 
-  - path: /root/env_vars.sh
-    content: |
-        export KAAS_BM_ENABLED="true"
-        export KAAS_BM_PXE_IP="172.16.180.5"
-        export KAAS_BM_PXE_MASK="23"
-        export KAAS_BM_PXE_BRIDGE="br0"
-        export CLUSTER_NAME=kaas-mgmt
-        export OUT_DIR=/root/bm_mcc_mosk/kaas-mgmt/
-        export KAAS_BOOTSTRAP_INFINITE_TIMEOUT=true
-  - path: /root/get_child_kubeconfig.sh
-    content: |
-        /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/kubeconfig -n mosk get secrets mosk-kubeconfig -o jsonpath='{.data.admin\.conf}' | base64 -d | sed 's/:5443/:443/g' > /root/child.kubeconfig
-        export KUBECONFIG=/root/child.kubeconfig
   - path: /root/mirantis.lic
     content: |
         eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9Cg.eyJleHAiOjE3MzgzOTY4MDAsImlhdCI6MTY3NTMyNDgwMCwic3ViIjoiZGV2fHNpLWRldiIsImxpY2Vuc2UiOnsiZGV2Ijp0cnVlLCJsaW1pdHMiOnsiY2x1c3RlcnMiOjAsIndvcmtlcnNfcGVyX2NsdXN0ZXIiOjB9LCJvcGVuc3RhY2siOnsiY2x1c3RlcnMiOjAsIndvcmtlcnNfcGVyX2NsdXN0ZXIiOjB9fX0K.18naIn5bHkrQJGnqsiv8BHAEhdz_mnMSR2Oz0hAKyhVTdn5Hd7ESJFvPe2agEl7IJf4n6--NPa9zqW0y9zcixnoxB_7xvMntNCaPzfAap8Lm7RSghDJicyJ1xXTj4NNf3ocnbA8rCUNkrSbh2GKFNBqiDMqZTGC7Jozee5HjBzaxFUF0Z0Nr3T0q53DrZmiAhe0P8LtbxFhMICptcMnX-c4mw_hc5TziLZdpR0TUCJk4B0Cit4PABzZWjDCt5gWpy70ZCTTG2xo5dikd-WYBp6f43U5LUroYkhKTHjLMphHnsEDDBu2qaV18ONSuFSQ-Sfg_Mg9ndS_IMTvS9IipsA
diff --git a/bm_mcc_mosk/seed/do_deploy_child.sh b/bm_mcc_mosk/seed/do_deploy_child.sh
new file mode 100755
index 0000000..b446f8c
--- /dev/null
+++ b/bm_mcc_mosk/seed/do_deploy_child.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+set -ex
+while [ ! -d /root/bm_mcc_mosk/child/cluster ] ; do echo 'no child templates!' ; sleep 4 ; done
+export KUBECONFIG=/root/kubeconfig
+/root/kaas-bootstrap/bin/kubectl apply -f /root/bm_mcc_mosk/child/cluster/project.yaml
+sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml
+sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/cluster.yaml
+sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/baremetalhosts.yaml
+sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/baremetalhostprofiles.yaml
+sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/subnets.yaml
+sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/l2_templates.yaml
+sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/metallbconfig.yaml
+sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/machines.yaml
+sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/kaascephcluster.yaml
diff --git a/bm_mcc_mosk/seed/do_deploy_mcc_mgmt.sh b/bm_mcc_mosk/seed/do_deploy_mcc_mgmt.sh
new file mode 100755
index 0000000..960427a
--- /dev/null
+++ b/bm_mcc_mosk/seed/do_deploy_mcc_mgmt.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+set -ex
+source /root/bm_mcc_mosk/seed/env_vars.sh
+
+pushd /root/
+  wget https://binary.mirantis.com/releases/get_container_cloud.sh
+  chmod 0755 get_container_cloud.sh
+  ./get_container_cloud.sh
+  cp /root/mirantis.lic kaas-bootstrap/
+popd
+
+/root/kaas-bootstrap/bootstrap.sh bootstrapv2
+
+KAAS_RELEASE=$(yq .spec.providerSpec.value.kaas.release /root/kaas-bootstrap/templates/bm/cluster.yaml.template)
+MKE_RELEASE=$(yq .spec.providerSpec.value.release /root/kaas-bootstrap/templates/bm/cluster.yaml.template)
+sed -i "s/%MKE_RELEASE%/${MKE_RELEASE}/" /root/bm_mcc_mosk/kaas-mgmt/cluster.yaml
+sed -i "s/%KAAS_RELEASE%/${KAAS_RELEASE}/" /root/bm_mcc_mosk/kaas-mgmt/cluster.yaml
+
+export KUBECONFIG=/root/.kube/kind-config-clusterapi
+pushd /root/bm_mcc_mosk/kaas-mgmt
+ /root/kaas-bootstrap/bin/kubectl apply -f bootstrapregion.yaml && sleep 2
+ /root/kaas-bootstrap/bin/kubectl apply -f serviceuser.yaml && sleep 2
+ /root/kaas-bootstrap/bin/kubectl apply -f cluster.yaml && sleep 2
+ /root/kaas-bootstrap/bin/kubectl apply -f baremetalhostprofiles.yaml && sleep 2
+ /root/kaas-bootstrap/bin/kubectl apply -f ipam-objects.yaml && sleep 2
+ /root/kaas-bootstrap/bin/kubectl apply -f baremetalhosts.yaml && sleep 2
+ /root/kaas-bootstrap/bin/kubectl apply -f metallbconfig.yaml && sleep 2
+ /root/kaas-bootstrap/bin/kubectl apply -f machines.yaml && sleep 2
+popd
+
+set +x
+
+retry=60
+interval=60
+
+counter=0
+while (( counter++ < retry )) ; do
+  sleep $interval
+  avail_count=$(/root/kaas-bootstrap/bin/kubectl get bmh -o go-template='{{- range .items -}} {{.status.provisioning.state}}{{"\n"}} {{- end -}}' | (grep -c available || /bin/true))
+  echo "loop=${counter}, available state=${avail_count}"
+  if (( avail_count == 3 )); then
+    break
+  fi
+done
+if (( counter > retry )) ; then
+  echo "Not all nodes are available after timeout"
+  exit 1
+fi
+
+counter=0
+while (( counter++ < retry )) ; do
+  sleep $interval
+  status=$(/root/kaas-bootstrap/bin/kubectl get bootstrapregions -o go-template='{{(index .items 0).status.ready}}{{"\n"}}')
+  echo "loop=${counter}, status=${status}"
+  if [[ "$status" == "true" ]]; then
+    break
+  fi
+done
+if (( counter > retry )) ; then
+  echo "BootstrapRegion timed out"
+  exit 1
+fi
+
+/root/kaas-bootstrap/container-cloud bootstrap approve all
+
+counter=0
+retry=90
+while (( counter++ < retry )) ; do
+  sleep $interval
+  status=$(/root/kaas-bootstrap/bin/kubectl get cluster kaas-mgmt  -o go-template='{{.status.providerStatus.ready}}{{"\n"}}')
+  echo "loop=${counter}, status=${status}"
+  if [[ "$status" == "true" ]]; then
+    break
+  fi
+done
+if (( counter > retry )) ; then
+  echo "MGMT Cluster deployment timed out"
+  exit 1
+fi
+cd
+set -x
+/root/kaas-bootstrap/container-cloud get cluster-kubeconfig --cluster-name kaas-mgmt --kubeconfig-output /root/kubeconfig
+echo r00tme | /root/kaas-bootstrap/container-cloud bootstrap user add --username root --roles global-admin,management-admin,reader,writer,operator --kubeconfig kubeconfig --password-stdin
+/root/kaas-bootstrap/bin/kind delete cluster -n clusterapi
+unset KUBECONFIG
+
+bash /root/bm_mcc_mosk/utils/update_bash_autocompletion_kaas.sh
\ No newline at end of file
diff --git a/bm_mcc_mosk/seed/env_vars.sh b/bm_mcc_mosk/seed/env_vars.sh
new file mode 100755
index 0000000..6252ad9
--- /dev/null
+++ b/bm_mcc_mosk/seed/env_vars.sh
@@ -0,0 +1,7 @@
+export KAAS_BM_ENABLED="true"
+export KAAS_BM_PXE_IP="172.16.180.5"
+export KAAS_BM_PXE_MASK="23"
+export KAAS_BM_PXE_BRIDGE="br0"
+export CLUSTER_NAME=kaas-mgmt
+export OUT_DIR=/root/bm_mcc_mosk/kaas-mgmt/
+#export KAAS_BOOTSTRAP_INFINITE_TIMEOUT=true
\ No newline at end of file
diff --git a/bm_mcc_mosk/seed/get_child_kubeconfig.sh b/bm_mcc_mosk/seed/get_child_kubeconfig.sh
new file mode 100755
index 0000000..e1c39c1
--- /dev/null
+++ b/bm_mcc_mosk/seed/get_child_kubeconfig.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+/root/kaas-bootstrap/bin/kubectl --kubeconfig /root/kubeconfig -n mosk get secrets mosk-kubeconfig -o jsonpath='{.data.admin\.conf}' | base64 -d | sed 's/:5443/:443/g' > /root/child.kubeconfig
+export KUBECONFIG=/root/child.kubeconfig
\ No newline at end of file
diff --git a/bm_mcc_mosk/seed/get_openstack_credentials.sh b/bm_mcc_mosk/seed/get_openstack_credentials.sh
new file mode 100755
index 0000000..8371ff3
--- /dev/null
+++ b/bm_mcc_mosk/seed/get_openstack_credentials.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+export KUBECONFIG=/root/child.kubeconfig
+mkdir -p /root/.config/openstack
+kubectl -n openstack-external get secrets openstack-identity-credentials -o jsonpath='{.data.clouds\.yaml}' | base64 -d > /root/clouds.yaml
+ln -s /root/clouds.yaml /root/.config/openstack/clouds.yaml
diff --git a/bm_mcc_mosk/seed/setup_dnsmasq.sh b/bm_mcc_mosk/seed/setup_dnsmasq.sh
new file mode 100755
index 0000000..d9f110f
--- /dev/null
+++ b/bm_mcc_mosk/seed/setup_dnsmasq.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+set -ex
+
+if [ "$#" -ne 1 ]; then
+    echo "Usage: $0 COREDNS_IP"
+    exit 1
+fi
+
+export DEBIAN_FRONTEND=noninteractive
+export DEBCONF_NONINTERACTIVE_SEEN=true
+APT_OPTS="-y -o APT::Install-Suggests=0 -o APT::Install-Recommends=0 -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef"
+
+apt ${APT_OPTS} install dnsmasq
+service systemd-resolved stop
+systemctl disable systemd-resolved
+rm /etc/resolv.conf
+cat > /etc/resolv.conf <<EOF
+nameserver 127.0.0.1
+EOF
+LISTEN_ADDR=$(ip a | grep 172 | awk '{print $2}' | awk -F/ '{print $1}' | head -n1)
+grep "${LISTEN_ADDR}" /etc/dnsmasq.conf || echo "listen-address=::1,127.0.0.1,${LISTEN_ADDR}" >> /etc/dnsmasq.conf
+grep "subdomain.team.sustaining" /etc/dnsmasq.conf || echo "server=/*.subdomain.team.sustaining/${1}" >> /etc/dnsmasq.conf
+grep "mnt-bm.mirantis.net" /etc/dnsmasq.conf || echo "server=/*.mnt-bm.mirantis.net/${1}" >> /etc/dnsmasq.conf
+grep "server=172.18.176.6" /etc/dnsmasq.conf || echo "server=172.18.176.6" >> /etc/dnsmasq.conf
+service dnsmasq restart
diff --git a/bm_mcc_mosk/utils/tsl_gen.sh b/bm_mcc_mosk/utils/tsl_gen.sh
index 41af942..acda777 100644
--- a/bm_mcc_mosk/utils/tsl_gen.sh
+++ b/bm_mcc_mosk/utils/tsl_gen.sh
@@ -41,9 +41,9 @@
 
 tee server-csr.json << EOF
 {
-    "CN": "*.subdomain.team.sustaining",
+    "CN": "*.mnt-bm.mirantis.net",
     "hosts":     [
-        "*.subdomain.team.sustaining"
+        "*.mnt-bm.mirantis.net"
     ],
     "key":     {
         "algo": "rsa",
diff --git a/bm_mcc_mosk/utils/update_bash_autocompletion_kaas.sh b/bm_mcc_mosk/utils/update_bash_autocompletion_kaas.sh
new file mode 100755
index 0000000..1e5e23e
--- /dev/null
+++ b/bm_mcc_mosk/utils/update_bash_autocompletion_kaas.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+filepath=/etc/bash_completion.d/kaas
+cat > ${filepath} <<EOF
+PATH=${PATH}:~/kaas-bootstrap/bin
+if [ -f ~/.kube/kind-config-clusterapi ] ; then export KUBECONFIG=~/.kube/kind-config-clusterapi ; fi
+if [ -f ~/kubeconfig ]; then export KUBECONFIG=~/kubeconfig ; fi
+if [ -f ~/bootstrap/dev/kubeconfig ]; then export KUBECONFIG=~/bootstrap/dev/kubeconfig; fi
+if [ -f ~/child.kubeconfig ]; then export KUBECONFIG=~/child.kubeconfig; fi
+if [[ -f ~/clouds.yaml && -f /usr/local/bin/yq ]] ; then
+  export OS_CLOUD=admin
+  OS_USERNAME=$(yq .clouds.admin.auth.username clouds.yaml)
+  OS_PASSWORD=$(yq .clouds.admin.auth.password clouds.yaml)
+  OS_AUTH_URL=$(yq .clouds.admin.auth.auth_url clouds.yaml)
+fi
+
+echo
+echo "KUBECONFIG=${KUBECONFIG}"
+echo "kubectl=$(which kubectl)"
+echo
+echo "OS_USERNAME=${OS_USERNAME}"
+echo "OS_PASSWORD=${OS_PASSWORD}"
+echo
+[[ -f ~/openstack_clients/bin/activate ]] && echo "OpenStack shell clients at 'source ~/openstack_clients/bin/activate'"
+echo
+echo "Horizon at ${OS_AUTH_URL/keystone/horizon}"
+echo
+EOF
diff --git a/bm_mcc_mosk/utils/update_kube_dns_conf.py b/bm_mcc_mosk/utils/update_kube_dns_conf.py
index 3658a21..ec79649 100644
--- a/bm_mcc_mosk/utils/update_kube_dns_conf.py
+++ b/bm_mcc_mosk/utils/update_kube_dns_conf.py
@@ -3,7 +3,7 @@
 
 assert len(sys.argv) > 1
 internal_ip = sys.argv[1]
-domain = "subdomain.team.sustaining"
+domain = "mnt-bm.mirantis.net"
 template = """
 {domain}:53 {{
     errors
diff --git a/jobs/pipelines/mosk/deploy-bm.groovy b/jobs/pipelines/mosk/deploy-bm.groovy
index a2cae19..4b3c23f 100644
--- a/jobs/pipelines/mosk/deploy-bm.groovy
+++ b/jobs/pipelines/mosk/deploy-bm.groovy
@@ -59,8 +59,8 @@
           stage("Bootstrap MCC+child"){
              sh "scp ${ssh_params} ${MAINTENANCE_TEAM_SSH_KEY} root@${seed_ext_ip}:/root/.ssh/id_rsa "
              sh "scp -r ${ssh_params} bm_mcc_mosk root@${seed_ext_ip}: "
-             sh "ssh ${ssh_params} root@${seed_ext_ip} bash do_deploy_mcc_mgmt.sh"
-             sh "ssh ${ssh_params} root@${seed_ext_ip} bash do_deploy_child.sh"
+             sh "ssh ${ssh_params} root@${seed_ext_ip} bash /root/bm_mcc_mosk/seed/do_deploy_mcc_mgmt.sh"
+             sh "ssh ${ssh_params} root@${seed_ext_ip} bash /root/bm_mcc_mosk/seed/do_deploy_child.sh"
              // TODO: unhardcode cluster names
              check_child_cmd = "ssh ${ssh_params} root@${seed_ext_ip} /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/kubeconfig -n mosk get cluster mosk -o jsonpath='{.status.providerStatus.ready}' 2>/dev/null || echo 'ssh error, ignoring'"
              check_kcc_cmd = "ssh ${ssh_params} root@${seed_ext_ip} /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/kubeconfig -n mosk get kcc mosk-ceph -o jsonpath='{.status.shortClusterInfo.state}' 2>/dev/null || echo 'ssh error, ignoring'"
@@ -84,7 +84,7 @@
                } //while
           } //stage MCC
           stage("Prepare and deploy MOSK"){
-            sh "ssh ${ssh_params} root@${seed_ext_ip} '/bin/bash /root/get_child_kubeconfig.sh'"
+            sh "ssh ${ssh_params} root@${seed_ext_ip} '/bin/bash /root/bm_mcc_mosk/seed/get_child_kubeconfig.sh'"
             sh "ssh ${ssh_params} root@${seed_ext_ip} '/bin/bash /root/bm_mcc_mosk/utils/tsl_gen.sh'"
             kubectl_openstack_cmd = "ssh ${ssh_params} root@${seed_ext_ip} /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/child.kubeconfig -n openstack "
             sh "${kubectl_openstack_cmd} apply -f /root/bm_mcc_mosk/child/kaas_workloads/osdpl-ssl-secrets.yaml"
@@ -102,6 +102,7 @@
           stage("Configure DNS server") {
             get_ingress_ip_cmd = "${kubectl_openstack_cmd} get service ingress -o jsonpath='{.status.loadBalancer.ingress[0].ip}'"
             get_dns_internal_ip_cmd = "ssh ${ssh_params} root@${seed_ext_ip} /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/child.kubeconfig -n coredns get service coredns-coredns -o jsonpath='{.spec.clusterIP}'"
+            get_dns_external_ip_cmd = "ssh ${ssh_params} root@${seed_ext_ip} /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/child.kubeconfig -n coredns get service coredns-coredns -o jsonpath='{.status.loadBalancer.ingress[0].ip}'"
             ingress_ip = sh(returnStdout: true, script: get_ingress_ip_cmd).trim()
             sh "ssh ${ssh_params} root@${seed_ext_ip} sed -i 's/!!!EXT_DNS_IP/${ingress_ip}/g' /root/bm_mcc_mosk/child/kaas_workloads/coredns.yaml"
             sh "ssh ${ssh_params} root@${seed_ext_ip} /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/child.kubeconfig apply -f /root/bm_mcc_mosk/child/kaas_workloads/coredns.yaml"
@@ -110,7 +111,9 @@
             sh "ssh ${ssh_params} root@${seed_ext_ip} \"/root/kaas-bootstrap/bin/kubectl --kubeconfig /root/child.kubeconfig -n kube-system get configmap coredns -oyaml > coredns.conf\""
             sh "ssh ${ssh_params} root@${seed_ext_ip} /usr/bin/python3 /root/bm_mcc_mosk/utils/update_kube_dns_conf.py ${dns_internal_ip}"
             sh "ssh ${ssh_params} root@${seed_ext_ip} /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/child.kubeconfig apply -f coredns.patched.conf"
-
+            dns_external_ip = sh(returnStdout: true, script: get_dns_external_ip_cmd).trim()
+            sh "ssh ${ssh_params} root@${seed_ext_ip} bash /root/bm_mcc_mosk/seed/setup_dnsmasq.sh ${dns_external_ip}"
+            sh "ssh ${ssh_params} root@${seed_ext_ip} bash /root/bm_mcc_mosk/seed/get_openstack_credentials.sh"
           } // stage DNS
 
           stage("Get openstack credentials") {
diff --git a/jobs/templates/bm-mcc-mosk-base.yml b/jobs/templates/bm-mcc-mosk-base.yml
index 90b8980..e68aaab 100644
--- a/jobs/templates/bm-mcc-mosk-base.yml
+++ b/jobs/templates/bm-mcc-mosk-base.yml
@@ -1,7 +1,7 @@
 - job-template:
     project-type: pipeline
     description: '{job-description}'
-    concurrent: true
+    concurrent: false
     disabled: false
     name: bm-mcc-mosk-base
     parameters:
@@ -50,7 +50,7 @@
         name: EXTRA_VARS
         trim: 'false'
     - bool:
-        default: true
+        default: false
         description: Run tempest after deploy
         name: RUN_TESTS_AFTER_DEPLOY
     pipeline-scm:
diff --git a/tcp_tests/templates/_heat_environments/fragments/SubnetsWithFloating.yaml b/tcp_tests/templates/_heat_environments/fragments/SubnetsWithFloating.yaml
index f57f8c6..6c2a763 100644
--- a/tcp_tests/templates/_heat_environments/fragments/SubnetsWithFloating.yaml
+++ b/tcp_tests/templates/_heat_environments/fragments/SubnetsWithFloating.yaml
@@ -59,6 +59,21 @@
       #enable_dhcp: { get_param: control_net_dhcp }
       dns_nameservers: [0.0.0.0]
       gateway_ip: null
+      allocation_pools:
+        - start:
+            list_join:
+              - '.'
+              - - str_split: [ '.', { get_param: control_subnet_cidr }, 0 ]
+                - str_split: [ '.', { get_param: control_subnet_cidr }, 1 ]
+                - str_split: [ '.', { get_param: control_subnet_cidr }, 2 ]
+                - '150'
+          end:
+            list_join:
+              - '.'
+              - - str_split: [ '.', { get_param: control_subnet_cidr }, 0 ]
+                - str_split: [ '.', { get_param: control_subnet_cidr }, 1 ]
+                - str_split: [ '.', { get_param: control_subnet_cidr }, 2 ]
+                - '155'
       tags:
       - private-pool01
 
@@ -71,6 +86,21 @@
       #enable_dhcp: { get_param: tenant_net_dhcp }
       dns_nameservers: [0.0.0.0]
       gateway_ip: null
+      allocation_pools:
+        - start:
+            list_join:
+              - '.'
+              - - str_split: [ '.', { get_param: tenant_subnet_cidr }, 0 ]
+                - str_split: [ '.', { get_param: tenant_subnet_cidr }, 1 ]
+                - str_split: [ '.', { get_param: tenant_subnet_cidr }, 2 ]
+                - '150'
+          end:
+            list_join:
+              - '.'
+              - - str_split: [ '.', { get_param: tenant_subnet_cidr }, 0 ]
+                - str_split: [ '.', { get_param: tenant_subnet_cidr }, 1 ]
+                - str_split: [ '.', { get_param: tenant_subnet_cidr }, 2 ]
+                - '155'
       tags:
       - tenant-pool01
 
@@ -98,6 +128,21 @@
       #enable_dhcp: { get_param: external_net_dhcp }
       dns_nameservers: [0.0.0.0]
       gateway_ip: null
+      allocation_pools:
+        - start:
+            list_join:
+              - '.'
+              - - str_split: [ '.', { get_param: external_subnet_cidr }, 0 ]
+                - str_split: [ '.', { get_param: external_subnet_cidr }, 1 ]
+                - str_split: [ '.', { get_param: external_subnet_cidr }, 2 ]
+                - '150'
+          end:
+            list_join:
+              - '.'
+              - - str_split: [ '.', { get_param: external_subnet_cidr }, 0 ]
+                - str_split: [ '.', { get_param: external_subnet_cidr }, 1 ]
+                - str_split: [ '.', { get_param: external_subnet_cidr }, 2 ]
+                - '155'
       tags:
       - external-pool01