commit 5b659d456c3e42ca5abc3c6b17078a98762e1a3f
author Sergii Golovatiuk <sgolovatiuk@mirantis.com> Fri May 26 17:38:06 2017 +0200
committer Tatyanka Leontovich <tleontovich@mirantis.com> Mon May 29 09:53:27 2017 -0400
tree 0d87291edf0f41ee7cc8145d0b356e7dff90b485
parent 655587f8bbfa5d9444e34b63ce690c5d828c4a3f

contrail

[1] https://www.juniper.net/documentation/en_US/vsrx15.1x49-d40/topics/task/configuration/security-vsrx-kvm-bootstrap-config.html

Change-Id: Iec0daea6f82f175b774accbdecf6ed2e62aadefb
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
Reviewed-on: https://review.gerrithub.io/362881
Reviewed-by: Tatyanka Leontovich <tleontovich@mirantis.com>
Tested-by: Tatyanka Leontovich <tleontovich@mirantis.com>

tcp_tests/templates/virtual-mcp11-k8s-calico/salt.yaml

diff --git a/tcp_tests/templates/virtual-mcp11-k8s-calico/salt.yaml b/tcp_tests/templates/virtual-mcp11-k8s-calico/salt.yaml
index 8844851..5f61549 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-calico/salt.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-calico/salt.yaml
@@ -61,7 +61,6 @@
   cmd: |
     ssh-keyscan -H github.com >> ~/.ssh/known_hosts;
     git clone -b {{ SALT_MODELS_COMMIT }} --recurse-submodules {{ SALT_MODELS_REPOSITORY }} /srv/salt/reclass;
-
     mkdir -p /srv/salt/reclass/classes/service;
 
     # Replace firstly to an intermediate value to avoid intersection between
@@ -223,7 +222,7 @@
   retry: {count: 1, delay: 5}
   skip_fail: false
 
-- description: Show  reclass-salt --top
+- description: Show reclass-salt --top
   cmd: reclass-salt --top
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 1, delay: 5}

tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data-cfg01.yaml

diff --git a/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data-cfg01.yaml b/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data-cfg01.yaml
index 479fd38..a11cf13 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data-cfg01.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-calico/underlay--user-data-cfg01.yaml
@@ -56,8 +56,7 @@
    - echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main" > /etc/apt/sources.list.d/saltstack.list;
    - wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | apt-key add -;
 
-   - apt-get clean
-   - apt-get update
+   - eatmydata apt-get clean && apt-get update
 
    # Install common packages
    - eatmydata apt-get install -y python-pip git curl tmux byobu iputils-ping traceroute htop tree

tcp_tests/templates/virtual-mcp11-k8s-contrail/juniper.conf

diff --git a/tcp_tests/templates/virtual-mcp11-k8s-contrail/juniper.conf b/tcp_tests/templates/virtual-mcp11-k8s-contrail/juniper.conf
new file mode 100644
index 0000000..af91728
--- /dev/null
+++ b/tcp_tests/templates/virtual-mcp11-k8s-contrail/juniper.conf
@@ -0,0 +1,110 @@
+## Last commit: 2017-05-18 08:39:52 UTC by root
+version 12.1X46-D20.5;
+system {
+    host-name vsrx1;
+    root-authentication {
+        encrypted-password "$1$gpbfk/Jr$lF2foqHYBd/Sp56dlmkXH1"; ## SECRET-DATA
+    }
+    name-server {
+        8.8.8.8;
+        8.8.4.4;
+    }
+    services {
+        ssh;
+        web-management {
+            http {
+                interface ge-0/0/0.0;
+            }
+        }
+    }
+    syslog {
+        file messages {
+            any any;
+        }
+    }
+    license {
+        autoupdate {
+            url https://ae1.juniper.net/junos/key_retrieval;
+        }
+    }
+    ntp {
+        peer 46.243.48.4;
+        peer 147.251.48.140;
+        peer 46.243.48.88;
+    }
+}
+interfaces {
+    ge-0/0/0 {
+        unit 0 {
+            family inet {
+                address 172.16.10.90/24;
+            }
+        }
+    }
+    ge-0/0/1 {
+        unit 0 {
+            family inet {
+                address 192.168.10.90/24;
+            }
+        }
+    }
+    ge-0/0/2 {
+        unit 0 {
+            family inet {
+                address 10.70.0.90/24;
+            }
+        }
+    }
+}
+routing-options {
+    route-distinguisher-id 172.16.10.90;
+    autonomous-system 64512;
+    dynamic-tunnels {
+        dynamic_overlay_tunnels {
+            source-address 172.16.10.90;
+            gre;
+            destination-networks {
+                172.16.10.0/24;
+            }
+        }
+    }
+}
+protocols {
+    mpls {
+        interface all;
+    }
+    bgp {
+        group Contrail_Controller {
+            type internal;
+            local-address 172.16.10.90;
+            keep all;
+            family inet-vpn {
+                unicast;
+            }
+            allow 172.16.10.0/24;
+        }
+    }
+}
+security {
+    forwarding-options {
+        family {
+            mpls {
+                mode packet-based;
+            }
+        }
+    }
+}
+routing-instances {
+    public {
+        instance-type vrf;
+        interface ge-0/0/1.0;
+        vrf-target target:64512:10000;
+        vrf-table-label;
+        routing-options {
+            static {
+                route 192.168.10.0/24 discard;
+                route 0.0.0.0/0 next-hop 192.168.10.1;
+            }
+        }
+    }
+}

tcp_tests/templates/virtual-mcp11-k8s-contrail/juniper.conf.template

diff --git a/tcp_tests/templates/virtual-mcp11-k8s-contrail/juniper.conf.template b/tcp_tests/templates/virtual-mcp11-k8s-contrail/juniper.conf.template
new file mode 100644
index 0000000..e7eed4a
--- /dev/null
+++ b/tcp_tests/templates/virtual-mcp11-k8s-contrail/juniper.conf.template
@@ -0,0 +1,110 @@
+## Last commit: 2017-05-18 08:39:52 UTC by root
+version 12.1X46-D20.5;
+system {
+    host-name vsrx1;
+    root-authentication {
+        encrypted-password "$1$gpbfk/Jr$lF2foqHYBd/Sp56dlmkXH1"; ## SECRET-DATA
+    }
+    name-server {
+        8.8.8.8;
+        8.8.4.4;
+    }
+    services {
+        ssh;
+        web-management {
+            http {
+                interface ge-0/0/0.0;
+            }
+        }
+    }
+    syslog {
+        file messages {
+            any any;
+        }
+    }
+    license {
+        autoupdate {
+            url https://ae1.juniper.net/junos/key_retrieval;
+        }
+    }
+    ntp {
+        peer 46.243.48.4;
+        peer 147.251.48.140;
+        peer 46.243.48.88;
+    }
+}
+interfaces {
+    ge-0/0/0 {
+        unit 0 {
+            family inet {
+                address {{ private_address }}/24;
+            }
+        }
+    }
+    ge-0/0/1 {
+        unit 0 {
+            family inet {
+                address {{ public_address }}/24;
+            }
+        }
+    }
+    ge-0/0/2 {
+        unit 0 {
+            family inet {
+                address {{ admin_address }};
+            }
+        }
+    }
+}
+routing-options {
+    route-distinguisher-id {{ private_address }};
+    autonomous-system 64512;
+    dynamic-tunnels {
+        dynamic_overlay_tunnels {
+            source-address {{ private_address }};
+            gre;
+            destination-networks {
+                {{ private_network }}/24;
+            }
+        }
+    }
+}
+protocols {
+    mpls {
+        interface all;
+    }
+    bgp {
+        group Contrail_Controller {
+            type internal;
+            local-address 172.16.10.90;
+            keep all;
+            family inet-vpn {
+                unicast;
+            }
+            allow {{ private_network }}/24;
+        }
+    }
+}
+security {
+    forwarding-options {
+        family {
+            mpls {
+                mode packet-based;
+            }
+        }
+    }
+}
+routing-instances {
+    public {
+        instance-type vrf;
+        interface ge-0/0/1.0;
+        vrf-target target:64512:10000;
+        vrf-table-label;
+        routing-options {
+            static {
+                route {{ public_network }} discard;
+                route 0.0.0.0/0 next-hop {{ public_network_gateway }};
+            }
+        }
+    }
+}

tcp_tests/templates/virtual-mcp11-k8s-contrail/salt.yaml

diff --git a/tcp_tests/templates/virtual-mcp11-k8s-contrail/salt.yaml b/tcp_tests/templates/virtual-mcp11-k8s-contrail/salt.yaml
index 535d378..6afed0c 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-contrail/salt.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-contrail/salt.yaml
@@ -1,6 +1,5 @@
 {% from 'virtual-mcp11-k8s-contrail/underlay.yaml' import HOSTNAME_CFG01 with context %}
 {% from 'virtual-mcp11-k8s-contrail/underlay.yaml' import REPOSITORY_SUITE with context %}
-{% from 'virtual-mcp11-k8s-contrail/underlay.yaml' import DOMAIN_NAME with context %}
 
 {% set SALT_MODELS_REPOSITORY = os_env('SALT_MODELS_REPOSITORY','https://gerrit.mcp.mirantis.net/salt-models/mcp-virtual-lab') %}
 {% set SALT_MODELS_COMMIT = os_env('SALT_MODELS_COMMIT','master') %}
@@ -11,8 +10,8 @@
 #    (see generated '.ini' file after underlay is created),
 # 3. defaults
 {% set address_pools = config.underlay.address_pools %}
-{% set IPV4_NET_ADMIN = os_env('IPV4_NET_ADMIN', address_pools.get('admin-pool01', '192.168.10.0/24')) %}
-{% set IPV4_NET_CONTROL = os_env('IPV4_NET_CONTROL', address_pools.get('private-pool01', '172.16.10.0/24')) %}
+{% set IPV4_NET_ADMIN = os_env('IPV4_NET_ADMIN', address_pools.get('admin-pool01', '172.16.10.0/24')) %}
+{% set IPV4_NET_CONTROL = os_env('IPV4_NET_CONTROL', address_pools.get('private-pool01', '192.168.10.0/24')) %}
 
 {% set IPV4_NET_ADMIN_PREFIX = '.'.join(IPV4_NET_ADMIN.split('.')[0:3]) %}
 {% set IPV4_NET_CONTROL_PREFIX = '.'.join(IPV4_NET_CONTROL.split('.')[0:3]) %}
@@ -62,41 +61,7 @@
   cmd: |
     ssh-keyscan -H github.com >> ~/.ssh/known_hosts;
     git clone -b {{ SALT_MODELS_COMMIT }} --recurse-submodules {{ SALT_MODELS_REPOSITORY }} /srv/salt/reclass;
-
     mkdir -p /srv/salt/reclass/classes/service;
-
-    # Replace firstly to an intermediate value to avoid intersection between
-    # already replaced and replacing networks.
-    # For example, if generated IPV4_NET_ADMIN_PREFIX=10.16.0 , then there is a risk of replacing twice:
-    # 192.168.10 -> 10.16.0 (generated network for admin)
-    # 10.16.0 -> <external network>
-    # So let's replace constant networks to the keywords, and then keywords to the desired networks.
-    find /srv/salt/reclass/ -type f -exec sed -i 's/192\.168\.10\./==IPV4_NET_ADMIN_PREFIX==/g' {} +
-    find /srv/salt/reclass/ -type f -exec sed -i 's/172\.16\.10\./==IPV4_NET_CONTROL_PREFIX==/g' {} +
-
-    find /srv/salt/reclass/ -type f -exec sed -i 's/==IPV4_NET_ADMIN_PREFIX==/{{ IPV4_NET_ADMIN_PREFIX }}./g' {} +
-    find /srv/salt/reclass/ -type f -exec sed -i 's/==IPV4_NET_CONTROL_PREFIX==/{{ IPV4_NET_CONTROL_PREFIX }}./g' {} +
-
-    find /srv/salt/reclass/ -type f -exec sed -i 's/apt_mk_version:.*/apt_mk_version: {{ REPOSITORY_SUITE }}/g' {} +
-    # Disable checkouting the model from remote repository
-    cat << 'EOF' >> /srv/salt/reclass/nodes/{{ HOSTNAME_CFG01 }}.yml
-    parameters:
-     _param:
-      linux_system_codename: xenial
-      reclass_data_revision: master
-      linux:
-        system:
-          name: {{ HOSTNAME_CFG01 }}
-          domain: {{ DOMAIN_NAME }}.local
-    # local storage
-      reclass:
-        storage:
-          data_source:
-            engine: local
-    EOF
-
-    # Show the changes to the console
-    cd /srv/salt/reclass/; git diff
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 1, delay: 1}
   skip_fail: false
@@ -230,7 +195,7 @@
   retry: {count: 1, delay: 5}
   skip_fail: false
 
-- description: Show  reclass-salt --top
+- description: Show reclass-salt --top
   cmd: reclass-salt --top
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 1, delay: 5}
@@ -246,11 +211,17 @@
 
 - description: Configure linux on other nodes
   cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
-    cfg01*' state.sls linux
+    cfg01* and not mon*' state.sls linux
   node_name: {{ HOSTNAME_CFG01 }}
   retry: {count: 1, delay: 5}
   skip_fail: false
 
+- description: Configure linux on mon nodes
+  cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C 'mon*' state.sls linux
+  node_name: {{ HOSTNAME_CFG01 }}
+  retry: {count: 2, delay: 5}
+  skip_fail: false
+
 - description: Configure openssh on all nodes
   cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
     cfg01*' state.sls openssh;salt --hard-crash --state-output=mixed --state-verbose=False

tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data-cfg01.yaml

diff --git a/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data-cfg01.yaml b/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data-cfg01.yaml
index 479fd38..b648263 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data-cfg01.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data-cfg01.yaml
@@ -33,6 +33,7 @@
    - sudo ifup ens3
    #- sudo route add default gw {gateway} {interface_name}
    - sudo ifup ens4
+   - sudo ifup ens5
 
    # Create swap
    - fallocate -l 4G /swapfile
@@ -56,8 +57,8 @@
    - echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main" > /etc/apt/sources.list.d/saltstack.list;
    - wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | apt-key add -;
 
-   - apt-get clean
-   - apt-get update
+   - eatmydata apt-get clean
+   - eatmydata apt-get update && eatmydata apt-get -y upgrade
 
    # Install common packages
    - eatmydata apt-get install -y python-pip git curl tmux byobu iputils-ping traceroute htop tree
@@ -75,6 +76,8 @@
           iface ens3 inet dhcp
           auto ens4
           iface ens4 inet dhcp
+          auto ens5
+          iface ens5 inet dhcp
 
    - path: /root/.ssh/id_rsa
      owner: root:root

tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data1404.yaml

diff --git a/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data1404.yaml b/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data1404.yaml
new file mode 100644
index 0000000..61ec4ce
--- /dev/null
+++ b/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data1404.yaml
@@ -0,0 +1,79 @@
+| # All the data below will be stored as a string object
+  #cloud-config, see http://cloudinit.readthedocs.io/en/latest/topics/examples.html
+
+  ssh_pwauth: True
+  users:
+   - name: root
+     sudo: ALL=(ALL) NOPASSWD:ALL
+     shell: /bin/bash
+     ssh_authorized_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGwjUlYn9UsmWmAGSuEA2sICad7WqxgsJR0HKcMbbxi0tn96h4Cq2iGYmzlJ48egLm5R5pxyWnFvL4b/2zb+kKTPCMwRc9nv7xEGosEFNQEoSDd+gYu2CO0dgS2bX/7m2DXmzvhqPjxWQUXXsb0OYAS1r9Es65FE8y4rLaegz8V35xfH45bTCA0W8VSKh264XtGz12hacqsttE/UvyjJTZe+/XV+xJy3WAWxe8J/MuW1VqbqNewTmpTE/LJU8i6pG4msU6+wH99UvsGAOKQOduynUHKWG3VZg5YCjpbbV/t/pfW/vHB3b3jiifQmNhulyiG/CNnSQ5BahtV/7qPsYt vagrant@cfg01
+
+  disable_root: false
+  chpasswd:
+   list: |
+    root:r00tme
+   expire: False
+
+  bootcmd:
+   # Block access to SSH while node is preparing
+   - cloud-init-per once sudo iptables -A INPUT -p tcp --dport 22 -j DROP
+   # Enable root access
+   - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin yes/' /etc/ssh/sshd_config
+   - service sshd restart
+  output:
+    all: '| tee -a /var/log/cloud-init-output.log /dev/tty0'
+
+  runcmd:
+   # Configure dhclient
+   - sudo echo "nameserver {gateway}" >> /etc/resolvconf/resolv.conf.d/base
+   - sudo resolvconf -u
+
+   # Prepare network connection
+   - sudo ifup eth0
+   #- sudo route add default gw {gateway} {interface_name}
+   - sudo ifup eth1
+   - sudo ifup eth2
+
+   # Create swap
+   - fallocate -l 4G /swapfile
+   - chmod 600 /swapfile
+   - mkswap /swapfile
+   - swapon /swapfile
+   - echo "/swapfile   none    swap    defaults    0   0" >> /etc/fstab
+
+   ############## tcp cloud cfg01 node ##################
+   #- sleep 120
+   - echo "Preparing base OS"
+   - which wget >/dev/null || (apt-get update; apt-get install -y wget)
+
+   - echo "deb [arch=amd64] http://apt.tcpcloud.eu/nightly trusty tcp-salt tcp extra main" > /etc/apt/sources.list
+   - wget -O - http://apt.tcpcloud.eu/public.gpg | apt-key add -
+   - echo "deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/2016.3 trusty main" > /etc/apt/sources.list.d/saltstack.list
+   - wget -O - https://repo.saltstack.com/apt/ubuntu/14.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | apt-key add -
+
+   - eatmydata apt-get clean
+   - eatmydata apt-get update && eatmydata apt-get -y upgrade
+
+   # install common packages
+   - eatmydata apt-get install -y python-pip git curl tmux byobu iputils-ping traceroute htop tree mc
+
+   # Workaround for bug https://mirantis.jira.com/browse/PROD-8214
+   - eatmydata apt-get -y install --install-recommends linux-generic-lts-xenial
+   - reboot
+
+   ########################################################
+   # Node is ready, allow SSH access
+   #- echo "Allow SSH access ..."
+   #- sudo iptables -D INPUT -p tcp --dport 22 -j DROP
+   ########################################################
+
+  write_files:
+   - path: /etc/network/interfaces
+     content: |
+          auto eth0
+          iface eth0 inet dhcp
+          auto eth1
+          iface eth1 inet dhcp
+          auto eth2
+          iface eth2 inet dhcp

tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data1604.yaml

diff --git a/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data1604.yaml b/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data1604.yaml
index 757fb84..5afe8c0 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data1604.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay--user-data1604.yaml
@@ -35,6 +35,7 @@
    - sudo ifup ens3
    #- sudo route add default gw {gateway} {interface_name}
    - sudo ifup ens4
+   - sudo ifup ens5
 
    # Create swap
    - fallocate -l 4G /swapfile
@@ -43,7 +44,6 @@
    - swapon /swapfile
    - echo "/swapfile   none    swap    defaults   0   0" >> /etc/fstab
 
-
    ############## TCP Cloud cfg01 node ##################
    #- sleep 120
    - echo "Preparing base OS"
@@ -57,7 +57,7 @@
    - apt-get clean
    - eatmydata apt-get update && apt-get -y upgrade
 
-   # Install common packages
+   # install common packages
    - eatmydata apt-get install -y python-pip git curl tmux byobu iputils-ping traceroute htop tree mc
 
    ########################################################
@@ -73,3 +73,5 @@
           iface ens3 inet dhcp
           auto ens4
           iface ens4 inet dhcp
+          auto ens5
+          iface ens5 inet dhcp

tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay.yaml

diff --git a/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay.yaml b/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay.yaml
index 1325108..541b829 100644
--- a/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay.yaml
+++ b/tcp_tests/templates/virtual-mcp11-k8s-contrail/underlay.yaml
@@ -4,6 +4,7 @@
 {% import 'virtual-mcp11-k8s-contrail/underlay--meta-data.yaml' as CLOUDINIT_META_DATA with context %}
 {% import 'virtual-mcp11-k8s-contrail/underlay--user-data-cfg01.yaml' as CLOUDINIT_USER_DATA_CFG01 with context %}
 {% import 'virtual-mcp11-k8s-contrail/underlay--user-data1604.yaml' as CLOUDINIT_USER_DATA_1604 with context %}
+{% import 'virtual-mcp11-k8s-contrail/underlay--user-data1404.yaml' as CLOUDINIT_USER_DATA_1404 with context %}
 
 ---
 aliases:
@@ -11,6 +12,7 @@
  - &cloudinit_meta_data {{ CLOUDINIT_META_DATA }}
  - &cloudinit_user_data_cfg01 {{ CLOUDINIT_USER_DATA_CFG01 }}
  - &cloudinit_user_data_1604 {{ CLOUDINIT_USER_DATA_1604 }}
+ - &cloudinit_user_data_1404 {{ CLOUDINIT_USER_DATA_1404 }}
 
 {% set DOMAIN_NAME = os_env('LAB_CONFIG_NAME', 'virtual-mcp11-k8s-contrail') + '.local' %}
 {% set HOSTNAME_CFG01 = os_env('HOSTNAME_CFG01', 'cfg01.' + DOMAIN_NAME) %}
@@ -19,6 +21,13 @@
 {% set HOSTNAME_CTL03 = os_env('HOSTNAME_CTL03', 'ctl03.' + DOMAIN_NAME) %}
 {% set HOSTNAME_CMP01 = os_env('HOSTNAME_CMP01', 'cmp01.' + DOMAIN_NAME) %}
 {% set HOSTNAME_CMP02 = os_env('HOSTNAME_CMP02', 'cmp02.' + DOMAIN_NAME) %}
+{% set HOSTNAME_MON01 = os_env('HOSTNAME_MON01', 'mon01.' + DOMAIN_NAME) %}
+{% set HOSTNAME_MON02 = os_env('HOSTNAME_MON02', 'mon02.' + DOMAIN_NAME) %}
+{% set HOSTNAME_MON03 = os_env('HOSTNAME_MON03', 'mon03.' + DOMAIN_NAME) %}
+{% set HOSTNAME_NTW01 = os_env('HOSTNAME_NTW01', 'ntw01.' + DOMAIN_NAME) %}
+{% set HOSTNAME_NTW02 = os_env('HOSTNAME_NTW02', 'ntw02.' + DOMAIN_NAME) %}
+{% set HOSTNAME_NTW03 = os_env('HOSTNAME_NTW03', 'ntw03.' + DOMAIN_NAME) %}
+{% set HOSTNAME_PRX01 = os_env('HOSTNAME_PRX01', 'prx01.' + DOMAIN_NAME) %}
 {% set HOSTNAME_VSRX01 = os_env('HOSTNAME_VSRX01', 'vsrx01' + DOMAIN_NAME) %}
 
 template:
@@ -26,45 +35,75 @@
     env_name: {{ os_env('ENV_NAME', 'virtual-mcp11-k8s-contrail_' + REPOSITORY_SUITE + "_" + os_env('BUILD_NUMBER', '')) }}
 
     address_pools:
-      private-pool01:
-        net: {{ os_env('PRIVATE_ADDRESS_POOL01', '10.60.0.0/16:24') }}
-        params:
-          ip_reserved:
-            gateway: +1
-            l2_network_device: +1
-            default_{{ HOSTNAME_CFG01 }}: +100
-            default_{{ HOSTNAME_CTL01 }}: +107
-            default_{{ HOSTNAME_CTL02 }}: +108
-            default_{{ HOSTNAME_CTL03 }}: +109
-            default_{{ HOSTNAME_CMP01 }}: +105
-            default_{{ HOSTNAME_CMP02 }}: +106
-            default_{{ HOSTNAME_VSRX01 }}: +250
-          ip_ranges:
-            dhcp: [+90, -10]
 
-      admin-pool01:
-        net: {{ os_env('ADMIN_ADDRESS_POOL01', '10.70.0.0/16:24') }}
+      private-pool01:
+        net: {{ os_env('PRIVATE_ADDRESS_POOL01', '172.16.10.0/24:24') }}
         params:
           ip_reserved:
             gateway: +1
             l2_network_device: +1
             default_{{ HOSTNAME_CFG01 }}: +100
-            default_{{ HOSTNAME_CTL01 }}: +107
-            default_{{ HOSTNAME_CTL02 }}: +108
-            default_{{ HOSTNAME_CTL03 }}: +109
+            default_{{ HOSTNAME_CTL01 }}: +101
+            default_{{ HOSTNAME_CTL02 }}: +102
+            default_{{ HOSTNAME_CTL03 }}: +103
             default_{{ HOSTNAME_CMP01 }}: +105
             default_{{ HOSTNAME_CMP02 }}: +106
-            default_{{ HOSTNAME_VSRX01 }}: +250
+            default_{{ HOSTNAME_MON01 }}: +107
+            default_{{ HOSTNAME_MON02 }}: +108
+            default_{{ HOSTNAME_MON03 }}: +109
+            default_{{ HOSTNAME_NTW01 }}: +110
+            default_{{ HOSTNAME_NTW02 }}: +111
+            default_{{ HOSTNAME_NTW03 }}: +112
+            default_{{ HOSTNAME_PRX01 }}: +121
+            default_{{ HOSTNAME_VSRX01 }}: +90
           ip_ranges:
             dhcp: [+90, -10]
 
       public-pool01:
-        net: {{ os_env('PUBLIC_ADDRESS_POOL01', '10.80.0.0/16:24') }}
+        net: {{ os_env('PUBLIC_ADDRESS_POOL01', '192.168.10.0/24:24') }}
         params:
           ip_reserved:
             gateway: +1
             l2_network_device: +1
-            default_{{ HOSTNAME_VSRX01 }}: +250
+            default_{{ HOSTNAME_CFG01 }}: +100
+            default_{{ HOSTNAME_CTL01 }}: +101
+            default_{{ HOSTNAME_CTL02 }}: +102
+            default_{{ HOSTNAME_CTL03 }}: +103
+            default_{{ HOSTNAME_CMP01 }}: +105
+            default_{{ HOSTNAME_CMP02 }}: +106
+            default_{{ HOSTNAME_MON01 }}: +107
+            default_{{ HOSTNAME_MON02 }}: +108
+            default_{{ HOSTNAME_MON03 }}: +109
+            default_{{ HOSTNAME_NTW01 }}: +110
+            default_{{ HOSTNAME_NTW02 }}: +111
+            default_{{ HOSTNAME_NTW03 }}: +112
+            default_{{ HOSTNAME_PRX01 }}: +121
+            default_{{ HOSTNAME_VSRX01 }}: +90
+          ip_ranges:
+            dhcp: [+90, -10]
+
+      admin-pool01:
+        net: {{ os_env('ADMIN_ADDRESS_POOL01', '10.70.0.0/24:24') }}
+        params:
+          ip_reserved:
+            gateway: +1
+            l2_network_device: +1
+            default_{{ HOSTNAME_CFG01 }}: +100
+            default_{{ HOSTNAME_CTL01 }}: +101
+            default_{{ HOSTNAME_CTL02 }}: +102
+            default_{{ HOSTNAME_CTL03 }}: +103
+            default_{{ HOSTNAME_CMP01 }}: +105
+            default_{{ HOSTNAME_CMP02 }}: +106
+            default_{{ HOSTNAME_MON01 }}: +107
+            default_{{ HOSTNAME_MON02 }}: +108
+            default_{{ HOSTNAME_MON03 }}: +109
+            default_{{ HOSTNAME_NTW01 }}: +110
+            default_{{ HOSTNAME_NTW02 }}: +111
+            default_{{ HOSTNAME_NTW03 }}: +112
+            default_{{ HOSTNAME_PRX01 }}: +121
+            default_{{ HOSTNAME_VSRX01 }}: +90
+          ip_ranges:
+            dhcp: [+90, -10]
 
     groups:
       - name: default
@@ -73,35 +112,38 @@
           params:
             connection_string: !os_env CONNECTION_STRING, qemu:///system
             storage_pool_name: !os_env STORAGE_POOL_NAME, default
-            stp: False
+            stp: True
             hpet: False
             enable_acpi: true
             use_host_cpu: !os_env DRIVER_USE_HOST_CPU, true
 
         network_pools:
-          admin: admin-pool01
           private: private-pool01
+          public: public-pool01
+          admin: admin-pool01
 
         l2_network_devices:
           private:
             address_pool: private-pool01
             dhcp: true
 
-          admin:
-            address_pool: admin-pool01
+          public:
+            address_pool: public-pool01
             dhcp: true
             forward:
               mode: nat
 
-          public:
-            address_pool: public-pool01
-            forward:
-              mode: nat
+          admin:
+            address_pool: admin-pool01
+            dhcp: true
 
         group_volumes:
          - name: cloudimage1604    # This name is used for 'backing_store' option for node volumes.
            source_image: !os_env IMAGE_PATH1604  # https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img or
-                                             # http://apt.tcpcloud.eu/images/ubuntu-16-04-x64-201608231004.qcow2
+           format: qcow2
+
+         - name: cloudimage1404
+           source_image: !os_env IMAGE_PATH1404
            format: qcow2
 
          - name: vsrx_image
@@ -134,18 +176,25 @@
 
               interfaces:
                 - label: ens3
-                  l2_network_device: admin
+                  l2_network_device: public
                   interface_model: *interface_model
                 - label: ens4
                   l2_network_device: private
                   interface_model: *interface_model
+                - label: ens5
+                  l2_network_device: admin
+                  interface_model: *interface_model
+
               network_config:
                 ens3:
                   networks:
-                    - admin
+                    - public
                 ens4:
                   networks:
                     - private
+                ens5:
+                  networks:
+                    - admin
 
           - name: {{ HOSTNAME_CTL01 }}
             role: salt_minion
@@ -175,18 +224,24 @@
 
               interfaces: &interfaces
                 - label: ens3
-                  l2_network_device: admin
+                  l2_network_device: public
                   interface_model: *interface_model
                 - label: ens4
                   l2_network_device: private
                   interface_model: *interface_model
+                - label: ens5
+                  l2_network_device: admin
+                  interface_model: *interface_model
               network_config: &network_config
                 ens3:
                   networks:
-                    - admin
+                    - public
                 ens4:
                   networks:
                     - private
+                ens5:
+                  networks:
+                    - admin
 
           - name: {{ HOSTNAME_CTL02 }}
             role: salt_minion
@@ -269,21 +324,8 @@
                   cloudinit_meta_data: !include underlay--meta-data.yaml
                   cloudinit_user_data: !include underlay--user-data1604.yaml
 
-
-              interfaces: &all_interfaces
-                - label: ens3
-                  l2_network_device: admin
-                  interface_model: *interface_model
-                - label: ens4
-                  l2_network_device: private
-                  interface_model: *interface_model
-              network_config: &all_network_config
-                ens3:
-                  networks:
-                    - admin
-                ens4:
-                  networks:
-                    - private
+              interfaces: *interfaces
+              network_config: *network_config
 
           - name: {{ HOSTNAME_CMP02 }}
             role: salt_minion
@@ -308,8 +350,190 @@
                   cloudinit_meta_data: !include underlay--meta-data.yaml
                   cloudinit_user_data: !include underlay--user-data1604.yaml
 
-              interfaces: *all_interfaces
-              network_config: *all_network_config
+              interfaces: *interfaces
+              network_config: *network_config
+
+          - name: {{ HOSTNAME_MON01 }}
+            role: salt_minion
+            params:
+              vcpu: !os_env SLAVE_NODE_CPU, 4
+              memory: !os_env SLAVE_NODE_MEMORY, 1024
+              boot:
+                - hd
+              cloud_init_volume_name: iso
+              cloud_init_iface_up: ens3
+              volumes:
+                - name: system
+                  capacity: !os_env NODE_VOLUME_SIZE, 150
+                  backing_store: cloudimage1604
+                  format: qcow2
+                - name: iso  # Volume with name 'iso' will be used
+                             # for store image with cloud-init metadata.
+                  capacity: 1
+                  format: raw
+                  device: cdrom
+                  bus: ide
+                  cloudinit_meta_data: !include underlay--meta-data.yaml
+                  cloudinit_user_data: !include underlay--user-data1604.yaml
+
+              interfaces: *interfaces
+              network_config: *network_config
+
+          - name: {{ HOSTNAME_MON02 }}
+            role: salt_minion
+            params:
+              vcpu: !os_env SLAVE_NODE_CPU, 4
+              memory: !os_env SLAVE_NODE_MEMORY, 1024
+              boot:
+                - hd
+              cloud_init_volume_name: iso
+              cloud_init_iface_up: ens3
+              volumes:
+                - name: system
+                  capacity: !os_env NODE_VOLUME_SIZE, 150
+                  backing_store: cloudimage1604
+                  format: qcow2
+                - name: iso  # Volume with name 'iso' will be used
+                             # for store image with cloud-init metadata.
+                  capacity: 1
+                  format: raw
+                  device: cdrom
+                  bus: ide
+                  cloudinit_meta_data: !include underlay--meta-data.yaml
+                  cloudinit_user_data: !include underlay--user-data1604.yaml
+
+              interfaces: *interfaces
+              network_config: *network_config
+
+          - name: {{ HOSTNAME_MON03 }}
+            role: salt_minion
+            params:
+              vcpu: !os_env SLAVE_NODE_CPU, 4
+              memory: !os_env SLAVE_NODE_MEMORY, 1024
+              boot:
+                - hd
+              cloud_init_volume_name: iso
+              cloud_init_iface_up: ens3
+              volumes:
+                - name: system
+                  capacity: !os_env NODE_VOLUME_SIZE, 150
+                  backing_store: cloudimage1604
+                  format: qcow2
+                - name: iso  # Volume with name 'iso' will be used
+                             # for store image with cloud-init metadata.
+                  capacity: 1
+                  format: raw
+                  device: cdrom
+                  bus: ide
+                  cloudinit_meta_data: !include underlay--meta-data.yaml
+                  cloudinit_user_data: !include underlay--user-data1604.yaml
+
+              interfaces: *interfaces
+              network_config: *network_config
+
+          - name: {{ HOSTNAME_NTW01 }}
+            role: salt_minion
+            params:
+              vcpu: !os_env SLAVE_NODE_CPU, 4
+              memory: !os_env SLAVE_NODE_MEMORY, 1024
+              boot:
+                - hd
+              cloud_init_volume_name: iso
+              cloud_init_iface_up: ens3
+              volumes:
+                - name: system
+                  capacity: !os_env NODE_VOLUME_SIZE, 150
+                  backing_store: cloudimage1404
+                  format: qcow2
+                - name: iso  # Volume with name 'iso' will be used
+                             # for store image with cloud-init metadata.
+                  capacity: 1
+                  format: raw
+                  device: cdrom
+                  bus: ide
+                  cloudinit_meta_data: !include underlay--meta-data.yaml
+                  cloudinit_user_data: !include underlay--user-data1404.yaml
+
+              interfaces: *interfaces
+              network_config: *network_config
+
+          - name: {{ HOSTNAME_NTW02 }}
+            role: salt_minion
+            params:
+              vcpu: !os_env SLAVE_NODE_CPU, 4
+              memory: !os_env SLAVE_NODE_MEMORY, 1024
+              boot:
+                - hd
+              cloud_init_volume_name: iso
+              cloud_init_iface_up: ens3
+              volumes:
+                - name: system
+                  capacity: !os_env NODE_VOLUME_SIZE, 150
+                  backing_store: cloudimage1404
+                  format: qcow2
+                - name: iso  # Volume with name 'iso' will be used
+                             # for store image with cloud-init metadata.
+                  capacity: 1
+                  format: raw
+                  device: cdrom
+                  bus: ide
+                  cloudinit_meta_data: !include underlay--meta-data.yaml
+                  cloudinit_user_data: !include underlay--user-data1404.yaml
+
+              interfaces: *interfaces
+              network_config: *network_config
+
+          - name: {{ HOSTNAME_NTW03 }}
+            role: salt_minion
+            params:
+              vcpu: !os_env SLAVE_NODE_CPU, 4
+              memory: !os_env SLAVE_NODE_MEMORY, 1024
+              boot:
+                - hd
+              cloud_init_volume_name: iso
+              cloud_init_iface_up: ens3
+              volumes:
+                - name: system
+                  capacity: !os_env NODE_VOLUME_SIZE, 150
+                  backing_store: cloudimage1404
+                  format: qcow2
+                - name: iso  # Volume with name 'iso' will be used
+                             # for store image with cloud-init metadata.
+                  capacity: 1
+                  format: raw
+                  device: cdrom
+                  bus: ide
+                  cloudinit_meta_data: !include underlay--meta-data.yaml
+                  cloudinit_user_data: !include underlay--user-data1404.yaml
+
+              interfaces: *interfaces
+              network_config: *network_config
+
+          - name: {{ HOSTNAME_PRX01 }}
+            role: salt_minion
+            params:
+              vcpu: !os_env SLAVE_NODE_CPU, 4
+              memory: !os_env SLAVE_NODE_MEMORY, 1024
+              boot:
+                - hd
+              cloud_init_volume_name: iso
+              cloud_init_iface_up: ens3
+              volumes:
+                - name: system
+                  capacity: !os_env NODE_VOLUME_SIZE, 150
+                  backing_store: cloudimage1604
+                  format: qcow2
+                - name: iso  # Volume with name 'iso' will be used
+                             # for store image with cloud-init metadata.
+                  capacity: 1
+                  format: raw
+                  device: cdrom
+                  bus: ide
+                  cloudinit_meta_data: !include underlay--meta-data.yaml
+                  cloudinit_user_data: !include underlay--user-data1604.yaml
+
+              interfaces: *interfaces
+              network_config: *network_config
 
           - name: {{ HOSTNAME_VSRX01 }}
             role: vsrx
@@ -323,13 +547,23 @@
                   capacity: !os_env NODE_VOLUME_SIZE, 150
                   backing_store: vsrx_image
                   format: qcow2
+                  #- name: iso
+                  #- capacity: 1
+                  #- format: raw
+                  #- device: cdrom
+                  #- bus: ide
+                  #- cloudinit_user_data: !include juniper.conf
+
               interfaces:
-                - label: eth0
-                  l2_network_device: public
+                - label: ge-0/0/0
+                  l2_network_device: private
                   interface_model: virtio
                   mac_address: 52:54:00:4e:b4:36
-                - label: eth1
-                  l2_network_device: admin
+                - label: ge-0/0/1
+                  l2_network_device: public
                   interface_model: virtio
                   mac_address: 52:54:00:e1:44:9d
-
+                - label: ge-0/0/2
+                  l2_network_device: admin
+                  interface_model: virtio
+                  mac_address: 52:54:00:72:08:77