diff --git a/.gitreview b/.gitreview
new file mode 100644
index 0000000..443a01c
--- /dev/null
+++ b/.gitreview
@@ -0,0 +1,3 @@
+[gerrit]
+host=gerrit.mcp.mirantis.com
+project=salt-formulas/linux.git
diff --git a/.kitchen.yml b/.kitchen.yml
index eb4ed88..eeaf317 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -32,15 +32,22 @@
   name: inspec
   sudo: true
 
+docker_images:
+  - &xenial-20177 <%=ENV['IMAGE_XENIAL_20177'] || 'docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-2017.7/salt:2018_11_19'%>
+  - &xenial-stable <%=ENV['IMAGE_XENIAL_STABLE'] || 'docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-stable/salt:2018_11_19'%>
+
 platforms:
-  - name: <%=ENV['PLATFORM'] ||  'saltstack-ubuntu-xenial-salt-stable' %>
+  - name: xenial-2017.7
     driver_config:
-      image: <%=ENV['PLATFORM'] || 'docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-stable/salt:2018_11_19'%>
+      image: *xenial-20177
       platform: ubuntu
 
+  - name: xenial-stable
+    driver_config:
+      image: *xenial-stable
+      platform: ubuntu
 
 suites:
-
   - name: network
     provisioner:
       pillars-from-files:
@@ -67,14 +74,6 @@
       pillars-from-files:
         linux.sls: tests/pillar/system.sls
 
-  - name: system_file
-    provisioner:
-      pillars-from-files:
-        linux.sls: tests/pillar/system_file.sls
-      pillars_from_directories:
-        - source: tests/example
-          dest: srv/salt/linux/files/test
-
   - name: duo
     provisioner:
       pillars-from-files:
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index ff8c722..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-language: python
-python:
-- "2.7.13"
-sudo: required
-services:
-  - docker
-
-addons:
-  apt:
-    packages:
-    - apt-transport-https
-
-install:
-  - pip install PyYAML
-  - pip install virtualenv
-  - |
-    if [ ! -e Gemfile ]; then
-       curl -s -o ./Gemfile 'https://gerrit.mcp.mirantis.com/gitweb?p=salt-formulas/salt-formulas-scripts.git;a=blob_plain;f=Gemfile;hb=refs/heads/master'
-    fi
-  - bundle install
-
-env:
-  - PLATFORM=docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-2016.3/salt:2018_11_19 SUITE=network
-  - PLATFORM=docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-2016.3/salt:2018_11_19 SUITE=system
-  - PLATFORM=docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-2017.7/salt:2018_11_19 SUITE=network
-  - PLATFORM=docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-2017.7/salt:2018_11_19 SUITE=system
-  - PLATFORM=docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-stable/salt:2018_11_19 SUITE=network
-  - PLATFORM=docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-stable/salt:2018_11_19 SUITE=system
-  - PLATFORM=docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-stable/salt:2018_11_19 SUITE=duo
-
-before_script:
-  - set -o pipefail
-  - make test | tail
-
-script:
-  - test ! -e .kitchen.yml || bundle exec kitchen converge ${SUITE} || true
-  - test ! -e .kitchen.yml || bundle exec kitchen verify ${SUITE} -t tests/integration
-
-notifications:
-  webhooks:
-    urls:
-      - https://webhooks.gitter.im/e/6123573504759330786b
-    on_success: change  # options: [always|never|change] default: always
-    on_failure: never  # options: [always|never|change] default: always
-    on_start: never     # options: [always|never|change] default: always
-    on_cancel: never    # options: [always|never|change] default: always
-    on_error: never    # options: [always|never|change] default: always
-  email: false
diff --git a/README.rst b/README.rst
index 4efa5e2..f8ad216 100644
--- a/README.rst
+++ b/README.rst
@@ -76,6 +76,50 @@
             home: '/home/elizabeth'
             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
 
+Setting user defaults
+---------------------
+Default parameters that will be used by `useradd` command could be configured
+the following way:
+
+.. code-block:: yaml
+
+  linux:
+    system:
+      ...
+      defaults:
+        user:
+          shell: <SHELL>
+          gid: <GROUP>
+          home: <HOME>
+          inactdays: <INACTIVE>
+          expire: <EXPIRE>
+          skeleton: <SKEL>
+          create_mail_spool: <CREATE_MAIL_SPOOL>
+
+Other parameters that are used when creating user profile could be configured
+as well, acting as global defaults:
+
+.. code-block:: yaml
+
+  linux:
+    system:
+      ...
+      defaults:
+        user:
+          ...
+          maxdays: <PASS_MAX_DAYS>
+          mindays: <PASS_MIN_DAYS>
+          warndays: <PASS_WARN_AGE>
+
+.. note::
+
+  The three options above ('maxdays', 'mindays', 'warndays') could be
+  overriden in linux:system:login_defs using their 'real' names.
+  The reason they could be defined here is that it's quite logical to
+  have these parameters related to configuration of user account
+  behaviour in one place.
+
+
 Configure password expiration parameters
 ----------------------------------------
 The following login.defs parameters can be overridden per-user:
@@ -83,7 +127,6 @@
 * PASS_MAX_DAYS
 * PASS_MIN_DAYS
 * PASS_WARN_DAYS
-* INACTIVE
 
 .. code-block:: yaml
 
@@ -97,8 +140,7 @@
             ...
             maxdays: <PASS_MAX_DAYS>
             mindays: <PASS_MIN_DAYS>
-            warndays: <PASS_WARN_DAYS>
-            inactdays: <INACTIVE>
+            warndays: <PASS_WARN_AGE>
 
 Configure sudo for users and groups under ``/etc/sudoers.d/``.
 This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
@@ -519,6 +561,19 @@
               foo: 1
               bar: 'bar'
 
+Ensure presence of file to be decoded through file.decode module (see:
+https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.decode):
+
+.. code-block:: yaml
+
+    linux:
+      system:
+        file:
+          /tmp/test4.txt:
+            decode: True
+            encoded_data: |
+              dGVzdDQK
+
 Kernel
 ~~~~~~
 
@@ -1829,7 +1884,7 @@
             - node2.domain.com
             - service2.domain.com
 
-Set up ``resolv.conf``, nameservers, domain and search domains:
+Set up ``resolvconf's basic resolver info``, e.g. nameservers, search/domain and options:
 
 .. code-block:: yaml
 
@@ -1837,16 +1892,16 @@
       network:
         resolv:
           dns:
-          - 8.8.4.4
-          - 8.8.8.8
+            - 8.8.4.4
+            - 8.8.8.8
           domain: my.example.com
           search:
-          - my.example.com
-          - example.com
+            - my.example.com
+            - example.com
           options:
-          - ndots: 5
-          - timeout: 2
-          - attempts: 2
+            - ndots:5
+            - timeout:2
+            - attempts:2
 
 Set up custom TX queue length for tap interfaces:
 
@@ -1887,6 +1942,12 @@
           br-prv:
             enabled: true
             type: dpdk_ovs_bridge
+          br-floating:
+            enabled: true
+            type: ovs_bridge
+            name_servers:
+              - 1.1.1.1
+              - 9.9.9.9
 
 **DPDK OVS Bond**
 
diff --git a/_states/aptkey.py b/_states/aptkey.py
new file mode 100644
index 0000000..8d12829
--- /dev/null
+++ b/_states/aptkey.py
@@ -0,0 +1,121 @@
+# -*- coding: utf-8 -*-
+# _state/aptkey.py
+"""
+Manage apt keys
+"""
+from __future__ import absolute_import, print_function, unicode_literals
+
+from base64 import b64encode, b64decode
+from binascii import Error as binasciiError
+
+def __virtual__():
+    """Only load if 'pkg' (aptpkg) module has necessary functions"""
+
+    if not 'pkg.add_repo_key' in __salt__ or not 'pkg.get_repo_keys' in __salt__:
+        return False, "'pkg.add_repo_key' and 'pkg.get_repo_keys' functions are required"
+    return True
+
+def _get_fingerprints(input_text):
+    """Get fingerprint(s) for given text
+
+    :param str input_text: text to get fingerprint(s) from it
+
+    :return:
+        A list of found fingerprint(s)
+    :rtype list:
+
+    """
+    fingerprints = []
+    cmd = 'apt-key adv --with-fingerprint --with-colons --dry-run -'
+    out = __salt__['cmd.run_stdout'](cmd, stdin=input_text, python_shell=False)
+    for line in out.split('\n'):
+        line = line.split(':')
+        if line[0] == 'fpr':
+            fingerprints.append(line[-2])
+    return fingerprints
+
+
+def added(name, key_text=None, key_url=None):
+    """Ensure that given key added to APT's key storage
+
+    :param str name:
+        Just an ID, it does not used at all.
+    :param str key_text:
+        Key to add as a plain text or base64-encoded.
+    :param str key_url:
+        URL from which key should be fetched. Supported URLs: salt://, http://,
+        https:// and file://.
+
+    Examples:
+
+    .. code-block:: yaml
+
+        # Base64 encoded key
+        {% set repo_key = salt['hashutil.base64_b64encode'](repo.key) %}
+        linux_repo_ubuntu_key:
+          aptkey.added:
+            - key_text: {{ repo_key }}
+
+    .. code-block:: yaml
+
+        # Plaintext key
+        linux_repo_ubuntu_key:
+          aptkey.added:
+            - key_text: '{{ repo.key | replace("\n", "\\n") }}'
+
+    .. code-block:: yaml
+
+        linux_repo_ubuntu_key:
+          aptkey.added:
+            - key_url: 'https://example.com/key.asc'
+    """
+    ret = {'name': name,
+           'result': None if __opts__['test'] else True,
+           'changes': {},
+           'comment': ''}
+
+    if not key_text and not key_url:
+        ret['result'] = False,
+        ret['comment'] = 'No key to add provided'
+        return ret
+    if key_text and key_url:
+        ret['result'] = False
+        ret['comment'] = 'Only one of key_text or key_url is permitted'
+        return ret
+
+    # If key_url provided fetch it before proceeding
+    if key_url:
+        # This only supports salt://, http://, https:// and file:// URLs
+        key_text = __salt__['cp.get_url'](key_url, dest=None)
+
+    # Try to apply base64 decoding to key_text, just in case...
+    try:
+        # Decode key_text if it is base64 encoded string
+        decoded_key_text = b64decode(key_text)
+        # the simplest available check that given string was base64 encoded
+        if b64encode(decoded_key_text) == key_text:
+            key_text = decoded_key_text
+    except TypeError, binasciiError: # the first is for py2, the second for py3
+        pass
+
+    # Get apt's keys and their fingerprints
+    apt_keys = __salt__['pkg.get_repo_keys']()
+    apt_fingerprints = [key.get('fingerprint') for _, key in apt_keys.items()]
+
+    key_fingerprints = _get_fingerprints(key_text)
+    # If any of given fingerprints does not present in apt keys
+    # then add all of them
+    if not set(key_fingerprints).issubset(set(apt_fingerprints)):
+        if __opts__['test']:
+            ret['result'] = None
+            ret['changes'] = {'key': key_text}
+            return ret
+
+        success = __salt__['pkg.add_repo_key'](text=key_text)
+        if success:
+            ret['result'] = True
+            ret['changes'] = {'key': key_text}
+        else:
+            ret['result'] = False
+            ret['comment'] = 'Key was not added because of errors'
+    return ret
diff --git a/linux/files/etc_default_useradd.jinja b/linux/files/etc_default_useradd.jinja
new file mode 100644
index 0000000..076cfeb
--- /dev/null
+++ b/linux/files/etc_default_useradd.jinja
@@ -0,0 +1,50 @@
+# This file is managed by Salt, do not edit
+{%- macro define_option(option_name, option_key, default=None) %}
+  {%- set value = defaults.get(option_key, default) %}
+  {%- if value != None %}
+{{ option_name }}={{ value }}
+  {%- endif %}
+{%- endmacro %}
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+# SHELL=/bin/sh
+{{- define_option('SHELL', 'shell', default='/bin/sh') }}
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+{{- define_option('GROUP', 'gid') }}
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+{{- define_option('HOME', 'home') }}
+#
+# The number of days after a password expires until the account
+# is permanently disabled
+# INACTIVE=-1
+{{- define_option('INACTIVE', 'inactdays') }}
+#
+# The default expire date
+# EXPIRE=
+{{- define_option('EXPIRE', 'expire') }}
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+{{- define_option('SKEL', 'skeleton') }}
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+{{- define_option('CREATE_MAIN_SPOOL', 'create_mail_spool')}}
\ No newline at end of file
diff --git a/linux/files/login.defs.jinja b/linux/files/login.defs.jinja
index 572c558..ad4d6d3 100644
--- a/linux/files/login.defs.jinja
+++ b/linux/files/login.defs.jinja
@@ -52,11 +52,30 @@
     'USERDEL_CMD',
     'USERGROUPS_ENAB'
 ] %}
+{#
+  'defaults' could be passed externally, in this case it should be dictionary
+#}
+{%- if defaults is not defined %}
+  {%- set defaults = {} %}
+{%- endif %}
+{#
+  Override values in 'defaults' with those defined in system:login_defs as they
+  are of highest priority.
+#}
 {%- for opt_name in allowed_options %}
   {%- if opt_name in login_defs %}
     {%- set opt_params = login_defs.get(opt_name) %}
     {%- if opt_params.get('enabled', true) %}
-{{ opt_name.ljust(20) }} {{ opt_params.value }}
+      {%- do defaults.update({opt_name: opt_params.value}) %}
     {%- endif %}
   {%- endif %}
 {%- endfor %}
+{#
+  Now we can write merged data to file, keeping order of items as in the list above
+#}
+{%- for opt_name in allowed_options %}
+  {%- set value = defaults.get(opt_name, None) %}
+  {%- if value != None %}
+{{ opt_name.ljust(20) }} {{ value }}
+  {%- endif %}
+{%- endfor %}
diff --git a/linux/files/ovs_bridge b/linux/files/ovs_bridge
index 40acb04..e51b676 100644
--- a/linux/files/ovs_bridge
+++ b/linux/files/ovs_bridge
@@ -1,6 +1,5 @@
 auto {{ bridge_name }}
 iface {{ bridge_name }} inet {{ bridge.get('proto', 'static' if bridge.address is defined else 'manual') }}
-ovs_type {{ bridge.get('ovs_bridge_type', 'OVSBridge') }}
 mtu {{ bridge.get('mtu', '1500') }}
 {%- if bridge.address is defined %}
 address {{ bridge.address }}
@@ -9,9 +8,6 @@
 {%- if bridge.gateway is defined %}
 gateway {{ bridge.gateway }}
 {%- endif %}
-{%- if bridge.ovs_options is defined %}
-ovs_options {{ bridge.ovs_options }}
-{%- endif %}
-{%- if bridge_ports %}
-ovs_ports {{ bridge_ports }}
+{%- if bridge.name_servers is defined %}
+dns-nameservers {{ bridge.name_servers|join(' ') }}
 {%- endif %}
diff --git a/linux/files/ovs_port b/linux/files/ovs_port
index a55b821..20c256c 100644
--- a/linux/files/ovs_port
+++ b/linux/files/ovs_port
@@ -1,6 +1,9 @@
 auto {{ port_name }}
 allow-{{ port.bridge }} {{ port_name }}
 iface {{ port_name }} inet {{ port.get('proto', 'manual') }}
+{%- if '.' in port_name %}
+vlan-raw-device {{ port_name.split('.')[0] }}
+{%- endif %}
 ovs_type {{ port.get('ovs_port_type', 'OVSIntPort') }}
 mtu {{ port.get('mtu', '1500') }}
 ovs_bridge {{ port.bridge }}
diff --git a/linux/files/resolv.conf b/linux/files/resolv.conf
deleted file mode 100644
index 43fb75d..0000000
--- a/linux/files/resolv.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-{%- from "linux/map.jinja" import network with context %}# Dynamic resolv.conf(5) file for glibc resolver(3) generated by salt-minion(1)
-#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
-{% if network.resolv.get('search', False) -%}
-search {{ network.resolv.search|join(' ') }}
-{%- endif %}
-{% if network.resolv.get('domain', False) -%}
-domain {{ network.resolv.domain }}
-{%- endif %}
-{%- for nameserver in network.resolv.dns %}
-nameserver {{ nameserver }}
-{%- endfor %}
-{%- if network.resolv.get('options', False) %}
-{%- for option in network.resolv.options %}
-options {{ option }}
-{%- endfor %}
-{%- endif %}
diff --git a/linux/files/resolvconf_base b/linux/files/resolvconf_base
new file mode 100644
index 0000000..0ecd1a1
--- /dev/null
+++ b/linux/files/resolvconf_base
@@ -0,0 +1,13 @@
+{%- from "linux/map.jinja" import network with context -%}
+{%- if network.resolv.domain is defined %}
+domain {{ network.resolv.domain }}
+{%- endif %}
+{%- if network.resolv.search is defined %}
+search {{ network.resolv.search|join(' ') }}
+{%- endif %}
+{%- for ns in network.resolv.dns|d([]) %}
+nameserver {{ ns }}
+{%- endfor %}
+{%- for opt in network.resolv.options|d([]) %}
+options {{ opt }}
+{%- endfor %}
diff --git a/linux/files/test/file_template.jinja b/linux/files/test/file_template.jinja
new file mode 100644
index 0000000..e9b09f3
--- /dev/null
+++ b/linux/files/test/file_template.jinja
@@ -0,0 +1 @@
+test_file
\ No newline at end of file
diff --git a/linux/map.jinja b/linux/map.jinja
index b24e9ce..a485c76 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -448,10 +448,6 @@
         'failed_auths_threshold': {
             'warn': 5,
         },
-        'netdev_budget_squeeze_rate': 0.1,
-        'packets_dropped_per_cpu_threshold': {
-            'minor': '0',
-            'major': '100'
-        }
+        'netdev_budget_squeeze_rate': 0.1
     },
 }, grain='os_family', merge=salt['pillar.get']('linux:monitoring')) %}
diff --git a/linux/meta/fluentd.yml b/linux/meta/fluentd.yml
index 90fa6d4..1a7d139 100644
--- a/linux/meta/fluentd.yml
+++ b/linux/meta/fluentd.yml
@@ -29,7 +29,16 @@
             label:
               - name: host
                 value: ${Hostname}
+          metric_hdd_errors_exclude:
+            tag: metric.hdd_errors
+            type: grep
+            # Regexp: https://regex101.com/r/ZRMX9j/3
+            exclude:
+              - name: Payload
+                regexp: (virDomainNetFind|libvirt|(At|De)tach(ing)?\ volume)
           metric_hdd_errors_parse:
+            require:
+              - metric_hdd_errors_exclude
             tag: metric.hdd_errors
             type: parser
             key_name: Payload
@@ -137,7 +146,16 @@
     label:
       default_metric:
         filter:
+          metric_hdd_errors_exclude:
+            tag: metric.hdd_errors
+            type: grep
+            # Regexp: https://regex101.com/r/ZRMX9j/3
+            exclude:
+              - name: Payload
+                regexp: (virDomainNetFind|libvirt|(At|De)tach(ing)?\ volume)
           metric_hdd_errors_parse:
+            require:
+              - metric_hdd_errors_exclude
             tag: metric.hdd_errors
             type: parser
             key_name: Payload
diff --git a/linux/meta/prometheus.yml b/linux/meta/prometheus.yml
index f405367..753a587 100644
--- a/linux/meta/prometheus.yml
+++ b/linux/meta/prometheus.yml
@@ -198,28 +198,24 @@
       annotations:
         summary: "{{ threshold }}{%- raw %} failed SSH logins"
         description: "{{ $value }} failed SSH login attempts on the {{ $labels.host }} node during the last 5 minutes."
-    PacketsDroppedByCpuMinor:
-      {%- endraw %}
-      {%- set packets_dropped_minor_threshold = monitoring.packets_dropped_per_cpu_threshold.minor %}
+    PacketsDroppedByCpuWarning:
       if: >-
-        floor(increase(nstat_packet_drop[24h])) > {{ packets_dropped_minor_threshold }}
+        floor(increase(nstat_packet_drop[10m])) > 0
+      labels:
+        severity: warning
+        service: system
+      annotations:
+        summary: "Increased number of CPU dropped packets"
+        description: "The {{ $labels.cpu }} CPU on the {{ $labels.host }} node dropped {{ $value }} packets during the last 10 minutes."
+    PacketsDroppedByCpuMinor:
+      if: >-
+        floor(increase(nstat_packet_drop[10m])) > 100
       labels:
         severity: minor
         service: system
       annotations:
-        summary: "CPU dropped {{ packets_dropped_minor_threshold }}{%- raw %} packets"
-        description: "The {{ $labels.cpu }} CPU on the {{ $labels.host }} node dropped {{ $value }} packets during the last 24 hours."
-    PacketsDroppedByCpuMajor:
-      {%- endraw %}
-      {%- set packets_dropped_major_threshold = monitoring.packets_dropped_per_cpu_threshold.major %}
-      if: >-
-        floor(increase(nstat_packet_drop[24h])) > {{ packets_dropped_major_threshold }}
-      labels:
-        severity: major
-        service: system
-      annotations:
-        summary: "CPU dropped {{ packets_dropped_major_threshold }}{%- raw %} packets"
-        description: "The {{ $labels.cpu }} CPU on the {{ $labels.host }} node dropped {{ $value }} packets during the last 24 hours."
+        summary: "CPU dropped more than 100 packets"
+        description: "The {{ $labels.cpu }} CPU on the {{ $labels.host }} node dropped {{ $value }} packets during the last 10 minutes."
     NetdevBudgetRanOutsWarning:
       {%- endraw %}
       {%- set squeeze_rate_threshold = monitoring.netdev_budget_squeeze_rate %}
diff --git a/linux/network/dhclient.sls b/linux/network/dhclient.sls
index c0b007b..6de2cfd 100644
--- a/linux/network/dhclient.sls
+++ b/linux/network/dhclient.sls
@@ -8,11 +8,4 @@
     - source: salt://linux/files/dhclient.conf
     - template: jinja
 
-{%- elif network.dhclient.enabled is defined and network.dhclient.enabled == False %}
-
-kill_dhcp_client:
-  cmd.run:
-  - name: "pkill dhclient"
-  - onlyif: "pgrep dhclient"
-
 {%- endif %}
diff --git a/linux/network/hostname.sls b/linux/network/hostname.sls
index dd46586..7b9d342 100644
--- a/linux/network/hostname.sls
+++ b/linux/network/hostname.sls
@@ -1,7 +1,7 @@
 {%- from "linux/map.jinja" import network with context %}
 {%- if network.enabled %}
 
-{%- if grains.os_family in ['Arch', 'Debian'] %}
+  {%- if grains.os_family in ['Arch', 'Debian'] %}
 
 linux_hostname_file:
   file.managed:
@@ -14,23 +14,23 @@
   - watch_in:
     - cmd: linux_enforce_hostname
 
-{%- endif %}
+  {%- endif %}
 
-{# Change state to proper one, after releasing patch:
-   https://github.com/saltstack/salt/pull/45748/files/74599bbdfcf99f45d3a31296887097fade31cbf1
+  {%- if grains['saltversioninfo'] >= [2019, 2] %}
 linux_enforce_hostname:
   network.system:
     - enabled: True
     - hostname: {{ network.hostname }}
     - apply_hostname: True
     - retain_settings: True
-#}
+  {%- else %}
 linux_enforce_hostname:
   cmd.run:
   - name: hostname {{ network.hostname }}
   - unless: test "$(hostname)" = "{{ network.hostname }}"
-  {%- if grains.get('noservices') %}
+    {%- if grains.get('noservices') %}
   - onlyif: /bin/false
+    {%- endif %}
   {%- endif %}
 
 {%- endif %}
diff --git a/linux/network/init.sls b/linux/network/init.sls
index 448fbff..0c0f140 100644
--- a/linux/network/init.sls
+++ b/linux/network/init.sls
@@ -6,9 +6,7 @@
 {%- if network.host|length > 0 or network.get('purge_hosts', True) %}
 - linux.network.host
 {%- endif %}
-{%- if network.resolv is defined %}
 - linux.network.resolv
-{%- endif %}
 {%- if network.dpdk is defined %}
 - linux.network.dpdk
 {%- endif %}
diff --git a/linux/network/interface.sls b/linux/network/interface.sls
index 395b938..8934661 100644
--- a/linux/network/interface.sls
+++ b/linux/network/interface.sls
@@ -95,8 +95,6 @@
   openvswitch_bridge.present:
   - name: {{ interface_name }}
 
-{%- set ovs_ports = [] %}
-
 {# add linux network interface into OVS bridge #}
 {%- for int_name, int in network.interface.items() %}
 
@@ -106,12 +104,8 @@
 
 add_int_{{ int_name }}_to_ovs_bridge_{{ interface_name }}:
   cmd.run:
-    - unless: ovs-vsctl show | grep {{ int_name }}
     - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} add-port {{ interface_name }} {{ int_name }}
-{%- endif %}
-
-{%- if int.bridge is defined and interface_name == int.bridge %}
-{%-   do ovs_ports.append(int_name) %}
+    - unless: ovs-vsctl list-ports {{ interface_name }} | grep -qFx {{ int_name }}
 {%- endif %}
 
 {%- endfor %}
@@ -132,7 +126,6 @@
   - defaults:
       bridge: {{ interface|yaml }}
       bridge_name: {{ interface_name }}
-      bridge_ports: {{ " ".join(ovs_ports) }}
   - template: jinja
 
 ovs_bridge_up_{{ interface_name }}:
@@ -334,12 +327,11 @@
   network.system:
   - enabled: {{ interface.enabled }}
   - hostname: {{ network.fqdn }}
-  {%- if interface.gateway is defined %}
   - gateway: {{ interface.gateway }}
   - gatewaydev: {{ interface_name }}
-  {%- endif %}
   - nozeroconf: True
   - nisdomain: {{ system.domain }}
+  - search: {{ system.domain }}
   - require_reboot: True
 
 {%- endif %}
diff --git a/linux/network/resolv.sls b/linux/network/resolv.sls
index caecee3..bac6ebf 100644
--- a/linux/network/resolv.sls
+++ b/linux/network/resolv.sls
@@ -1,18 +1,33 @@
 {%- from "linux/map.jinja" import network with context %}
-{%- if network.enabled %}
 
-/etc/resolv.conf:
-  file.managed:
-  - source: salt://linux/files/resolv.conf
-  - mode: 644
-  - template: jinja
-  - follow_symlinks: false
-  - require:
-    - service: resolvconf_service
+{%- if network.enabled and grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %}
+resolvconf:
+  pkg.installed
 
 resolvconf_service:
-  service.dead:
-    - name: resolvconf
-    - enable: false
+  service.running:
+  - name: resolvconf
+  - enable: true
+  - require:
+    - pkg: resolvconf
 
+ensure_resolvconf_symlink:
+  cmd.run:
+  - name: dpkg-reconfigure -fnoninteractive resolvconf
+  - unless: test -L /etc/resolv.conf
+
+  {%- if network.resolv is defined %}
+/etc/resolvconf/resolv.conf.d/base:
+  file.managed:
+  - source: salt://linux/files/resolvconf_base
+  - mode: 644
+  - template: jinja
+
+run_update_scripts:
+  cmd.run:
+  - name: /sbin/resolvconf -u
+  - onchanges:
+    - file: /etc/resolvconf/resolv.conf.d/base
+
+  {%- endif %}
 {%- endif %}
diff --git a/linux/storage/loopback.sls b/linux/storage/loopback.sls
index 883b02e..9511d0f 100644
--- a/linux/storage/loopback.sls
+++ b/linux/storage/loopback.sls
@@ -30,7 +30,7 @@
   - template: jinja
   - defaults:
     file: {{ loopback.file }}
-    device_name: "/dev/loop{{ loop.index0 }}"
+    device_name: "/dev/{{ device }}"
 
 setup-loopback-{{ device }}:
   service.running:
diff --git a/linux/system/auth.sls b/linux/system/auth.sls
index 690ec04..5cb3798 100644
--- a/linux/system/auth.sls
+++ b/linux/system/auth.sls
@@ -170,6 +170,7 @@
     - pkg: linux_auth_ldap_packages
   - watch_in:
     - service: linux_auth_nslcd_service
+    - service: linux_auth_nscd_service
 
 linux_auth_ldap_packages:
   pkg.installed:
@@ -185,12 +186,18 @@
     - pkg: linux_auth_ldap_packages
   - watch_in:
     - service: linux_auth_nslcd_service
+    - service: linux_auth_nscd_service
 
 linux_auth_nslcd_service:
   service.running:
   - enable: true
   - name: nslcd
 
+linux_auth_nscd_service:
+  service.running:
+  - enable: true
+  - name: nscd
+
     {%- endif %}
   {%- endif %}
 {%- endif %}
diff --git a/linux/system/file.sls b/linux/system/file.sls
index e8a6d52..1ae9906 100644
--- a/linux/system/file.sls
+++ b/linux/system/file.sls
@@ -3,16 +3,44 @@
 
 {%- for file_name, file in system.file.items() %}
 
+  {%- if file.decode is defined %}
+    {%- if file.name is defined %}
+      {%- set dirname = salt['file.dirname'](file.name) %}
+    {%- else %}
+      {%- set dirname = salt['file.dirname'](file_name) %}
+    {%- endif %}
+linux_directory_{{ dirname }}:
+  file.directory:
+    - name: {{ dirname }}
+    - makedirs: {{ file.get('makedirs', 'True') }}
+    - user: {{ file.get('user', 'root') }}
+    - group: {{ file.get('group', 'root') }}
+
 linux_file_{{ file_name }}:
-{%- if file.serialize is defined %}
+  file.decode:
+    {%- if file.name is defined %}
+    - name: {{ file.name }}
+    {%- else %}
+    - name: {{ file_name }}
+    {%- endif %}
+    - encoding_type: base64
+    {%- if file.contents_pillar is defined %}
+    - contents_pillar: {{ file.contents_pillar }}
+    {%- elif file.encoded_data is defined %}
+    - encoded_data: |
+        {{ file.encoded_data | indent(8) }}
+    {%- endif %}
+  {%- else %}
+linux_file_{{ file_name }}:
+    {%- if file.serialize is defined %}
   file.serialize:
     - formatter: {{ file.serialize }}
-  {%- if file.contents is defined  %}
+      {%- if file.contents is defined  %}
     - dataset: {{ file.contents|yaml }}
-  {%- elif file.contents_pillar is defined %}
+      {%- elif file.contents_pillar is defined %}
     - dataset_pillar: {{ file.contents_pillar }}
-  {%- endif %}
-{%- else %}
+      {%- endif %}
+    {%- else %}
   file.managed:
     {%- if file.source is defined %}
     - source: {{ file.source }}
@@ -31,8 +59,7 @@
     {%- elif file.contents_grains is defined %}
     - contents_grains: {{ file.contents_grains }}
     {%- endif %}
-
-{%- endif %}
+  {%- endif %}
     {%- if file.name is defined %}
     - name: {{ file.name }}
     {%- else %}
@@ -50,6 +77,7 @@
     {%- if file.encoding is defined %}
     - encoding: {{ file.encoding }}
     {%- endif %}
+{%- endif %}
 
 {%- endfor %}
 
diff --git a/linux/system/login_defs.sls b/linux/system/login_defs.sls
index f94348a..914e6eb 100644
--- a/linux/system/login_defs.sls
+++ b/linux/system/login_defs.sls
@@ -1,6 +1,16 @@
 {%- from "linux/map.jinja" import system with context %}
 {%- if system.enabled %}
-  {%- if system.login_defs is defined %}
+  {%- set defaults = {} %}
+  {%- set user_defaults = system.get('defaults', {}).get('user', {}) %}
+  {%- for option_name, login_defs_name in [('maxdays', 'PASS_MAX_DAYS'),
+                                           ('mindays', 'PASS_MIN_DAYS'),
+                                           ('warndays', 'PASS_WARN_AGE')] %}
+    {%- set value = user_defaults.get(option_name, None) %}
+    {%- if value != None %}
+      {%- do defaults.update({login_defs_name: value}) %}
+    {%- endif %}
+  {%- endfor %}
+  {%- if system.login_defs is defined or defaults %}
 login_defs:
   file.managed:
     - name: /etc/login.defs
@@ -9,5 +19,7 @@
     - user: root
     - group: root
     - mode: 644
+    - defaults:
+        defaults: {{ defaults|yaml }}
   {%- endif %}
 {%- endif %}
diff --git a/linux/system/repo.sls b/linux/system/repo.sls
index 73bb33d..3322f07 100644
--- a/linux/system/repo.sls
+++ b/linux/system/repo.sls
@@ -80,11 +80,11 @@
     - name: /etc/apt/preferences.d/{{ name }}
       {%- endif %}
 
-      {%- if repo.get('key') %}
+      {%- if repo.get('key') and grains['saltversioninfo'] < [2018, 3] %}
 linux_repo_{{ name }}_key:
         {% set repo_key = salt['hashutil.base64_b64encode'](repo.key) %}
-  cmd.run:
-    - name: "echo '{{ repo_key }}' | base64 -d | apt-key add -"
+    aptkey.added:
+    - key_text: {{ repo_key }}
     - require_in:
         {%- if repo.get('default', False) %}
       - file: default_repo_list
@@ -105,8 +105,8 @@
 #}
       {%- elif repo.key_url|default(False) and grains['saltversioninfo'] < [2017, 7] and not repo.key_url.startswith('salt://') %}
 linux_repo_{{ name }}_key:
-  cmd.run:
-    - name: "curl -sL {{ repo.key_url }} | apt-key add -"
+    aptkey.added:
+    - key_url: {{ repo.key_url }}
     - require_in:
         {%- if repo.get('default', False) %}
       - file: default_repo_list
@@ -144,6 +144,9 @@
             {%- if repo.key_url is defined and (grains['saltversioninfo'] >= [2017, 7] or repo.key_url.startswith('salt://')) %}
   - key_url: {{ repo.key_url }}
             {%- endif %}
+            {%- if repo.key is defined and grains['saltversioninfo'] >= [2018, 3] %}
+  - key_text: '{{ repo.key | replace("\n", "\\n") }}'
+            {%- endif %}
   - consolidate: {{ repo.get('consolidate', False) }}
   - require:
     - file: /etc/apt/apt.conf.d/99proxies-salt-{{ name }}
diff --git a/linux/system/user.sls b/linux/system/user.sls
index 64636f3..ca95c34 100644
--- a/linux/system/user.sls
+++ b/linux/system/user.sls
@@ -4,74 +4,86 @@
 include:
   - linux.system.group
 
-{%- for name, user in system.user.items() %}
-
-{%- if user.enabled %}
-
-{%- set requires = [] %}
-{%- for group in user.get('groups', []) %}
-  {%- if group in system.get('group', {}).keys() %}
-    {%- do requires.append({'group': 'system_group_'+group}) %}
+  {%- set defaults = system.get('defaults', {}).get('user', {}) %}
+  {%- if defaults %}
+etc_default_useradd:
+  file.managed:
+    - name: /etc/default/useradd
+    - source: salt://linux/files/etc_default_useradd.jinja
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 644
+    - defaults:
+        defaults: {{ defaults|yaml }}
   {%- endif %}
-{%- endfor %}
 
-{%- if user.gid is not defined %}
+  {%- for name, user in system.user.items() %}
+    {%- if user.enabled %}
+      {%- set requires = [] %}
+      {%- for group in user.get('groups', []) %}
+        {%- if group in system.get('group', {}).keys() %}
+          {%- do requires.append({'group': 'system_group_'+group}) %}
+        {%- endif %}
+      {%- endfor %}
+
+      {%- if user.gid is not defined %}
 system_group_{{ name }}:
   group.present:
   - name: {{ name }}
   - require_in:
     - user: system_user_{{ name }}
-{%- endif %}
+      {%- endif %}
 
 system_user_{{ name }}:
   user.present:
   - name: {{ name }}
   - home: {{ user.home }}
-  {% if user.get('password') == False %}
+      {% if user.get('password') == False %}
   - enforce_password: false
-  {% elif user.get('password') == None %}
+      {% elif user.get('password') == None %}
   - enforce_password: true
   - password: '*'
-  {% elif user.get('password') %}
+      {% elif user.get('password') %}
   - enforce_password: true
   - password: {{ user.password }}
   - hash_password: {{ user.get('hash_password', False) }}
-  {% endif %}
-  {%- if user.gid is defined and user.gid %}
+      {% endif %}
+      {%- if user.gid is defined and user.gid %}
   - gid: {{ user.gid }}
-  {%- else %}
+      {%- else %}
   - gid_from_name: true
-  {%- endif %}
-  {%- if user.groups is defined %}
+      {%- endif %}
+      {%- if user.groups is defined %}
   - groups: {{ user.groups }}
-  {%- endif %}
-  {%- if user.optional_groups is defined %}
+      {%- endif %}
+      {%- if user.optional_groups is defined %}
   - optional_groups: {{ user.optional_groups }}
-  {%- endif %}
-  {%- if user.system is defined and user.system %}
+      {%- endif %}
+      {%- if user.system is defined and user.system %}
   - system: True
   - shell: {{ user.get('shell', '/bin/false') }}
-  {%- else %}
+      {%- else %}
   - shell: {{ user.get('shell', '/bin/bash') }}
-  {%- endif %}
-  {%- if user.uid is defined and user.uid %}
+      {%- endif %}
+      {%- if user.uid is defined and user.uid %}
   - uid: {{ user.uid }}
-  {%- endif %}
-  {%- if user.unique is defined %}
+      {%- endif %}
+      {%- if user.unique is defined %}
   - unique: {{ user.unique }}
-  {%- endif %}
-  {%- if user.maxdays is defined %}
+      {%- endif %}
+      {%- if user.maxdays is defined %}
   - maxdays: {{ user.maxdays }}
-  {%- endif %}
-  {%- if user.mindays is defined %}
+      {%- endif %}
+      {%- if user.mindays is defined %}
   - mindays: {{ user.mindays }}
-  {%- endif %}
-  {%- if user.warndays is defined %}
+      {%- endif %}
+      {%- if user.warndays is defined %}
   - warndays: {{ user.warndays }}
-  {%- endif %}
-  {%- if user.inactdays is defined %}
+      {%- endif %}
+      {%- if user.inactdays is defined %}
   - inactdays: {{ user.inactdays }}
-  {%- endif %}
+      {%- endif %}
   - require: {{ requires|yaml }}
 
 system_user_home_{{ user.home }}:
@@ -83,7 +95,7 @@
   - require:
     - user: system_user_{{ name }}
 
-{%- if user.get('sudo', False) %}
+      {%- if user.get('sudo', False) %}
 
 /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
   file.managed:
@@ -98,14 +110,13 @@
     - user: system_user_{{ name }}
   - check_cmd: /usr/sbin/visudo -c -f
 
-{%- else %}
+      {%- else %}
 
 /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
   file.absent
 
-{%- endif %}
-
-{%- else %}
+      {%- endif %}
+    {%- else %}
 
 system_user_{{ name }}:
   user.absent:
@@ -118,8 +129,6 @@
 /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
   file.absent
 
-{%- endif %}
-
-{%- endfor %}
-
+    {%- endif %}
+  {%- endfor %}
 {%- endif %}
diff --git a/tests/pillar/system.sls b/tests/pillar/system.sls
index 636d494..d5a953e 100644
--- a/tests/pillar/system.sls
+++ b/tests/pillar/system.sls
@@ -5,6 +5,39 @@
     fqdn: linux.ci.local
   system:
     enabled: true
+    banner:
+      enabled: true
+      contents: |
+        ================= WARNING =================
+        This is tcpcloud network.
+        Unauthorized access is strictly prohibited.
+        ===========================================
+    file:
+      /tmp/sample.txt:
+        source: http://techslides.com/demos/samples/sample.txt
+        source_hash: 5452459724e85b4e12277d5f8aab8fc9
+      sample2.txt:
+        name: /tmp/sample2.txt
+        source: http://techslides.com/demos/samples/sample.txt
+      test2:
+        name: /tmp/test2.txt
+        contents: |
+          line1
+          line2
+        user: root
+        group: root
+        mode: 700
+        dir_mode: 700
+        encoding: utf-8
+        makedirs: true
+      test3:
+        name: /tmp/test3.txt
+        source: salt://linux/files/test/file_template.jinja
+        template: jinja
+      test4:
+        decode: True
+        name: /tmp/test4.txt
+        encoded_data: dGVzdDQK
     apt:
       preferences:
         enabled: true
diff --git a/tests/pillar/system_banner.sls b/tests/pillar/system_banner.sls
deleted file mode 100644
index 87042a7..0000000
--- a/tests/pillar/system_banner.sls
+++ /dev/null
@@ -1,15 +0,0 @@
-linux:
-  network:
-    enabled: true
-    hostname: linux
-    fqdn: linux.ci.local
-  system:
-    enabled: true
-    name: linux
-    banner:
-      enabled: true
-      contents: |
-        ================= WARNING =================
-        This is tcpcloud network.
-        Unauthorized access is strictly prohibited.
-        ===========================================
diff --git a/tests/pillar/system_file.sls b/tests/pillar/system_file.sls
deleted file mode 100644
index 09900af..0000000
--- a/tests/pillar/system_file.sls
+++ /dev/null
@@ -1,32 +0,0 @@
-linux:
-  network:
-    enabled: true
-    hostname: linux
-    fqdn: linux.ci.local
-  system:
-    name: linux
-    enabled: true
-    file:
-      /tmp/sample.txt:
-        source: http://techslides.com/demos/samples/sample.txt
-        source_hash: 5452459724e85b4e12277d5f8aab8fc9
-      sample2.txt:
-        name: /tmp/sample2.txt
-        source: http://techslides.com/demos/samples/sample.txt
-      test2:
-        name: /tmp/test2.txt
-        contents: |
-          line1
-          line2
-        user: root
-        group: root
-        mode: 700
-        dir_mode: 700
-        encoding: utf-8
-        makedirs: true
-      test3:
-        name: /tmp/test3.txt
-        source: salt://linux/files/test/file_template.jinja
-        template: jinja
-test:
-  example: "bar"