diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 1cc95a8..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,91 +0,0 @@
-dist: trusty
-sudo: required
-
-addons:
-  apt:
-    sources:
-    - sourceline: 'deb http://apt-mk.mirantis.com/trusty nightly salt'
-    - key_url: 'http://apt-mk.mirantis.com/public.gpg'
-    packages:
-    - curl
-    - subversion
-    - git
-    - salt-master
-    - salt-minion
-    - reclass
-    - python-pip
-    - tree
-
-
-#git:
-#  submodules: false
-#
-before_install:
-   - sudo pip install cookiecutter
-#  - test ! -e .gitmodules || sed -i 's,https://\([.a-z0-9_-]*\)/\(.*\),git@\1:\2,' .gitmodules
-#  - test ! -e .gitmodules || git submodule update --init --recursive --remote
-
-env:
-  global:
-    - ENV_DOMAIN=ci.local
-  matrix:
-    - CLUSTER_NAME=openstack_mk_contrail
-    - CLUSTER_NAME=openstack_mk_ovs
-    - CLUSTER_NAME=kubernetes_mk
-
-install:
-  - export RECLASS_SYSTEM=file://$PWD
-  - mkdir ../$CLUSTER_NAME; cd ../$CLUSTER_NAME
-  - export RECLASS_REPO_PATH=$PWD
-  - export RECLASS_REPOSITORY=file://$RECLASS_REPO_PATH
-  - git clone git@github.com:Mirantis/mk2x-cookiecutter-reclass-model.git ../cookiecutter_models; cd ../cookiecutter_models
-  - export COOKIECUTTER_BASE=$PWD
-  - export ENV_DOMAIN=ci.local
-  - COOKIECUTTER_JSON=$COOKIECUTTER_BASE/cluster/$CLUSTER_NAME/cookiecutter.json
-  #- export ENV_DOMAIN=${CLUSTER_NAME//_/-}.$ENV_DOMAIN
-  - export MASTER_HOSTNAME=cfg01.$ENV_DOMAIN
-  - cd $RECLASS_REPO_PATH
-  - git init .
-# CI WORKAROUNDS
-  - export FORMULAS_SOURCE=pkg
-  - sed -i "s/deployment_name/$CLUSTER_NAME/g" $COOKIECUTTER_JSON
-  - sed -i "s/deploy-name.local/$ENV_DOMAIN/g" $COOKIECUTTER_JSON
-  - sed -i 's%.*reclass_repository.*%"reclass_repository":"'$RECLASS_REPOSITORY'",%g' $COOKIECUTTER_JSON
-  - cookiecutter $COOKIECUTTER_BASE/cluster/$CLUSTER_NAME --output-dir ./classes/cluster --no-input
-  - git add ./*
-  - git commit -am "Init, add cluster level"
-  - git submodule add $RECLASS_SYSTEM ./classes/system
-  - |
-    mkdir -p nodes;
-    git branch -a
-    tree -lL 3
-    cat <<-EOF > nodes/cfg01.$ENV_DOMAIN.yml
-    classes:
-      - cluster.$CLUSTER_NAME.infra.config
-    parameters:
-      _param:
-        linux_system_codename: trusty
-        reclass_data_revision: master
-      linux:
-        system:
-          name: cfg01
-          domain: $ENV_DOMAIN
-    # #######################
-
-  - git add ./*
-  - git commit -am "Add system level and salt-master node"
-# CI WORKAROUNDS
-  - export RECLASS_BRANCH=master
-  #- sed -ie "s#\(reclass_data_revision.\).*#\1 $RECLASS_BRANCH#" $(find nodes -name ${MASTER_HOSTNAME}.yml|tail -n1)
-  #- git commit -am "Fake branch update" || true
-# PREREQUSITES
-  - sudo mkdir /srv/salt; sudo cp -a $PWD /srv/salt/reclass
-  - sudo svn export --force https://github.com/salt-formulas/salt-formulas/trunk/deploy/scripts /srv/salt/scripts
-
-script:
-  - cd /srv/salt/scripts
-  - sudo ./salt-master-init.sh || exit 1
-
-after_failure:
-  - tree -lL 3 $RECLASS_REPO_PATH
-  - for i in ls -lta "/tmp/*verify*"; do echo -e "\n\n$i:";tail -n20 $i; done
diff --git a/README.rst b/README.rst
index 1f1c8f4..b418f37 100644
--- a/README.rst
+++ b/README.rst
@@ -79,6 +79,45 @@
                 echo 7 > /sys/class/net/eth4/device/sriov_numvfs; sleep 2; ip link set eth4 up
                 exit 0
 
+Grafana
+=======
+
+Configure Grafana client
+------------------------
+
+The grafana.client talks to Grafana server to create datasource(s) and install
+Grafana plugin(s).
+
+User models must first include this class and define corresponding parameters:
+
+- grafana.client
+  - grafana_protocol (default: http)
+  - grafana_address
+  - grafana_port (default: 3000)
+  - grafana_user
+  - grafana_password
+
+Then include datasource(s) and define corresponding parameters:
+
+- grafana.client.datasource.influxdb
+  - grafana_influxdb_address
+  - grafana_influxdb_port
+  - grafana_influxdb_user
+  - grafana_influxdb_password
+  - grafana_influxdb_database
+  - grafana_influxdb_is_default (default true)
+
+- grafana.client.datasource.prometheus
+  - grafana_prometheus_address
+  - grafana_prometheus_port
+  - grafana_prometheus_is_default (default true)
+
+Backwark compatiblity
+---------------------
+
+The class **grafana.client.single** configures grafana client and an InfluxDB
+datasource. This is the legacy of LMA (aka StackLight) integration with Grafana
+and InfluxDB.
 
 Nagios Monitoring
 =================
diff --git a/aodh/server/coordination/redis.yml b/aodh/server/coordination/redis.yml
new file mode 100644
index 0000000..e013e0f
--- /dev/null
+++ b/aodh/server/coordination/redis.yml
@@ -0,0 +1,7 @@
+classes:
+- service.redis.server.single
+parameters:
+  aodh:
+    server:
+      coordination_backend:
+        url:  redis://${_param:single_address}:6379/${_param:cluster_node01_address}
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk.yml b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/init.yml
similarity index 100%
rename from aptly/server/mirror/ubuntu/trusty/mcp/apt_mk.yml
rename to aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/init.yml
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/stable.yml b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/stable.yml
new file mode 100644
index 0000000..227427e
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/stable.yml
@@ -0,0 +1,5 @@
+classes:
+- system.aptly.server.mirror.ubuntu.trusty.mcp.apt_mk
+parameters:
+  _param:
+    apt_mk_version: stable
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/testing.yml b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/testing.yml
new file mode 100644
index 0000000..c81963f
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/testing.yml
@@ -0,0 +1,5 @@
+classes:
+- system.aptly.server.mirror.ubuntu.trusty.mcp.apt_mk
+parameters:
+  _param:
+    apt_mk_version: testing
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/openstack.yml b/aptly/server/mirror/ubuntu/trusty/mcp/openstack.yml
deleted file mode 100644
index 32e3b90..0000000
--- a/aptly/server/mirror/ubuntu/trusty/mcp/openstack.yml
+++ /dev/null
@@ -1,73 +0,0 @@
-parameters:
-  _param:
-    mcp_repo_version: 1.0
-  aptly:
-    server:
-      mirror:
-        mirantis_openstack_trusty:
-          source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty
-          distribution: mitaka
-          components: main restricted
-          architectures: amd64
-          key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty/archive-mcp${_param:mcp_repo_version}.key"
-          gpgkeys:
-            - 1FA22B08
-          publisher:
-            component: main
-            distributions:
-              - ubuntu-trusty/mitaka
-
-        mirantis_openstack_hotfix_trusty:
-          source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty
-          distribution: mitaka-hotfix
-          components: main restricted
-          architectures: amd64
-          key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty/archive-mcp${_param:mcp_repo_version}.key"
-          gpgkeys:
-            - 1FA22B08
-          publisher:
-            component: main
-            distributions:
-              - ubuntu-trusty/mitaka-hotfix
-
-        mirantis_openstack_security_trusty:
-          source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty
-          distribution: mitaka-security
-          components: main restricted
-          architectures: amd64
-          key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty/archive-mcp${_param:mcp_repo_version}.key"
-          gpgkeys:
-            - 1FA22B08
-          publisher:
-            component: main
-            distributions:
-              - ubuntu-trusty/mitaka-security
-
-        # required for alternative horizon plugins/etc..
-        mirantis_openstack_updates_trusty:
-          source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty
-          distribution: mitaka-updates
-          components:  main restricted
-          architectures: amd64
-          key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty/archive-mcp${_param:mcp_repo_version}.key"
-          gpgkeys:
-            - 1FA22B08
-          publisher:
-            component: main
-            distributions:
-              - ubuntu-trusty/mitaka-updates
-
-        # required for salt formulas
-        mirantis_openstack_holdback_trusty:
-          source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty
-          distribution: mitaka-holdback
-          components: main restricted
-          architectures: amd64
-          key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty/archive-mcp${_param:mcp_repo_version}.key"
-          gpgkeys:
-          - 1FA22B08
-          publisher:
-            component: main
-            distributions:
-              - ubuntu-trusty/mitaka-holdback
-
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/openstack_mitaka.yml b/aptly/server/mirror/ubuntu/trusty/mcp/openstack_mitaka.yml
new file mode 100644
index 0000000..d9e54e5
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/trusty/mcp/openstack_mitaka.yml
@@ -0,0 +1,71 @@
+parameters:
+  aptly:
+    server:
+      mirror:
+        mirantis_openstack_mitaka_trusty:
+          source: http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty
+          distribution: mitaka
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty/archive-mcpmitaka.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-trusty/mitaka
+
+        mirantis_openstack_mitaka_hotfix_trusty:
+          source: http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty
+          distribution: mitaka-hotfix
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty/archive-mcpmitaka.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-trusty/mitaka-hotfix
+
+        mirantis_openstack_mitaka_security_trusty:
+          source: http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty
+          distribution: mitaka-security
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty/archive-mcpmitaka.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-trusty/mitaka-security
+
+        # required for alternative horizon plugins/etc..
+        mirantis_openstack_mitaka_updates_trusty:
+          source: http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty
+          distribution: mitaka-updates
+          components:  main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty/archive-mcpmitaka.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-trusty/mitaka-updates
+
+        # required for salt formulas
+        mirantis_openstack_mitaka_holdback_trusty:
+          source: http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty
+          distribution: mitaka-holdback
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty/archive-mcpmitaka.key"
+          gpgkeys:
+          - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-trusty/mitaka-holdback
+
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/openstack.yml b/aptly/server/mirror/ubuntu/xenial/mcp/openstack.yml
deleted file mode 100644
index a23ece8..0000000
--- a/aptly/server/mirror/ubuntu/xenial/mcp/openstack.yml
+++ /dev/null
@@ -1,73 +0,0 @@
-parameters:
-  _param:
-    mcp_repo_version: 1.0
-  aptly:
-    server:
-      mirror:
-        mirantis_openstack_xenial:
-          source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial
-          distribution: mitaka
-          components: main restricted
-          architectures: amd64
-          key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial/archive-mcp${_param:mcp_repo_version}.key"
-          gpgkeys:
-            - 1FA22B08
-          publisher:
-            component: main
-            distributions:
-              - ubuntu-xenial/mitaka
-
-        mirantis_openstack_hotfix_xenial:
-          source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial
-          distribution: mitaka-hotfix
-          components: main restricted
-          architectures: amd64
-          key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial/archive-mcp${_param:mcp_repo_version}.key"
-          gpgkeys:
-            - 1FA22B08
-          publisher:
-            component: main
-            distributions:
-              - ubuntu-xenial/mitaka-hotfix
-
-        mirantis_openstack_security_xenial:
-          source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial
-          distribution: mitaka-security
-          components: main restricted
-          architectures: amd64
-          key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial/archive-mcp${_param:mcp_repo_version}.key"
-          gpgkeys:
-            - 1FA22B08
-          publisher:
-            component: main
-            distributions:
-              - ubuntu-xenial/mitaka-security
-
-        # required for alternative horizon plugins/etc..
-        mirantis_openstack_updates_xenial:
-          source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial
-          distribution: mitaka-updates
-          components:  main restricted
-          architectures: amd64
-          key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial/archive-mcp${_param:mcp_repo_version}.key"
-          gpgkeys:
-            - 1FA22B08
-          publisher:
-            component: main
-            distributions:
-              - ubuntu-xenial/mitaka-updates
-
-        # required for salt formulas
-        mirantis_openstack_holdback_xenial:
-          source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial
-          distribution: mitaka-holdback
-          components: main restricted
-          architectures: amd64
-          key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial/archive-mcp${_param:mcp_repo_version}.key"
-          gpgkeys:
-          - 1FA22B08
-          publisher:
-            component: main
-            distributions:
-              - ubuntu-xenial/mitaka-holdback
-
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/openstack_mitaka.yml b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_mitaka.yml
new file mode 100644
index 0000000..32254d5
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_mitaka.yml
@@ -0,0 +1,71 @@
+parameters:
+  aptly:
+    server:
+      mirror:
+        mirantis_openstack_mitaka_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial
+          distribution: mitaka
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial/archive-mcpmitaka.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/mitaka
+
+        mirantis_openstack_mitaka_hotfix_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial
+          distribution: mitaka-hotfix
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial/archive-mcpmitaka.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/mitaka-hotfix
+
+        mirantis_openstack_mitaka_security_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial
+          distribution: mitaka-security
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial/archive-mcpmitaka.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/mitaka-security
+
+        # required for alternative horizon plugins/etc..
+        mirantis_openstack_mitaka_updates_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial
+          distribution: mitaka-updates
+          components:  main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial/archive-mcpmitaka.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/mitaka-updates
+
+        # required for salt formulas
+        mirantis_openstack_mitaka_holdback_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial
+          distribution: mitaka-holdback
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial/archive-mcpmitaka.key"
+          gpgkeys:
+          - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/mitaka-holdback
+
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/openstack_newton.yml b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_newton.yml
new file mode 100644
index 0000000..2f08b2c
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_newton.yml
@@ -0,0 +1,71 @@
+parameters:
+  aptly:
+    server:
+      mirror:
+        mirantis_openstack_newton_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/newton/xenial
+          distribution: newton
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/newton/xenial/archive-mcpnewton.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/newton
+
+        mirantis_openstack_newton_hotfix_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/newton/xenial
+          distribution: newton-hotfix
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/newton/xenial/archive-mcpnewton.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/newton-hotfix
+
+        mirantis_openstack_newton_security_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/newton/xenial
+          distribution: newton-security
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/newton/xenial/archive-mcpnewton.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/newton-security
+
+        # required for alternative horizon plugins/etc..
+        mirantis_openstack_newton_updates_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/newton/xenial
+          distribution: newton-updates
+          components:  main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/newton/xenial/archive-mcpnewton.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/newton-updates
+
+        # required for salt formulas
+        mirantis_openstack_newton_holdback_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/newton/xenial
+          distribution: newton-holdback
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/newton/xenial/archive-mcpnewton.key"
+          gpgkeys:
+          - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/newton-holdback
+
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/openstack_ocata.yml b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_ocata.yml
new file mode 100644
index 0000000..8c12ddc
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_ocata.yml
@@ -0,0 +1,71 @@
+parameters:
+  aptly:
+    server:
+      mirror:
+        mirantis_openstack_ocata_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/ocata/xenial
+          distribution: ocata
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/ocata
+
+        mirantis_openstack_ocata_hotfix_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/ocata/xenial
+          distribution: ocata-hotfix
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/ocata-hotfix
+
+        mirantis_openstack_ocata_security_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/ocata/xenial
+          distribution: ocata-security
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/ocata-security
+
+        # required for alternative horizon plugins/etc..
+        mirantis_openstack_ocata_updates_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/ocata/xenial
+          distribution: ocata-updates
+          components:  main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
+          gpgkeys:
+            - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/ocata-updates
+
+        # required for salt formulas
+        mirantis_openstack_ocata_holdback_xenial:
+          source: http://mirror.fuel-infra.org/mcp-repos/ocata/xenial
+          distribution: ocata-holdback
+          components: main restricted
+          architectures: amd64
+          key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
+          gpgkeys:
+          - 1FA22B08
+          publisher:
+            component: main
+            distributions:
+              - ubuntu-xenial/ocata-holdback
+
diff --git a/backupninja/client/single.yml b/backupninja/client/single.yml
new file mode 100644
index 0000000..6eecc33
--- /dev/null
+++ b/backupninja/client/single.yml
@@ -0,0 +1,2 @@
+classes:
+- service.backupninja.client.single
diff --git a/backupninja/server/single.yml b/backupninja/server/single.yml
new file mode 100644
index 0000000..9897a6c
--- /dev/null
+++ b/backupninja/server/single.yml
@@ -0,0 +1,2 @@
+classes:
+- service.backupninja.server.single
diff --git a/ceilometer/server/coordination/redis.yml b/ceilometer/server/coordination/redis.yml
new file mode 100644
index 0000000..e013e0f
--- /dev/null
+++ b/ceilometer/server/coordination/redis.yml
@@ -0,0 +1,7 @@
+classes:
+- service.redis.server.single
+parameters:
+  aodh:
+    server:
+      coordination_backend:
+        url:  redis://${_param:single_address}:6379/${_param:cluster_node01_address}
diff --git a/ceilometer/server/single.yml b/ceilometer/server/single.yml
index a8b1f90..9758af2 100644
--- a/ceilometer/server/single.yml
+++ b/ceilometer/server/single.yml
@@ -1,7 +1,7 @@
 classes:
 - service.ceilometer.server.single
 parameters:
-  ceilometer:	
+  ceilometer:
     server:
       database:
         influxdb:
diff --git a/devops_portal/service/security_monkey.yml b/devops_portal/service/security_monkey.yml
new file mode 100644
index 0000000..3638e56
--- /dev/null
+++ b/devops_portal/service/security_monkey.yml
@@ -0,0 +1,10 @@
+parameters:
+  devops_portal:
+    config:
+      service:
+        securitymonkey:
+          configure_proxy: true
+          endpoint:
+            address: ${_param:haproxy_security_monkey_bind_host}
+            port: ${_param:haproxy_security_monkey_bind_port}
+            https: ${_param:haproxy_security_monkey_ssl:enabled}
diff --git a/docker/swarm/stack/elasticsearch.yml b/docker/swarm/stack/elasticsearch.yml
new file mode 100644
index 0000000..083388c
--- /dev/null
+++ b/docker/swarm/stack/elasticsearch.yml
@@ -0,0 +1,19 @@
+parameters:
+  _param:
+    elasticsearch_replicas: 1
+    docker_image_oss_elasticsearch: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/elasticsearch:latest
+  docker:
+    client:
+      stack:
+        elasticsearch:
+          service:
+            cluster:
+              image: ${_param:docker_image_oss_elasticsearch}
+              deploy:
+                replicas: ${_param:elasticsearch_replicas}
+                restart_policy:
+                  condition: any
+              ports:
+                - ${_param:haproxy_elasticsearch_exposed_port}:${_param:haproxy_elasticsearch_bind_port}
+              volumes:
+                - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 788d97e..48466ef 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -39,7 +39,7 @@
                 LDAP_GROUPBASE: ${_param:gerrit_ldap_group_base}
                 LDAP_USERNAME: ${_param:gerrit_ldap_bind_user}
                 LDAP_PASSWORD: ${_param:gerrit_ldap_bind_password}
-                WEBURL: ${_param:gerrit_public_host}
+                WEBURL: http://${_param:gerrit_public_host}:8080
                 GERRIT_ADMIN_SSH_PUBLIC: ${_param:gerrit_admin_public_key}
                 GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
                 GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
@@ -50,6 +50,7 @@
                 MYSQL_PASSWORD: ${_param:mysql_gerrit_password}
                 MYSQL_DATABASE: gerrit
                 MYSQL_ROOT_PASSWORD: ${_param:mysql_admin_password}
+                MYSQL_START_TIMEOUT: 300
               deploy:
                 restart_policy:
                   condition: any
diff --git a/docker/swarm/stack/ldap.yml b/docker/swarm/stack/ldap.yml
index 6e94695..a5fe135 100644
--- a/docker/swarm/stack/ldap.yml
+++ b/docker/swarm/stack/ldap.yml
@@ -8,6 +8,8 @@
         ldap:
           service:
             server:
+              networks:
+                - ldap
               deploy:
                 restart_policy:
                   condition: any
@@ -28,6 +30,8 @@
                 LDAP_CONFIG_PASSWORD: ${_param:openldap_config_password}
                 LDAP_TLS: "false"
             admin:
+              networks:
+                - ldap
               deploy:
                 restart_policy:
                   condition: any
@@ -35,12 +39,16 @@
               depends_on:
                 - server
               hostname: ldap
-              domainname: ${_param:openldap_domain}
               environment:
-                PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap.${_param:openldap_domain}': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '${_param:openldap_admin_password}'}]}]}]"
+                PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '${_param:openldap_admin_password}'}]}]}]"
                 PHPLDAPADMIN_HTTPS: "false"
                 PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
                 PHPLDAPADMIN_SERVER_ADMIN: ${_param:admin_email}
                 PHPLDAPADMIN_THEME: mirantis
               ports:
                 - 18089:80
+          network:
+            ldap:
+              driver: overlay
+              driver_opts:
+                encrypted: 1
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
new file mode 100644
index 0000000..bdad6fb
--- /dev/null
+++ b/docker/swarm/stack/postgresql.yml
@@ -0,0 +1,24 @@
+parameters:
+  _param:
+    docker_postgresql_replicas: 1
+    docker_image_postgresql: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/postgresql:latest
+    postgresql_admin_user: postgres
+    postgresql_admin_user_password: postgrespassword
+  docker:
+    client:
+      stack:
+        postgresql:
+          environment:
+            POSTGRES_USER: ${_param:postgresql_admin_user}
+            POSTGRES_PASSWORD: ${_param:postgresql_admin_user_password}
+          service:
+            db:
+              image: ${_param:docker_image_postgresql}
+              deploy:
+                replicas: ${_param:docker_postgresql_replicas}
+                restart_policy:
+                  condition: any
+              ports:
+                - ${_param:haproxy_postgresql_exposed_port}:${_param:haproxy_postgresql_bind_port}
+              volumes:
+                - /srv/volumes/postgresql/data:/var/lib/postgresql/data
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index b28b1e9..3232301 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -1,36 +1,20 @@
 parameters:
   _param:
-    docker_pushkin_db_replicas: 1
-    docker_image_pushkin_db: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkindb:latest
-    pushkin_db_password: pushkin
-    pushkin_db_user: pushkin
-    pushkin_db: pushkin
     docker_pushkin_replicas: 1
     docker_image_pushkin: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkin:latest
-    elasticsearch_replicas: 1
-    docker_image_oss_elasticsearch: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/elasticsearch:latest
+    pushkin_db: pushkin
   docker:
     client:
       stack:
         pushkin:
           environment:
             POSTGRES_USER: ${_param:pushkin_db_user}
-            POSTGRES_PASSWORD: ${_param:pushkin_db_password}
+            POSTGRES_PASSWORD: ${_param:pushkin_db_user_password}
             POSTGRES_DB: ${_param:pushkin_db}
-            PUSHKINDBHOST: ${_param:haproxy_pushkin_db_bind_host}
+            PUSHKINDBHOST: ${_param:pushkin_db_host}
             PUSHKINELASTICHOST: ${_param:haproxy_elasticsearch_bind_host}
           service:
-            db:
-              image: ${_param:docker_image_pushkin_db}
-              deploy:
-                replicas: ${_param:docker_pushkin_db_replicas}
-                restart_policy:
-                  condition: any
-              ports:
-                - ${_param:haproxy_pushkin_db_exposed_port}:${_param:haproxy_pushkin_db_bind_port}
-              volumes:
-                - /srv/volumes/pushkin/data:/var/lib/postgresql/data
-            backend:
+            api:
               image: ${_param:docker_image_pushkin}
               deploy:
                 replicas: ${_param:docker_pushkin_replicas}
@@ -39,14 +23,4 @@
               ports:
                 - ${_param:haproxy_pushkin_exposed_port}:${_param:haproxy_pushkin_bind_port}
               volumes:
-                - /srv/volumes/pushkin/logs:/var/log/pushkin
-            elasticsearch:
-              image: ${_param:docker_image_oss_elasticsearch}
-              deploy:
-                replicas: ${_param:elasticsearch_replicas}
-                restart_policy:
-                  condition: any
-              ports:
-                - ${_param:haproxy_elasticsearch_exposed_port}:${_param:haproxy_elasticsearch_bind_port}
-              volumes:
-                - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
+                - /srv/volumes/pushkin/api:/var/log/pushkin
\ No newline at end of file
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
new file mode 100644
index 0000000..479b028
--- /dev/null
+++ b/docker/swarm/stack/security_monkey.yml
@@ -0,0 +1,35 @@
+parameters:
+  _param:
+    docker_security_monkey_api_replicas: 1
+    docker_security_monkey_scheduler_replicas: 1
+    docker_image_security_monkey_api: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:3842.6
+    docker_image_security_monkey_scheduler: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:3842.6
+    security_monkey_db: secmonkey
+  docker:
+    client:
+      stack:
+        security_monkey:
+          environment:
+            SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
+            SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
+            SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
+            SECURITY_MONKEY_POSTGRES_PORT: ${_param:haproxy_postgresql_bind_port}
+          service:
+            api:
+              image: ${_param:docker_image_security_monkey_api}
+              deploy:
+                replicas: ${_param:docker_security_monkey_api_replicas}
+                restart_policy:
+                  condition: any
+              ports:
+                - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
+              volumes:
+                - /srv/volumes/security_monkey:/var/log/security_monkey
+            scheduler:
+              image: ${_param:docker_image_security_monkey_scheduler}
+              deploy:
+                replicas: ${_param:docker_security_monkey_scheduler_replicas}
+                restart_policy:
+                  condition: any
+              volumes:
+                - /srv/volumes/security_monkey:/var/log/security_monkey
\ No newline at end of file
diff --git a/glusterfs/client/volume/security_monkey.yml b/glusterfs/client/volume/security_monkey.yml
new file mode 100644
index 0000000..b008669
--- /dev/null
+++ b/glusterfs/client/volume/security_monkey.yml
@@ -0,0 +1,13 @@
+parameters:
+  _param:
+    security_monkey_glusterfs_service_host: ${_param:glusterfs_service_host}
+    glusterfs_node01_address: ${_param:cluster_node01_address}
+    glusterfs_node02_address: ${_param:cluster_node02_address}
+    glusterfs_node03_address: ${_param:cluster_node03_address}
+  glusterfs:
+    client:
+      volumes:
+        security_monkey:
+          path: /srv/volumes/security_monkey
+          server: ${_param:security_monkey_glusterfs_service_host}
+          opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
diff --git a/glusterfs/cluster.yml b/glusterfs/cluster.yml
index e69de29..8a5c595 100644
--- a/glusterfs/cluster.yml
+++ b/glusterfs/cluster.yml
@@ -0,0 +1,2 @@
+classes:
+- service.glusterfs.server
diff --git a/glusterfs/server/volume/security_monkey.yml b/glusterfs/server/volume/security_monkey.yml
new file mode 100644
index 0000000..478aec3
--- /dev/null
+++ b/glusterfs/server/volume/security_monkey.yml
@@ -0,0 +1,17 @@
+parameters:
+  glusterfs:
+    server:
+      volumes:
+        security_monkey:
+          storage: /srv/glusterfs/security_monkey
+          replica: 3
+          bricks:
+            - ${_param:cluster_node01_address}:/srv/glusterfs/security_monkey
+            - ${_param:cluster_node02_address}:/srv/glusterfs/security_monkey
+            - ${_param:cluster_node03_address}:/srv/glusterfs/security_monkey
+          options:
+            cluster.readdir-optimize: On
+            nfs.disable: On
+            network.remote-dio: On
+            diagnostics.client-log-level: WARNING
+            diagnostics.brick-log-level: WARNING
diff --git a/grafana/client/datasource/influxdb.yml b/grafana/client/datasource/influxdb.yml
new file mode 100644
index 0000000..7abe22f
--- /dev/null
+++ b/grafana/client/datasource/influxdb.yml
@@ -0,0 +1,17 @@
+parameters:
+  _param:
+    grafana_influxdb_is_default: true
+    grafana_influxdb_ds_name: influxdb
+  grafana:
+    client:
+      datasource:
+        influxdb:
+          type: influxdb
+          name: ${_param:grafana_influxdb_ds_name}
+          host: ${_param:grafana_influxdb_address}
+          port: ${_param:grafana_influxdb_port}
+          user: ${_param:grafana_influxdb_user}
+          password: ${_param:grafana_influxdb_password}
+          database: ${_param:grafana_influxdb_database}
+          is_default: ${_param:grafana_influxdb_is_default}
+
diff --git a/grafana/client/datasource/prometheus.yml b/grafana/client/datasource/prometheus.yml
new file mode 100644
index 0000000..c4835ef
--- /dev/null
+++ b/grafana/client/datasource/prometheus.yml
@@ -0,0 +1,14 @@
+parameters:
+  _param:
+    grafana_prometheus_is_default: true
+    grafana_prometheus_ds_name: prometheus
+  grafana:
+    client:
+      datasource:
+        prometheus:
+          type: prometheus
+          name: ${_param:grafana_prometheus_ds_name}
+          host: ${_param:grafana_prometheus_address}
+          port: ${_param:grafana_prometheus_port}
+          is_default: ${_param:grafana_prometheus_is_default}
+
diff --git a/grafana/client/init.yml b/grafana/client/init.yml
new file mode 100644
index 0000000..08a9be8
--- /dev/null
+++ b/grafana/client/init.yml
@@ -0,0 +1,17 @@
+classes:
+- service.grafana.client.single
+parameters:
+  _param:
+    grafana_protocol: http
+    grafana_port: 3000
+  grafana:
+    client:
+      enabled: true
+      server:
+        protocol: ${_param:grafana_protocol}
+        host: ${_param:grafana_address}
+        port: ${_param:grafana_port}
+        user: ${_param:grafana_user}
+        password: ${_param:grafana_password}
+      remote_data:
+        engine: 'salt_mine'
diff --git a/grafana/client/single.yml b/grafana/client/single.yml
index 49ac876..87992a7 100644
--- a/grafana/client/single.yml
+++ b/grafana/client/single.yml
@@ -1,23 +1,12 @@
 classes:
-- service.grafana.client.single
+- system.grafana.client
+- system.grafana.client.datasource.influxdb
 parameters:
-  grafana:
-    client:
-      enabled: true
-      server:
-        protocol: http
-        host: ${_param:stacklight_monitor_address}
-        port: 3000
-        user: ${_param:grafana_user}
-        password: ${_param:grafana_password}
-      remote_data:
-        engine: 'salt_mine'
-      datasource:
-        lma:
-          type: influxdb
-          host: ${_param:grafana_influxdb_host}
-          port: ${_param:influxdb_port}
-          user: lma
-          password: ${_param:influxdb_stacklight_password}
-          database: lma
-          is_default: true
+  _param:
+    grafana_address: ${_param:stacklight_monitor_address}
+    grafana_influxdb_address: ${_param:grafana_influxdb_host}
+    grafana_influxdb_port: ${_param:influxdb_port}
+    grafana_influxdb_user: lma
+    grafana_influxdb_password: ${_param:influxdb_stacklight_password}
+    grafana_influxdb_database: lma
+    grafana_influxdb_ds_name: lma
diff --git a/haproxy/proxy/listen/oss/postgresql.yml b/haproxy/proxy/listen/oss/postgresql.yml
new file mode 100644
index 0000000..1bc1f44
--- /dev/null
+++ b/haproxy/proxy/listen/oss/postgresql.yml
@@ -0,0 +1,32 @@
+parameters:
+  _param:
+    haproxy_postgresql_bind_host: ${_param:haproxy_bind_address}
+    haproxy_postgresql_bind_port: 5432
+    haproxy_postgresql_exposed_port: 15432
+    haproxy_postgresql_ssl:
+      enabled: false
+  haproxy:
+    proxy:
+      listen:
+        postgresql:
+          mode: tcp
+          balance: source
+          options:
+          - tcp-check
+          binds:
+            - address: ${_param:haproxy_postgresql_bind_host}
+              port: ${_param:haproxy_postgresql_bind_port}
+              ssl: ${_param:haproxy_postgresql_ssl}
+          servers:
+            - name: ${_param:cluster_node01_name}
+              host: ${_param:cluster_node01_address}
+              port: ${_param:haproxy_postgresql_exposed_port}
+              params: check port ${_param:haproxy_postgresql_exposed_port}
+            - name: ${_param:cluster_node02_name}
+              host: ${_param:cluster_node02_address}
+              port: ${_param:haproxy_postgresql_exposed_port}
+              params: backup check port ${_param:haproxy_postgresql_exposed_port}
+            - name: ${_param:cluster_node03_name}
+              host: ${_param:cluster_node03_address}
+              port: ${_param:haproxy_postgresql_exposed_port}
+              params: backup check port ${_param:haproxy_postgresql_exposed_port}
diff --git a/haproxy/proxy/listen/oss/pushkin_db.yml b/haproxy/proxy/listen/oss/pushkin_db.yml
deleted file mode 100644
index c67c591..0000000
--- a/haproxy/proxy/listen/oss/pushkin_db.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-parameters:
-  _param:
-    haproxy_pushkin_db_bind_host: ${_param:haproxy_bind_address}
-    haproxy_pushkin_db_bind_port: 5432
-    haproxy_pushkin_db_exposed_port: 15432
-    haproxy_pushkin_db_ssl:
-      enabled: false
-  haproxy:
-    proxy:
-      listen:
-        pushkin_db:
-          mode: tcp
-          balance: source
-          options:
-          - tcp-check
-          binds:
-            - address: ${_param:haproxy_pushkin_db_bind_host}
-              port: ${_param:haproxy_pushkin_db_bind_port}
-              ssl: ${_param:haproxy_pushkin_db_ssl}
-          servers:
-            - name: ${_param:cluster_node01_name}
-              host: ${_param:cluster_node01_address}
-              port: ${_param:haproxy_pushkin_db_exposed_port}
-              params: check port ${_param:haproxy_pushkin_db_exposed_port}
-            - name: ${_param:cluster_node02_name}
-              host: ${_param:cluster_node02_address}
-              port: ${_param:haproxy_pushkin_db_exposed_port}
-              params: backup check port ${_param:haproxy_pushkin_db_exposed_port}
-            - name: ${_param:cluster_node03_name}
-              host: ${_param:cluster_node03_address}
-              port: ${_param:haproxy_pushkin_db_exposed_port}
-              params: backup check port ${_param:haproxy_pushkin_db_exposed_port}
diff --git a/haproxy/proxy/listen/oss/security_monkey.yml b/haproxy/proxy/listen/oss/security_monkey.yml
new file mode 100644
index 0000000..5498699
--- /dev/null
+++ b/haproxy/proxy/listen/oss/security_monkey.yml
@@ -0,0 +1,37 @@
+parameters:
+  _param:
+    haproxy_security_monkey_bind_host: ${_param:haproxy_bind_address}
+    haproxy_security_monkey_bind_port: 5001
+    haproxy_security_monkey_exposed_port: 15001
+    haproxy_security_monkey_ssl:
+      enabled: false
+  haproxy:
+    proxy:
+      listen:
+        security_monkey:
+          mode: http
+          options:
+          - httpchk GET /
+          balance: source
+          http_request:
+            - action: "add-header X-Forwarded-Proto https"
+              condition: "if { ssl_fc }"
+          sticks:
+          - http-check expect status 404
+          binds:
+            - address: ${_param:haproxy_security_monkey_bind_host}
+              port: ${_param:haproxy_security_monkey_bind_port}
+              ssl: ${_param:haproxy_security_monkey_ssl}
+          servers:
+            - name: ${_param:cluster_node01_name}
+              host: ${_param:cluster_node01_address}
+              port: ${_param:haproxy_security_monkey_exposed_port}
+              params: check
+            - name: ${_param:cluster_node02_name}
+              host: ${_param:cluster_node02_address}
+              port: ${_param:haproxy_security_monkey_exposed_port}
+              params: backup check
+            - name: ${_param:cluster_node03_name}
+              host: ${_param:cluster_node03_address}
+              port: ${_param:haproxy_security_monkey_exposed_port}
+              params: backup check
diff --git a/horizon/server/cluster.yml b/horizon/server/cluster.yml
index fbe8df4..8ee48a3 100644
--- a/horizon/server/cluster.yml
+++ b/horizon/server/cluster.yml
@@ -1,5 +1,16 @@
 classes:
 - service.keepalived.cluster.single
-- service.horizon.server.single
+- service.horizon.server.cluster
 - service.haproxy.proxy.single
 - system.haproxy.proxy.listen.openstack.horizon
+- system.memcached.server.single
+parameters:
+  _param:
+    horizon_site_branding: "OpenStack Dashboard"
+  horizon:
+    server:
+      branding: ${_param:horizon_site_branding}
+      plugin: {}
+      session:
+        engine: "cache"
+
diff --git a/horizon/server/single.yml b/horizon/server/single.yml
index c20de5a..2b59f52 100644
--- a/horizon/server/single.yml
+++ b/horizon/server/single.yml
@@ -1,8 +1,9 @@
 classes:
 - service.horizon.server.single
+- system.memcached.server.single
 parameters:
   _param:
-    horizon_site_branding: OpenStack Dashboard
+    horizon_site_branding: "OpenStack Dashboard"
   horizon:
     server:
       branding: ${_param:horizon_site_branding}
@@ -10,3 +11,6 @@
         address: 0.0.0.0
         port: 8078
       plugin: {}
+      session:
+        engine: "cache"
+
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 07720fa..ef0241d 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -17,6 +17,7 @@
         password: ${_param:jenkins_client_password}
       plugin:
         ansicolor: {}
+        artifactory: {}
         build-blocker-plugin: {}
         build-monitor-plugin: {}
         build-user-vars-plugin: {}
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index 7d20688..298452e 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -132,11 +132,11 @@
             - package: telegraf
               dist: trusty
               build: telegraf
-              branch: master
+              branch: release-1.2
             - package: telegraf
               dist: xenial
               build: telegraf
-              branch: master
+              branch: release-1.2
           template:
             type: workflow-scm
             concurrent: false
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 3111acc..ecd7432 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -185,6 +185,8 @@
               dist: trusty
             - name: telegraf
               dist: trusty
+            - name: tftpd-hpa
+              dist: trusty
             - name: varnish
               dist: trusty
             - name: zookeeper
@@ -369,6 +371,8 @@
               dist: xenial
             - name: telegraf
               dist: xenial
+            - name: tftpd-hpa
+              dist: xenial
             - name: varnish
               dist: xenial
             - name: zookeeper
diff --git a/jenkins/client/job/deploy/lab/mk/init.yml b/jenkins/client/job/deploy/lab/mk/init.yml
index 17dca28..2a32dc6 100644
--- a/jenkins/client/job/deploy/lab/mk/init.yml
+++ b/jenkins/client/job/deploy/lab/mk/init.yml
@@ -37,7 +37,7 @@
               # heat
               HEAT_TEMPLATE_URL:
                 type: string
-                default: "git@github.com:Mirantis/mk-lab-heat-templates.git"
+                default: "${_param:jenkins_gerrit_url}/mk/heat-templates"
               HEAT_TEMPLATE_CREDENTIALS:
                 type: string
                 default: "gerrit"
diff --git a/jenkins/client/job/docker/devops-portal.yml b/jenkins/client/job/docker/devops-portal.yml
new file mode 100644
index 0000000..14735b6
--- /dev/null
+++ b/jenkins/client/job/docker/devops-portal.yml
@@ -0,0 +1,56 @@
+parameters:
+  jenkins:
+    client:
+      job:
+        docker-build-images-devops-portal:
+          name: docker-build-images-devops-portal
+          discard:
+            build:
+              keep_num: 25
+            artifact:
+              keep_num: 25
+          type: workflow-scm
+          concurrent: false
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+            credentials: "gerrit"
+            script: docker-build-to-jfrog.groovy
+          trigger:
+            gerrit:
+              project:
+                "oss/devops-portal":
+                  branches:
+                    - master
+              skip_vote:
+                - successful
+                - failed
+                - unstable
+                - not_built
+              event:
+                patchset:
+                  - created:
+                      excludeDrafts: false
+                      excludeNoCodeChange: false
+                comment:
+                  - addedContains:
+                      commentAddedCommentContains: 'rebuild'
+          param:
+            IMAGE_NAME:
+              type: string
+              default: "devops-portal"
+            IMAGE_TAGS:
+              type: string
+              default: "latest"
+            CREDENTIALS_ID:
+              type: string
+              default: "gerrit"
+            DOCKERFILE_PATH:
+              type: string
+              default: "docker/devops-portal"
+            DOCKER_REGISTRY:
+              type: string
+              default: "docker-dev-virtual.docker.mirantis.net"
+            PROJECT_NAMESPACE:
+              type: string
+              default: "oss"
diff --git a/jenkins/client/job/git-mirrors/downstream/debian-packages.yml b/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
index 8ccd3bc..9708d9f 100644
--- a/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
+++ b/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
@@ -7,3 +7,7 @@
         downstream: debian/telegraf
         upstream: "https://github.com/influxdata/telegraf.git"
         branches: master
+      - name: debian-gophercloud
+        downstream: debian/gophercloud
+        upstream: "https://github.com/gophercloud/gophercloud.git"
+        branches: master
diff --git a/jenkins/client/job/opencontrail/git-mirrors/downstream.yml b/jenkins/client/job/opencontrail/git-mirrors/downstream.yml
index b49a1a0..45b06b6 100644
--- a/jenkins/client/job/opencontrail/git-mirrors/downstream.yml
+++ b/jenkins/client/job/opencontrail/git-mirrors/downstream.yml
@@ -45,6 +45,8 @@
               branches: ${_param:contrail_dpdk_extra_branches}
             - name: contrail-kubernetes
               branches: ${_param:contrail_kubernetes_branches}
+            - name: contrail-dpdk
+              branches: ${_param:contrail_dpdk_branches}
           template:
             discard:
               build:
diff --git a/jenkins/client/job/opencontrail/git-mirrors/upstream.yml b/jenkins/client/job/opencontrail/git-mirrors/upstream.yml
index ece2182..0fa0491 100644
--- a/jenkins/client/job/opencontrail/git-mirrors/upstream.yml
+++ b/jenkins/client/job/opencontrail/git-mirrors/upstream.yml
@@ -44,6 +44,8 @@
               branches: ${_param:contrail_branches}
             - name: contrail-dpdk-extra-packages
               branches: ${_param:contrail_dpdk_extra_branches}
+            - name: contrail-dpdk
+              branches: ${_param:contrail_dpdk_branches}
           template:
             discard:
               build:
diff --git a/jenkins/client/job/opencontrail/init.yml b/jenkins/client/job/opencontrail/init.yml
index 63e4215..df8f51b 100644
--- a/jenkins/client/job/opencontrail/init.yml
+++ b/jenkins/client/job/opencontrail/init.yml
@@ -8,6 +8,7 @@
     contrail_dpdk_extra_branches: "mitaka,kilo,liberty-multiqueue"
     contrail_ceilometer_plugin_branches: "master"
     contrail_kubernetes_branches: "master,origin-1.1,origin-1.1.3,release-1.1,release-1.2"
+    contrail_dpdk_branches: "master,R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,contrail_dpdk_17_02,contrail_dpdk_1_7,contrail_dpdk_2_0,contrail_dpdk_2_1"
   jenkins:
     client:
       view:
@@ -26,3 +27,5 @@
               naming_rule: "R3.1.1.x"
             - group_regex: "build-opencontrail-oc32-.*"
               naming_rule: "R3.2"
+            - group_regex: "build-opencontrail-oc666-.*"
+              naming_rule: "oc-666"
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 0912cbb..111cc6a 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -104,6 +104,7 @@
             - name: swift
             - name: taiga
             - name: telegraf
+            - name: tftpd-hpa
             - name: varnish
             - name: zookeeper
           template:
diff --git a/jenkins/master/single.yml b/jenkins/master/single.yml
index e69de29..9d5a611 100644
--- a/jenkins/master/single.yml
+++ b/jenkins/master/single.yml
@@ -0,0 +1,2 @@
+classes:
+- service.jenkins.master.single
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 38be60f..26c7d2b 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -9,9 +9,36 @@
     mysql_keystone_password: password
   keystone:
     server:
-      roles:
-        - admin
-        - Member
-        - image_manager
-    database:
-      host: 127.0.0.1
+      enabled: true
+      version: ${_param:keystone_version}
+      service_token: ${_param:keystone_service_token}
+      service_tenant: service
+      admin_tenant: admin
+      admin_name: admin
+      admin_password: ${_param:keystone_admin_password}
+      admin_email: ${_param:admin_email}
+      bind:
+        address: ${_param:single_address}
+        private_address: ${_param:single_address}
+        private_port: 35357
+        public_address: ${_param:single_address}
+        public_port: 5000
+      region: ${_param:openstack_region}
+      database:
+        engine: mysql
+        host: ${_param:single_address}
+        name: keystone
+        password: ${_param:mysql_keystone_password}
+        user: keystone
+      tokens:
+        engine: fernet
+        expiration: 3600
+        max_active_keys: 3
+        location: /var/lib/keystone/fernet-keys
+      message_queue:
+        engine: rabbitmq
+        host: ${_param:single_address}
+        user: openstack
+        password: ${_param:rabbitmq_openstack_password}
+        virtual_host: '/openstack'
+        ha_queues: true
\ No newline at end of file
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
index 0539331..ab283d0 100644
--- a/kubernetes/master/cluster.yml
+++ b/kubernetes/master/cluster.yml
@@ -9,4 +9,6 @@
       container: false
       network:
         engine: calico
-        private_ip_range: ${_param:calico_private_network}/${_param:calico_private_netmask}
\ No newline at end of file
+        private_ip_range: ${_param:calico_private_network}/${_param:calico_private_netmask}
+        prometheus:
+          enabled: true
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index b38cf07..8295d97 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -6,4 +6,6 @@
     pool:
       container: false
       network:
-        engine: calico
\ No newline at end of file
+        engine: calico
+        prometheus:
+          enabled: true
diff --git a/linux/network/interface/bond_ovs_dvr.yml b/linux/network/interface/bond_ovs_dvr.yml
deleted file mode 100644
index e69de29..0000000
--- a/linux/network/interface/bond_ovs_dvr.yml
+++ /dev/null
diff --git a/linux/network/interface/bond_vlan_dvr.yml b/linux/network/interface/bond_vlan_dvr.yml
deleted file mode 100644
index e69de29..0000000
--- a/linux/network/interface/bond_vlan_dvr.yml
+++ /dev/null
diff --git a/linux/system/repo_local/mcp/openstack.yml b/linux/system/repo_local/mcp/openstack.yml
index 29329d1..83bb29b 100644
--- a/linux/system/repo_local/mcp/openstack.yml
+++ b/linux/system/repo_local/mcp/openstack.yml
@@ -15,7 +15,7 @@
           architectures: amd64
           key_url: "http://${_param:local_repo_url}/public.gpg"
           pin:
-          - pin: 'release a=m${_param:openstack_version}-hotfix'
+          - pin: 'release a=${_param:openstack_version}-hotfix'
             priority: 1100
             package: '*'
         mirantis_openstack_security:
diff --git a/linux/system/single.yml b/linux/system/single.yml
index 89782ea..2c538f5 100644
--- a/linux/system/single.yml
+++ b/linux/system/single.yml
@@ -57,4 +57,3 @@
             - type: hard
               item: nproc
               value: 307200
-
diff --git a/mysql/client/database/aodh.yml b/mysql/client/database/aodh.yml
new file mode 100644
index 0000000..92a2b29
--- /dev/null
+++ b/mysql/client/database/aodh.yml
@@ -0,0 +1,17 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            aodh:
+              encoding: utf8
+              users:
+              - name: aodh
+                password: ${_param:mysql_aodh_password}
+                host: '%'
+                rights: all
+              - name: aodh
+                password: ${_param:mysql_aodh_password}
+                host: ${_param:single_address}
+                rights: all
\ No newline at end of file
diff --git a/mysql/client/database_init/aodh.yml b/mysql/client/database_init/aodh.yml
new file mode 100644
index 0000000..5a88169
--- /dev/null
+++ b/mysql/client/database_init/aodh.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.aodh
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            aodh:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: aodh
diff --git a/mysql/client/database_init/ceilometer.yml b/mysql/client/database_init/ceilometer.yml
new file mode 100644
index 0000000..7f13c6d
--- /dev/null
+++ b/mysql/client/database_init/ceilometer.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.ceilometer
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            ceilometer:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: ceilometer
diff --git a/mysql/client/database_init/cinder.yml b/mysql/client/database_init/cinder.yml
new file mode 100644
index 0000000..9614aad
--- /dev/null
+++ b/mysql/client/database_init/cinder.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.cinder
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            cinder:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: cinder
diff --git a/mysql/client/database_init/designate.yml b/mysql/client/database_init/designate.yml
new file mode 100644
index 0000000..99d0036
--- /dev/null
+++ b/mysql/client/database_init/designate.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.designate
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            designate:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: designate
diff --git a/mysql/client/database_init/designate_pool_manager.yml b/mysql/client/database_init/designate_pool_manager.yml
new file mode 100644
index 0000000..6a5b385
--- /dev/null
+++ b/mysql/client/database_init/designate_pool_manager.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.designate_pool_manager
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            designate_pool_manager:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: designate_pool_manager
diff --git a/mysql/client/database_init/glance.yml b/mysql/client/database_init/glance.yml
new file mode 100644
index 0000000..703c603
--- /dev/null
+++ b/mysql/client/database_init/glance.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.glance
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            glance:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: glance
diff --git a/mysql/client/database_init/grafana.yml b/mysql/client/database_init/grafana.yml
new file mode 100644
index 0000000..aeb2e26
--- /dev/null
+++ b/mysql/client/database_init/grafana.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.grafana
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            grafana:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: grafana
diff --git a/mysql/client/database_init/heat.yml b/mysql/client/database_init/heat.yml
new file mode 100644
index 0000000..c7a0f00
--- /dev/null
+++ b/mysql/client/database_init/heat.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.heat
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            heat:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: heat
diff --git a/mysql/client/database_init/keystone.yml b/mysql/client/database_init/keystone.yml
new file mode 100644
index 0000000..555cae6
--- /dev/null
+++ b/mysql/client/database_init/keystone.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.keystone
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            keystone:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: keystone
diff --git a/mysql/client/database_init/murano.yml b/mysql/client/database_init/murano.yml
new file mode 100644
index 0000000..13515e7
--- /dev/null
+++ b/mysql/client/database_init/murano.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.murano
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            murano:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: murano
diff --git a/mysql/client/database_init/neutron.yml b/mysql/client/database_init/neutron.yml
new file mode 100644
index 0000000..405f3e6
--- /dev/null
+++ b/mysql/client/database_init/neutron.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.neutron
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            neutron:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: neutron
diff --git a/mysql/client/database_init/nova.yml b/mysql/client/database_init/nova.yml
new file mode 100644
index 0000000..f1ee6cf
--- /dev/null
+++ b/mysql/client/database_init/nova.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.nova
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            nova:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: nova
diff --git a/mysql/client/database_init/nova_api.yml b/mysql/client/database_init/nova_api.yml
new file mode 100644
index 0000000..2fa8630
--- /dev/null
+++ b/mysql/client/database_init/nova_api.yml
@@ -0,0 +1,21 @@
+classes:
+- system.mysql.client.database.nova_api
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            nova_api:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: nova_api
+            nova_cell0:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: nova_cell0
diff --git a/mysql/client/database_init/sahara.yml b/mysql/client/database_init/sahara.yml
new file mode 100644
index 0000000..ef3d981
--- /dev/null
+++ b/mysql/client/database_init/sahara.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.sahara
+parameters:
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          database:
+            sahara:
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: sahara
diff --git a/mysql/client/database_upgrade/aodh.yml b/mysql/client/database_upgrade/aodh.yml
new file mode 100644
index 0000000..d363161
--- /dev/null
+++ b/mysql/client/database_upgrade/aodh.yml
@@ -0,0 +1,23 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            aodh_upgrade:
+              encoding: utf8
+              users:
+              - name: aodh
+                password: ${_param:mysql_aodh_password}
+                host: '%'
+                rights: all
+              - name: aodh
+                password: ${_param:mysql_aodh_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: aodh
+
diff --git a/mysql/client/database_upgrade/ceilometer.yml b/mysql/client/database_upgrade/ceilometer.yml
new file mode 100644
index 0000000..5344b4b
--- /dev/null
+++ b/mysql/client/database_upgrade/ceilometer.yml
@@ -0,0 +1,23 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            ceilometer_upgrade:
+              encoding: utf8
+              users:
+              - name: ceilometer
+                password: ${_param:mysql_ceilometer_password}
+                host: '%'
+                rights: all
+              - name: ceilometer
+                password: ${_param:mysql_ceilometer_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: ceilometer
+
diff --git a/mysql/client/database_upgrade/cinder.yml b/mysql/client/database_upgrade/cinder.yml
new file mode 100644
index 0000000..bafc70d
--- /dev/null
+++ b/mysql/client/database_upgrade/cinder.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            cinder_upgrade:
+              encoding: utf8
+              users:
+              - name: cinder
+                password: ${_param:mysql_cinder_password}
+                host: '%'
+                rights: all
+              - name: cinder
+                password: ${_param:mysql_cinder_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: cinder
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/designate.yml b/mysql/client/database_upgrade/designate.yml
new file mode 100644
index 0000000..48b7fce
--- /dev/null
+++ b/mysql/client/database_upgrade/designate.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            designate_upgrade:
+              encoding: utf8
+              users:
+              - name: designate
+                password: ${_param:mysql_designate_password}
+                host: '%'
+                rights: all
+              - name: designate
+                password: ${_param:mysql_designate_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: designate
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/designate_pool_manager.yml b/mysql/client/database_upgrade/designate_pool_manager.yml
new file mode 100644
index 0000000..26dd975
--- /dev/null
+++ b/mysql/client/database_upgrade/designate_pool_manager.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            designate_pool_manager_upgrade:
+              encoding: utf8
+              users:
+              - name: designate
+                password: ${_param:mysql_designate_password}
+                host: '%'
+                rights: all
+              - name: designate
+                password: ${_param:mysql_designate_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: designate_pool_manager
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/glance.yml b/mysql/client/database_upgrade/glance.yml
new file mode 100644
index 0000000..bebe604
--- /dev/null
+++ b/mysql/client/database_upgrade/glance.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            glance_upgrade:
+              encoding: utf8
+              users:
+              - name: glance
+                password: ${_param:mysql_glance_password}
+                host: '%'
+                rights: all
+              - name: glance
+                password: ${_param:mysql_glance_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: glance
diff --git a/mysql/client/database_upgrade/grafana.yml b/mysql/client/database_upgrade/grafana.yml
new file mode 100644
index 0000000..7759a66
--- /dev/null
+++ b/mysql/client/database_upgrade/grafana.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            grafana_upgrade:
+              encoding: utf8
+              users:
+              - name: grafana
+                password: ${_param:mysql_grafana_password}
+                host: '%'
+                rights: all
+              - name: grafana
+                password: ${_param:mysql_grafana_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: grafana
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/heat.yml b/mysql/client/database_upgrade/heat.yml
new file mode 100644
index 0000000..24e4cb1
--- /dev/null
+++ b/mysql/client/database_upgrade/heat.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            heat_upgrade:
+              encoding: utf8
+              users:
+              - name: heat
+                password: ${_param:mysql_heat_password}
+                host: '%'
+                rights: all
+              - name: heat
+                password: ${_param:mysql_heat_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: heat
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/keystone.yml b/mysql/client/database_upgrade/keystone.yml
new file mode 100644
index 0000000..8265662
--- /dev/null
+++ b/mysql/client/database_upgrade/keystone.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            keystone_upgrade:
+              encoding: utf8
+              users:
+              - name: keystone
+                password: ${_param:mysql_keystone_password}
+                host: '%'
+                rights: all
+              - name: keystone
+                password: ${_param:mysql_keystone_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: keystone
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/murano.yml b/mysql/client/database_upgrade/murano.yml
new file mode 100644
index 0000000..2223ce6
--- /dev/null
+++ b/mysql/client/database_upgrade/murano.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            murano_upgrade:
+              encoding: utf8
+              users:
+              - name: murano
+                password: ${_param:mysql_murano_password}
+                host: '%'
+                rights: all
+              - name: murano
+                password: ${_param:mysql_murano_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: murano
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/neutron.yml b/mysql/client/database_upgrade/neutron.yml
new file mode 100644
index 0000000..7dd723c
--- /dev/null
+++ b/mysql/client/database_upgrade/neutron.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            neutron_upgrade:
+              encoding: utf8
+              users:
+              - name: neutron
+                password: ${_param:mysql_neutron_password}
+                host: '%'
+                rights: all
+              - name: neutron
+                password: ${_param:mysql_neutron_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: neutron
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/nova.yml b/mysql/client/database_upgrade/nova.yml
new file mode 100644
index 0000000..699c9c3
--- /dev/null
+++ b/mysql/client/database_upgrade/nova.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            nova_upgrade:
+              encoding: utf8
+              users:
+              - name: nova
+                password: ${_param:mysql_nova_password}
+                host: '%'
+                rights: all
+              - name: nova
+                password: ${_param:mysql_nova_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: nova
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/nova_api.yml b/mysql/client/database_upgrade/nova_api.yml
new file mode 100644
index 0000000..8bb33c8
--- /dev/null
+++ b/mysql/client/database_upgrade/nova_api.yml
@@ -0,0 +1,38 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            nova_upgrade_api:
+              encoding: utf8
+              users:
+              - name: nova
+                password: ${_param:mysql_nova_password}
+                host: '%'
+                rights: all
+              - name: nova
+                password: ${_param:mysql_nova_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: nova_api
+            nova_upgrade_cell0:
+              encoding: utf8
+              users:
+              - name: nova
+                password: ${_param:mysql_nova_password}
+                host: '%'
+                rights: all
+              - name: nova
+                password: ${_param:mysql_nova_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: nova_cell0
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/sahara.yml b/mysql/client/database_upgrade/sahara.yml
new file mode 100644
index 0000000..73618d0
--- /dev/null
+++ b/mysql/client/database_upgrade/sahara.yml
@@ -0,0 +1,22 @@
+parameters:
+  mysql:
+    client:
+      server:
+        database:
+          database:
+            sahara_upgrade:
+              encoding: utf8
+              users:
+              - name: sahara
+                password: ${_param:mysql_sahara_password}
+                host: '%'
+                rights: all
+              - name: sahara
+                password: ${_param:mysql_sahara_password}
+                host: ${_param:single_address}
+                rights: all
+              initial_data:
+                engine: backupninja
+                source: ${_param:backupninja_backup_host}
+                host: ${linux:network:fqdn}
+                database: sahara
\ No newline at end of file
diff --git a/mysql/client/init.yml b/mysql/client/init.yml
new file mode 100644
index 0000000..4cea41a
--- /dev/null
+++ b/mysql/client/init.yml
@@ -0,0 +1,14 @@
+parameters:
+  _param:
+    mysql_client_host: localhost
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          admin:
+            host: ${_param:mysql_client_host}
+            port: 3306
+            user: ${_param:mysql_admin_user}
+            password: ${_param:mysql_admin_password}
+            encoding: utf8
diff --git a/mysql/client/single.yml b/mysql/client/single.yml
index e273e2f..f518a87 100644
--- a/mysql/client/single.yml
+++ b/mysql/client/single.yml
@@ -1,4 +1,6 @@
 classes:
+- system.mysql.client
+- system.mysql.client.database.aodh
 - system.mysql.client.database.ceilometer
 - system.mysql.client.database.cinder
 - system.mysql.client.database.glance
@@ -7,17 +9,3 @@
 - system.mysql.client.database.nova
 - system.mysql.client.database.nova_api
 - system.mysql.client.database.neutron
-parameters:
-  _param:
-    mysql_client_host: localhost
-  mysql:
-    client:
-      enabled: true
-      server:
-        database:
-          admin:
-            host: ${_param:mysql_client_host}
-            port: 3306
-            user: ${_param:mysql_admin_user}
-            password: ${_param:mysql_admin_password}
-            encoding: utf8
diff --git a/mysql/client/single_init.yml b/mysql/client/single_init.yml
new file mode 100644
index 0000000..0c20049
--- /dev/null
+++ b/mysql/client/single_init.yml
@@ -0,0 +1,24 @@
+classes:
+- system.mysql.client.database_init.aodh
+- system.mysql.client.database_init.ceilometer
+- system.mysql.client.database_init.cinder
+- system.mysql.client.database_init.glance
+- system.mysql.client.database_init.heat
+- system.mysql.client.database_init.keystone
+- system.mysql.client.database_init.nova
+- system.mysql.client.database_init.nova_api
+- system.mysql.client.database_init.neutron
+parameters:
+  _param:
+    mysql_client_host: localhost
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          admin:
+            host: ${_param:mysql_client_host}
+            port: 3306
+            user: ${_param:mysql_admin_user}
+            password: ${_param:mysql_admin_password}
+            encoding: utf8
diff --git a/mysql/client/single_upgrade.yml b/mysql/client/single_upgrade.yml
new file mode 100644
index 0000000..595d3f7
--- /dev/null
+++ b/mysql/client/single_upgrade.yml
@@ -0,0 +1,25 @@
+classes:
+- system.mysql.client.database_upgrade.aodh
+- system.mysql.client.database_upgrade.ceilometer
+- system.mysql.client.database_upgrade.cinder
+- system.mysql.client.database_upgrade.glance
+- system.mysql.client.database_upgrade.heat
+- system.mysql.client.database_upgrade.keystone
+- system.mysql.client.database_upgrade.nova
+- system.mysql.client.database_upgrade.nova_api
+- system.mysql.client.database_upgrade.neutron
+- service.mysql.client.single
+parameters:
+  _param:
+    mysql_client_host: localhost
+  mysql:
+    client:
+      enabled: true
+      server:
+        database:
+          admin:
+            host: ${_param:mysql_client_host}
+            port: 3306
+            user: ${_param:mysql_admin_user}
+            password: ${_param:mysql_admin_password}
+            encoding: utf8
diff --git a/neutron/control/openvswitch/single.yml b/neutron/control/openvswitch/single.yml
new file mode 100644
index 0000000..6601db1
--- /dev/null
+++ b/neutron/control/openvswitch/single.yml
@@ -0,0 +1,45 @@
+classes:
+- service.neutron.control.single
+parameters:
+  _param:
+    neutron_control_dvr: True
+    neutron_l3_ha: False
+    neutron_global_physnet_mtu: 1500
+    neutron_external_mtu: 1500
+    neutron_tenant_network_types: "flat,vxlan"
+  neutron:
+    server:
+      plugin: ml2
+      global_physnet_mtu: ${_param:neutron_global_physnet_mtu}
+      l3_ha: ${_param:neutron_l3_ha}
+      dvr: ${_param:neutron_control_dvr}
+      backend:
+        engine: ml2
+        tenant_network_types: "${_param:neutron_tenant_network_types}"
+        external_mtu: ${_param:neutron_external_mtu}
+        mechanism:
+          ovs:
+            driver: openvswitch
+      compute:
+        region: ${_param:openstack_region}
+      database:
+        host: ${_param:openstack_database_address}
+      identity:
+        region: ${_param:openstack_region}
+      message_queue:
+        members:
+          - host: ${_param:openstack_message_queue_node01_address}
+  mysql:
+    server:
+      database:
+        neutron:
+          encoding: utf8
+          users:
+          - name: neutron
+            password: ${_param:mysql_neutron_password}
+            host: '%'
+            rights: all
+          - name: neutron
+            password: ${_param:mysql_neutron_password}
+            host: ${_param:cluster_local_address}
+            rights: all
\ No newline at end of file
diff --git a/nginx/server/proxy/openstack/designate.yml b/nginx/server/proxy/openstack/designate.yml
index 2b8ffce..29bc390 100644
--- a/nginx/server/proxy/openstack/designate.yml
+++ b/nginx/server/proxy/openstack/designate.yml
@@ -1,4 +1,4 @@
-  parameters:
+parameters:
   _param:
     nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
   nginx:
diff --git a/nginx/server/proxy/openstack/murano.yml b/nginx/server/proxy/openstack/murano.yml
index a93b07e..06b8c1a 100644
--- a/nginx/server/proxy/openstack/murano.yml
+++ b/nginx/server/proxy/openstack/murano.yml
@@ -1,4 +1,4 @@
-  parameters:
+parameters:
   _param:
     nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
   nginx:
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 1bcc8b9..d47c5e1 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -10,6 +10,7 @@
     nova_cpu_allocation_ratio: 16.0
     nova_ram_allocation_ratio: 1.5
     nova_disk_allocation_ratio: 1.0
+    metadata_password: metadataPass
   nova:
     controller:
       enabled: true
diff --git a/openssh/client/root.yml b/openssh/client/root.yml
new file mode 100644
index 0000000..145f5da
--- /dev/null
+++ b/openssh/client/root.yml
@@ -0,0 +1,42 @@
+applications:
+- openssh
+parameters:
+  _param:
+    root_private_key: |
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIEpQIBAAKCAQEAsy1IhygI3xV4md37IMd+blxelYr3wuVhWn7uEDGpcZo+lvrN
+      u+6An3VgPA7uX9cLUFzO91UOZx5F4TNlCH1DGq7MoVyvgcSla3IBATR3SpQ8rWnn
+      FD8rjsUw3RloTfwz7+f7y/DWFsHhGAWzWy4FNE3e0b5udk1Fyk4SA43he1w8V+Eo
+      V1oqQUsFOG6DlAbUfCln4GvH7KngTfnmnLgEBUdzK6zn1bwLllugbH9OO3Jnflek
+      L9K2qFu9zbuDP2QHU7GkeZOtmtHB7EkaIt4QpjUasPgmWkIvKa0FOrdunljxLc54
+      6eRJDxfiy4fC8VKAn1qlk/i8XvEEME9Z8fywjQIDAQABAoIBAQCdMsuBGNS/tDy8
+      8g5TsfLwrEWneebprQl+tgHzXz7EFol3OM+rZBKg0//8cTUeDLM2bFaAlLUwL1Ur
+      wUWQ7yUikd2ibIjmlzpyS/Ept3g5jFi35EQCdXGnrsWyFYp3cR+4CZXWVZPfH3Z2
+      9vlms7eJLhChgCu1yxHB7kDLsXz0Fn5jaWPd2TDY+3Y3t3LCFxNgfIQ+Mljzj/6f
+      +MG7bp/5UuEA76oZnPfp2fj1vqWYCI6ftk4Wam1AkHVUNP3jjl48cao7EKeH5v4E
+      0PL+AY3av4SoUQWf1ZlkkJrhIyRRdVDavX86t17NXmrQvaz3brz8yI2Hh08ho413
+      AH8C0zyZAoGBANcea55n9vBoA4FQRX2HEA9ljdPWIFdvkKXvxb7R/UxhzublicBm
+      3JwcDCwbiGhEzYhMlDmt0hZ4YPA3fL7WwP2EXkrYyqn1tSGSS2CkfhpuB2xgPTSr
+      cxbJj5iuKM0eS9GdPqae2k4ME3sC5pi+eiiWuUuvzhqid8EMAGFvYdcXAoGBANU6
+      R4OLghz2FaTSeFFHfHCoAym03qMe9pRCugnM2Np0vEZ650G2xez8OtYim8nttkTE
+      xCWppxBtHIjN6mm4pOHsGxr0LqrKtHgMxkawyBx9hZTZSNudAMupPXBRHlPm/+hL
+      EXt4xUiBd4GVkWw2esEKINi83dXHnECugknJN7v7AoGBAJHy4bEneDLDXx1tCLiR
+      2iOYExGWRXsNBmaOtuswLVqVQXsGYN9Y6nQ/00JZq8KSa5/91NMNS2xTX/Gas9gG
+      fAmEtTSywU1uluWgC+QVtjjYTdEJunzxlbPwLKy5/JSt6WLd/JOvUw2Aw/bBkRIw
+      qVDAchcXwA3yDK29JsT0fL0hAoGBAMqu0zufaNbOtFQwHF5mbUtI6XjDjL3RuOHF
+      a8HVDmzZef4k5Z35drqGKAdUbnHLm+5Se4CxezSKAw2nbqN/+HsoS7ubUKDYfiN/
+      QRoBALbUOh37TN40p4TwIo6ZDRMECU1tzfhoHF+HcWmkGs+aGaVVU1Oyc8u6KjTx
+      rLcmpevxAoGAFz4bvKyBt/wq8TPTVzU/iJtwBLq8WdZpKJcuVkF7/DWY3A3maOFs
+      P9IMHeDD+tlfIu0Y3qmPmEaLzXsMfRh+3Eb6itrgDRFEuE/HyPIWxHvDt1jjfIFu
+      O87TLcnZIoW99nyY0RixwuK6ZeCmmyktX0iO7dNDIOyBReCs6ZwXSSc=
+      -----END RSA PRIVATE KEY-----
+  openssh:
+    client:
+      enabled: true
+      user:
+        root:
+          enabled: true
+          private_key:
+            type: rsa
+            key: ${_param:root_private_key}
+          user: ${linux:system:user:root}
diff --git a/openssh/server/team/k8s_team.yml b/openssh/server/team/k8s_team.yml
new file mode 100644
index 0000000..ed85ae0
--- /dev/null
+++ b/openssh/server/team/k8s_team.yml
@@ -0,0 +1,23 @@
+parameters:
+  linux:
+    system:
+      user:
+        dshulyak:
+          enabled: true
+          name: dshulyak
+          sudo: true
+          full_name: Dmitry Shulyak
+          home: /home/dshulyak
+          email: dshulyak@mirantis.com
+  openssh:
+    server:
+      enabled: true
+      user:
+        dshulyak:
+          enabled: true
+          public_keys:
+          - ${public_keys:dshulyak}
+          user: ${linux:system:user:dshulyak}
+  public_keys:
+    kproskurin:
+      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvkecSoZQDlJ3rfnxzYYkKVOwZG/oGVNYykey07pJXzcc4RDnP+OSPSD57Ovc3f9DgGpDqi5EaSTK9wPT3Z4Xlq/0IN9mJjSqkMKahlQutozNeathqghM3mkiBrqV8Y9H+L+5V743ttWMxp+oEpYMVz6QlP152mDwhRESEoU6dm1UjPDOPmiqIBrjkc0glqrBGkvj6Rd7cyVrbVG//mOoemT0S+l9KHjVzIDF3sd9m1MWCtslO0ixCrIXh90wRYTUVJLe4g95Bo3f3k2/DIeqyLns2zjYaYBc54+VMwPllbc4KTNQnW+oZLGmh7fJRouJvNRmL9JrmVFBZ79tMKpLKq55U9RxAbtkO4wPUQxVXQRairYT6XVOis7eOQzojSyT8+jW1HK1ftexITn1nZnAgivzJYg9YugE5brS1pchJeptGQJDQSNeoAGR5rRc0A4uJIc9EzUjURVpa13ZWWKeenhQ3sfRUrP4+rCe4c0yeZS03jk54bNf3hqD7EEGH96L1ojAXyoVV/TgGgFJC3a3T7qciOMIJpWJVyKBVEgU9mSgWUL0lzEp/IrtEObNQQKwTb7LBM6wrSJd/57ePlTzXzSAZEed+7QV0LW+SBD7rwQyKM93i1P+do+4dmGO0fGr9AhMp2J4gsaFuAtCYZXV/b2zmuGnYGhbq3vacLIJYqQ== ds@ds-X10SAE
diff --git a/openssh/server/team/mcp_ci.yml b/openssh/server/team/mcp_ci.yml
index 837ee90..cd931a6 100644
--- a/openssh/server/team/mcp_ci.yml
+++ b/openssh/server/team/mcp_ci.yml
@@ -9,34 +9,20 @@
           full_name: Ruslan Kamaldinov
           home: /home/rkamaldinov
           email: rkamaldinov@mirantis.com
-        iberezovskiy:
+        dburmistrov:
           enabled: true
-          name: iberezovskiy
+          name: dburmistrov
           sudo: true
-          full_name: Ivan Berezovskiy
-          home: /home/iberezovskiy
-          email: iberezovskiy@mirantis.com
-        skolekonov:
+          full_name: Dmitrii Burmistrov
+          home: /home/dburmistrov
+          email: dburmistrov@mirantis.com
+        dkaiharodsev:
           enabled: true
-          name: skolekonov
+          name: dkaiharodsev
           sudo: true
-          full_name: Sergey Kolekonov
-          home: /home/skolekonov
-          email: skolekonov@mirantis.com
-        mmatuszkowiak:
-          enabled: true
-          name: mmatuszkowiak
-          sudo: true
-          full_name: Mateusz Matuszkowiak
-          home: /home/mmatuszkowiak
-          email: mmatuszkowiak@mirantis.com
-        akaszuba:
-          enabled: true
-          name: akaszuba
-          sudo: true
-          full_name: Artur Kaszuba
-          home: /home/akaszuba
-          email: akaszuba@mirantis.com
+          full_name: Dmytro Kaiharodtsev
+          home: /home/dkaiharodsev
+          email: dkaiharodsev@mirantis.com
   openssh:
     server:
       enabled: true
@@ -46,34 +32,20 @@
           public_keys:
           - ${public_keys:rkamaldinov}
           user: ${linux:system:user:rkamaldinov}
-        iberezovskiy:
+        dburmistrov:
           enabled: true
           public_keys:
-          - ${public_keys:iberezovskiy}
-          user: ${linux:system:user:iberezovskiy}
-        skolekonov:
+          - ${public_keys:dburmistrov}
+          user: ${linux:system:user:dburmistrov}
+        dkaiharodsev:
           enabled: true
           public_keys:
-          - ${public_keys:skolekonov}
-          user: ${linux:system:user:skolekonov}
-        mmatuszkowiak:
-          enabled: true
-          public_keys:
-          - ${public_keys:mmatuszkowiak}
-          user: ${linux:system:user:mmatuszkowiak}
-        akaszuba:
-          enabled: true
-          public_keys:
-          - ${public_keys:akaszuba}
-          user: ${linux:system:user:akaszuba}
+          - ${public_keys:dkaiharodsev}
+          user: ${linux:system:user:dkaiharodsev}
   public_keys:
     rkamaldinov:
       key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCzeIFxatNuXWuaTomcGDTMlpqiF6KlK47BSO5yIpfWHTL7o0OFsQArB4UeZ9AC7JHQg1bpxzscJxz8Xj3tA1f8yOCrepR8LbWh7L6a1hMhSCJPK9QLUHPCLV4PW0ghq46Um8ekxMbEqGM/rrKP+GeYxNFUxJMHCkKbZAsV+BV8amuJHQkYt29GP/hgYyZEoWKErqoQ/uGQ0qWEMVQsnus6M3p3c/v1J4JtbbrmRBjyrPx/Tjinw6K2sgocgBZT7vVb4PYwbONi1IAclkPJIyrSNEavZ4MbK93ZXNQCV7rkUbKmHT71Qle34/ks9zyERJ3RgB+pWgQqCjtmJeV51V1 rkamaldinov@mirantis.com
-    iberezovskiy:
-      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJT1d+2zKca28nFykpizh7z1yPLzK5fpMUH/zKaupINKqZxyMNbKiIQsYHSRXESRj6dpkCI2VQGO99fosPF7/XYCNVRcMLZ3lefi6aUaoBGhGTlj/Lbfwln9sN+o3m9oWgrwX/1+IkY9KlUPS4skVsiExHaGRLmCkMbF+dryB5oWKnOcf27z/fpXIFU06opYzxWZ1wR98vSlazqe+m1nDB4ZHYsvP2ztP2wn6+6xTeLj9tzWDRFmHluW7KJrN5PuX+KExPQx6IidDL92UX2E8ua5S+f6bGttT37wS0smKQTw3dnnM79sJnbd1hc4UtyDBQcFFqFq/L+ohpmM7EKY/f iberezovskiy@IvanBerezovskiy
-    skolekonov:
-      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmj9no4dGs67f3KPlson/IMWo4FVAiC83euE01MvwkMY0oWfkHgwPy600PYZANDbXg1Qmza7W56ePQosPBZYtdOmk/Dr0jrviGN2faSawpiFb2K+KHx+hi08gOYHWaooA/IoB7nXBdYjIdfoCrWVR23nB7gcPKRwB31/ozySb+Q5u3wnVdGf3CJGWtRsfzjAyGcwPj7+9K3RuuyzAnRL/oaf9tcBzCHo1jd1o+rqZBVkBazfZSYiO3Kv1/xyw5MREqsu12i8M/77Yiim2nhEre1nB3INj+TAvFYxTJs33SUxUjtcdCSdBQpHLTeODZR8Ra7MTfCoFCllKGx5IDO1Fd skolekonov@SK
-    mmatuszkowiak:
-      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC63QhWE96IF/SRCFWyKJyzOyprc7WlD6RdCClw7BxKum7BDlXfV+fhQupWUdsPVnOaCMwndjG+ZrZXg5okGui4GuL7nucUFYfUhZh252IBM8TM7BkuVd7fmbZ6OD2/4uGTOJRBhO+Jrol9Z2450vaiGZwWrbvWHNPtI+bhx3/4WWxjgZ59NGll220c1cTjGQamvNgtWBWNnsEilmZxinl501EgvDPJ8uewCAS3YA3T9ut11RRJiWKfoMr4H9sFeUTiu1j6ByYlINXMJTNadPzEcV6EW06k1K9oNfJ42F6gYFfjBQK5db83iNTkyA/j4TjfqJ9tlg2cWTp+x2vy8YNV mmatuszkowiak@Mateuszs-MacBook-Pro-2.local
-    akaszuba:
-      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDM8RI+GX+gh8KXQGIHlfePeplOk9aGSjbbDpb3KG2n3J4RftzNThtkaEKBCwKyOSuUh0qHW3pYu17M1eIXHI53PnEQLHE1VoJ2/GI7CHWOjBk0Hgf+/NFCKogetlMjXIrOPRYKtUDcS4ejgb8X+mGCUoJOBIM2qLPO5TLAYvkkEnWaeQQn7Nrn+t8f6hZmfJLBY36jUngXW13ucEj5BcoXpaMV5JPesw9Wg27mHfEPW1Rybizy0R0I3dC4B/1QygntlZW0OTivB35La99h/iHSVVhZQv9A/T+DeR5dMIpMPl+OPKGkZ1pE+4zFIbrGuEDUppxczxaDjJ+9dqzG3pn akaszuba@mirantis.com
+    dburmistrov:
+      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPKldN0BL6C/pmjkKyaSUw9OTUQAumWLCgNPyLVGZIuYPyFs9GqvKgHVm0QChm1OLhnQuA1wxGW5piBtqaDCTyLbKb/ANR3nhO1rqX5LTwZS2W2I0ImP47HUpnxqsBl15/y9hY2JDHZ7qrd7zNqCD+uCkf9l9qA9BmN1aMSKm07fqaaUfhnl3AocxsPX4X4eHfzy7hPJdzrHEcHbGoLLEd8ahJLkHKieWF1lAI++fIhETPF41+ZbH7MBBG4qw/UhhYAgLP3YAEWwvm/J3DtRqGkpSvH2U21hmAlgJHwxtoCD9Q1jKpH5+BDTvqJIXu0K7Gcl00xbeNYyHrwTVsldFX dburmistrov@mirantis.com
+    dkaiharodsev:
+      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSz9eH08GDUOSEDReJAIdjDCoYaoTwg1SSzYNwPRO/evJBeqYwRvZmxzITKq+1qy4jXnpa3ZpuBdaUebqKri2VtvMGmBrWtP8Ojbg3kNPjKOfvrW4cCyJE0yrnW03TULnRgrnf4/WXLK0dnHxL39AmlVjQTVS4pbx73XjyPoVjJbk4PXq37F5cLyyLj4aeWmCcPWn7MLsEC4RUkDwHy3DsDNdgKOlUSHmmOfVy9GBwVbXwVyYbq732Qm0Qqf/2zlJi84LgXOH2irv5HRTMDQ2Wey5Amcl7VpK8OMvtN4R8Sb7c3mgsmM/b/h+gefl0Y/vQfsSSi8GCPhmBoNT4FBgZ dkaiharodsev@dkaiharodsev-pc
diff --git a/postgresql/client/pushkin.yml b/postgresql/client/pushkin.yml
new file mode 100644
index 0000000..12b5906
--- /dev/null
+++ b/postgresql/client/pushkin.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
+    pushkin_db_port: ${_param:haproxy_postgresql_bind_port}
+    pushkin_db_user: pushkin
+    pushkin_db_user_password: pushkin
+  postgresql:
+    client:
+      server:
+        server01:
+          admin:
+            host: ${_param:pushkin_db_host}
+            port: ${_param:pushkin_db_port}
+            user: ${_param:postgresql_admin_user}
+            password: ${_param:postgresql_admin_user_password}
+          database:
+            pushkin:
+              enabled: true
+              encoding: 'UTF8'
+              locale: 'en_US'
+              template: 'hstore_enabled'
+              users:
+              - name: ${_param:pushkin_db_user}
+                password: ${_param:pushkin_db_user_password}
+                host: ${_param:pushkin_db_host}
+                createdb: true
+                rights: all privileges
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
new file mode 100644
index 0000000..65f1de2
--- /dev/null
+++ b/postgresql/client/security_monkey.yml
@@ -0,0 +1,26 @@
+parameters:
+  _param:
+    secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
+    secmonkey_db_port: ${_param:haproxy_postgresql_bind_port}
+    secmonkey_db_user: secmonkey
+    secmonkey_db_user_password: secmonkey
+  postgresql:
+    client:
+      server:
+        server01:
+          admin:
+            host: ${_param:secmonkey_db_host}
+            port: ${_param:secmonkey_db_port}
+            user: ${_param:postgresql_admin_user}
+            password: ${_param:postgresql_admin_user_password}
+          database:
+            secmonkey:
+              enabled: true
+              encoding: 'UTF8'
+              locale: 'en_US'
+              users:
+              - name: ${_param:secmonkey_db_user}
+                password: ${_param:secmonkey_db_user_password}
+                host: ${_param:secmonkey_db_host}
+                createdb: true
+                rights: all privileges
diff --git a/prometheus/server/target/dns.yml b/prometheus/server/target/dns.yml
index 5919a91..fd56d1d 100644
--- a/prometheus/server/target/dns.yml
+++ b/prometheus/server/target/dns.yml
@@ -3,13 +3,15 @@
     server:
       target:
         dns:
-          - name: 'pushgateway'
-            domain:
-            - 'tasks.monitoring_pushgateway'
-            type: A
-            port: 9091
-          - name: 'prometheus'
-            domain:
-            - 'tasks.monitoring_server'
-            type: A
-            port: 9090
+          enabled: true
+          endpoint:
+            - name: 'pushgateway'
+              domain:
+              - 'tasks.monitoring_pushgateway'
+              type: A
+              port: 9091
+            - name: 'prometheus'
+              domain:
+              - 'tasks.monitoring_server'
+              type: A
+              port: 9090
diff --git a/prometheus/server/target/etcd.yml b/prometheus/server/target/etcd.yml
index 3db134e..4cd04bf 100644
--- a/prometheus/server/target/etcd.yml
+++ b/prometheus/server/target/etcd.yml
@@ -4,6 +4,7 @@
       target:
         static:
           etcd:
+            enabled: true
             scheme: https
             tls_config:
               skip_verify: true
diff --git a/prometheus/server/target/kubernetes.yml b/prometheus/server/target/kubernetes.yml
index 8abed5d..d7ba3d6 100644
--- a/prometheus/server/target/kubernetes.yml
+++ b/prometheus/server/target/kubernetes.yml
@@ -3,6 +3,7 @@
     server:
       target:
         kubernetes:
+          enabled: true
           api_ip: ${_param:kubernetes_control_address}
           ssl_dir: /opt/prometheus/config
           cert_name: prometheus-server.crt
diff --git a/reclass/storage/system/openstack_control_upgrade_single.yml b/reclass/storage/system/openstack_control_upgrade_single.yml
new file mode 100644
index 0000000..964e064
--- /dev/null
+++ b/reclass/storage/system/openstack_control_upgrade_single.yml
@@ -0,0 +1,15 @@
+parameters:
+  _param:
+    openstack_upgrade_node01_hostname: upg01
+  reclass:
+    storage:
+      node:
+        openstack_control_upgrade_node01:
+          name: ${_param:openstack_upgrade_node01_hostname}
+          domain: ${_param:cluster_domain}
+          classes:
+          - cluster.${_param:cluster_name}.openstack.upgrade
+          params:
+            salt_master_host: ${_param:reclass_config_master}
+            linux_system_codename: xenial
+            single_address: ${_param:openstack_upgrade_node01_address}
diff --git a/salt/control/cluster/openstack_upgrade_single.yml b/salt/control/cluster/openstack_upgrade_single.yml
new file mode 100644
index 0000000..fd6e4f0
--- /dev/null
+++ b/salt/control/cluster/openstack_upgrade_single.yml
@@ -0,0 +1,18 @@
+parameters:
+  salt:
+    control:
+      size:
+        openstack.upgrade:
+          cpu: 32
+          ram: 65536
+          disk_profile: medium
+          net_profile: default
+      cluster:
+        internal:
+          domain: ${_param:cluster_domain}
+          engine: virt
+          node:
+            upg01:
+              provider: kvm02.${_param:cluster_domain}
+              image: ${_param:salt_control_xenial_image}
+              size: openstack.upgrade
\ No newline at end of file
diff --git a/salt/minion/cert/ceph/pki.yml b/salt/minion/cert/ceph/pki.yml
index 259fc38..37e4fc5 100644
--- a/salt/minion/cert/ceph/pki.yml
+++ b/salt/minion/cert/ceph/pki.yml
@@ -3,6 +3,6 @@
     minion:
       cert:
         ceph:
-          key_file:  /srv/salt/pki/${_param:cluster_name}/ceph.${_param:cluster_public_host}.key
-          cert_file: /srv/salt/pki/${_param:cluster_name}/ceph.${_param:cluster_public_host}.crt
-          all_file:  /srv/salt/pki/${_param:cluster_name}/ceph-with-key.${_param:cluster_public_host}.pem
+          key_file:  /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.key
+          cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.crt
+          all_file:  /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}-chain-with-key.pem
diff --git a/salt/minion/cert/proxy/pki.yml b/salt/minion/cert/proxy/pki.yml
index 9a93bbf..731aea6 100644
--- a/salt/minion/cert/proxy/pki.yml
+++ b/salt/minion/cert/proxy/pki.yml
@@ -3,6 +3,6 @@
     minion:
       cert:
         proxy:
-          key_file:  /srv/salt/pki/${_param:cluster_name}/proxy.${_param:cluster_public_host}.key
-          cert_file: /srv/salt/pki/${_param:cluster_name}/proxy.${_param:cluster_public_host}.crt
-          all_file:  /srv/salt/pki/${_param:cluster_name}/proxy-with-key.${_param:cluster_public_host}.pem
+          key_file:   /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.key
+          cert_file:  /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.crt
+          all_file:   /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-chain-with-key.pem
diff --git a/salt/minion/cert/swift/pki.yml b/salt/minion/cert/swift/pki.yml
index dd24060..3195e48 100644
--- a/salt/minion/cert/swift/pki.yml
+++ b/salt/minion/cert/swift/pki.yml
@@ -3,6 +3,6 @@
     minion:
       cert:
         swift:
-          key_file:  /srv/salt/pki/${_param:cluster_name}/swift.${_param:cluster_public_host}.key
-          cert_file: /srv/salt/pki/${_param:cluster_name}/swift.${_param:cluster_public_host}.crt
-          all_file:  /srv/salt/pki/${_param:cluster_name}/swift-with-key.${_param:cluster_public_host}.pem
+          key_file:  /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.key
+          cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.crt
+          all_file:  /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}-chain-with-key.pem
diff --git a/salt/minion/cert/wildcard/init.yml b/salt/minion/cert/wildcard/init.yml
index 3bc2d52..2974895 100644
--- a/salt/minion/cert/wildcard/init.yml
+++ b/salt/minion/cert/wildcard/init.yml
@@ -11,6 +11,6 @@
           authority: ${_param:salt_minion_ca_authority}
           common_name: wildcard
           alternative_names: IP:127.0.0.1,${_param:salt_pki_wildcard_alt_names}
-          key_file:  /srv/salt/pki/${_param:cluster_name}/wildcard.${_param:cluster_public_host}.key
-          cert_file: /srv/salt/pki/${_param:cluster_name}/wildcard.${_param:cluster_public_host}.crt
-          all_file:  /srv/salt/pki/${_param:cluster_name}/wildcard-with-key.${_param:cluster_public_host}.pem
+          key_file:  /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.key
+          cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.crt
+          all_file:  /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}-chain-with-key.pem
diff --git a/salt/minion/masters.yml b/salt/minion/masters.yml
new file mode 100644
index 0000000..829474a
--- /dev/null
+++ b/salt/minion/masters.yml
@@ -0,0 +1,7 @@
+parameters:
+  salt:
+    minion:
+      master_type: failover
+      masters:
+      - host: ${_param:infra_config_deploy_address}
+      - host: ${_param:infra_config_address}
diff --git a/telegraf/agent/init.yml b/telegraf/agent/init.yml
index 1faea32..5537b75 100644
--- a/telegraf/agent/init.yml
+++ b/telegraf/agent/init.yml
@@ -1,4 +1,4 @@
-paramaters:
+parameters:
   telegraf:
     agent:
       output: