Merge "Update reclass-system ironic support"
diff --git a/docker/swarm/network/runbook.yml b/docker/swarm/network/runbook.yml
new file mode 100644
index 0000000..557b852
--- /dev/null
+++ b/docker/swarm/network/runbook.yml
@@ -0,0 +1,10 @@
+parameters:
+  _param:
+    docker_runbook_subnet: 10.40.0.0/24
+  docker:
+    client:
+      network:
+        runbook:
+          subnet: ${_param:docker_runbook_subnet}
+          driver: overlay
+          attachable: true
diff --git a/docker/swarm/stack/dashboard.yml b/docker/swarm/stack/dashboard.yml
index 2ee123b..934920f 100644
--- a/docker/swarm/stack/dashboard.yml
+++ b/docker/swarm/stack/dashboard.yml
@@ -1,10 +1,12 @@
 parameters:
   _param:
-    docker_grafana_replicas: 1
+    docker_grafana_replicas: 3
     grafana_database_type: sqlite3
     grafana_database_host: localhost
     grafana_database_port: 3306
     grafana_database_password: password
+    grafana_session_directory: /data/sessions
+    grafana_session_life_time: 86400
   docker:
     client:
       stack:
@@ -18,6 +20,8 @@
               image: ${_param:docker_image_grafana}
               ports:
                 - 15013:3000
+              volumes:
+                - /srv/glusterfs/grafana:${_param:grafana_session_directory}
               environment:
                 GF_DATABASE_TYPE: ${_param:grafana_database_type}
                 GF_DATABASE_NAME: grafana
@@ -25,3 +29,6 @@
                 GF_DATABASE_PASSWORD: ${_param:grafana_database_password}
                 GF_DATABASE_HOST: "${_param:grafana_database_host}:${_param:grafana_database_port}"
                 GF_SECURITY_ADMIN_PASSWORD: ${_param:grafana_admin_password}
+                GF_SESSION_PROVIDER: file
+                GF_SESSION_PROVIDER_CONFIG: ${_param:grafana_session_directory}
+                GF_SESSION_LIFE_TIME: ${_param:grafana_session_life_time}
diff --git a/docker/swarm/stack/monitoring.yml b/docker/swarm/stack/monitoring.yml
index 7c03c35..a11024d 100644
--- a/docker/swarm/stack/monitoring.yml
+++ b/docker/swarm/stack/monitoring.yml
@@ -2,6 +2,7 @@
 - service.prometheus.server.container
 - service.prometheus.alertmanager.container
 - service.prometheus.pushgateway.container
+- service.prometheus.remote_storage_adapter.container
 - system.prometheus.server
 - system.prometheus.alertmanager
 parameters:
@@ -15,6 +16,27 @@
               driver_opts:
                 encrypted: 1
           service:
+            remote_storage_adapter:
+              networks:
+                - monitoring
+              deploy:
+                replicas: 1
+                labels:
+                  com.mirantis.monitoring: "remote_storage_adapter"
+                restart_policy:
+                  condition: any
+              labels:
+                com.mirantis.monitoring: "remote_storage_adapter"
+              image: ${_param:docker_image_remote_storage_adapter}
+              ports:
+                - 15015:${prometheus:remote_storage_adapter:bind:port}
+              environment:
+                bind_port: ${prometheus:remote_storage_adapter:bind:port}
+                bind_address: ${prometheus:remote_storage_adapter:bind:address}
+                influxdb_url: ${_param:prometheus_influxdb_url}
+                influxdb_db: ${_param:prometheus_influxdb_db}
+                influxdb_username: ${_param:prometheus_influxdb_username}
+                influxdb_password: ${_param:prometheus_influxdb_password}
             remote_agent:
               networks:
                 - monitoring
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index b3b4074..143b321 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -5,10 +5,11 @@
     docker_image_security_monkey_api: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:4435
     docker_image_security_monkey_scheduler: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:4435
     security_monkey_db: secmonkey
-    notification_service_url: ${_param:haproxy_pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
+    notification_service_url: http://${_param:haproxy_pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
     security_monkey_user: devopsportal@devopsportal.local
     security_monkey_password: devopsportal
     security_monkey_role: Justify
+    devops_portal_sm_wtf_csrf_enabled: False
     security_monkey_openstack:
       os_account_id: mcp_cloud
       os_account_name: mcp_cloud
@@ -39,6 +40,7 @@
             OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
             OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
             USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
+            SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
           service:
             api:
               image: ${_param:docker_image_security_monkey_api}
diff --git a/glusterfs/client/volume/grafana.yml b/glusterfs/client/volume/grafana.yml
new file mode 100644
index 0000000..bd939c1
--- /dev/null
+++ b/glusterfs/client/volume/grafana.yml
@@ -0,0 +1,13 @@
+parameters:
+  _param:
+    grafana_glusterfs_service_host: ${_param:glusterfs_service_host}
+    glusterfs_node01_address: ${_param:cluster_node01_address}
+    glusterfs_node02_address: ${_param:cluster_node02_address}
+    glusterfs_node03_address: ${_param:cluster_node03_address}
+  glusterfs:
+    client:
+      volumes:
+        grafana:
+          path: /srv/volumes/grafana
+          server: ${_param:grafana_glusterfs_service_host}
+          opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
diff --git a/glusterfs/server/volume/grafana.yml b/glusterfs/server/volume/grafana.yml
new file mode 100644
index 0000000..f099c99
--- /dev/null
+++ b/glusterfs/server/volume/grafana.yml
@@ -0,0 +1,17 @@
+parameters:
+  glusterfs:
+    server:
+      volumes:
+        grafana:
+          storage: /srv/glusterfs/grafana
+          replica: 3
+          bricks:
+            - ${_param:cluster_node01_address}:/srv/glusterfs/grafana
+            - ${_param:cluster_node02_address}:/srv/glusterfs/grafana
+            - ${_param:cluster_node03_address}:/srv/glusterfs/grafana
+          options:
+            cluster.readdir-optimize: On
+            nfs.disable: On
+            network.remote-dio: On
+            diagnostics.client-log-level: WARNING
+            diagnostics.brick-log-level: WARNING
diff --git a/horizon/server/plugin/lbaasv2.yml b/horizon/server/plugin/lbaasv2.yml
new file mode 100644
index 0000000..69e2682
--- /dev/null
+++ b/horizon/server/plugin/lbaasv2.yml
@@ -0,0 +1,9 @@
+parameters:
+  horizon:
+    server:
+      plugin:
+        lbaasv2:
+          source:
+            engine: pkg
+            name: python-horizon-neutron-lbaasv2-panel
+
diff --git a/jenkins/client/job/debian/packages/horizon/modules.yml b/jenkins/client/job/debian/packages/horizon/modules.yml
index 0df27ad..d3deab7 100644
--- a/jenkins/client/job/debian/packages/horizon/modules.yml
+++ b/jenkins/client/job/debian/packages/horizon/modules.yml
@@ -18,6 +18,18 @@
               os_version: ocata
               branch: stable/ocata
             # Trusty
+            - name: horizon-neutron-lbaasv2-panel
+              os: ubuntu
+              dist: trusty
+              os_version: mitaka
+              branch: stable/mitaka
+            # Xenial
+            - name: horizon-neutron-lbaasv2-panel
+              os: ubuntu
+              dist: xenial
+              os_version: mitaka
+              branch: stable/mitaka
+            # Trusty
             - name: horizon-overrides-plugin
               os: ubuntu
               dist: trusty
diff --git a/jenkins/client/job/debian/packages/salt-multi.yml b/jenkins/client/job/debian/packages/salt-multi.yml
index 85b95c7..a57a8ab 100644
--- a/jenkins/client/job/debian/packages/salt-multi.yml
+++ b/jenkins/client/job/debian/packages/salt-multi.yml
@@ -25,8 +25,6 @@
               dist: trusty
             - name: swift
               dist: trusty
-            - name: ironic
-              dist: trusty
             - name: ceilometer
               dist: xenial
             - name: cinder
@@ -47,8 +45,6 @@
               dist: xenial
             - name: swift
               dist: xenial
-            - name: ironic
-              dist: xenial
           template:
             discard:
               build:
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 1fbee1e..c5a6709 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -79,6 +79,8 @@
               dist: trusty
             - name: iptables
               dist: trusty
+            - name: ironic
+              dist: trusty
             - name: isc-dhcp
               dist: trusty
             - name: java
@@ -147,6 +149,8 @@
               dist: trusty
             - name: postgresql
               dist: trusty
+            - name: powerdns
+              dist: trusty
             - name: pritunl
               dist: trusty
             - name: prometheus
@@ -257,6 +261,8 @@
               dist: xenial
             - name: glusterfs
               dist: xenial
+            - name: gnocchi
+              dist: xenial
             - name: grafana
               dist: xenial
             - name: graphite
@@ -269,6 +275,8 @@
               dist: xenial
             - name: iptables
               dist: xenial
+            - name: ironic
+              dist: xenial
             - name: isc-dhcp
               dist: xenial
             - name: java
@@ -333,6 +341,8 @@
               dist: xenial
             - name: owncloud
               dist: xenial
+            - name: panko
+              dist: xenial
             - name: postfix
               dist: xenial
             - name: postgresql
@@ -341,6 +351,8 @@
               dist: xenial
             - name: prometheus
               dist: xenial
+            - name: powerdns
+              dist: xenial
             - name: python
               dist: xenial
             - name: rabbitmq
diff --git a/jenkins/client/job/deploy/openstack.yml b/jenkins/client/job/deploy/openstack.yml
index cad1182..c2eb71b 100644
--- a/jenkins/client/job/deploy/openstack.yml
+++ b/jenkins/client/job/deploy/openstack.yml
@@ -34,3 +34,23 @@
             ASK_ON_ERROR:
                 type: boolean
                 default: 'false'
+        deploy-openstack-compute:
+          type: workflow-scm
+          concurrent: true
+          display_name: "Deploy - OpenStack Compute node"
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+            credentials: "gerrit"
+            script: openstack-compute-install.groovy
+          param:
+            SALT_MASTER_URL:
+              type: string
+              default: "${_param:jenkins_salt_api_url}"
+            SALT_MASTER_CREDENTIALS:
+              type: string
+              default: "salt"
+            TARGET_SERVERS:
+              type: string
+              default: ""
+              description: "Salt compound target to match nodes to be updated [*, G@osfamily:debian]."
\ No newline at end of file
diff --git a/jenkins/client/job/deploy/update/saltenv.yml b/jenkins/client/job/deploy/update/saltenv.yml
index 397e3f3..1ce1494 100644
--- a/jenkins/client/job/deploy/update/saltenv.yml
+++ b/jenkins/client/job/deploy/update/saltenv.yml
@@ -5,6 +5,7 @@
   _param:
     jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
     jenkins_salt_model_name: "salt"
+    jenkins_salt_model_branch: "master"
   jenkins:
     client:
       job_template:
@@ -21,6 +22,7 @@
             scm:
               type: git
               url: "${_param:jenkins_gerrit_url}/salt-models/{{name}}"
+              branch: ${_param:jenkins_salt_model_branch}
               credentials: "gerrit"
               script: Jenkinsfile
             param:
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
index cf39dbd..a170ba9 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
@@ -40,6 +40,7 @@
             - name: gitlab
             - name: glance
             - name: glusterfs
+            - name: gnocchi
             - name: grafana
             - name: graphite
             - name: haproxy
@@ -85,8 +86,10 @@
             - name: openvpn
             - name: openvstorage
             - name: owncloud
+            - name: panko
             - name: postfix
             - name: postgresql
+            - name: powerdns
             - name: pritunl
             - name: prometheus
             - name: python
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 68792d4..99ac553 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -39,6 +39,7 @@
             - name: gitlab
             - name: glance
             - name: glusterfs
+            - name: gnocchi
             - name: grafana
             - name: graphite
             - name: haproxy
@@ -84,8 +85,10 @@
             - name: openvpn
             - name: openvstorage
             - name: owncloud
+            - name: panko
             - name: postfix
             - name: postgresql
+            - name: powerdns
             - name: pritunl
             - name: prometheus
             - name: python
diff --git a/jenkins/client/job/salt-models/git-mirrors.yml b/jenkins/client/job/salt-models/git-mirrors.yml
index 514663b..034f8d5 100644
--- a/jenkins/client/job/salt-models/git-mirrors.yml
+++ b/jenkins/client/job/salt-models/git-mirrors.yml
@@ -6,37 +6,6 @@
       job_template:
         git_mirror_2way_salt_model:
           name: git-mirror-2way-salt-model-{{name}}
-          jobs:
-            - name: reclass-system
-              upstream_name: reclass-system
-              branches: "master"
-            - name: slovaktelekom
-              upstream_name: slovaktelekom
-              branches: "master"
-            - name: stacklight
-              upstream_name: stacklight
-              branches: "master"
-            - name: statens
-              upstream_name: statensit
-              branches: "master"
-            - name: aeg
-              upstream_name: aeg
-              branches: "master"
-            - name: att-cicd
-              upstream_name: att-cicd
-              branches: "master"
-            - name: mall
-              upstream_name: mall
-              branches: "master"
-            - name: quickplay
-              upstream_name: quickplay
-              branches: "master"
-            - name: ril-jamnagar
-              upstream_name: ril-jamnagar-lab
-              branches: "master,jlab,next"
-            - name: vf-cloudstore
-              upstream_name: vf-cloudstore
-              branches: "master"
           template:
             type: workflow-scm
             concurrent: false
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index 3b5f647..c2c8996 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -6,35 +6,6 @@
       job_template:
         test_salt_model:
           name: test-salt-model-{{name}}
-          jobs:
-            - name: aeg
-              extra_formulas: ""
-            - name: att-cicd
-              extra_formulas: ""
-            - name: mall
-              extra_formulas: ""
-            - name: mcp-baremetal-lab
-              extra_formulas: ""
-            - name: mcp-virtual-lab
-              extra_formulas: "prometheus telegraf"
-            - name: mk-ci
-              extra_formulas: ""
-            - name: qa
-              extra_formulas: ""
-            - name: quickplay
-              extra_formulas: ""
-            - name: ril-jamnagar
-              extra_formulas: ""
-            - name: slovaktelekom
-              extra_formulas: ""
-            - name: stacklight
-              extra_formulas: ""
-            - name: statens
-              extra_formulas: ""
-            - name: training
-              extra_formulas: ""
-            - name: vf-cloudstore
-              extra_formulas: ""
           template:
             type: workflow-scm
             scm:
@@ -48,7 +19,8 @@
                 project:
                   salt-models/{{name}}:
                     branches:
-                      - master
+                      - compare_type: "REG_EXP"
+                        name: "{{branch}}"
                 event:
                   patchset:
                     - created:
@@ -81,9 +53,6 @@
                 default: "{{extra_formulas}}"
         test_system_reclass:
           name: test-salt-model-{{name}}
-          jobs:
-            - name: reclass-system
-              clusters: "mcp-baremetal-lab,mcp-virtual-lab,qa,stacklight,training"
           template:
             type: workflow-scm
             scm:
@@ -161,3 +130,6 @@
               PARALLEL_NODE_GROUP_SIZE:
                 type: string
                 default: "1"
+              EXTRA_FORMULAS:
+                type: string
+                default: "xtrabackup"
diff --git a/opencontrail/compute/cluster.yml b/opencontrail/compute/cluster.yml
index 375e600..d10b361 100644
--- a/opencontrail/compute/cluster.yml
+++ b/opencontrail/compute/cluster.yml
@@ -20,6 +20,8 @@
       version: ${_param:opencontrail_version}
       disable_flow_collection: true
       enabled: True
+      bind:
+        address: ${_param:single_address}
       discovery:
         host: ${_param:opencontrail_control_address}
       interface:
diff --git a/openldap/client/groups/mirantis.yml b/openldap/client/groups/mirantis.yml
new file mode 100644
index 0000000..003eba0
--- /dev/null
+++ b/openldap/client/groups/mirantis.yml
@@ -0,0 +1,19 @@
+classes:
+  - system.openldap.client.groups
+parameters:
+  openldap:
+    client:
+      entry:
+        groups:
+          entry:
+            mirantis:
+              attr:
+                description: Mirantis Administrators
+                gidNumber: 20002
+                memberUid:
+                  - akomarek
+                  - fpytloun
+                  - jpavlik
+              classes:
+                - posixGroup
+                - top
diff --git a/openldap/client/people/mirantis.yml b/openldap/client/people/mirantis.yml
new file mode 100644
index 0000000..3673783
--- /dev/null
+++ b/openldap/client/people/mirantis.yml
@@ -0,0 +1,64 @@
+#
+# This class defines Mirantis users. To crypt user password, use this command:
+#   echo "{CRYPT}$(mkpasswd --rounds 500000 -m sha-512 --salt `head -c 40 /dev/random | base64 | sed -e 's/+/./g' |  cut -b 10-25` 'password')"
+#
+classes:
+  - system.openldap.client.people
+  - system.openldap.client.groups.mirantis
+parameters:
+  openldap:
+    client:
+      entry:
+        people:
+          entry:
+            jpavlik:
+              attr:
+                uid: jpavlik
+                userPassword: '{CRYPT}$6$rounds=500000$sSdm1peCUw78UsaP$l55AuiLv3j.0avLg.k8B2jM.xBczuf9CMursuS4QUm0ZEUgIZkmToPU1PiaTJB37zGgv2ubAYbr2oME7.TX8G1'
+                uidNumber: 20051
+                gidNumber: ${openldap:client:entry:groups:entry:mirantis:attr:gidNumber}
+                gecos: "Jakub Pavlik"
+                givenName: Jakub
+                sn: Pavlik
+                homeDirectory: /home/jpavlik
+                loginShell: /bin/bash
+                mail: jpavlik@mirantis.com
+              classes:
+                - posixAccount
+                - inetOrgPerson
+                - top
+                - shadowAccount
+            akomarek:
+              attr:
+                uid: akomarek
+                userPassword: '{CRYPT}$6$rounds=500000$sSdm1peCUw78UsaP$l55AuiLv3j.0avLg.k8B2jM.xBczuf9CMursuS4QUm0ZEUgIZkmToPU1PiaTJB37zGgv2ubAYbr2oME7.TX8G1'
+                uidNumber: 20052
+                gidNumber: ${openldap:client:entry:groups:entry:mirantis:attr:gidNumber}
+                gecos: "Ales Komarek"
+                givenName: Ales
+                sn: Komarek
+                homeDirectory: /home/akomarek
+                loginShell: /bin/bash
+                mail: akomarek@mirantis.com
+              classes:
+                - posixAccount
+                - inetOrgPerson
+                - top
+                - shadowAccount
+            fpytloun:
+              attr:
+                uid: fpytloun
+                userPassword: '{CRYPT}$6$rounds=500000$T84bEG26yetA1384$.Zh2GZu6pjWdS3hA2WVFzMnWe/hD15IeNIiGM.clq4XpKkwzbNeLbIs7F21vMsxzdOs0R8P8fvjepVHyrPrjQ.'
+                uidNumber: 20053
+                gidNumber: ${openldap:client:entry:groups:entry:mirantis:attr:gidNumber}
+                gecos: "Filip Pytloun"
+                givenName: Filip
+                sn: Pytloun
+                homeDirectory: /home/fpytloun
+                loginShell: /bin/bash
+                mail: fpytloun@mirantis.com
+              classes:
+                - posixAccount
+                - inetOrgPerson
+                - top
+                - shadowAccount
diff --git a/openssh/server/team/stacklight.yml b/openssh/server/team/stacklight.yml
index 8e28534..46ba395 100644
--- a/openssh/server/team/stacklight.yml
+++ b/openssh/server/team/stacklight.yml
@@ -93,6 +93,13 @@
           full_name: Krzysztof Szukiełojć
           home: /home/kszukielojc
           email: kszukielojc@mirantis.com
+        isviridov:
+          enabled: true
+          name: isviridov
+          sudo: true
+          full_name: Illia Svyrydov
+          home: /home/isviridov
+          email: isviridov@mirantis.com
   openssh:
     client:
       enabled: true
@@ -164,6 +171,11 @@
           public_keys:
           - ${public_keys:kszukielojc}
           user: ${linux:system:user:kszukielojc}
+        isviridov:
+          enable: true
+          public_keys:
+          - ${public_keys:isviridov}
+          user: ${linux:system:user:isviridov}
   public_keys:
     newt:
       key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
@@ -191,3 +203,5 @@
       key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjpy9RI6iEDH/04eOOwreDa+R32USZiWxyFiKHa8zoDAlOfwaZVg6mZWepOxzwxCJPYusPGXCwQ6Zw9tHxVWOCgtzzPpsCCfhUU4v+99Wh08//W8d/s/WFka+5vqyskAO5Z8Ekk+kQU+jpUBG8/gMxAPBjj0fFc5BNeqDY9r9nmMNK6N2RVjvA6wZ8G5hLGxL9bn5Prhf/+avui1NAfy6gsT/mRt1W+eHWTvpijyNGm+m83jU34dQO6gE48n6WdSylLh/fY/p31rzAURaq1V/AZhdbSuZ8aJYDnfHevpK5+hMjoOop3v3hb7WHEmybGujQfW5HVaaWmG7SFlHeKGE/gZ2P9T+bQ+SgO+PmEAw4LayiBkzTPAHdZ2UGZe+3BI5gdM/ayovK2WVO1jS5FNlNGIvEQW+ws9V+ph+S1jL4jobDJEjs358iXrAYpf4JL+LvxFHiuj6EL51tbo8EU22z5mmgRQQ5eFrDzBuVLhcim651A3a5iSlmCeAQ5rTmHX/Op/PbK+3vAtI8vnlK4AhycLvWQ3kK2DRx+Uhzrlk5v6E14SopAhvpGOHqrLgmoHwHp1xt/9M1JgxkOUK5gccFKTQduxLHoTNBaNcP60IOG/MjqUPcOXSBcAN4Y1RDBg+pwXe4PFgOzwKdFoYeuhvtm8y185S0IvvfCHLCD8pNfQ== akholkin@mirantis.com
     kszukielojc:
       key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCiUm3Z3W3t4v7oe143rCNM/hbg9NU2bYUmQXek8DJPA4c3Xm6u0q+RL9kEXME+3zcj2HKqMxKsCBLXXdFIsgdUbOBV8AYiuySE220FTnEKRmdxsEnfSaBhXxFyIBNoew4gI7URSqAOclt5WuPJTqRM7K4VhbtzwEgeWVd/NUhxMCCtgkdJCYTSmycxmxs7R6V8vMr9Mb8DOqKkSpOu6f3JkR0lwnFN9zGGC4V/60FlJSDzvvI5Tn40ANPHITivs8xME0znsx7t0bF4vQUimvhYn1mumQCY1NwIaxJ/QqasD6Ag9Sn5dxSg9b3SeLn0JM6qKoIqZtfPYVuCp9gmlH0fyzJUdqu4lKKb2wBw/H5lK6icH4+owMawkav55rbvinHQOqmVCr/Bg/rTfc35ycVqjTXH/5J7OhzioKjU0yFkXFS2X/s8gpyxp3beJ+Ea4faoX+kcs0gyhMYzqC7/DOamrau7aVyEAjKYJNy60xRfjCQzjqiurbxVFh+3Fi64UUn7Bl1QV8VEiU3ztJ118psEI7zA+x2VROLZ1jrtaBYZTYB118JZicaFDycEVgg3+BHX3pFH/QSOjLsA4SK+HJjSz8CFKvWwaO6QJv1/3KHpcGEacMvmqKxwpQK0E4WpjWhglZRMPObQ0dBaGClOujgoOIHXtFGILEpWy2SdzDQkHw== kszukielojc@w541
+    isviridov:
+      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGNZxzOm7OsZi/q6Qk71fnvjCfWk4BfxpZ5hDig6N1f9D0iAMaINyNmlF2PxstSLW0Mjdq2tXTUvVWlYpGrw+YLHQmVk8dckmLdUAxe2Z0oEvtWhiQC64927ibBTgQ2Tjfkao+PFYPbdjiO4FgRymS1/FpGKhvpdyPDCcOLrxsMSK9YpPi4kbkd4GmlGMercuaEzP3JOOzJioOOLtEw3LOLWG5mAIzXjGFxuCNdTI4gqxQm/iw/tOpb9PcsY10EapZsS4Pd8j58vuhJlwdoTxI3gzySJcTlWm0tcphex0g8X0tEUI+zVjemJcrYkZgUpb6x5/mUjNxC4nv+4A4yMTP
diff --git a/prometheus/server/remote_write/docker.yml b/prometheus/server/remote_write/docker.yml
new file mode 100644
index 0000000..356f31f
--- /dev/null
+++ b/prometheus/server/remote_write/docker.yml
@@ -0,0 +1,8 @@
+parameters:
+  prometheus:
+    server:
+      config:
+        remote_write:
+          docker_remote_write:
+            enabled: true
+            url: http://monitoring_remote_storage_adapter:${prometheus:remote_storage_adapter:bind:port}/write
diff --git a/rundeck/client/project/cicd.yml b/rundeck/client/project/cicd.yml
index e33fcae..1a4b228 100644
--- a/rundeck/client/project/cicd.yml
+++ b/rundeck/client/project/cicd.yml
@@ -1,4 +1,13 @@
 parameters:
+  _param:
+    rundeck_cis_os_auth_url: none
+    rundeck_cis_os_username: admin
+    rundeck_cis_os_password: password
+    rundeck_cis_os_project_name: admin
+    rundeck_cis_os_domain_id: default
+    rundeck_cis_jobs_repository: https://gerrit.mcp.mirantis.net/oss/rundeck-cis-jobs
+    rundeck_cis_jobs_revision: master
+    rundeck_cis_elasticsearch_url: none
   rundeck:
     client:
       project:
@@ -20,3 +29,26 @@
               hostname: ${_param:cluster_node03_address}
               username: ${_param:rundeck_runbook_user}
               tags: [cicd, docker]
+          plugin:
+            import:
+              address: ${_param:rundeck_cis_jobs_repository}
+              branch: ${_param:rundeck_cis_jobs_revision}
+      secret:
+        cis/elasticsearch/url:
+          type: password
+          content: ${_param:rundeck_cis_elasticsearch_url}
+        cis/openstack/auth_url:
+          type: password
+          content: ${_param:rundeck_cis_os_auth_url}
+        cis/openstack/username:
+          type: password
+          content: ${_param:rundeck_cis_os_username}
+        cis/openstack/password:
+          type: password
+          content: ${_param:rundeck_cis_os_password}
+        cis/openstack/project_name:
+          type: password
+          content: ${_param:rundeck_cis_os_project_name}
+        cis/openstack/domain_id:
+          type: password
+          content: ${_param:rundeck_cis_os_domain_id}
diff --git a/rundeck/client/runbook.yml b/rundeck/client/runbook.yml
index cb94025..a41481a 100644
--- a/rundeck/client/runbook.yml
+++ b/rundeck/client/runbook.yml
@@ -9,6 +9,8 @@
           name: ${_param:rundeck_runbook_user}
           system: true
           sudo: true
+          groups:
+            - docker
           full_name: Rundeck Remote
           home: /var/lib/runbook
   openssh:
@@ -20,3 +22,5 @@
           public_keys:
             - key: ${_param:rundeck_runbook_public_key}
           user: ${linux:system:user:runbook}
+      accept_env:
+        - RD_OPTION_*
diff --git a/telegraf/agent/remote.yml b/telegraf/agent/remote.yml
index ecbae25..c634d54 100644
--- a/telegraf/agent/remote.yml
+++ b/telegraf/agent/remote.yml
@@ -3,6 +3,7 @@
 parameters:
   telegraf:
     remote_agent:
+      omit_hostname: true
       dir:
         config: /srv/volumes/local/telegraf
         config_d: /srv/volumes/local/telegraf/telegraf.d