Merge "Create amphora flavor for Octavia"
diff --git a/docker/swarm/stack/jenkins/slave.yml b/docker/swarm/stack/jenkins/slave.yml
index 52015ec..fc281b7 100644
--- a/docker/swarm/stack/jenkins/slave.yml
+++ b/docker/swarm/stack/jenkins/slave.yml
@@ -31,6 +31,7 @@
                 - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
                 - /var/run/docker.sock:/var/run/docker.sock
                 - /usr/bin/docker:/usr/bin/docker:ro
+                - /var/lib/jenkins:/var/lib/jenkins
             slave02:
               environment:
                 JENKINS_URL: ${_param:jenkins_master_url}
@@ -50,6 +51,7 @@
                 - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
                 - /var/run/docker.sock:/var/run/docker.sock
                 - /usr/bin/docker:/usr/bin/docker:ro
+                - /var/lib/jenkins:/var/lib/jenkins
             slave03:
               environment:
                 JENKINS_URL: ${_param:jenkins_master_url}
@@ -69,3 +71,4 @@
                 - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
                 - /var/run/docker.sock:/var/run/docker.sock
                 - /usr/bin/docker:/usr/bin/docker:ro
+                - /var/lib/jenkins:/var/lib/jenkins
diff --git a/gerrit/client/project/docker_images.yml b/gerrit/client/project/docker_images.yml
new file mode 100644
index 0000000..cc35eb3
--- /dev/null
+++ b/gerrit/client/project/docker_images.yml
@@ -0,0 +1,20 @@
+parameters:
+  gerrit:
+    client:
+      project:
+        mk/docker-aptly:
+          enabled: true
+          description: Aptly docker images
+          upstream: https://github.com/tcpcloud/docker-aptly
+          access: ${gerrit:client:default_access}
+          require_change_id: true
+          require_agreement: false
+          merge_content: true
+        mk/python-flask-hello:
+          enabled: true
+          description: Flask hello demo application
+          upstream: https://github.com/tcpcloud/python-flask-hello
+          access: ${gerrit:client:default_access}
+          require_change_id: true
+          require_agreement: false
+          merge_content: true
diff --git a/glance/control/image_manager.yml b/glance/control/image_manager.yml
index 37b2ca0..27103a3 100644
--- a/glance/control/image_manager.yml
+++ b/glance/control/image_manager.yml
@@ -2,4 +2,4 @@
   glance:
     server:
       policy:
-        publicize_image: 'role:admin or role:image_manager'
+        publicize_image: ['role:admin', 'role:image_manager']
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index c5a6709..80cff31 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -271,6 +271,8 @@
               dist: xenial
             - name: heka
               dist: xenial
+            - name: helm
+              dist: xenial
             - name: influxdb
               dist: xenial
             - name: iptables
diff --git a/jenkins/client/job/debian/packages/testing.yml b/jenkins/client/job/debian/packages/testing.yml
index 4a17efc..6218903 100644
--- a/jenkins/client/job/debian/packages/testing.yml
+++ b/jenkins/client/job/debian/packages/testing.yml
@@ -19,13 +19,13 @@
               url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
               credentials: "gerrit"
               script: build-debian-packages-{{build}}.groovy
-            trigger:
-              pollscm:
-                spec: ${_param:jenkins_pollscm_spec}
+            # trigger:
+            #   pollscm:
+            #     spec: ${_param:jenkins_pollscm_spec}
             param:
               SOURCE_URL:
                 type: string
-                default: "https://github.com/tcpcloud/python-flask-hello.git"
+                default: "${_param:jenkins_gerrit_url}/mk/python-flask-hello"
               SOURCE_BRANCH:
                 type: string
                 default: "{{branch}}"
diff --git a/jenkins/client/job/docker/testing.yml b/jenkins/client/job/docker/testing.yml
new file mode 100644
index 0000000..c1184b6
--- /dev/null
+++ b/jenkins/client/job/docker/testing.yml
@@ -0,0 +1,57 @@
+parameters:
+  jenkins:
+    client:
+      job_template:
+        docker-build-image-testing:
+          name: docker-build-image-{{name}}-{{branch}}
+          jobs:
+            - name: python-flask-hello
+              branch: "master"
+              tags: "latest"
+              dockerfile: "Dockerfile"
+          template:
+            discard:
+              build:
+                keep_num: 5
+              artifact:
+                keep_num: 5
+            type: workflow-scm
+            concurrent: true
+            scm:
+              type: git
+              url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+              credentials: "gerrit"
+              script: docker-build-image-pipeline.groovy
+            trigger:
+              reverse:
+                projects:
+                  - build-debian-python-flask-hello-ubuntu-trusty
+                state: UNSTABLE
+            param:
+              IMAGE_NAME:
+                type: string
+                default: "tcpcloud/{{name}}"
+              IMAGE_GIT_URL:
+                type: string
+                default: "${_param:jenkins_gerrit_url}/mk/python-flask-hello"
+              IMAGE_BRANCH:
+                type: string
+                default: "{{branch}}"
+              IMAGE_CREDENTIALS_ID:
+                type: string
+                default: "gerrit"
+              IMAGE_TAGS:
+                type: string
+                default: "{{tags}}"
+              DOCKERFILE_PATH:
+                type: string
+                default: "{{dockerfile}}"
+              REGISTRY_URL:
+                type: string
+                default: ""
+              REGISTRY_CREDENTIALS_ID:
+                type: string
+                default: "dockerhub"
+              DOCKER_GIT_TAG:
+                type: boolean
+                default: "true"
diff --git a/jenkins/client/job/git-mirrors/downstream/docker_images.yml b/jenkins/client/job/git-mirrors/downstream/docker_images.yml
index 2471280..ff1c649 100644
--- a/jenkins/client/job/git-mirrors/downstream/docker_images.yml
+++ b/jenkins/client/job/git-mirrors/downstream/docker_images.yml
@@ -6,4 +6,8 @@
       - name: docker-aptly
         downstream: mk/docker-aptly
         upstream: "https://github.com/tcpcloud/docker-aptly"
-        branches: master
\ No newline at end of file
+        branches: master
+      - name: python-flask-hello
+        downstream: mk/python-flask-hello
+        upstream: "https://github.com/tcpcloud/python-flask-hello"
+        branches: master
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
index 4a7cf95..01c3baf 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
@@ -8,112 +8,219 @@
           name: git-mirror-2way-salt-formula-{{name}}
           jobs:
             - name: aodh
+              branches: ${_param:salt_formulas_branches}
             - name: apache
+              branches: ${_param:salt_formulas_branches}
             - name: aptcacher
+              branches: ${_param:salt_formulas_branches}
             - name: aptly
+              branches: ${_param:salt_formulas_branches}
             - name: artifactory
+              branches: ${_param:salt_formulas_branches}
             - name: backupninja
+              branches: ${_param:salt_formulas_branches}
             - name: avinetworks
+              branches: ${_param:salt_formulas_branches}
             - name: billometer
+              branches: ${_param:salt_formulas_branches}
             - name: bind
+              branches: ${_param:salt_formulas_branches}
             - name: bird
+              branches: ${_param:salt_formulas_branches}
             - name: cadf
+              branches: ${_param:salt_formulas_branches}
             - name: calico
+              branches: ${_param:salt_formulas_branches}
             - name: cassandra
+              branches: ${_param:salt_formulas_branches}
             - name: ccp
+              branches: ${_param:salt_formulas_branches}
             - name: ceilometer
+              branches: ${_param:salt_formulas_extra_branches}
             - name: ceph
+              branches: ${_param:salt_formulas_branches}
             - name: chrony
+              branches: ${_param:salt_formulas_branches}
             - name: cinder
+              branches: ${_param:salt_formulas_extra_branches}
             - name: collectd
+              branches: ${_param:salt_formulas_branches}
             - name: dekapod
+              branches: ${_param:salt_formulas_branches}
             - name: devops-portal
+              branches: ${_param:salt_formulas_branches}
             - name: docker
+              branches: ${_param:salt_formulas_branches}
             - name: dovecot
+              branches: ${_param:salt_formulas_branches}
             - name: elasticsearch
+              branches: ${_param:salt_formulas_branches}
             - name: etcd
+              branches: ${_param:salt_formulas_branches}
             - name: foreman
+              branches: ${_param:salt_formulas_branches}
             - name: freeipa
+              branches: ${_param:salt_formulas_branches}
             - name: galera
+              branches: ${_param:salt_formulas_branches}
             - name: gerrit
+              branches: ${_param:salt_formulas_branches}
             - name: git
+              branches: ${_param:salt_formulas_branches}
             - name: gitlab
+              branches: ${_param:salt_formulas_branches}
             - name: glance
+              branches: ${_param:salt_formulas_extra_branches}
             - name: glusterfs
+              branches: ${_param:salt_formulas_branches}
             - name: gnocchi
+              branches: ${_param:salt_formulas_branches}
             - name: grafana
+              branches: ${_param:salt_formulas_branches}
             - name: graphite
+              branches: ${_param:salt_formulas_branches}
             - name: haproxy
+              branches: ${_param:salt_formulas_branches}
             - name: heat
+              branches: ${_param:salt_formulas_extra_branches}
             - name: heka
+              branches: ${_param:salt_formulas_branches}
             - name: horizon
+              branches: ${_param:salt_formulas_extra_branches}
             - name: influxdb
+              branches: ${_param:salt_formulas_branches}
             - name: iptables
+              branches: ${_param:salt_formulas_branches}
             - name: ironic
+              branches: ${_param:salt_formulas_branches}
             - name: isc-dhcp
+              branches: ${_param:salt_formulas_branches}
             - name: java
+              branches: ${_param:salt_formulas_branches}
             - name: jenkins
+              branches: ${_param:salt_formulas_branches}
             - name: kedb
+              branches: ${_param:salt_formulas_branches}
             - name: keepalived
+              branches: ${_param:salt_formulas_branches}
             - name: keystone
+              branches: ${_param:salt_formulas_extra_branches}
             - name: kibana
+              branches: ${_param:salt_formulas_branches}
             - name: kubernetes
+              branches: ${_param:salt_formulas_extra_branches}
             - name: letsencrypt
+              branches: ${_param:salt_formulas_branches}
             - name: libvirt
+              branches: ${_param:salt_formulas_branches}
             - name: linux
+              branches: ${_param:salt_formulas_branches}
             - name: lldp
+              branches: ${_param:salt_formulas_branches}
             - name: logrotate
+              branches: ${_param:salt_formulas_branches}
             - name: maas
+              branches: ${_param:salt_formulas_branches}
             - name: magnum
+              branches: ${_param:salt_formulas_branches}
             - name: memcached
+              branches: ${_param:salt_formulas_branches}
             - name: midonet
+              branches: ${_param:salt_formulas_branches}
             - name: monasca
+              branches: ${_param:salt_formulas_branches}
             - name: mongodb
+              branches: ${_param:salt_formulas_branches}
             - name: murano
+              branches: ${_param:salt_formulas_branches}
             - name: mysql
+              branches: ${_param:salt_formulas_branches}
             - name: nagios
+              branches: ${_param:salt_formulas_branches}
             - name: network
+              branches: ${_param:salt_formulas_branches}
             - name: neutron
+              branches: ${_param:salt_formulas_extra_branches}
             - name: nfs
+              branches: ${_param:salt_formulas_branches}
             - name: nginx
+              branches: ${_param:salt_formulas_branches}
             - name: nodejs
+              branches: ${_param:salt_formulas_branches}
             - name: nova
+              branches: ${_param:salt_formulas_extra_branches}
             - name: ntp
+              branches: ${_param:salt_formulas_branches}
             - name: octavia
+              branches: ${_param:salt_formulas_branches}
             - name: opencontrail
+              branches: ${_param:salt_formulas_branches}
             - name: openldap
+              branches: ${_param:salt_formulas_branches}
             - name: openssh
+              branches: ${_param:salt_formulas_branches}
             - name: openvpn
+              branches: ${_param:salt_formulas_branches}
             - name: openvstorage
+              branches: ${_param:salt_formulas_branches}
             - name: owncloud
+              branches: ${_param:salt_formulas_branches}
             - name: panko
+              branches: ${_param:salt_formulas_branches}
             - name: postfix
+              branches: ${_param:salt_formulas_branches}
             - name: postgresql
+              branches: ${_param:salt_formulas_branches}
             - name: powerdns
+              branches: ${_param:salt_formulas_branches}
             - name: pritunl
+              branches: ${_param:salt_formulas_branches}
             - name: prometheus
+              branches: ${_param:salt_formulas_branches}
             - name: python
+              branches: ${_param:salt_formulas_branches}
             - name: rabbitmq
+              branches: ${_param:salt_formulas_branches}
             - name: reclass
+              branches: ${_param:salt_formulas_branches}
             - name: redis
+              branches: ${_param:salt_formulas_branches}
             - name: roundcube
+              branches: ${_param:salt_formulas_branches}
             - name: rsync
+              branches: ${_param:salt_formulas_branches}
             - name: rsyslog
+              branches: ${_param:salt_formulas_branches}
             - name: rundeck
+              branches: ${_param:salt_formulas_branches}
             - name: sahara
+              branches: ${_param:salt_formulas_branches}
             - name: salt
+              branches: ${_param:salt_formulas_branches}
             - name: sensu
+              branches: ${_param:salt_formulas_branches}
             - name: sentry
+              branches: ${_param:salt_formulas_branches}
             - name: sphinx
+              branches: ${_param:salt_formulas_branches}
             - name: spinnaker
+              branches: ${_param:salt_formulas_branches}
             - name: statsd
+              branches: ${_param:salt_formulas_branches}
             - name: supervisor
+              branches: ${_param:salt_formulas_branches}
             - name: swift
+              branches: ${_param:salt_formulas_extra_branches}
             - name: taiga
+              branches: ${_param:salt_formulas_branches}
             - name: telegraf
+              branches: ${_param:salt_formulas_branches}
             - name: varnish
+              branches: ${_param:salt_formulas_branches}
             - name: xtrabackup
+              branches: ${_param:salt_formulas_branches}
             - name: zookeeper
+              branches: ${_param:salt_formulas_branches}
           template:
             discard:
               build:
@@ -145,4 +252,4 @@
                 default: "gerrit"
               BRANCHES:
                 type: string
-                default: ${_param:salt_formulas_branches}
+                default: "{{branches}}"
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/init.yml b/jenkins/client/job/salt-formulas/git-mirrors/init.yml
index 9b1d77d..b46aebc 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/init.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/init.yml
@@ -2,4 +2,5 @@
   - system.jenkins.client.job.salt-formulas.git-mirrors.2way
 parameters:
   _param:
-    salt_formulas_branches: master
+    salt_formulas_branches: "master"
+    salt_formulas_extra_branches: "master,debian/xenial,debian/trusty"
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index eed632e..15eff13 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -45,6 +45,7 @@
             - name: haproxy
             - name: heat
             - name: heka
+            - name: helm
             - name: horizon
             - name: influxdb
             - name: iptables
diff --git a/jenkins/client/job/test_devops_portal.yml b/jenkins/client/job/test_devops_portal.yml
index abe2a36..3200283 100644
--- a/jenkins/client/job/test_devops_portal.yml
+++ b/jenkins/client/job/test_devops_portal.yml
@@ -6,16 +6,16 @@
           name: test-oss-devops-portal
           discard:
             build:
-              keep_num: 10
+              keep_num: 15
             artifact:
-              keep_num: 10
+              keep_num: 15
           type: workflow-scm
           concurrent: true
           scm:
             type: git
             url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
             credentials: "gerrit"
-            script: test-nodejs-pipeline.groovy
+            script: test-devops-portal-pipeline.groovy
           trigger:
             gerrit:
               project:
@@ -32,21 +32,9 @@
                   - addedContains:
                       commentAddedCommentContains: '(recheck|reverify)'
           param:
-            COMPOSE_PATH:
-              type: string
-              default: "docker/stack/docker-compose.yml"
             CREDENTIALS_ID:
               type: string
               default: "gerrit"
-            JSON_CONFIG:
-              type: string
-              default: '{"services": {"elasticsearch": {"endpoint": "http://elasticsearch:9200"}}}'
-            COMMANDS:
-              type: text
-              default: |
-                npm run lint
-                npm run test:unit
-                npm run test:functional
             DEFAULT_GIT_URL:
                 type: string
                 default: "${_param:jenkins_gerrit_url}/oss/devops-portal"
diff --git a/keystone/client/service/keystone3.yml b/keystone/client/service/keystone3.yml
index cc385f2..bd0c63b 100644
--- a/keystone/client/service/keystone3.yml
+++ b/keystone/client/service/keystone3.yml
@@ -20,4 +20,4 @@
                 internal_path: '/v3'
                 admin_address: ${_param:keystone_service_host}
                 admin_port: 35357
-                admin_path: '/v3'
+                admin_path: '/v2.0'
diff --git a/nginx/server/proxy/openstack_api.yml b/nginx/server/proxy/openstack_api.yml
index 5c4a1fa..fc4f54c 100644
--- a/nginx/server/proxy/openstack_api.yml
+++ b/nginx/server/proxy/openstack_api.yml
@@ -85,7 +85,7 @@
             name: ${_param:nginx_proxy_openstack_api_host}
             port: 9696
           ssl: ${_param:nginx_proxy_ssl}
-        nginx_proxy_openstack_api_heat_cfn:
+        nginx_proxy_openstack_api_heat_cloudwatch:
           enabled: true
           type: nginx_proxy
           name: openstack_api_heat_cfn
@@ -97,6 +97,18 @@
             name: ${_param:nginx_proxy_openstack_api_host}
             port: 8000
           ssl: ${_param:nginx_proxy_ssl}
+        nginx_proxy_openstack_api_heat_cfn:
+          enabled: true
+          type: nginx_proxy
+          name: openstack_api_heat_cloudwatch
+          proxy:
+            host: ${_param:heat_service_host}
+            port: 8003
+            protocol: http
+          host:
+            name: ${_param:nginx_proxy_openstack_api_host}
+            port: 8003
+          ssl: ${_param:nginx_proxy_ssl}
         nginx_proxy_openstack_api_heat:
           enabled: true
           type: nginx_proxy
diff --git a/rundeck/client/runbook.yml b/rundeck/client/runbook.yml
index a41481a..773673b 100644
--- a/rundeck/client/runbook.yml
+++ b/rundeck/client/runbook.yml
@@ -13,6 +13,10 @@
             - docker
           full_name: Rundeck Remote
           home: /var/lib/runbook
+      group:
+        docker:
+          enabled: true
+          name: docker
   openssh:
     server:
       enabled: true