Merge "Changed body request max size accepted by proxy for rados-gw service. Was 10240MB, now 20MB."
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 90fa9d5..7ef537a 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -32,7 +32,7 @@
     docker_image_grafana: "${_param:mcp_docker_registry}/openstack-docker/grafana:${_param:mcp_version}"
     docker_image_prometheus_es_exporter: "${_param:mcp_docker_registry}/openstack-docker/prometheus-es-exporter:${_param:mcp_version}"
     docker_image_prometheus: "${_param:mcp_docker_registry}/openstack-docker/prometheus:${_param:mcp_version}"
-    docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/gainsight:${_param:mcp_version}"
+    docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/sf-reporter:2019.2.9"
     docker_image_prometheus_gainsight_elasticsearch: "${_param:mcp_docker_registry}/openstack-docker/gainsight_elasticsearch:${_param:mcp_version}"
     docker_image_prometheus_relay: "${_param:mcp_docker_registry}/openstack-docker/prometheus-relay:${_param:mcp_version}"
     docker_image_pushgateway: "${_param:mcp_docker_registry}/openstack-docker/pushgateway:${_param:mcp_version}"
@@ -121,7 +121,7 @@
           name: prometheus:${_param:mcp_version}
         - registry: ${_param:mcp_docker_registry}/openstack-docker
           target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
-          name: gainsight:2019.2.4
+          name: sf-reporter:2019.2.9
         - registry: ${_param:mcp_docker_registry}/openstack-docker
           target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
           name: telegraf:2019.2.5
diff --git a/defaults/stacklight.yml b/defaults/stacklight.yml
index 8838246..225120f 100644
--- a/defaults/stacklight.yml
+++ b/defaults/stacklight.yml
@@ -6,3 +6,10 @@
     # ELK stack versions
     elasticsearch_version: 5
     kibana_version: 5
+    # Salesforce
+    sf_notifier_sfdc_auth_url: "default"
+    sf_notifier_sfdc_username: "default"
+    sf_notifier_sfdc_password: "default"
+    sf_notifier_sfdc_organization_id: "default"
+    sf_notifier_sfdc_environment_id: "default"
+    sf_notifier_sfdc_sandbox_enabled: "True"
diff --git a/docker/swarm/stack/monitoring/gainsight.yml b/docker/swarm/stack/monitoring/gainsight.yml
index 554c8ec..4cd45f7 100644
--- a/docker/swarm/stack/monitoring/gainsight.yml
+++ b/docker/swarm/stack/monitoring/gainsight.yml
@@ -2,19 +2,17 @@
 - system.prometheus.gainsight.container
 parameters:
   _param:
-    gainsight_enabled: 'true'
-    gainsight_csv_upload_url: 'http://localhost:9999'
-    gainsight_account_id: 'default'
-    gainsight_environment_id: 'default'
-    gainsight_app_org_id: 'default'
-    gainsight_access_key: 'default'
-    gainsight_job_id: 'default'
-    gainsight_login: 'default'
+    gainsight_cluster_id: '${_param:cluster_domain}'
     gainsight_prometheus_url: "http://${_param:stacklight_monitor_address}:15010"
     gainsight_config_directory: '/srv/gainsight'
     gainsight_crontab_directory: '/etc/cron.d'
     gainsight_config_path: "${_param:gainsight_config_directory}/config.ini"
-    gainsight_csv_retention: 180
+    gainsight_sfdc_auth_url: "${_param:sf_notifier_sfdc_auth_url}"
+    gainsight_sfdc_username: "${_param:sf_notifier_sfdc_username}"
+    gainsight_sfdc_password: "${_param:sf_notifier_sfdc_password}"
+    gainsight_sfdc_organization_id: "${_param:sf_notifier_sfdc_organization_id}"
+    gainsight_sfdc_environment_id: "${_param:sf_notifier_sfdc_environment_id}"
+    gainsight_sfdc_sandbox_enabled: "${_param:sf_notifier_sfdc_sandbox_enabled}"
   docker:
     client:
       stack:
@@ -40,16 +38,13 @@
               volumes:
                 - ${prometheus:gainsight:dir:config}:${_param:gainsight_config_directory}
                 - ${prometheus:gainsight:dir:crontab}:${_param:gainsight_crontab_directory}
-                - ${prometheus:gainsight:dir:csv}:/opt/gainsight/csv
               environment:
-                CSV_UPLOAD_URL: "${_param:gainsight_csv_upload_url}"
-                ACCOUNT_ID: "${_param:gainsight_account_id}"
-                ENVIRONMENT_ID: "${_param:gainsight_environment_id}"
-                APP_ORG_ID: "${_param:gainsight_app_org_id}"
-                ACCESS_KEY: "${_param:gainsight_access_key}"
-                JOB_ID: "${_param:gainsight_job_id}"
-                LOGIN: "${_param:gainsight_login}"
+                CLUSTER_ID: "${_param:gainsight_cluster_id}"
                 PROMETHEUS_URL: "${_param:gainsight_prometheus_url}"
                 CONFIG_PATH: "${_param:gainsight_config_path}"
-                ENABLED: "${_param:gainsight_enabled}"
-                RETENTION: ${_param:gainsight_csv_retention}
+                SFDC_AUTH_URL: "${_param:gainsight_sfdc_auth_url}"
+                SFDC_USERNAME: "${_param:gainsight_sfdc_username}"
+                SFDC_PASSWORD: "${_param:gainsight_sfdc_password}"
+                SFDC_ORGANIZATION_ID: "${_param:gainsight_sfdc_organization_id}"
+                SFDC_ENVIRONMENT_ID: "${_param:gainsight_sfdc_environment_id}"
+                SFDC_SANDBOX_ENABLED: "${_param:gainsight_sfdc_sandbox_enabled}"
diff --git a/haproxy/proxy/listen/openstack/designate.yml b/haproxy/proxy/listen/openstack/designate.yml
index 1310be4..0f19a1f 100644
--- a/haproxy/proxy/listen/openstack/designate.yml
+++ b/haproxy/proxy/listen/openstack/designate.yml
@@ -20,3 +20,7 @@
             host: ${_param:cluster_node02_address}
             port: ${_param:haproxy_designate_port}
             params: ${_param:haproxy_designate_check_params}
+          - name: ${_param:cluster_node03_hostname}
+            host: ${_param:cluster_node03_address}
+            port: ${_param:haproxy_designate_port}
+            params: ${_param:haproxy_designate_check_params}
diff --git a/haproxy/proxy/listen/openstack/designate_large.yml b/haproxy/proxy/listen/openstack/designate_large.yml
new file mode 100644
index 0000000..01d92aa
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/designate_large.yml
@@ -0,0 +1,34 @@
+parameters:
+  _param:
+    haproxy_designate_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_designate_port: 9001
+  haproxy:
+    proxy:
+      listen:
+        designate_api:
+          type: openstack-service
+          service_name: designate
+          binds:
+          - address: ${_param:cluster_vip_address}
+            port: ${_param:haproxy_designate_port}
+          servers:
+          - name: ${_param:cluster_node01_hostname}
+            host: ${_param:cluster_node01_address}
+            port: ${_param:haproxy_designate_port}
+            params: ${_param:haproxy_designate_check_params}
+          - name: ${_param:cluster_node02_hostname}
+            host: ${_param:cluster_node02_address}
+            port: ${_param:haproxy_designate_port}
+            params: ${_param:haproxy_designate_check_params}
+          - name: ${_param:cluster_node03_hostname}
+            host: ${_param:cluster_node03_address}
+            port: ${_param:haproxy_designate_port}
+            params: ${_param:haproxy_designate_check_params}
+          - name: ${_param:cluster_node04_hostname}
+            host: ${_param:cluster_node04_address}
+            port: ${_param:haproxy_designate_port}
+            params: ${_param:haproxy_designate_check_params}
+          - name: ${_param:cluster_node05_hostname}
+            host: ${_param:cluster_node05_address}
+            port: ${_param:haproxy_designate_port}
+            params: ${_param:haproxy_designate_check_params}
diff --git a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
index bcbe990..794b526 100644
--- a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
+++ b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
@@ -57,6 +57,8 @@
                 OS_UPGRADE: false
                 # Run apt-get dist-upgrade on Drivetrain nodes and reboot to apply changes
                 OS_DIST_UPGRADE: false
+                # Whether to apply cluster model workarounds from the pipeline
+                APPLY_MODEL_WORKAROUNDS: true
                 # Next parameters added only for test purposes and not enabled by default
                 # RECLASS_SYSTEM_BRANCH: ''
             PIPELINE_TIMEOUT:
diff --git a/jenkins/client/job/deploy/update/upgrade_stacklight.yml b/jenkins/client/job/deploy/update/upgrade_stacklight.yml
index 57747e4..f043de8 100644
--- a/jenkins/client/job/deploy/update/upgrade_stacklight.yml
+++ b/jenkins/client/job/deploy/update/upgrade_stacklight.yml
@@ -39,3 +39,11 @@
               type: boolean
               default: 'true'
               description: "Set to True if upgrade for components running in Docker Swarm is desired"
+            OS_UPGRADE:
+              type: boolean
+              default: 'false'
+              description: 'Run apt-get upgrade on Stacklight nodes'
+            OS_DIST_UPGRADE:
+              type: boolean
+              default: 'false'
+              description: 'Run apt-get dist-upgrade on Stacklight nodes and reboot to apply changes'
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index a59fe91..5d1dbdb 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -20,7 +20,7 @@
               keep_num: 50
             artifact:
               keep_num: 50
-          concurrent: true
+          concurrent: false
           scm:
             type: git
             url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
diff --git a/maas/region/single.yml b/maas/region/single.yml
index 175fbff..4cdfd11 100644
--- a/maas/region/single.yml
+++ b/maas/region/single.yml
@@ -5,6 +5,13 @@
   _param:
     maas_admin_username: mirantis
     maas_region_main_archive: ${_param:linux_system_repo_update_url}/ubuntu/
+  # Pin distro-info-data package. See PROD-34940 for details
+  linux:
+    system:
+      package:
+        distro-info-data:
+          version: 0.28ubuntu0.9
+          hold: true
   maas:
     cluster:
       enabled: true
diff --git a/nginx/server/proxy/salt_api.yml b/nginx/server/proxy/salt_api.yml
index f559ef4..4a1f5b1 100644
--- a/nginx/server/proxy/salt_api.yml
+++ b/nginx/server/proxy/salt_api.yml
@@ -21,6 +21,9 @@
             host: ${_param:infra_config_hostname}.${_param:cluster_domain}
             port: ${_param:nginx_proxy_salt_api_proxy_port}
             protocol: ${_param:nginx_proxy_salt_api_proxy_protocol}
+            # Prevent nginx from caching request body
+            request_buffer: false
+            timeout: 1800
           host:
             name: ${_param:infra_config_hostname}.${_param:cluster_domain}
             port: ${_param:nginx_proxy_salt_api_site_port}
diff --git a/prometheus/gainsight/container.yml b/prometheus/gainsight/container.yml
index f98e052..fda03e8 100644
--- a/prometheus/gainsight/container.yml
+++ b/prometheus/gainsight/container.yml
@@ -1,3 +1,2 @@
 classes:
 - service.prometheus.gainsight.container
-
diff --git a/prometheus/gainsight/elasticsearch_container.yml b/prometheus/gainsight/elasticsearch_container.yml
index 8a10fbf..a32320f 100644
--- a/prometheus/gainsight/elasticsearch_container.yml
+++ b/prometheus/gainsight/elasticsearch_container.yml
@@ -1,3 +1,2 @@
 classes:
 - service.prometheus.gainsight.elasticsearch_container
-
diff --git a/salt/control/virt.yml b/salt/control/virt.yml
index 8f599bd..3cd93d8 100644
--- a/salt/control/virt.yml
+++ b/salt/control/virt.yml
@@ -5,6 +5,7 @@
     control:
       enabled: True
       virt_enabled: True
+      file_mask: 022
   virt:
     nic:
       default:
diff --git a/sphinx/server/doc/reclass.yml b/sphinx/server/doc/reclass.yml
index 53fa5dd..651ec48 100644
--- a/sphinx/server/doc/reclass.yml
+++ b/sphinx/server/doc/reclass.yml
@@ -3,6 +3,9 @@
 parameters:
   _param:
     nginx_static_reclass_doc_host: ${_param:cluster_public_host}
+    nginx_proxy_sphinx_user: sphinx
+    nginx_proxy_sphinx_password: ${_param:sphinx_proxy_password_generated}
+    nginx_proxy_sphinx_htpasswd_file: .htpasswd_sphinx
   sphinx:
     server:
       doc:
@@ -13,12 +16,22 @@
             engine: reclass
   nginx:
     server:
+      user:
+        sphinx:
+          enabled: true
+          name: ${_param:nginx_proxy_sphinx_user}
+          password: ${_param:nginx_proxy_sphinx_password}
+          htpasswd: ${_param:nginx_proxy_sphinx_htpasswd_file}
       site:
         nginx_static_reclass_doc:
           enabled: true
           type: nginx_static
           name: reclass_doc
+          auth:
+            engine: basic
+            htpasswd: ${_param:nginx_proxy_sphinx_htpasswd_file}
           host:
             name: ${_param:nginx_static_reclass_doc_host}
             port: 8090
             protocol: http
+