Merge "add support for large cluster"
diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index d1f6583..fb6839b 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -6,13 +6,15 @@
 parameters:
   _param:
     openstack_event_alarm_topic: alarm.all
+    # Keep alarm history in database for 30 days
+    aodh_alarm_history_ttl: 2592000
   aodh:
     server:
       enabled: true
       role: ${_param:openstack_node_role}
       version: ${_param:aodh_version}
       cluster: true
-      ttl: 86400
+      ttl: ${_param:aodh_alarm_history_ttl}
       debug: false
       verbose: true
       region: ${_param:openstack_region}
@@ -45,3 +47,8 @@
           - host: ${_param:openstack_message_queue_node01_address}
           - host: ${_param:openstack_message_queue_node02_address}
           - host: ${_param:openstack_message_queue_node03_address}
+      # Check for expired alarm history every day at 2 AM
+      expirer:
+        cron:
+          minute: 0
+          hour: 2
diff --git a/aodh/server/single.yml b/aodh/server/single.yml
index b2a55a6..6fec2a6 100644
--- a/aodh/server/single.yml
+++ b/aodh/server/single.yml
@@ -3,10 +3,18 @@
 parameters:
   _param:
     openstack_event_alarm_topic: alarm.all
+    # Keep alarm history in database for 30 days
+    aodh_alarm_history_ttl: 2592000
   aodh:
     server:
+      ttl: ${_param:aodh_alarm_history_ttl}
       role: ${_param:openstack_node_role}
       region: ${_param:openstack_region}
       event_alarm_topic: ${_param:openstack_event_alarm_topic}
       identity:
         region: ${_param:openstack_region}
+      # Check for expired alarm history every day at 2 AM
+      expirer:
+        cron:
+          minute: 0
+          hour: 2
diff --git a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
index d869e94..91eafb0 100644
--- a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
@@ -183,3 +183,5 @@
             804: "--include='/main(.*)libbluetooth3'" # python-guestfs
             805: "--include='/main(.*)llvm-toolchain-5.0'" # pki-ca: < 389-ds-base < dogtag
             806: "--include='/main(.*)man-db'" # include man tool
+            807: "--include='/main(.*)zfs-doc'" # Some extra fs dep's for MAAS provision stage.PROD-21531
+
diff --git a/designate/server/cluster/init.yml b/designate/server/cluster/init.yml
new file mode 100644
index 0000000..f5935d1
--- /dev/null
+++ b/designate/server/cluster/init.yml
@@ -0,0 +1,5 @@
+classes:
+- service.keepalived.cluster.single
+- service.haproxy.proxy.single
+- system.haproxy.proxy.listen.openstack.designate
+- system.designate.server.cluster.simple
\ No newline at end of file
diff --git a/designate/server/cluster.yml b/designate/server/cluster/simple.yml
similarity index 94%
rename from designate/server/cluster.yml
rename to designate/server/cluster/simple.yml
index f60f883..9f9b18b 100644
--- a/designate/server/cluster.yml
+++ b/designate/server/cluster/simple.yml
@@ -1,8 +1,5 @@
 classes:
 - service.designate.server.cluster
-- service.keepalived.cluster.single
-- system.haproxy.proxy.listen.openstack.designate
-- service.haproxy.proxy.single
 parameters:
   _param:
     designate_admin_api_enabled: false
diff --git a/glance/control/storage/ceph.yml b/glance/control/storage/ceph.yml
index d48fb6d..3c5c8d9 100644
--- a/glance/control/storage/ceph.yml
+++ b/glance/control/storage/ceph.yml
@@ -2,7 +2,8 @@
   glance:
     server:
       storage:
+        default_store: rbd
         engine: rbd,http
         user: ${_param:glance_storage_user}
         pool: ${_param:glance_storage_pool}
-        chunk_size: 8
\ No newline at end of file
+        chunk_size: 8
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 409b3f3..a64c76f 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -2,6 +2,7 @@
   - service.jenkins.support
   - service.jenkins.client
   - system.jenkins.client.approved_scripts
+  - system.jenkins.client.plugins
 parameters:
   _param:
     jenkins_client_user: none
@@ -21,49 +22,6 @@
         port: ${_param:jenkins_master_port}
         username: ${_param:jenkins_client_user}
         password: ${_param:jenkins_client_password}
-      plugin:
-        antisamy-markup-formatter: {}
-        artifactory: {}
-        blueocean: {}
-        build-blocker-plugin: {}
-        build-monitor-plugin: {}
-        build-timeout: {}
-        build-user-vars-plugin: {}
-        categorized-view: {}
-        copyartifact: {}
-        description-setter: {}
-        discard-old-build: {}
-        docker-workflow: {}
-        email-ext: {}
-        envinject: {}
-        extended-choice-parameter: {}
-        extensible-choice-parameter: {}
-        gerrit-trigger: {}
-        git: {}
-        github: {}
-        heavy-job: {}
-        jobConfigHistory: {}
-        jira: {}
-        ldap: {}
-        lockable-resources: {}
-        matrix-auth: {}
-        monitoring: {}
-        multiple-scms: {}
-        performance: {}
-        permissive-script-security: {}
-        pipeline-utility-steps: {}
-        plot: {}
-        prometheus: {}
-        rebuild: {}
-        simple-theme-plugin: {}
-        slack: {}
-        ssh-agent: {}
-        test-stability: {}
-        throttle-concurrents: {}
-        workflow-cps: {}
-        workflow-remote-loader: {}
-        workflow-scm-step:
-          restart: true
       lib:
         pipeline-library:
           enabled: true
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 7a9dd04..0619a90 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -201,6 +201,10 @@
               upload_source_package: false
               upload_to_aptly: true
               dist: trusty
+            - name: keycloak
+              upload_source_package: false
+              upload_to_aptly: true
+              dist: trusty
             - name: kibana
               upload_source_package: false
               upload_to_aptly: true
@@ -653,6 +657,10 @@
               upload_source_package: true
               upload_to_aptly: true
               dist: xenial
+            - name: keycloak
+              upload_source_package: true
+              upload_to_aptly: true
+              dist: xenial
             - name: kibana
               upload_source_package: true
               upload_to_aptly: true
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 7d659e8..d1dc00b 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -64,6 +64,7 @@
             - name: jenkins
             - name: kedb
             - name: keepalived
+            - name: keycloak
             - name: keystone
             - name: kibana
             - name: kubernetes
diff --git a/jenkins/client/job/salt-models/generate.yml b/jenkins/client/job/salt-models/generate.yml
index 686e74d..002c618 100644
--- a/jenkins/client/job/salt-models/generate.yml
+++ b/jenkins/client/job/salt-models/generate.yml
@@ -28,3 +28,7 @@
               TEST_MODEL:
                 type: boolean
                 default: false
+              RECLASS_VERSION:
+                type: string
+                default: 'v1.5.4'
+                description: "Version (branch) of Reclass we will use"
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index c820d26..f061e76 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -294,7 +294,11 @@
                 default: "1"
               EXTRA_FORMULAS:
                 type: string
-                default: "aptly artifactory auditd backupninja collectd devops-portal docker elasticsearch fluentd freeipa gerrit glusterfs grafana haproxy heka horizon influxdb jenkins keepalived kibana libvirt maas memcached mysql nginx ntp openldap openssh postfix prometheus rsync rsyslog rundeck sensu sphinx telegraf xtrabackup watchdog"
+                default: "aptly artifactory auditd backupninja collectd devops-portal docker elasticsearch fluentd freeipa gerrit glusterfs grafana haproxy heka horizon influxdb jenkins keepalived kibana libvirt maas memcached mysql nginx ntp openldap openssh postfix prometheus rsync rsyslog rundeck sensu sphinx telegraf xtrabackup watchdog logrotate"
+              RECLASS_VERSION:
+                type: string
+                default: 'v1.5.4'
+                description: "Version (branch) of Reclass we will use"
       job:
         test-salt-model-node:
           name: test-salt-model-node
diff --git a/jenkins/client/plugins/init.yml b/jenkins/client/plugins/init.yml
new file mode 100644
index 0000000..903aae3
--- /dev/null
+++ b/jenkins/client/plugins/init.yml
@@ -0,0 +1,46 @@
+parameters:
+  jenkins:
+    client:
+      plugin:
+        antisamy-markup-formatter: {}
+        artifactory: {}
+        blueocean: {}
+        build-blocker-plugin: {}
+        build-monitor-plugin: {}
+        build-timeout: {}
+        build-user-vars-plugin: {}
+        categorized-view: {}
+        copyartifact: {}
+        description-setter: {}
+        discard-old-build: {}
+        docker-workflow: {}
+        email-ext: {}
+        envinject: {}
+        extended-choice-parameter: {}
+        extensible-choice-parameter: {}
+        gerrit-trigger: {}
+        git: {}
+        github: {}
+        heavy-job: {}
+        jobConfigHistory: {}
+        jira: {}
+        ldap: {}
+        lockable-resources: {}
+        matrix-auth: {}
+        monitoring: {}
+        multiple-scms: {}
+        performance: {}
+        permissive-script-security: {}
+        pipeline-utility-steps: {}
+        plot: {}
+        prometheus: {}
+        rebuild: {}
+        simple-theme-plugin: {}
+        slack: {}
+        ssh-agent: {}
+        test-stability: {}
+        throttle-concurrents: {}
+        workflow-cps: {}
+        workflow-remote-loader: {}
+        workflow-scm-step:
+          restart: true
diff --git a/kubernetes/control/roles/genie-pod-patch.yml b/kubernetes/control/roles/genie-pod-patch.yml
new file mode 100644
index 0000000..2cfa17e
--- /dev/null
+++ b/kubernetes/control/roles/genie-pod-patch.yml
@@ -0,0 +1,2 @@
+classes:
+  - service.kubernetes.control.roles.genie-pod-patch
\ No newline at end of file
diff --git a/linux/system/repo/keystorage/influxdb.yml b/linux/system/repo/keystorage/influxdb.yml
new file mode 100644
index 0000000..2d154cc
--- /dev/null
+++ b/linux/system/repo/keystorage/influxdb.yml
@@ -0,0 +1,59 @@
+parameters:
+  linux:
+    system:
+      repo:
+        mcp_influxdb:
+          # pub   4096R/2582E0C5 2015-09-28
+          key: |
+            -----BEGIN PGP PUBLIC KEY BLOCK-----
+            Version: GnuPG v1
+
+            mQINBFYJmwQBEADCw7mob8Vzk+DmkYyiv0dTU/xgoSlp4SQwrTzat8MB8jxmx60l
+            QjmhqEyuB8ho4zzZF9KV+gJWrG6Rj4t69JMTJWM7jFz+0B1PC7kJfNM+VcBmkTnj
+            fP+KJjqz50ETnsF0kQTG++UJeRYjG1dDK0JQNQJAM6NQpIWJI339lcDf15vzrMnb
+            OgIlNxV6j1ZZqkle4fvScF1NQxYScRiL+sRgVx92SI4SyD/xZnVGD/szB+4OCzah
+            +0Q/MnNGV6TtN0RiCDZjIUYiHoeT9iQXEONKf7T62T4zUafO734HyqGvht93MLVU
+            GQAeuyx0ikGsULfOsJfBmb3XJS9u+16v7oPFt5WIbeyyNuhUu0ocK/PKt5sPYR4u
+            ouPq6Ls3RY3BGCH9DpokcYsdalo51NMrMdnYwdkeq9MEpsEKrKIN5ke7fk4weamJ
+            BiLI/bTcfM7Fy5r4ghdI9Ksw/ULXLm4GNabkIOSfT7UjTzcBDOvWfKRBLX4qvsx4
+            YzA5kR+nX85u6I7W10aSqBiaLqk6vCj0QmBmCjlSeYqNQqSzH/6OoL6FZ7lP6AiG
+            F2NyGveJKjugoXlreLEhOYp20F81PNwlRBCAlMC2Q9mpcFu0dtAriVoG4gVDdYn5
+            t+BiGfD2rJlCinYLgYBDpTPcdRT3VKHWqL9fcC4HKmic0mwWg9homx550wARAQAB
+            tDFJbmZsdXhEQiBQYWNrYWdpbmcgU2VydmljZSA8c3VwcG9ydEBpbmZsdXhkYi5j
+            b20+iQI3BBMBCgAhBQJWCZsEAhsDBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJ
+            EGhKFM8lguDF9XEQAK9rREnZt6ujh7GXfeNki35bkn39q8GYh0mouShFbFY9o0i3
+            UJVChsxokJSRPgFh9GOhOPTupl3rzfdpD+IlWI2Myt6han2HOjZKNZ4RGNrYJ5UR
+            uxt4dKMWlMbpkzL56bhHlx97RoXKv2d2zRQfw9nyZb6t3lw2k2kKXsMxjGa0agM+
+            2SropwYOXdtkz8UWaGd3LYxwEvW3AuhI8EEEHdLetQaYe9sANDvUEofgFbdsuICH
+            9QLmbYavk7wyGTPBKfPBbeyTxwW2rMUnFCNccMKLm1i5NpZYineBtQbX2cfx9Xsk
+            1JLOzEBmNal53H2ob0kjev6ufzOD3s8hLu4KMCivbIz4YT3fZyeExn0/0lUtsQ56
+            5fCxE983+ygDzKsCnfdXqm3GgjaI90OkNr1y4gWbcd5hicVDv5fD3TD9f0GbpDVw
+            yDz8YmvNzxMILt5Glisr6aH7gLG/u8jxy0D8YcBiyv5kfY4vMI2yXHpGg1cn/sVu
+            ZB01sU09VVIM2BznnimyAayI430wquxkZCyMx//BqFM1qetIgk1wDZTlFd0n6qtA
+            fDmXAC4s5pM5rfM5V57WmPaIqnRIaESJ35tFUFlCHfkfl/N/ribGVDg1z2KDW08r
+            96oEiIIiV4GfXl+NprJqpNS3Cn+aCXtd7/TsDScDEgs4sMaR29Lsf26cuWk8uQIN
+            BFYJmwQBEADDPi3fmwn6iwkiDcH2E2V31cHlBw9OdJfxKVUdyAQEhTtqmG9P8XFZ
+            ERRQF155XLQPLvRlUlq7vEYSROn5J6BAnsjdjsH9LmFMOEV8CIRCRIDePG/Mez2d
+            nIK5yiU6GkS3IFaQg2T9/tOBKxm0ZJPfqTXbT4jFSfvYJ3oUqc+AyYxtb8gj1GRk
+            X283/86/bA3C98u7re1vPtiDRyM8r0+lhEc59Yx/EAOL+X2gZyTgyUoH+LLuOWQK
+            s1egI8y80R8NZfM1nMiQk2ywMsTFwQjSVimScvzqv5Nt8k8CvHUQ3a6R+6doXGNX
+            5RnUqn9Qvmh0JY5sNgFsoaGbuk2PJrVaGBRnfnjaDqAlZpDhwkWhcCcguNhRbRHp
+            N7/a0pQr70bAG9VikzLyGC17EU0sxney/hyNHkr4Uyy2OXHpuJvRjVKy/BwZ3fxA
+            AYX2oZIOxQB3/OulzO/DppaCVhRtp1bt+Z5f+fpisiVb5DvZcMdeyAoQ4+oOr7v3
+            EasIs2XYcQ+kOE3Y2kdlHWBeuXzxgWgJZ1OOpwGMjR3Uy6IwhuSWtreJBA4er+Df
+            vgSPwKBsRLNLbPe3ftjArnC5GfMiGgikVdAUdN4OkEqvUbkRoAVGKTOMLUKm+ZkG
+            OskJOVYS+JAina0qkYEFF7haycMjf9olhqLmTIC+6X7Ox9R2plaOhQARAQABiQIf
+            BBgBCgAJBQJWCZsEAhsMAAoJEGhKFM8lguDF8ZIP/1q9Sdz8oMvf9AJXZ7AYxm77
+            V+kJzJqi62nZLWJnrFXDZJpU+LkYlb3fstsZ1rvBhnrEPSmFxoj72CP0RtcyX7wJ
+            dA7K1Fl9LpJi5H8300cC7UyG94MUYbrXijbLTbnFTfNr1tGx4a1T/7Yyxx/wZGrT
+            H/X8cvNybkl33SxDdlQQ9kx3lFOwC41e3TkGsUWxn3TCfvDh8VdA6Py6JeSPFGOb
+            MEO2/q7oUgvjfV+ivN5ayZi9bWgeqm1sgtmTHHQ4RqwwKrAb5ynXpn1b9QrkevgT
+            b91uzMA22Prl4DuzKiaMYDcZOQ3vtf0eFBP0GOSSgUKS4bQ3dGgi1JmQ7VuAM4uj
+            +Ug5TnGoLwclTwLksc7v89C5MMPgm2vVXvCUDzyzQA7bIHFeX+Rziby4nymec4Nr
+            eeXYNBJWrEp8XR7UNWmEgroXRoN1x9/6esh5pnoUXGAIWuKzSLQM70/wWxS67+v2
+            aC1GNb+pXXAzYeIIiyLWaZwCSr8sWMvshFT9REk2+lnb6sAeJswQtfTUWI00mVqZ
+            dvI3Wys2h0IyIejuwetTUvGhr9VgpqiLLfGzGlt/y2sg27wdHzSJbMh0VrVAK26/
+            BlvEwWDCFT0ZJUMG9Lvre25DD0ycbougLsRYjzmGb/3k3UktS3XTCxyBa/k3TPw3
+            vqIHrEqk446nGPDqJPS5
+            =9iF7
+            -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/mcp/apt_mirantis/influxdb.yml b/linux/system/repo/mcp/apt_mirantis/influxdb.yml
index e6ebcb3..f5f4c90 100644
--- a/linux/system/repo/mcp/apt_mirantis/influxdb.yml
+++ b/linux/system/repo/mcp/apt_mirantis/influxdb.yml
@@ -1,13 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.influxdb
 parameters:
   _param:
     apt_mk_version: stable
-    linux_system_repo_mcp_influxdb_version: ${_param:apt_mk_version}
+    linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+    linux_system_repo_mcp_influxdb_url: ${_param:linux_system_repo_url}/influxdb/
   linux:
     system:
       repo:
         mcp_influxdb:
-          source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_influxdb_version}/influxdb/${_param:linux_system_codename}/ ${_param:linux_system_codename} stable"
+          source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_influxdb_url}/${_param:linux_system_codename}/ ${_param:linux_system_codename} stable"
           architectures: amd64
-          key_id: 684A14CF2582E0C5
-          key_server: keyserver.ubuntu.com
           clean_file: true
+          pin:
+          - pin: 'release l=InfluxDB'
+            priority: 1100
+            package: '*'
diff --git a/linux/system/repo/mcp/extra.yml b/linux/system/repo/mcp/extra.yml
index 9839a23..7711fa0 100644
--- a/linux/system/repo/mcp/extra.yml
+++ b/linux/system/repo/mcp/extra.yml
@@ -12,5 +12,5 @@
           clean_file: true
           pin:
           - pin: 'release a=${_param:linux_system_repo_mcp_extra_version}'
-            priority: 1100
+            priority: 1200
             package: '*'
diff --git a/linux/system/repo_local/mcp/apt_mirantis/influxdb.yml b/linux/system/repo_local/mcp/apt_mirantis/influxdb.yml
index 6bd6509..06c646c 100644
--- a/linux/system/repo_local/mcp/apt_mirantis/influxdb.yml
+++ b/linux/system/repo_local/mcp/apt_mirantis/influxdb.yml
@@ -1,3 +1,5 @@
+# DEPRECATED since 2018.7+ release.
+# Please use system/repo/mcp/apt_mirantis
 parameters:
   _param:
     apt_mk_version: stable
diff --git a/linux/system/single/init.yml b/linux/system/single/init.yml
index 970184c..edefd93 100644
--- a/linux/system/single/init.yml
+++ b/linux/system/single/init.yml
@@ -1,65 +1,5 @@
 classes:
-- service.linux.system
+- system.linux.system.single.mcp
 - service.salt.minion.master
-- system.linux.system.banner
 - system.openssh.server.single
 - system.ntp.client.single
-parameters:
-  _param:
-    local_package_repos: false
-  linux:
-    system:
-      local_package_repos: ${_param:local_package_repos}
-      user:
-        root:
-          enabled: true
-          name: root
-          home: /root
-      kernel:
-        modules:
-          - nf_conntrack
-        sysctl:
-          net.ipv4.tcp_keepalive_intvl: 3
-          net.ipv4.tcp_keepalive_time: 30
-          net.ipv4.tcp_keepalive_probes: 8
-          fs.file-max: 124165
-          net.core.somaxconn: 4096
-          vm.swappiness: 10
-          net.nf_conntrack_max: 1048576
-          net.ipv4.tcp_retries2: 5
-          net.ipv4.tcp_max_syn_backlog: 8192
-          net.ipv4.neigh.default.gc_thresh1: 4096
-          net.ipv4.neigh.default.gc_thresh2: 8192
-          net.ipv4.neigh.default.gc_thresh3: 16384
-          net.core.netdev_max_backlog: 261144
-          net.ipv4.tcp_tw_reuse: 1
-          kernel.panic: 60
-      cpu:
-        governor: performance
-      timezone: UTC
-      locale:
-        en_US.UTF-8:
-          enabled: true
-          default: true
-      limit:
-        default:
-          enabled: true
-          domain: "*"
-          limits:
-            - type: hard
-              item: nofile
-              value: 307200
-            - type: soft
-              item: nofile
-              value: 307200
-            - type: soft
-              item: nproc
-              value: 307200
-            - type: hard
-              item: nproc
-              value: 307200
-      systemd:
-        system:
-          Manager:
-            DefaultLimitNOFILE: 307200
-            DefaultLimitNPROC: 307200
diff --git a/linux/system/single/mcp.yml b/linux/system/single/mcp.yml
new file mode 100644
index 0000000..850a7ac
--- /dev/null
+++ b/linux/system/single/mcp.yml
@@ -0,0 +1,48 @@
+classes:
+- system.linux.system.single.simple
+parameters:
+  linux:
+    system:
+      kernel:
+        modules:
+          - nf_conntrack
+        sysctl:
+          net.ipv4.tcp_keepalive_intvl: 3
+          net.ipv4.tcp_keepalive_time: 30
+          net.ipv4.tcp_keepalive_probes: 8
+          fs.file-max: 124165
+          net.core.somaxconn: 4096
+          vm.swappiness: 10
+          net.nf_conntrack_max: 1048576
+          net.ipv4.tcp_retries2: 5
+          net.ipv4.tcp_max_syn_backlog: 8192
+          net.ipv4.neigh.default.gc_thresh1: 4096
+          net.ipv4.neigh.default.gc_thresh2: 8192
+          net.ipv4.neigh.default.gc_thresh3: 16384
+          net.core.netdev_max_backlog: 261144
+          net.ipv4.tcp_tw_reuse: 1
+          kernel.panic: 60
+      cpu:
+        governor: performance
+      limit:
+        default:
+          enabled: true
+          domain: "*"
+          limits:
+            - type: hard
+              item: nofile
+              value: 307200
+            - type: soft
+              item: nofile
+              value: 307200
+            - type: soft
+              item: nproc
+              value: 307200
+            - type: hard
+              item: nproc
+              value: 307200
+      systemd:
+        system:
+          Manager:
+            DefaultLimitNOFILE: 307200
+            DefaultLimitNPROC: 307200
diff --git a/linux/system/single/simple.yml b/linux/system/single/simple.yml
new file mode 100644
index 0000000..8154439
--- /dev/null
+++ b/linux/system/single/simple.yml
@@ -0,0 +1,14 @@
+classes:
+- service.linux.system
+- system.linux.system.banner
+parameters:
+  _param:
+    local_package_repos: false
+  linux:
+    system:
+      local_package_repos: ${_param:local_package_repos}
+      timezone: UTC
+      locale:
+        en_US.UTF-8:
+          enabled: true
+          default: true
diff --git a/maas/region/cluster.yml b/maas/region/cluster.yml
index 8df6ea8..ff6dac5 100644
--- a/maas/region/cluster.yml
+++ b/maas/region/cluster.yml
@@ -1,12 +1,18 @@
 classes:
   - system.maas.region.single
   - system.keepalived.server.cluster_maas
+  - system.linux.system.repo.keystorage.saltstack
 parameters:
   _param:
     cluster_vip_address: 10.0.175.80
+    linux_system_repo_mcp_saltstack_url: http://mirror.mirantis.com/${_param:apt_mk_version}/saltstack-2017.7/
   maas:
     cluster:
       enabled: true
       role: ${_param:maas_cluster_role}
       region:
-        host: ${_param:cluster_vip_address}
\ No newline at end of file
+        host: ${_param:cluster_vip_address}
+      saltstack_repo_key: ${linux:system:repo:mcp_saltstack:key}
+      saltstack_repo_trusty: "deb [arch=amd64] ${_param:linux_system_repo_mcp_saltstack_url}/trusty/ trusty main"
+      saltstack_repo_xenial: "deb [arch=amd64] ${_param:linux_system_repo_mcp_saltstack_url}/xenial/ xenial main"
+
diff --git a/panko/server/cluster.yml b/panko/server/cluster.yml
index e277c30..d641f36 100644
--- a/panko/server/cluster.yml
+++ b/panko/server/cluster.yml
@@ -9,9 +9,12 @@
     panko_memcached_node01_address: ${_param:cluster_node01_address}
     panko_memcached_node02_address: ${_param:cluster_node02_address}
     panko_memcached_node03_address: ${_param:cluster_node03_address}
+    # Keep events in database for 30 days
+    panko_event_time_to_live: 2592000
   panko:
     server:
       role: ${_param:openstack_node_role}
+      event_time_to_live: ${_param:panko_event_time_to_live}
       identity:
         host: ${_param:openstack_control_address}
       database:
@@ -24,4 +27,9 @@
         - host: ${_param:panko_memcached_node02_address}
           port: 11211
         - host: ${_param:panko_memcached_node03_address}
-          port: 11211
\ No newline at end of file
+          port: 11211
+      # Check for expired events every day at 2 AM
+      expirer:
+        cron:
+          minute: 0
+          hour: 2
\ No newline at end of file
diff --git a/panko/server/single.yml b/panko/server/single.yml
new file mode 100644
index 0000000..497b21e
--- /dev/null
+++ b/panko/server/single.yml
@@ -0,0 +1,16 @@
+classes:
+- service.panko.server.single
+- system.apache.server.site.panko
+parameters:
+  _param:
+    # Keep events in database for 30 days
+    panko_event_time_to_live: 2592000
+  panko:
+    server:
+      role: ${_param:openstack_node_role}
+      event_time_to_live: ${_param:panko_event_time_to_live}
+      # Check for expired events every day at 2 AM
+      expirer:
+        cron:
+          minute: 0
+          hour: 2
\ No newline at end of file