Merge "Fixed test cookiecutter templates to improve gating process"
diff --git a/.releasenotes/notes/remove-glusterfs-prometheus-4206900d4ccfb601.yaml b/.releasenotes/notes/remove-glusterfs-prometheus-4206900d4ccfb601.yaml
new file mode 100644
index 0000000..6d6a426
--- /dev/null
+++ b/.releasenotes/notes/remove-glusterfs-prometheus-4206900d4ccfb601.yaml
@@ -0,0 +1,9 @@
+---
+summary: >
+  Removed GlusterFS requirements for Prometheus
+
+deprecations:
+  - Removed GlusterFS from Prometheus requirements.
+    Prometheus/alertmanager do not require shared storage.
+    Now, the configurations for Prometheus and Alertmanager
+    will be generated on every Docker Swarm node.
diff --git a/devops_portal/service/elasticsearch.yml b/devops_portal/service/elasticsearch.yml
index 647c4ef..6fd9afa 100644
--- a/devops_portal/service/elasticsearch.yml
+++ b/devops_portal/service/elasticsearch.yml
@@ -4,7 +4,8 @@
       service:
         elasticsearch:
           configure_proxy: true
+          resolve_hostname: true
           endpoint:
-            address: ${_param:haproxy_elasticsearch_bind_host}
-            port: ${_param:haproxy_elasticsearch_http_bind_port}
-            https: ${_param:haproxy_elasticsearch_ssl:enabled}
+            address: ${_param:elasticsearch_bind_host}
+            port: ${_param:elasticsearch_http_bind_port}
+            https: ${_param:elasticsearch_ssl:enabled}
diff --git a/devops_portal/service/janitor_monkey.yml b/devops_portal/service/janitor_monkey.yml
index 73f2e7c..f16ae7c 100644
--- a/devops_portal/service/janitor_monkey.yml
+++ b/devops_portal/service/janitor_monkey.yml
@@ -4,7 +4,8 @@
       service:
         janitormonkey:
           configure_proxy: true
+          resolve_hostname: true
           endpoint:
-            address: ${_param:haproxy_janitor_monkey_bind_host}
-            port: ${_param:haproxy_janitor_monkey_bind_port}
-            https: ${_param:haproxy_janitor_monkey_ssl:enabled}
+            address: ${_param:janitor_monkey_bind_host}
+            port: ${_param:janitor_monkey_bind_port}
+            https: ${_param:janitor_monkey_ssl:enabled}
diff --git a/devops_portal/service/pushkin.yml b/devops_portal/service/pushkin.yml
index 82a073c..5cd172a 100644
--- a/devops_portal/service/pushkin.yml
+++ b/devops_portal/service/pushkin.yml
@@ -4,7 +4,8 @@
       service:
         pushkin:
           configure_proxy: true
+          resolve_hostname: true
           endpoint:
-            address: ${_param:haproxy_pushkin_bind_host}
-            port: ${_param:haproxy_pushkin_bind_port}
-            https: ${_param:haproxy_pushkin_ssl:enabled}
+            address: ${_param:pushkin_bind_host}
+            port: ${_param:pushkin_bind_port}
+            https: ${_param:pushkin_ssl:enabled}
diff --git a/devops_portal/service/rundeck.yml b/devops_portal/service/rundeck.yml
index 82fd764..ad743cf 100644
--- a/devops_portal/service/rundeck.yml
+++ b/devops_portal/service/rundeck.yml
@@ -4,6 +4,7 @@
       service:
         rundeck:
           configure_proxy: true
+          resolve_hostname: false
           credentials:
             username: ${_param:rundeck_admin_username}
             password: ${_param:rundeck_admin_password}
diff --git a/devops_portal/service/security_monkey.yml b/devops_portal/service/security_monkey.yml
index ba5fe81..da896a8 100644
--- a/devops_portal/service/security_monkey.yml
+++ b/devops_portal/service/security_monkey.yml
@@ -4,10 +4,11 @@
       service:
         securitymonkey:
           configure_proxy: true
+          resolve_hostname: true
           endpoint:
-            address: ${_param:haproxy_security_monkey_bind_host}
-            port: ${_param:haproxy_security_monkey_bind_port}
-            https: ${_param:haproxy_security_monkey_ssl:enabled}
+            address: ${_param:security_monkey_bind_host}
+            port: ${_param:security_monkey_bind_port}
+            https: ${_param:security_monkey_ssl:enabled}
           credentials:
             username: ${_param:security_monkey_user}
             password: ${_param:security_monkey_password}
diff --git a/docker/swarm/network/oss_backend.yml b/docker/swarm/network/oss_backend.yml
new file mode 100644
index 0000000..daa628e
--- /dev/null
+++ b/docker/swarm/network/oss_backend.yml
@@ -0,0 +1,10 @@
+parameters:
+  _param:
+    docker_oss_network_subnet: 10.50.0.0/24
+  docker:
+    client:
+      network:
+        oss_backend:
+          subnet: ${_param:docker_oss_network_subnet}
+          driver: overlay
+          attachable: true
\ No newline at end of file
diff --git a/docker/swarm/stack/devops_portal.yml b/docker/swarm/stack/devops_portal.yml
index f553114..f8f89f9 100644
--- a/docker/swarm/stack/devops_portal.yml
+++ b/docker/swarm/stack/devops_portal.yml
@@ -18,3 +18,9 @@
               volumes:
                 - /srv/volumes/devops_portal/nginx:/etc/nginx/config
                 - /srv/volumes/devops_portal/config:/opt/devops-portal/config
+          network:
+            default:
+              external:
+                name: oss_backend
+            frontend:
+              driver: overlay
\ No newline at end of file
diff --git a/docker/swarm/stack/elasticsearch.yml b/docker/swarm/stack/elasticsearch.yml
index 1c22e8f..fe7c35e 100644
--- a/docker/swarm/stack/elasticsearch.yml
+++ b/docker/swarm/stack/elasticsearch.yml
@@ -2,6 +2,11 @@
   _param:
     elasticsearch_replicas: 1
     docker_image_elasticsearch: docker.elastic.co/elasticsearch/elasticsearch:5.4.1
+    elasticsearch_bind_host: elasticsearch-cluster
+    elasticsearch_http_bind_port: ${_param:haproxy_elasticsearch_http_bind_port}
+    elasticsearch_binary_bind_port: ${_param:haproxy_elasticsearch_binary_bind_port}
+    elasticsearch_ssl:
+      enabled: false
     elasticsearch_cluster_name: oss-cluster
     elasticsearch_xpack_security_enabled: 'false'
     elasticsearch_xpack_monitoring_enabled: 'false'
@@ -18,14 +23,18 @@
             discovery.zen.minimum_master_nodes: ${_param:elasticsearch_discovery_zen_minimum_master_nodes}
             discovery.type: ${_param:elasticsearch_discovery_type}
           service:
-            cluster:
+            elasticsearch-cluster:
               image: ${_param:docker_image_elasticsearch}
               deploy:
                 replicas: ${_param:elasticsearch_replicas}
                 restart_policy:
                   condition: any
+              volumes:
+                - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
               ports:
                 - ${_param:haproxy_elasticsearch_http_exposed_port}:${_param:haproxy_elasticsearch_http_bind_port}
                 - ${_param:haproxy_elasticsearch_binary_exposed_port}:${_param:haproxy_elasticsearch_binary_bind_port}
-              volumes:
-                - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
+          network:
+            default:
+              external:
+                name: oss_backend
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index b59172a..95bc233 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -7,7 +7,7 @@
     gerrit_ldap_bind_password: ""
     gerrit_ldap_account_base: ""
     gerrit_ldap_group_base: ""
-
+    gerrit_http_listen_url: http://*:8080/
   docker:
     client:
       stack:
@@ -40,6 +40,7 @@
                 LDAP_USERNAME: ${_param:gerrit_ldap_bind_user}
                 LDAP_PASSWORD: ${_param:gerrit_ldap_bind_password}
                 WEBURL: ${_param:gerrit_public_host}
+                HTTPD_LISTENURL: ${_param:gerrit_http_listen_url}
                 GERRIT_ADMIN_SSH_PUBLIC: ${_param:gerrit_admin_public_key}
                 GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
                 GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index de7a218..08fdb5c 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -5,23 +5,32 @@
     docker_mongodb_admin_username: admin
     docker_mongodb_admin_password: password
     docker_image_janitor_monkey: docker-prod-local.artifactory.mirantis.com/mirantis/oss/janitor-monkey
+    janitor_monkey_bind_host: cleanup-service-api
+    janitor_monkey_bind_port: 8080
+    janitor_monkey_ssl:
+      enabled: false
     janitor_monkey_enabled: true
     janitor_monkey_dryrun_mode: false
-    janitor_monkey_base_url: http://${_param:haproxy_janitor_monkey_bind_host}:${_param:haproxy_janitor_monkey_bind_port}
-    janitor_monkey_mongodb_host: ${_param:haproxy_mongodb_bind_host}
+    janitor_monkey_mongodb_host: cleanup-service-mongodb
     janitor_monkey_mongodb_port: ${_param:haproxy_mongodb_bind_port}
+    mongodb_ssl:
+      enabled: false
+    janitor_monkey_base_url: http://${_param:janitor_monkey_mongodb_host}:${_param:janitor_monkey_mongodb_port}
     janitor_monkey_mongodb_db: mcp_cloud
     janitor_monkey_mongodb_username: janitor
     janitor_monkey_mongodb_password: password
-    janitor_monkey_elasticsearch: ${_param:haproxy_elasticsearch_bind_host}:${_param:haproxy_elasticsearch_binary_bind_port}
+    janitor_monkey_elasticsearch: ${_param:elasticsearch_bind_host}:${_param:elasticsearch_binary_bind_port}
     janitor_monkey_cloudfire_region: RegionOne
     janitor_monkey_cis_clustername: ${_param:elasticsearch_cluster_name}
     janitor_monkey_openstack:
       project_domain_name: default
       project_name: admin
-      username: ""
-      password: ""
-      auth_url: ""
+      auth_url: http://yourcloud.com:5000/v3/auth/tokens
+      username: admin
+      password: password
+      ssl_verify: False
+      cacert_path: /srv/volumes/rundeck/storage/content/cis/openstack/cert.pem
+      cafile: /opt/certs/cert.pem
   docker:
     client:
       stack:
@@ -47,8 +56,10 @@
             simianarmy.client.cloudfire.secretKey: ${_param:janitor_monkey_openstack:password}
             simianarmy.client.cloudfire.domain: ${_param:janitor_monkey_openstack:project_domain_name}
             simianarmy.client.cloudfire.project: ${_param:janitor_monkey_openstack:project_name}
+            simianarmy.client.cloudfire.SSLVerify: ${_param:janitor_monkey_openstack:ssl_verify}
+            simianarmy.client.cloudfire.cafile: ${_param:janitor_monkey_openstack:cafile}
           service:
-            mongodb:
+            cleanup-service-mongodb:
               image: ${_param:docker_image_mongodb}
               deploy:
                 replicas: ${_param:docker_janitor_monkey_replicas}
@@ -58,11 +69,17 @@
                 - ${_param:haproxy_mongodb_exposed_port}:${_param:haproxy_mongodb_bind_port}
               volumes:
                 - /srv/volumes/mongodb:/data/db
-            api:
+            cleanup-service-api:
               image: ${_param:docker_image_janitor_monkey}
               deploy:
                 replicas: ${_param:docker_janitor_monkey_replicas}
                 restart_policy:
                   condition: any
               ports:
-                - ${_param:haproxy_janitor_monkey_exposed_port}:8080
+                - ${_param:haproxy_janitor_monkey_exposed_port}:${_param:janitor_monkey_bind_port}
+              volumes:
+                - ${_param:janitor_monkey_openstack:cacert_path}:${_param:janitor_monkey_openstack:cafile}:ro
+          network:
+            default:
+              external:
+                name: oss_backend
diff --git a/docker/swarm/stack/monitoring/init.yml b/docker/swarm/stack/monitoring/init.yml
index 17a3a49..95f5f8d 100644
--- a/docker/swarm/stack/monitoring/init.yml
+++ b/docker/swarm/stack/monitoring/init.yml
@@ -30,13 +30,13 @@
               ports:
                 - 15015:${prometheus:remote_storage_adapter:bind:port}
               environment:
-                bind_port: ${prometheus:remote_storage_adapter:bind:port}
-                bind_address: ${prometheus:remote_storage_adapter:bind:address}
-                influxdb_retention_policy: 'lma'
-                influxdb_url: ${_param:prometheus_influxdb_url}
-                influxdb_db: ${_param:prometheus_influxdb_db}
-                influxdb_username: ${_param:prometheus_influxdb_username}
-                influxdb_password: ${_param:prometheus_influxdb_password}
+                RSA_BIND_PORT: ${prometheus:remote_storage_adapter:bind:port}
+                RSA_BIND_ADDRESS: ${prometheus:remote_storage_adapter:bind:address}
+                RSA_INFLUXDB_RETENTION_POLICY: 'lma'
+                RSA_INFLUXDB_URL: ${_param:prometheus_influxdb_url}
+                RSA_INFLUXDB_DB: ${_param:prometheus_influxdb_db}
+                RSA_INFLUXDB_USERNAME: ${_param:prometheus_influxdb_username}
+                RSA_INFLUXDB_PASSWORD: ${_param:prometheus_influxdb_password}
             alertmanager:
               networks:
                 - monitoring
@@ -55,11 +55,11 @@
                 - ${prometheus:alertmanager:dir:config}:${_param:prometheus_alertmanager_config_directory}
                 - ${prometheus:alertmanager:dir:data}:${_param:prometheus_alertmanager_data_directory}
               environment:
-                config_dir: ${_param:prometheus_alertmanager_config_directory}
-                data_dir: ${_param:prometheus_alertmanager_data_directory}
-                bind_port: ${prometheus:alertmanager:bind:port}
-                bind_address: ${prometheus:alertmanager:bind:address}
-                discovery_domain: 'monitoring_alertmanager'
+                ALERTMANAGER_CONFIG_DIR: ${_param:prometheus_alertmanager_config_directory}
+                ALERTMANAGER_DATA_DIR: ${_param:prometheus_alertmanager_data_directory}
+                ALERTMANAGER_BIND_PORT: ${prometheus:alertmanager:bind:port}
+                ALERTMANAGER_BIND_ADDRESS: ${prometheus:alertmanager:bind:address}
+                ALERTMANAGER_DISCOVERY_DOMAIN: 'monitoring_alertmanager'
             pushgateway:
               networks:
                 - monitoring
@@ -70,8 +70,8 @@
                 restart_policy:
                   condition: any
               environment:
-                bind_port: ${prometheus:pushgateway:bind:port}
-                bind_address: ${prometheus:pushgateway:bind:address}
+                PUSHGATEWAY_BIND_PORT: ${prometheus:pushgateway:bind:port}
+                PUSHGATEWAY_BIND_ADDRESS: ${prometheus:pushgateway:bind:address}
               labels:
                 com.mirantis.monitoring: "pushgateway"
               image: ${_param:docker_image_pushgateway}
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
index 7ae4052..42ebf8f 100644
--- a/docker/swarm/stack/postgresql.yml
+++ b/docker/swarm/stack/postgresql.yml
@@ -2,6 +2,10 @@
   _param:
     docker_postgresql_replicas: 1
     docker_image_postgresql: library/postgres:9.6
+    postgresql_bind_host: postgresql-db
+    postgresql_bind_port: ${_param:haproxy_postgresql_bind_port}
+    postgresql_ssl:
+      enabled: false
     postgresql_admin_user: postgres
     postgresql_admin_user_password: postgrespassword
   docker:
@@ -12,13 +16,17 @@
             POSTGRES_USER: ${_param:postgresql_admin_user}
             POSTGRES_PASSWORD: ${_param:postgresql_admin_user_password}
           service:
-            db:
+            postgresql-db:
               image: ${_param:docker_image_postgresql}
               deploy:
                 replicas: ${_param:docker_postgresql_replicas}
                 restart_policy:
                   condition: any
-              ports:
-                - ${_param:haproxy_postgresql_exposed_port}:${_param:haproxy_postgresql_bind_port}
               volumes:
                 - /srv/volumes/postgresql/data:/var/lib/postgresql/data
+              ports:
+                - ${_param:haproxy_postgresql_exposed_port}:${_param:haproxy_postgresql_bind_port}
+          network:
+            default:
+              external:
+                name: oss_backend
\ No newline at end of file
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index 106d544..71b5f5f 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -2,7 +2,13 @@
   _param:
     docker_pushkin_replicas: 1
     docker_image_pushkin: docker-prod-local.artifactory.mirantis.com/mirantis/oss/pushkin
+    pushkin_bind_host: pushkin-api
+    pushkin_bind_port: ${_param:haproxy_pushkin_bind_port}
+    pushkin_ssl:
+      enabled: false
     pushkin_db: pushkin
+    pushkin_smtp_host: smtp.gmail.com
+    pushkin_smtp_port: 587
   docker:
     client:
       stack:
@@ -11,15 +17,18 @@
             POSTGRES_USER: ${_param:pushkin_db_user}
             POSTGRES_PASSWORD: ${_param:pushkin_db_user_password}
             POSTGRES_DB: ${_param:pushkin_db}
-            PUSHKINDBHOST: ${_param:pushkin_db_host}
-            PUSHKINELASTICHOST: ${_param:haproxy_elasticsearch_bind_host}
+            PUSHKINDBHOST: ${_param:postgresql_bind_host}
+            PUSHKINELASTICHOST: ${_param:elasticsearch_bind_host}
             WEBHOOK_FROM: ${_param:webhook_from}
+            EMAIL_SENDER_PASSWORD: ${_param:pushkin_email_sender_password}
+            SMTP_HOST: ${_param:pushkin_smtp_host}
+            SMTP_PORT: ${_param:pushkin_smtp_port}
             WEBHOOK_RECIPIENTS: ${_param:webhook_recipients}
             WEBHOOK_LOGIN_ID: ${_param:webhook_login_id}
             WEBHOOK_APPLICATION_ID: ${_param:webhook_application_id}
             WEBHOOK_SFDC_USERNAME: ${_param:webhook_sfdc_username}
           service:
-            api:
+            pushkin-api:
               image: ${_param:docker_image_pushkin}
               deploy:
                 replicas: ${_param:docker_pushkin_replicas}
@@ -28,4 +37,8 @@
               ports:
                 - ${_param:haproxy_pushkin_exposed_port}:${_param:haproxy_pushkin_bind_port}
               volumes:
-                - /srv/volumes/pushkin/api:/var/log/pushkin
\ No newline at end of file
+                - /srv/volumes/pushkin/api:/var/log/pushkin
+          network:
+            default:
+              external:
+                name: oss_backend
diff --git a/docker/swarm/stack/rundeck.yml b/docker/swarm/stack/rundeck.yml
index 216415c..0710819 100644
--- a/docker/swarm/stack/rundeck.yml
+++ b/docker/swarm/stack/rundeck.yml
@@ -2,12 +2,16 @@
   _param:
     docker_rundeck_replicas: 1
     docker_image_rundeck: docker-prod-local.artifactory.mirantis.com/mirantis/oss/rundeck:latest
+    rundeck_bind_host: rundeck-api
+    rundeck_bind_port: ${_param:haproxy_rundeck_bind_port}
+    rundeck_ssl:
+      enabled: false
   docker:
     client:
       stack:
         rundeck:
           service:
-            rundeck:
+            rundeck-api:
               image: ${_param:docker_image_rundeck}
               deploy:
                 replicas: ${_param:docker_rundeck_replicas}
@@ -25,3 +29,7 @@
                 - /srv/volumes/rundeck/logs:/var/lib/rundeck/logs
                 - /srv/volumes/rundeck/plugins:/opt/rundeck-plugins
                 - /srv/volumes/rundeck/storage:/var/lib/rundeck/var/storage
+          network:
+            default:
+              external:
+                name: oss_backend
\ No newline at end of file
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 2e1c813..67233c2 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -4,26 +4,34 @@
     docker_security_monkey_scheduler_replicas: 1
     docker_image_security_monkey_api: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-api
     docker_image_security_monkey_scheduler: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-scheduler
+    security_monkey_bind_host: security-audit-api
+    security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port}
+    security_monkey_ssl:
+      enabled: false
     security_monkey_db: secmonkey
-    notification_service_url: http://${_param:haproxy_pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
+    notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
     security_monkey_user: devopsportal@devopsportal.local
     security_monkey_password: devopsportal
     security_monkey_role: Justify
-    security_monkey_fqdn: ${_param:haproxy_security_monkey_bind_host}
-    security_monkey_web_port: ${_param:haproxy_security_monkey_bind_port}
-    security_monkey_api_port: ${_param:haproxy_security_monkey_bind_port}
-    security_monkey_nginx_port: ${_param:haproxy_security_monkey_bind_port}
+    security_monkey_fqdn: ${_param:security_monkey_bind_host}
+    security_monkey_web_port: ${_param:security_monkey_bind_port}
+    security_monkey_api_port: ${_param:security_monkey_bind_port}
+    security_monkey_nginx_port: ${_param:security_monkey_bind_port}
     devops_portal_sm_wtf_csrf_enabled: False
     security_monkey_sync_interval: 15
     security_monkey_openstack:
       os_account_id: mcp_cloud
       os_account_name: mcp_cloud
-      username: ""
-      password: ""
-      auth_url: ""
+      auth_url: http://yourcloud.com:5000/v3/auth/tokens
+      username: admin
+      password: password
       project_domain_name: Default
       project_name: admin
       user_domain_name: Default
+      cacert_path: /srv/volumes/rundeck/storage/content/cis/openstack/cert.pem
+      cafile: /opt/certs/cert.pem
+      endpoint_type: public
+      ssl_verify: False
   docker:
     client:
       stack:
@@ -32,7 +40,7 @@
             SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
             SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
             SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
-            SECURITY_MONKEY_POSTGRES_PORT: ${_param:haproxy_postgresql_bind_port}
+            SECURITY_MONKEY_POSTGRES_PORT: ${_param:postgresql_bind_port}
             SECURITY_MONKEY_FQDN: ${_param:security_monkey_fqdn}
             WEB_PORT: ${_param:security_monkey_web_port}
             API_PORT: ${_param:security_monkey_api_port}
@@ -48,13 +56,16 @@
             OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
             OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
             OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
+            OS_SSL_VERIFY: ${_param:security_monkey_openstack:ssl_verify}
+            OS_ENDPOINT_TYPE: ${_param:security_monkey_openstack:endpoint_type}
+            CACERT_PATH: ${_param:security_monkey_openstack:cafile}
             USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
             SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
             SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
             SQLALCHEMY_DATABASE_URI: postgresql://${_param:secmonkey_db_user}:${_param:secmonkey_db_user_password}@${_param:secmonkey_db_host}:${_param:haproxy_postgresql_bind_port}/${_param:security_monkey_db}
             SQLALCHEMY_POOL_RECYCLE: 14400
           service:
-            api:
+            security-audit-api:
               image: ${_param:docker_image_security_monkey_api}
               deploy:
                 replicas: ${_param:docker_security_monkey_api_replicas}
@@ -64,7 +75,8 @@
                 - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
               volumes:
                 - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
-            scheduler:
+                - ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
+            security-audit-scheduler:
               image: ${_param:docker_image_security_monkey_scheduler}
               deploy:
                 replicas: ${_param:docker_security_monkey_scheduler_replicas}
@@ -72,3 +84,8 @@
                   condition: any
               volumes:
                 - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
+                - ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
+          network:
+            default:
+              external:
+                name: oss_backend
diff --git a/glusterfs/client/volume/glance.yml b/glusterfs/client/volume/glance.yml
index ec593b9..e84ff06 100644
--- a/glusterfs/client/volume/glance.yml
+++ b/glusterfs/client/volume/glance.yml
@@ -13,3 +13,20 @@
           user: glance
           group: glance
           opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
+  linux:
+    system:
+      user:
+        glance:
+          enabled: true
+          name: glance
+          uid: 302
+          gid: 302
+          home: /var/lib/glance
+          shell: /bin/false
+          system: True
+      group:
+        glance:
+          enabled: true
+          name: glance
+          gid: 302
+          system: True
diff --git a/glusterfs/client/volume/keystone.yml b/glusterfs/client/volume/keystone.yml
index 822b61f..39c5619 100644
--- a/glusterfs/client/volume/keystone.yml
+++ b/glusterfs/client/volume/keystone.yml
@@ -19,3 +19,20 @@
           user: keystone
           group: keystone
           opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
+  linux:
+    system:
+      user:
+        keystone:
+          enabled: true
+          name: keystone
+          home: /var/lib/keystone
+          uid: 301
+          gid: 301
+          shell: /bin/false
+          system: True
+      group:
+        keystone:
+          enabled: true
+          name: keystone
+          gid: 301
+          system: True
diff --git a/glusterfs/client/volume/prometheus.yml b/glusterfs/client/volume/prometheus.yml
deleted file mode 100644
index 3fae59b..0000000
--- a/glusterfs/client/volume/prometheus.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-parameters:
-  _param:
-    prometheus_glusterfs_service_host: ${_param:glusterfs_service_host}
-    glusterfs_node01_address: ${_param:cluster_node01_address}
-    glusterfs_node02_address: ${_param:cluster_node02_address}
-    glusterfs_node03_address: ${_param:cluster_node03_address}
-  glusterfs:
-    client:
-      volumes:
-        prometheus:
-          path: /srv/volumes/prometheus
-          server: ${_param:prometheus_glusterfs_service_host}
-          opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
diff --git a/glusterfs/server/volume/glance.yml b/glusterfs/server/volume/glance.yml
index 8276a44..0f54219 100644
--- a/glusterfs/server/volume/glance.yml
+++ b/glusterfs/server/volume/glance.yml
@@ -14,4 +14,4 @@
             nfs.disable: On
             network.remote-dio: On
             diagnostics.client-log-level: WARNING
-            diagnostics.brick-log-level: WARNING
\ No newline at end of file
+            diagnostics.brick-log-level: WARNING
diff --git a/glusterfs/server/volume/prometheus.yml b/glusterfs/server/volume/prometheus.yml
deleted file mode 100644
index 144847a..0000000
--- a/glusterfs/server/volume/prometheus.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-parameters:
-  glusterfs:
-    server:
-      volumes:
-        prometheus:
-          storage: /srv/glusterfs/prometheus
-          replica: 3
-          bricks:
-            - ${_param:cluster_node01_address}:/srv/glusterfs/prometheus
-            - ${_param:cluster_node02_address}:/srv/glusterfs/prometheus
-            - ${_param:cluster_node03_address}:/srv/glusterfs/prometheus
-          options:
-            cluster.readdir-optimize: On
-            nfs.disable: On
-            network.remote-dio: On
-            diagnostics.client-log-level: WARNING
-            diagnostics.brick-log-level: WARNING
diff --git a/haproxy/proxy/listen/cicd/artifactory.yml b/haproxy/proxy/listen/cicd/artifactory.yml
index 5bf9bda..349d998 100644
--- a/haproxy/proxy/listen/cicd/artifactory.yml
+++ b/haproxy/proxy/listen/cicd/artifactory.yml
@@ -12,7 +12,7 @@
           mode: http
           options:
             - forwardfor
-            - httpchk
+#            - httpchk
             - httpclose
             - httplog
           balance: source
diff --git a/haproxy/proxy/listen/cicd/gerrit.yml b/haproxy/proxy/listen/cicd/gerrit.yml
index 51d494b..3ee21b1 100644
--- a/haproxy/proxy/listen/cicd/gerrit.yml
+++ b/haproxy/proxy/listen/cicd/gerrit.yml
@@ -13,7 +13,7 @@
           mode: http
           options:
             - forwardfor
-            - httpchk
+#            - httpchk
             - httpclose
             - httplog
           balance: source
diff --git a/haproxy/proxy/listen/docker/visualizer.yml b/haproxy/proxy/listen/docker/visualizer.yml
index 409815c..6fec3ba 100644
--- a/haproxy/proxy/listen/docker/visualizer.yml
+++ b/haproxy/proxy/listen/docker/visualizer.yml
@@ -8,7 +8,7 @@
           mode: http
           options:
             - forwardfor
-            - httpchk
+#            - httpchk
             - httpclose
             - httplog
           balance: source
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index b344c63..13ee191 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -173,6 +173,22 @@
               dist: xenial
               build: influxdb-relay
               branch: master
+            - package: prometheus-relay
+              dist: trusty
+              build: prometheus-relay
+              branch: master
+            - package: prometheus-relay
+              dist: xenial
+              build: prometheus-relay
+              branch: master
+            - package: python-datrie
+              dist: xenial
+              build: pipeline
+              branch: debian/xenial
+            - package: contrail-api-cli
+              dist: xenial
+              build: pipeline
+              branch: debian/xenial
           template:
             type: workflow-scm
             concurrent: false
diff --git a/jenkins/client/job/k8s-test/init.yml b/jenkins/client/job/k8s-test/init.yml
new file mode 100644
index 0000000..0157bb8
--- /dev/null
+++ b/jenkins/client/job/k8s-test/init.yml
@@ -0,0 +1,2 @@
+classes:
+- system.jenkins.client.job.k8s-test.mcp-k8s-test-pipeline
\ No newline at end of file
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
new file mode 100644
index 0000000..7bc2f79
--- /dev/null
+++ b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
@@ -0,0 +1,74 @@
+parameters:
+  jenkins:
+    client:
+      job:
+        mcp_k8s_test_pipeline:
+          type: workflow-scm
+          name: mcp-k8s-test-pipeline
+          display_name: "Kubernetes tests pipeline"
+          discard:
+            build:
+              keep_num: 20
+          concurrent: false
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
+            credentials: "gerrit"
+            script: pipelines/mcp-k8s-test-pipeline.groovy
+            trigger:
+              gerrit:
+                project:
+                  kubernetes/kubernetes:
+                    branches:
+                      - compare_type: "ANT"
+                        name: "**"
+                message:
+                  build_successful: "Build successful"
+                  build_unstable: "Build unstable"
+                  build_failure: "Build failed"
+                event:
+                  patchset:
+                    - created:
+                        excludeDrafts: false
+                        excludeTrivialRebase: false
+                        excludeNoCodeChange: false
+                  comment:
+                    - addedContains:
+                        commentAddedCommentContains: '(recheck|reverify)'
+          param:
+            KUBE_DOCKER_REGISTRY:
+              type: string
+              default: 'docker-dev-virtual.docker.mirantis.net'
+              description: 'Docker registry for binaries and images'
+            CALICO_DOCKER_REGISTRY:
+              type: string
+              default: 'docker-prod-virtual.docker.mirantis.net'
+              description: 'Docker registry for published Calico images'
+            K8S_BASE_IMAGE:
+              type: string
+              default: '{docker-prod-virtual}/mirantis/base-images/debian-base:20161223134732'
+              description: 'Base Docker image to build k8s'
+            DOCKER_IMAGE_UNIT:
+              type: string
+              default: '{docker-prod-virtual}/mirantis/k8s-tests-images/k8s-tests-unit:latest'
+              desription: 'Docker image for k8s unit tests'
+            DOCKER_IMAGE_INTEGRATION:
+              type: string
+              default: '{docker-prod-virtual}/mirantis/k8s-tests-images/k8s-tests-integration:latest'
+              desription: 'Docker image for k8s integration tests'
+            CALICO_CNI_IMAGE_REPO:
+              type: string
+              default: 'calico/cni'
+              description: 'Custom calico/cni image repository'
+            CALICO_CNI_IMAGE_TAG:
+              type: string
+              default: 'v1.5.1'
+              description: 'Custom calico/cni image tag'
+            CALICO_DOWNSTREAM:
+              type: boolean
+              default: 'true'
+              description: 'Use Calico downstream'
+            CALICO_VER:
+              type: string
+              default: 'mcp'
+              description: 'Custom Calico version'
diff --git a/jenkins/client/job/oss/init.yml b/jenkins/client/job/oss/init.yml
index 0e23f01..f8b5bdc 100644
--- a/jenkins/client/job/oss/init.yml
+++ b/jenkins/client/job/oss/init.yml
@@ -1,3 +1,4 @@
 classes:
   - system.jenkins.client.job.oss.test_devops_portal
+  - system.jenkins.client.job.oss.test_devops_portal_nightly
   - system.jenkins.client.job.oss.test_security_monkey_openstack
diff --git a/jenkins/client/job/oss/test_devops_portal.yml b/jenkins/client/job/oss/test_devops_portal.yml
index 4007010..7001200 100644
--- a/jenkins/client/job/oss/test_devops_portal.yml
+++ b/jenkins/client/job/oss/test_devops_portal.yml
@@ -41,3 +41,6 @@
             DEFAULT_GIT_REF:
                 type: string
                 default: master
+            NIGHTLY_BUILD:
+                type: boolean
+                default: false
diff --git a/jenkins/client/job/oss/test_devops_portal_nightly.yml b/jenkins/client/job/oss/test_devops_portal_nightly.yml
new file mode 100644
index 0000000..34a8bec
--- /dev/null
+++ b/jenkins/client/job/oss/test_devops_portal_nightly.yml
@@ -0,0 +1,34 @@
+parameters:
+  jenkins:
+    client:
+      job:
+        test-oss-devops-portal-nightly:
+          name: test-oss-devops-portal-nightly
+          discard:
+            build:
+              keep_num: 15
+            artifact:
+              keep_num: 15
+          type: workflow-scm
+          concurrent: true
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/oss/jenkins/pipelines"
+            credentials: "gerrit"
+            script: test-devops-portal-pipeline.groovy
+          trigger:
+            timer:
+              spec: "0 23 * * *"
+          param:
+            CREDENTIALS_ID:
+              type: string
+              default: "gerrit"
+            DEFAULT_GIT_URL:
+                type: string
+                default: "${_param:jenkins_gerrit_url}/oss/devops-portal"
+            DEFAULT_GIT_REF:
+                type: string
+                default: master
+            NIGHTLY_BUILD:
+                type: boolean
+                default: true
diff --git a/nginx/server/proxy/cicd/gerrit.yml b/nginx/server/proxy/cicd/gerrit.yml
index 2593dd7..0baf26c 100644
--- a/nginx/server/proxy/cicd/gerrit.yml
+++ b/nginx/server/proxy/cicd/gerrit.yml
@@ -1,34 +1,23 @@
 parameters:
   _param:
-    nginx_proxy_gerrit_server_ssl_authority: virt
-    nginx_proxy_gerrit_server_proxy_host: ${_param:single_address}
-    nginx_proxy_gerrit_server_proxy_port: 8082
-    nginx_proxy_gerrit_server_site_host: ${linux:network:fqdn}
-    nginx_proxy_gerrit_server_site_port: 8083
+    nginx_proxy_gerrit_server_proxy_host: ${_param:cicd_control_address}
+    nginx_proxy_gerrit_server_proxy_port: 8080
+    nginx_proxy_gerrit_server_site_host: ${_param:cluster_public_host}
+    nginx_proxy_gerrit_server_site_port: 8080
   nginx:
     server:
       enabled: true
-      user:
-        admin:
-          enabled: true
-          password: password
       site:
-        nginx_proxy_gerrit_server:
+        nginx_proxy_gerrit:
           enabled: true
           type: nginx_proxy
-          name: gerrit_server
-          auth:
-            engine: basic
+          name: gerrit
           proxy:
             host: ${_param:nginx_proxy_gerrit_server_proxy_host}
             port: ${_param:nginx_proxy_gerrit_server_proxy_port}
             protocol: http
-          ssl:
-            enabled: true
-            engine: salt
-            authority: ${_param:nginx_proxy_gerrit_server_ssl_authority}
-            certificate: ${_param:nginx_proxy_gerrit_server_site_host}
-            mode: secure
           host:
             name: ${_param:nginx_proxy_gerrit_server_site_host}
             port: ${_param:nginx_proxy_gerrit_server_site_port}
+            protocol: https
+          ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/proxy/cicd/jenkins.yml b/nginx/server/proxy/cicd/jenkins.yml
index 975cc4d..bd270f2 100644
--- a/nginx/server/proxy/cicd/jenkins.yml
+++ b/nginx/server/proxy/cicd/jenkins.yml
@@ -1,4 +1,9 @@
 parameters:
+  _param:
+    nginx_proxy_jenkins_server_proxy_host: ${_param:cicd_control_address}
+    nginx_proxy_jenkins_server_proxy_port: 8081
+    nginx_proxy_jenkins_server_site_host: ${_param:cluster_public_host}
+    nginx_proxy_jenkins_server_site_port: 8081
   nginx:
     server:
       enabled: true
@@ -8,11 +13,11 @@
           type: nginx_proxy
           name: jenkins
           proxy:
-            host: ${_param:foundation_intergration_address}
-            port: 8080
+            host: ${_param:nginx_proxy_jenkins_server_proxy_host}
+            port: ${_param:nginx_proxy_jenkins_server_proxy_port}
             protocol: http
           host:
-            name: ${_param:cluster_public_host}
-            port: 8095
+            name: ${_param:nginx_proxy_jenkins_server_site_host}
+            port: ${_param:nginx_proxy_jenkins_server_site_port}
             protocol: https
           ssl: ${_param:nginx_proxy_ssl}
diff --git a/postgresql/client/alertmanager.yml b/postgresql/client/alertmanager.yml
new file mode 100644
index 0000000..8bd272a
--- /dev/null
+++ b/postgresql/client/alertmanager.yml
@@ -0,0 +1,30 @@
+classes:
+  - system.postgresql.client
+parameters:
+  _param:
+    alertmanager_db_host: ${_param:haproxy_postgresql_bind_host}
+    alertmanager_db_user: alertmanager
+    alertmanager_db_user_password: alertmanager
+    webhook_login_id: 13
+    webhook_application_id: 24
+  postgresql:
+    client:
+      server:
+        server01:
+          database:
+            alertmanager:
+              enabled: true
+              encoding: 'UTF8'
+              locale: 'en_US'
+              users:
+              - name: ${_param:alertmanager_db_user}
+                password: ${_param:alertmanager_db_user_password}
+                host: ${_param:alertmanager_db_host}
+                createdb: true
+                rights: all privileges
+              init:
+                maintenance_db: pushkin
+                force: true
+                queries:
+                - INSERT INTO login VALUES (${_param:webhook_login_id}, ${_param:webhook_application_id}) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+                - INSERT INTO device VALUES (${_param:webhook_application_id}, ${_param:webhook_login_id}, 42, 'stacklight_alertmanager', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
diff --git a/prometheus/alertmanager/init.yml b/prometheus/alertmanager/init.yml
index b00a4b9..bdcdafd 100644
--- a/prometheus/alertmanager/init.yml
+++ b/prometheus/alertmanager/init.yml
@@ -2,3 +2,8 @@
   _param:
     prometheus_alertmanager_config_directory: /srv/alertmanager
     prometheus_alertmanager_data_directory: /data
+  prometheus:
+    alertmanager:
+      dir:
+        data: /srv/volumes/local/alertmanager/data
+        config: /srv/volumes/local/alertmanager/config
diff --git a/prometheus/server/init.yml b/prometheus/server/init.yml
index 2c241bd..99fdceb 100644
--- a/prometheus/server/init.yml
+++ b/prometheus/server/init.yml
@@ -5,4 +5,6 @@
   prometheus:
     server:
       dir:
+        data: /srv/volumes/local/prometheus/data
+        config: /srv/volumes/local/prometheus/config
         config_in_container: ${_param:prometheus_server_config_directory}
diff --git a/rundeck/client/project/cicd.yml b/rundeck/client/project/cicd.yml
index cb427d8..ed8b256 100644
--- a/rundeck/client/project/cicd.yml
+++ b/rundeck/client/project/cicd.yml
@@ -1,14 +1,17 @@
 parameters:
   _param:
-    rundeck_cis_os_auth_url: none
-    rundeck_cis_os_username: admin
-    rundeck_cis_os_password: password
-    rundeck_cis_os_project_name: admin
-    rundeck_cis_os_domain_id: default
     rundeck_cis_jobs_repository: https://gerrit.mcp.mirantis.net/oss/rundeck-cis-jobs
     rundeck_cis_jobs_revision: master
-    rundeck_cis_elasticsearch_url: none
+    rundeck_cis_elasticsearch_url: yourelastic:9200
     rundeck_cis_os_docker_image: docker-prod-local.artifactory.mirantis.com/mirantis/oss/cis-openstack:latest
+    rundeck_cis_openstack:
+      auth_url: http://yourcloud.com:5000/v3/auth/tokens
+      username: admin
+      password: password
+      cert: plain-certificate
+      ssl_cert_file: cert.pem
+      project_name: admin
+      domain_id: default
   rundeck:
     client:
       project:
@@ -38,21 +41,27 @@
         cis/elasticsearch/url:
           type: password
           content: ${_param:rundeck_cis_elasticsearch_url}
-        cis/openstack/auth_url:
-          type: password
-          content: ${_param:rundeck_cis_os_auth_url}
-        cis/openstack/username:
-          type: password
-          content: ${_param:rundeck_cis_os_username}
-        cis/openstack/password:
-          type: password
-          content: ${_param:rundeck_cis_os_password}
-        cis/openstack/project_name:
-          type: password
-          content: ${_param:rundeck_cis_os_project_name}
-        cis/openstack/domain_id:
-          type: password
-          content: ${_param:rundeck_cis_os_domain_id}
         cis/openstack/image:
           type: password
           content: ${_param:rundeck_cis_os_docker_image}
+        cis/openstack/auth_url:
+          type: password
+          content: ${_param:rundeck_cis_openstack:auth_url}
+        cis/openstack/username:
+          type: password
+          content: ${_param:rundeck_cis_openstack:username}
+        cis/openstack/password:
+          type: password
+          content: ${_param:rundeck_cis_openstack:password}
+        cis/openstack/project_name:
+          type: password
+          content: ${_param:rundeck_cis_openstack:project_name}
+        cis/openstack/domain_id:
+          type: password
+          content: ${_param:rundeck_cis_openstack:domain_id}
+        cis/openstack/cert.pem:
+          type: password
+          content: ${_param:rundeck_cis_openstack:cert}
+        cis/openstack/cert_file:
+          type: password
+          content: ${_param:rundeck_cis_openstack:ssl_cert_file}
diff --git a/rundeck/server/docker.yml b/rundeck/server/docker.yml
index 1c89f4f..492d135 100644
--- a/rundeck/server/docker.yml
+++ b/rundeck/server/docker.yml
@@ -8,6 +8,7 @@
     rundeck_postgresql_database: rundeck
     rundeck_postgresql_host: ${_param:control_vip_address}
     rundeck_postgresql_port: 5432
+    rundeck_server_ssh_timeout: 300000
   rundeck:
     server:
       user:
@@ -30,3 +31,4 @@
         user: ${_param:rundeck_runbook_user}
         private_key: ${_param:rundeck_runbook_private_key}
         public_key: ${_param:rundeck_runbook_public_key}
+        timeout: ${_param:rundeck_server_ssh_timeout}