Merge "Rename Prometheus env variables"
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 95095e4..de7a218 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -4,7 +4,7 @@
     docker_image_mongodb: library/mongo:3.4
     docker_mongodb_admin_username: admin
     docker_mongodb_admin_password: password
-    docker_image_janitor_monkey: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/janitor_monkey:6040
+    docker_image_janitor_monkey: docker-prod-local.artifactory.mirantis.com/mirantis/oss/janitor-monkey
     janitor_monkey_enabled: true
     janitor_monkey_dryrun_mode: false
     janitor_monkey_base_url: http://${_param:haproxy_janitor_monkey_bind_host}:${_param:haproxy_janitor_monkey_bind_port}
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index dde8541..106d544 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -1,7 +1,7 @@
 parameters:
   _param:
     docker_pushkin_replicas: 1
-    docker_image_pushkin: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkin:latest
+    docker_image_pushkin: docker-prod-local.artifactory.mirantis.com/mirantis/oss/pushkin
     pushkin_db: pushkin
   docker:
     client:
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index a2249c6..2e1c813 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -2,8 +2,8 @@
   _param:
     docker_security_monkey_api_replicas: 1
     docker_security_monkey_scheduler_replicas: 1
-    docker_image_security_monkey_api: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:6700
-    docker_image_security_monkey_scheduler: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:6700
+    docker_image_security_monkey_api: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-api
+    docker_image_security_monkey_scheduler: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-scheduler
     security_monkey_db: secmonkey
     notification_service_url: http://${_param:haproxy_pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
     security_monkey_user: devopsportal@devopsportal.local
diff --git a/haproxy/proxy/listen/opencontrail/tor.yml b/haproxy/proxy/listen/opencontrail/tor.yml
new file mode 100644
index 0000000..0595ccd
--- /dev/null
+++ b/haproxy/proxy/listen/opencontrail/tor.yml
@@ -0,0 +1,19 @@
+parameters:
+  haproxy:
+    proxy:
+      listen:
+        contrail_tor01:
+          type: contrail-tor
+          service_name: contrail
+          binds:
+          - address: ${_param:cluster_vip_address}
+            port: 6631
+          servers:
+          - name: sw01
+            host: ${_param:cluster_node01_address}
+            port: 6632
+            params: check
+          - name: sw02
+            host: ${_param:cluster_node02_address}
+            port: 6632
+            params: check backup
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index b37c48f..7d87ffe 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -16,7 +16,6 @@
         username: ${_param:jenkins_client_user}
         password: ${_param:jenkins_client_password}
       plugin:
-        ansicolor: {}
         artifactory: {}
         build-blocker-plugin: {}
         build-monitor-plugin: {}
@@ -39,7 +38,6 @@
         simple-theme-plugin: {}
         slack: {}
         test-stability: {}
-        timestamper: {}
         workflow-cps: {}
         workflow-remote-loader: {}
         workflow-scm-step:
diff --git a/jenkins/client/job/ceph/init.yml b/jenkins/client/job/ceph/init.yml
index e4f2ba4..06dc5eb 100644
--- a/jenkins/client/job/ceph/init.yml
+++ b/jenkins/client/job/ceph/init.yml
@@ -1,2 +1,3 @@
 classes:
 - system.jenkins.client.job.ceph.remove-osd
+- system.jenkins.client.job.ceph.weights
diff --git a/jenkins/client/job/ceph/remove-osd.yml b/jenkins/client/job/ceph/remove-osd.yml
index 10b9028..448318a 100644
--- a/jenkins/client/job/ceph/remove-osd.yml
+++ b/jenkins/client/job/ceph/remove-osd.yml
@@ -28,8 +28,9 @@
               type: string
               description: OSDs on this HOST will be removed from cluster
             OSD:
-              type: all
+              type: string
               description: These OSDs at HOST will be removed (comma-separated list)
+              default: '*'
             ADMIN_HOST:
               type: string
               description: Host with admin keyring and access to cluster management
diff --git a/jenkins/client/job/ceph/weights.yml b/jenkins/client/job/ceph/weights.yml
new file mode 100644
index 0000000..776e16f
--- /dev/null
+++ b/jenkins/client/job/ceph/weights.yml
@@ -0,0 +1,29 @@
+parameters:
+  jenkins:
+    client:
+      job:
+        ceph-enforce-weights:
+          type: workflow-scm
+          concurrent: true
+          display_name: "Ceph - enforce OSD weights"
+          discard:
+            build:
+              keep_num: 50
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+            credentials: "gerrit"
+            script: ceph-enforce-weights.groovy
+          param:
+            # general parameters
+            SALT_MASTER_URL:
+              type: string
+              description: URL of Salt master
+              default: "http://${_param:salt_master_host}:6969"
+            SALT_MASTER_CREDENTIALS:
+              type: string
+              description: Credentials for login to Salt API
+              default: salt
+            ADMIN_HOST:
+              type: string
+              description: Host with admin keyring and access to cluster management
diff --git a/jenkins/client/job/deploy/lab/release/mcp05.yml b/jenkins/client/job/deploy/lab/release/mcp05.yml
index 5ec2787..05e74d9 100644
--- a/jenkins/client/job/deploy/lab/release/mcp05.yml
+++ b/jenkins/client/job/deploy/lab/release/mcp05.yml
@@ -4,13 +4,13 @@
   _param:
     jenkins_deploy_jobs:
       - stack_name: virtual_mcp05_dvr
-        stack_env: virtual_mcp05_dvr/devcloud
+        stack_env: devcloud
         stack_install: core,openstack,dvr
         stack_type: heat
         stack_test: ""
         job_timer: ""
       - stack_name: virtual_mcp05_ovs
-        stack_env: virtual_mcp05_ovs/devcloud
+        stack_env: devcloud
         stack_install: core,openstack,ovs
         stack_type: heat
         stack_test: ""
diff --git a/jenkins/client/job/deploy/lab/release/mcp10.yml b/jenkins/client/job/deploy/lab/release/mcp10.yml
index 516d533..a692378 100644
--- a/jenkins/client/job/deploy/lab/release/mcp10.yml
+++ b/jenkins/client/job/deploy/lab/release/mcp10.yml
@@ -5,25 +5,25 @@
     jenkins_deploy_jobs:
       # physical
       - stack_name: mcp10_contrail
-        stack_env: mcp10_contrail/devcloud
+        stack_env: devcloud
         stack_install: core,kvm,openstack,contrail
         stack_type: physical
         stack_test: openstack
         job_timer: ""
       - stack_name: mcp10_opencontrail_nfv
-        stack_env: mcp10_opencontrail_nfv/devcloud
+        stack_env: devcloud
         stack_install: core,kvm,openstack,nfv
         stack_type: physical
         stack_test: openstack
         job_timer: ""
       - stack_name: mcp10_dvr
-        stack_env: mcp10_dvr/devcloud
+        stack_env: devcloud
         stack_install: core,kvm,openstack,dvr
         stack_type: physical
         stack_test: openstack
         job_timer: ""
       - stack_name: mcp10_non_dvr
-        stack_env: mcp10_non_dvr/devcloud
+        stack_env: devcloud
         stack_install: core,kvm,openstack
         stack_type: physical
         stack_test: openstack
@@ -31,19 +31,19 @@
 
       # virtual
       - stack_name: virtual_mcp10_contrail
-        stack_env: virtual_mcp10_contrail/devcloud
+        stack_env: devcloud
         stack_install: core,openstack,contrail
         stack_type: heat
         stack_test: ""
         job_timer: "H H(0-6) * * *"
       - stack_name: virtual_mcp10_dvr
-        stack_env: virtual_mcp10_dvr/devcloud
+        stack_env: devcloud
         stack_install: core,openstack,dvr
         stack_type: heat
         stack_test: ""
         job_timer: "H H(0-6) * * *"
       - stack_name: virtual_mcp10_ovs
-        stack_env: virtual_mcp10_ovs/devcloud
+        stack_env: devcloud
         stack_install: core,openstack,ovs
         stack_type: heat
         stack_test: ""
diff --git a/jenkins/client/job/deploy/lab/release/mcp11.yml b/jenkins/client/job/deploy/lab/release/mcp11.yml
index c8fc663..b147427 100644
--- a/jenkins/client/job/deploy/lab/release/mcp11.yml
+++ b/jenkins/client/job/deploy/lab/release/mcp11.yml
@@ -4,25 +4,25 @@
   _param:
     jenkins_deploy_jobs:
       - stack_name: virtual_mcp11_contrail
-        stack_env: virtual_mcp11_contrail/devcloud
+        stack_env: devcloud
         stack_install: core,openstack,contrail
         stack_type: heat
         stack_test: ""
         job_timer: ""
       - stack_name: virtual_mcp11_dvr
-        stack_env: virtual_mcp11_dvr/devcloud
+        stack_env: devcloud
         stack_install: core,openstack,dvr
         stack_type: heat
         stack_test: ""
         job_timer: ""
       - stack_name: virtual_mcp11_ovs
-        stack_env: virtual_mcp11_ovs/devcloud
+        stack_env: devcloud
         stack_install: core,openstack,ovs
         stack_type: heat
         stack_test: ""
         job_timer: ""
       - stack_name: virtual_mcp11_ironic_small
-        stack_env: virtual_mcp11_ironic_small/devcloud
+        stack_env: devcloud
         stack_install: core,openstack
         stack_type: heat
         stack_test: ""
@@ -34,25 +34,25 @@
         stack_test: ""
         job_timer: ""
       - stack_name: virtual_mcp11_k8s_calico
-        stack_env: virtual_mcp11_k8s_calico/devcloud
+        stack_env: devcloud
         stack_install: core,k8s,calico
         stack_type: heat
         stack_test: k8s
         job_timer: "H H(0-6) * * *"
       - stack_name: virtual_mcp11_k8s_contrail
-        stack_env: virtual_mcp11_k8s_contrail/devcloud
+        stack_env: devcloud
         stack_install: core,k8s,contrail
         stack_type: heat
         stack_test: k8s
         job_timer: "H H(0-6) * * *"
       - stack_name: virtual_mcp11_contrail_nfv
-        stack_env: virtual_mcp11_contrail_nfv/devcloud
+        stack_env: devcloud
         stack_install: core,openstack,contrail
         stack_type: heat
         stack_test: ""
         job_timer: "H H(0-6) * * *"
       - stack_name: virtual_mcp11_ovs_dpdk
-        stack_env: virtual_mcp11_ovs_dpdk/devcloud
+        stack_env: devcloud
         stack_install: core,openstack,ovs
         stack_type: heat
         stack_test: ""
diff --git a/jenkins/client/job/deploy/lab/release/mk.yml b/jenkins/client/job/deploy/lab/release/mk.yml
index 1be1057..4968285 100644
--- a/jenkins/client/job/deploy/lab/release/mk.yml
+++ b/jenkins/client/job/deploy/lab/release/mk.yml
@@ -5,26 +5,26 @@
     jenkins_deploy_jobs:
       # mk20
       - stack_name: virtual_mk20_advanced
-        stack_env: virtual_mk20_advanced/devcloud
+        stack_env: devcloud
         stack_install: core,openstack
         stack_type: heat
         stack_test: ""
         job_timer: ""
       - stack_name: virtual_mk20_basic
-        stack_env: virtual_mk20_basic/devcloud
+        stack_env: devcloud
         stack_install: core,openstack
         stack_type: heat
         stack_test: ""
         job_timer: ""
       # mk22
       - stack_name: virtual_mk22_advanced
-        stack_env: virtual_mk22_advanced/devcloud
+        stack_env: devcloud
         stack_install: core,openstack
         stack_type: heat
         stack_test: ""
         job_timer: ""
       - stack_name: virtual_mk22_basic
-        stack_env: virtual_mk22_basic/devcloud
+        stack_env: devcloud
         stack_install: core,openstack
         stack_type: heat
         stack_test: ""
diff --git a/jenkins/client/job/deploy/rollout.yml b/jenkins/client/job/deploy/rollout.yml
new file mode 100644
index 0000000..3f2f835
--- /dev/null
+++ b/jenkins/client/job/deploy/rollout.yml
@@ -0,0 +1,92 @@
+parameters:
+  jenkins:
+    client:
+      job:
+        deploy_rollout_config_change:
+          name: deploy-rollout-config-change
+          type: workflow-scm
+          discard:
+            build:
+              keep_num: 20
+          concurrent: true
+          display_name: "Deploy - Rollout change"
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+            credentials: "gerrit"
+            script: rollout-config-change.groovy
+          param:
+            TST_SALT_MASTER_CREDENTIALS:
+              type: string
+            TST_SALT_MASTER_URL:
+              type: string
+            PRD_SALT_MASTER_CREDENTIALS:
+              type: string
+            PRD_SALT_MASTER_URL:
+              type: string
+            MODEL_REPO_URL:
+              type: string
+            MODEL_REPO_CREDENTIALS:
+              type: string
+              default: "gerrit"
+            MODEL_REPO_SOURCE_BRANCH:
+              type: string
+            MODEL_REPO_TARGET_BRANCH:
+              type: string
+            TARGET_SERVERS:
+              type: string
+            TARGET_STATES:
+              type: string
+            TARGET_SUBSET_TEST:
+              type: string
+            TARGET_SUBSET_LIVE:
+              type: string
+            TARGET_BATCH_LIVE:
+              type: string
+              # test
+            TEST_SERVICE:
+              type: string
+            TEST_K8S_API_SERVER:
+              type: string
+              default: "http://127.0.0.1:8080"
+            TEST_K8S_CONFORMANCE_IMAGE:
+              type: string
+              default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.5.1-3_1482332392819"
+            TEST_TEMPEST_IMAGE:
+              type: string
+              description: "Tempest docker image"
+              default: "sandbox-docker-prod-local.docker.mirantis.net/mirantis/rally_tempest:0.1"
+            TEST_TEMPEST_TARGET:
+              type: string
+              description: "Node to run tests"
+              default: ""
+            TEST_DOCKER_INSTALL:
+              type: boolean
+              description: "Install docker on the target if true"
+              default: "true"
+            TEST_TEMPEST_PATTERN:
+              type: string
+              description: "Run tests matched to pattern only"
+        git_merge_branches:
+          name: git-merge-branches
+          type: workflow-scm
+          discard:
+            build:
+              keep_num: 20
+          concurrent: true
+          display_name: "Git - Merge branches"
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+            credentials: "gerrit"
+            script: git-merge-branches-pipeline.groovy
+          param:
+            REPO_URL:
+              type: string
+            CREDENTIALS_ID:
+              type: string
+              default: "gerrit"
+            SOURCE_BRANCH:
+              type: string
+            TARGET_BRANCH:
+              type: string
diff --git a/jenkins/client/job/opencontrail/git-mirrors/upstream.yml b/jenkins/client/job/opencontrail/git-mirrors/upstream.yml
index e40ac0f..fa9bc5b 100644
--- a/jenkins/client/job/opencontrail/git-mirrors/upstream.yml
+++ b/jenkins/client/job/opencontrail/git-mirrors/upstream.yml
@@ -67,7 +67,7 @@
                   contrail/{{name}}:
                     branches:
                       - compare_type: "REG_EXP"
-                        name: "*"
+                        name: ".*"
                 message:
                   build_successful: "Build successful"
                   build_unstable: "Build unstable"
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index 7849adc..50d1cc8 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -161,6 +161,9 @@
             NODE_TARGET:
               type: string
               default: ""
+            CLUSTER_NAME:
+              type: string
+              default: ""
             DEFAULT_GIT_URL:
               type: string
               default: "${_param:jenkins_gerrit_url}/salt-models/{{name}}"
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index f8ebcc7..6f22a0c 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -42,8 +42,17 @@
             RUN_TEMPEST_TESTS:
               type: boolean
               default: 'true'
+            RUN_K8S_TESTS:
+              type: boolean
+              default: 'true'
             TEMPEST_TEST_SET:
               type: choice
               choices:
                 - smoke
                 - full
+            TEST_K8S_API_SERVER:
+              type: string
+              default: "http://127.0.0.1:8080"
+            TEST_K8S_CONFORMANCE_IMAGE:
+              type: string
+              default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.5.1-3_1482332392819"
diff --git a/linux/network/hosts.yml b/linux/network/hosts.yml
new file mode 100644
index 0000000..1b29324
--- /dev/null
+++ b/linux/network/hosts.yml
@@ -0,0 +1,9 @@
+parameters:
+  linux:
+    network:
+      host:
+        localhost_hostname:
+          address: ${_param:single_address}
+          names:
+          - ${linux:network:fqdn}
+          - ${linux:network:hostname}
diff --git a/linux/system/single.yml b/linux/system/single.yml
index e2a8502..928efda 100644
--- a/linux/system/single.yml
+++ b/linux/system/single.yml
@@ -35,6 +35,8 @@
           net.ipv4.neigh.default.gc_thresh2: 8192
           net.ipv4.neigh.default.gc_thresh3: 16384
           net.core.netdev_max_backlog: 261144
+          net.ipv4.tcp_tw_recycle: 1
+          net.ipv4.tcp_tw_reuse: 1
           kernel.panic: 60
       cpu:
         governor: performance
diff --git a/neutron/compute/cluster.yml b/neutron/compute/cluster.yml
index fc87e84..13ee31c 100644
--- a/neutron/compute/cluster.yml
+++ b/neutron/compute/cluster.yml
@@ -3,6 +3,7 @@
 parameters:
   _param:
     neutron_enable_qos: False
+    neutron_enable_vlan_aware_vms: False
   linux:
     system:
       package:
@@ -13,6 +14,7 @@
     compute:
       dvr: ${_param:neutron_compute_dvr}
       qos: ${_param:neutron_enable_qos}
+      vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms}
       agent_mode: ${_param:neutron_compute_agent_mode}
       external_access: ${_param:neutron_compute_external_access}
       backend:
diff --git a/neutron/control/openvswitch/cluster.yml b/neutron/control/openvswitch/cluster.yml
index 0587342..c840e9a 100644
--- a/neutron/control/openvswitch/cluster.yml
+++ b/neutron/control/openvswitch/cluster.yml
@@ -10,6 +10,7 @@
     neutron_external_mtu: 1500
     neutron_tenant_network_types: "flat,vxlan"
     neutron_enable_qos: False
+    neutron_enable_vlan_aware_vms: False
   neutron:
     server:
       plugin: ml2
@@ -17,6 +18,7 @@
       l3_ha: ${_param:neutron_l3_ha}
       dvr: ${_param:neutron_control_dvr}
       qos: ${_param:neutron_enable_qos}
+      vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms}
       backend:
         engine: ml2
         tenant_network_types: "${_param:neutron_tenant_network_types}"
diff --git a/neutron/control/openvswitch/single.yml b/neutron/control/openvswitch/single.yml
index 91db484..1b830f6 100644
--- a/neutron/control/openvswitch/single.yml
+++ b/neutron/control/openvswitch/single.yml
@@ -8,6 +8,7 @@
     neutron_external_mtu: 1500
     neutron_tenant_network_types: "flat,vxlan"
     neutron_enable_qos: False
+    neutron_enable_vlan_aware_vms: False
   neutron:
     server:
       plugin: ml2
@@ -15,6 +16,7 @@
       l3_ha: ${_param:neutron_l3_ha}
       dvr: ${_param:neutron_control_dvr}
       qos: ${_param:neutron_enable_qos}
+      vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms}
       backend:
         engine: ml2
         tenant_network_types: "${_param:neutron_tenant_network_types}"
diff --git a/neutron/gateway/cluster.yml b/neutron/gateway/cluster.yml
index a4f37b1..c96c6bb 100644
--- a/neutron/gateway/cluster.yml
+++ b/neutron/gateway/cluster.yml
@@ -3,10 +3,12 @@
 parameters:
   _param:
     neutron_enable_qos: False
+    neutron_enable_vlan_aware_vms: False
   neutron:
     gateway:
       dvr: ${_param:neutron_gateway_dvr}
       qos: ${_param:neutron_enable_qos}
+      vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms}
       agent_mode: ${_param:neutron_gateway_agent_mode}
       backend:
         tenant_network_types: ${_param:neutron_tenant_network_types}"
diff --git a/opencontrail/compute/tor/cluster.yml b/opencontrail/compute/tor/cluster.yml
new file mode 100644
index 0000000..662de03
--- /dev/null
+++ b/opencontrail/compute/tor/cluster.yml
@@ -0,0 +1,4 @@
+classes:
+- service.haproxy.proxy.single
+- service.keepalived.cluster.single
+- service.opencontrail.compute.tor.cluster
diff --git a/openssh/server/team/members/chnyda.yml b/openssh/server/team/members/chnyda.yml
new file mode 100644
index 0000000..2bcecaf
--- /dev/null
+++ b/openssh/server/team/members/chnyda.yml
@@ -0,0 +1,20 @@
+parameters:
+  linux:
+    system:
+      user:
+        chnyda:
+          enabled: true
+          name: chnyda
+          sudo: true
+          full_name: Cedric Hnyda
+          home: /home/chnyda
+          email: chnyda@mirantis.com
+  openssh:
+    server:
+      enabled: true
+      user:
+        chnyda:
+          enabled: true
+          public_keys:
+            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHmLTwDSFslOUVo4ViT0bqVLhSaweuLt0QNWhnIaSPgqWhHOSkdqt3+Tg4l8Vd4O4Z44Yv/rXqhmO5X1AIytNccA6+nJe4Km3JC6QzG6npS3ghtHWDU3DOGgWd5RrULviEDSIj1w1oG8oHxdycGkbfjApAkiDR/xr7NHhTcPhEuvn/q7i1raj4vpNdIrR+cr6XA3l+I4cmaizpjuWaFrag1q24RS7PVEUmcPRSODrkdwFREsrLkIlIgtIoMIIjtEDdk1RU/loiXrNwuVRI3KTLqhheFlHedQd13uzpn66KF6UVlZAm+k2y2jLdEi5IFKD3g6mmWsNH6xSZYVn6d84/XvLjMsS/UL+WHr5xetHNSi3RtQOkCPYphq1KcRAXLwH0dgtDwfyg2F+5ezG3wMsZAqD3KiaGNmDcA6R19Fpjm0S4SXa+QnX5eZcO9DS5cYTjs8F2T9Vsaspvwc0U80M6+JvOlV1PBNJYQhSxdX1Plf2p1MrrRnYhlgMdzCiPSQHsKp3tei8I+bqCvV9iScLAbLxKaW/yWdeuh74oGitTfI4R0h0HMJ1lqK+rT5wtMXyJSvFMK6Zph0GqJf3QHBhzCfs5PIto1pyNdXbI8KzfgTgyo+3gpIPAQ2VD/pf8mOD218UPNQglYWP6wniTq/hVtC2tl3DW53qx5qv10osGmw== chnyda@mirantis.com
+          user: ${linux:system:user:chnyda}
diff --git a/openssh/server/team/tcpcloud.yml b/openssh/server/team/tcpcloud.yml
index c7b465a..bcd9327 100644
--- a/openssh/server/team/tcpcloud.yml
+++ b/openssh/server/team/tcpcloud.yml
@@ -20,6 +20,7 @@
 - system.openssh.server.team.members.tkukral
 - system.openssh.server.team.members.vmikes
 - system.openssh.server.team.members.psvimbersky
+- system.openssh.server.team.members.chnyda
 
 parameters:
   _param:
diff --git a/reclass/storage/system/kubernetes_control_cluster.yml b/reclass/storage/system/kubernetes_control_cluster.yml
index 5180ab6..de6a135 100644
--- a/reclass/storage/system/kubernetes_control_cluster.yml
+++ b/reclass/storage/system/kubernetes_control_cluster.yml
@@ -3,6 +3,9 @@
     kubernetes_control_node01_hostname: ctl01
     kubernetes_control_node02_hostname: ctl02
     kubernetes_control_node03_hostname: ctl03
+    kubernetes_control_node01_deploy_address: ${_param:kubernetes_control_node01_address}
+    kubernetes_control_node02_deploy_address: ${_param:kubernetes_control_node02_address}
+    kubernetes_control_node03_deploy_address: ${_param:kubernetes_control_node03_address}
   reclass:
     storage:
       node:
@@ -15,6 +18,7 @@
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: xenial
             single_address: ${_param:kubernetes_control_node01_address}
+            deploy_address: ${_param:kubernetes_control_node01_deploy_address}
             keepalived_vip_priority: 103
         kubernetes_control_node02:
           name: ${_param:kubernetes_control_node02_hostname}
@@ -25,6 +29,7 @@
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: xenial
             single_address: ${_param:kubernetes_control_node02_address}
+            deploy_address: ${_param:kubernetes_control_node02_deploy_address}
             keepalived_vip_priority: 102
         kubernetes_control_node03:
           name: ${_param:kubernetes_control_node03_hostname}
@@ -35,4 +40,5 @@
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: xenial
             single_address: ${_param:kubernetes_control_node03_address}
+            deploy_address: ${_param:kubernetes_control_node03_deploy_address}
             keepalived_vip_priority: 101
\ No newline at end of file
diff --git a/reclass/storage/system/opencontrail_tor_cluster.yml b/reclass/storage/system/opencontrail_tor_cluster.yml
new file mode 100644
index 0000000..81d7314
--- /dev/null
+++ b/reclass/storage/system/opencontrail_tor_cluster.yml
@@ -0,0 +1,31 @@
+parameters:
+  _param:
+    opencontrail_tor01_node01_hostname: tor01
+    opencontrail_tor01_node02_hostname: tor02
+    opencontrail_tor01_node01_tenant_address: ${_param:opencontrail_tor01_node01_address}
+    opencontrail_tor01_node02_tenant_address: ${_param:opencontrail_tor01_node02_address}
+  reclass:
+    storage:
+      node:
+        opencontrail_tor01_node01:
+          name: ${_param:opencontrail_tor01_node01_hostname}
+          domain: ${_param:cluster_domain}
+          classes:
+          - cluster.${_param:cluster_name}.opencontrail.tor
+          params:
+            salt_master_host: ${_param:reclass_config_master}
+            linux_system_codename: xenial
+            single_address: ${_param:opencontrail_tor01_node01_address}
+            tenant_address: ${_param:opencontrail_tor01_node01_tenant_address}
+            keepalived_vip_priority: 103
+        opencontrail_tor01_node02:
+          name: ${_param:opencontrail_tor01_node02_hostname}
+          domain: ${_param:cluster_domain}
+          classes:
+          - cluster.${_param:cluster_name}.opencontrail.tor
+          params:
+            salt_master_host: ${_param:reclass_config_master}
+            linux_system_codename: xenial
+            single_address: ${_param:opencontrail_tor01_node02_address}
+            tenant_address: ${_param:opencontrail_tor01_node02_tenant_address}
+            keepalived_vip_priority: 102
diff --git a/reclass/storage/system/openstack_baremetal_cluster.yml b/reclass/storage/system/openstack_baremetal_cluster.yml
index 8cab119..71f6034 100644
--- a/reclass/storage/system/openstack_baremetal_cluster.yml
+++ b/reclass/storage/system/openstack_baremetal_cluster.yml
@@ -19,6 +19,7 @@
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: ${_param:linux_system_codename}
             single_address: ${_param:openstack_baremetal_node01_address}
+            keepalived_vip_priority: 101
             baremetal_address: ${_param:openstack_baremetal_node01_baremetal_address}
         openstack_baremetal_node02:
           name: ${_param:openstack_baremetal_node02_hostname}
@@ -29,6 +30,7 @@
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: ${_param:linux_system_codename}
             single_address: ${_param:openstack_baremetal_node02_address}
+            keepalived_vip_priority: 102
             baremetal_address: ${_param:openstack_baremetal_node02_baremetal_address}
         openstack_baremetal_node03:
           name: ${_param:openstack_baremetal_node03_hostname}
@@ -39,6 +41,7 @@
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: ${_param:linux_system_codename}
             single_address: ${_param:openstack_baremetal_node03_address}
+            keepalived_vip_priority: 103
             baremetal_address: ${_param:openstack_baremetal_node03_baremetal_address}
 
 
diff --git a/salt/master/formula/git/helm.yml b/salt/master/formula/git/helm.yml
new file mode 100644
index 0000000..c25358f
--- /dev/null
+++ b/salt/master/formula/git/helm.yml
@@ -0,0 +1,16 @@
+parameters:
+  salt:
+    master:
+      environment:
+        prd:
+          formula:
+            helm:
+              source: git
+              address: '${_param:salt_master_environment_repository}/salt-formula-helm.git'
+              revision: ${_param:salt_master_environment_revision}
+              module:
+                helm.py:
+                  enabled: true
+              state:
+                helm_release.py:
+                  enabled: true
diff --git a/salt/master/formula/pkg/helm.yml b/salt/master/formula/pkg/helm.yml
new file mode 100644
index 0000000..8b68bfe
--- /dev/null
+++ b/salt/master/formula/pkg/helm.yml
@@ -0,0 +1,9 @@
+parameters:
+  salt:
+    master:
+      environment:
+        prd:
+          formula:
+            helm:
+              source: pkg
+              name: salt-formula-helm
diff --git a/salt/master/git.yml b/salt/master/git.yml
index 267bdb1..4562a74 100644
--- a/salt/master/git.yml
+++ b/salt/master/git.yml
@@ -8,6 +8,7 @@
 - system.salt.master.formula.git.saltstack
 - system.salt.master.formula.git.stacklight
 - system.salt.master.formula.git.monitoring
+- system.salt.master.formula.git.helm
 parameters:
   _param:
     salt_master_environment_repository: "https://github.com/salt-formulas"
diff --git a/salt/master/pkg.yml b/salt/master/pkg.yml
index 1001d49..62854f1 100644
--- a/salt/master/pkg.yml
+++ b/salt/master/pkg.yml
@@ -8,4 +8,5 @@
 - system.salt.master.formula.pkg.saltstack
 - system.salt.master.formula.pkg.stacklight
 - system.salt.master.formula.pkg.monitoring
+- system.salt.master.formula.pkg.helm
 - system.linux.system.repo.mcp.salt
diff --git a/salt/minion/cert/etcd_client_single.yml b/salt/minion/cert/etcd_client_single.yml
new file mode 100644
index 0000000..a14e106
--- /dev/null
+++ b/salt/minion/cert/etcd_client_single.yml
@@ -0,0 +1,18 @@
+parameters:
+  salt:
+    minion:
+      cert:
+        etcd_client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: ${linux:system:name}
+          signing_policy: cert_open
+          alternative_names: DNS:${linux:system:name},DNS:${linux:network:fqdn}
+          extended_key_usage: clientAuth
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: /var/lib/etcd/etcd-client.key
+          cert_file: /var/lib/etcd/etcd-client.crt
+          all_file: /var/lib/etcd/etcd-client.pem
+          ca_file: /var/lib/etcd/ca.pem
+          user: etcd
+          group: etcd
diff --git a/salt/minion/cert/etcd_server_single.yml b/salt/minion/cert/etcd_server_single.yml
new file mode 100644
index 0000000..f9fc585
--- /dev/null
+++ b/salt/minion/cert/etcd_server_single.yml
@@ -0,0 +1,18 @@
+parameters:
+  salt:
+    minion:
+      cert:
+        etcd_server:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: ${linux:system:name}
+          signing_policy: cert_open
+          alternative_names: IP:127.0.0.1,DNS:${linux:system:name},DNS:${linux:network:fqdn}
+          extended_key_usage: serverAuth,clientAuth
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: /var/lib/etcd/etcd-server.key
+          cert_file: /var/lib/etcd/etcd-server.crt
+          all_file: /var/lib/etcd/etcd-server.pem
+          ca_file: /var/lib/etcd/ca.pem
+          user: etcd
+          group: etcd
diff --git a/salt/minion/cert/opencontrail/tor.yml b/salt/minion/cert/opencontrail/tor.yml
new file mode 100644
index 0000000..eb9c704
--- /dev/null
+++ b/salt/minion/cert/opencontrail/tor.yml
@@ -0,0 +1,14 @@
+parameters:
+  _param:
+    salt_minion_ca_authority: salt_master_ca
+  salt:
+    minion:
+      cert:
+        opencontrail_tor:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: opencontrail_tor
+          key_file: /etc/contrail/ssl/certs/tor.key
+          cert_file: /etc/contrail/ssl/certs/tor.crt
+          ca_file: /etc/contrail/ssl/certs/ca.crt
+          signing_policy: cert_open