Merge "Add npliashechnikov and ozhurba as members in openssh/server/team/. Refactor services_qa ssh team: include all people as members from  openssh/server/team/. Move ozhurba to mcp_qa."
diff --git a/defaults/backup.yml b/defaults/backup.yml
new file mode 100644
index 0000000..66e5173
--- /dev/null
+++ b/defaults/backup.yml
@@ -0,0 +1,7 @@
+parameters:
+  _param:
+    backup_min: "0"
+    backup_hour: "*/12"
+    backup_day_of_month: "*"
+    backup_month: "*"
+    backup_day_of_week: "*"
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 8207c87..8db61a5 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -27,6 +27,7 @@
     docker_image_alerta: "${_param:mcp_docker_registry}/mirantis/external/alerta-web:${_param:mcp_version}"
     docker_image_alertmanager: "${_param:mcp_docker_registry}/openstack-docker/alertmanager:${_param:mcp_version}"
     docker_image_grafana: "${_param:mcp_docker_registry}/openstack-docker/grafana:${_param:mcp_version}"
+    docker_image_prometheus_es_exporter: "${_param:mcp_docker_registry}/mirantis/external/braedon/prometheus-es-exporter:0.5.1"
     docker_image_prometheus: "${_param:mcp_docker_registry}/openstack-docker/prometheus:${_param:mcp_version}"
     docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/gainsight:${_param:mcp_version}"
     docker_image_prometheus_gainsight_elasticsearch: "${_param:mcp_docker_registry}/openstack-docker/gainsight_elasticsearch:${_param:mcp_version}"
@@ -134,6 +135,10 @@
         - registry: ${_param:mcp_docker_registry}/openstack-docker
           target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
           name: gainsight_elasticsearch:${_param:mcp_version}
+        - registry: ${_param:mcp_docker_registry}/mirantis/external/braedon
+          target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/braedon
+          name: prometheus-es-exporter:0.5.1
+
         # QA\CVP tool-set's
         - registry: ${_param:mcp_docker_registry}/mirantis/oss
           target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/oss
diff --git a/defaults/init.yml b/defaults/init.yml
index 42c315a..978671c 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -22,6 +22,7 @@
 - system.defaults.salt
 - system.defaults.stacklight
 - system.defaults.xtrabackup
+- system.defaults.backup
 parameters:
   _param:
     mcp_version: stable
diff --git a/defaults/linux_system_file.yml b/defaults/linux_system_file.yml
index c37c030..8af3075 100644
--- a/defaults/linux_system_file.yml
+++ b/defaults/linux_system_file.yml
@@ -13,16 +13,23 @@
           name: /srv/http/images.mirantis.com/ubuntu-16-04-x64-mcp${_param:mcp_version}.qcow2.md5
           source: ${_param:mcp_static_images_url}/ubuntu-16-04-x64-mcp${_param:mcp_version}.qcow2.md5
         amphora-x64-haproxy-pike.qcow2:
-          source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2
-          name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2
-          hash: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2.md5
+          name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2
+          source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2
+          hash: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2.md5
         amphora-x64-haproxy-pike.qcow2.md5:
-          source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2.md5
-          name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2.md5
+          name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2.md5
+          source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2.md5
         amphora-x64-haproxy-queens.qcow2:
-          source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2
-          name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2
-          hash: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2.md5
+          name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2
+          source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2
+          hash: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2.md5
         amphora-x64-haproxy-queens.qcow2.md5:
-          source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2.md5
-          name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2.md5
+          name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2.md5
+          source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2.md5
+        amphora-x64-haproxy-rocky.qcow2:
+          name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2
+          source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2
+          hash: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2.md5
+        amphora-x64-haproxy-rocky.qcow2.md5:
+          name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2.md5
+          source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2.md5
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 3eddebc..8a6db83 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -13,6 +13,7 @@
     openstack_share_service_host: ${_param:openstack_share_service_hostname}.${linux:system:domain}
     openstack_kmn_service_host: ${_param:openstack_kmn_service_hostname}.${linux:system:domain}
     openstack_telemetry_service_host: ${_param:openstack_telemetry_service_hostname}.${linux:system:domain}
+    openstack_service_user_enabled: True
     # SSL
     ceilometer_agent_ssl_enabled: False
     openstack_mysql_x509_enabled: False
@@ -34,7 +35,7 @@
     cinder_old_version: ${_param:openstack_old_version}
     cinder_version: ${_param:openstack_version}
     cinder_upgrade_enabled: ${_param:openstack_upgrade_enabled}
-    cinder_service_user_enabled: True
+    cinder_service_user_enabled: ${_param:openstack_service_user_enabled}
     # Nova
     nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
     nova_memcache_secret_key: ''
@@ -42,7 +43,7 @@
     nova_version: ${_param:openstack_version}
     nova_upgrade_enabled: ${_param:openstack_upgrade_enabled}
     nova_instance_build_timeout: 3600
-    nova_service_user_enabled: True
+    nova_service_user_enabled: ${_param:openstack_service_user_enabled}
     # Glance
     glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
     glance_memcache_secret_key: ''
@@ -167,7 +168,7 @@
     octavia_health_manager_node03_address: 192.168.10.12
     #
     amphora_image_name: amphora-x64-haproxy
-    amphora_image_url: "${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/${_param:openstack_version}/amphora-x64-haproxy.qcow2"
+    amphora_image_url: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-${_param:openstack_version}-${_param:mcp_version}.qcow2
     # HAproxy
     haproxy_openstack_web_bind_port: ${_param:horizon_public_port}
     #
diff --git a/etcd/server/cluster.yml b/etcd/server/cluster.yml
index d9c1c8b..af210d7 100644
--- a/etcd/server/cluster.yml
+++ b/etcd/server/cluster.yml
@@ -4,10 +4,10 @@
 - service.etcd.linux
 parameters:
   _param:
-    docker_image_etcd: quay.io/coreos/etcd:v3.3.10
+    docker_image_etcd: quay.io/coreos/etcd:v3.3.12
     kubernetes_etcd_repo: https://github.com/etcd-io/etcd/releases/download
-    kubernetes_etcd_source: ${_param:kubernetes_etcd_repo}/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz
-    kubernetes_etcd_source_hash: md5=dbbe0d021ba497bf9d9cc9963d0c7a4b
+    kubernetes_etcd_source: ${_param:kubernetes_etcd_repo}/v3.3.12/etcd-v3.3.12-linux-amd64.tar.gz
+    kubernetes_etcd_source_hash: md5=079af00546443b686df31e7ec605135e
   etcd:
     server:
       enabled: true
diff --git a/jenkins/client/job/deploy/galera_database_backup.yml b/jenkins/client/job/deploy/galera_database_backup.yml
new file mode 100644
index 0000000..e78c29b
--- /dev/null
+++ b/jenkins/client/job/deploy/galera_database_backup.yml
@@ -0,0 +1,33 @@
+parameters:
+  jenkins:
+    client:
+      job:
+        galera_backup_database:
+          type: workflow-scm
+          name: galera-database-backup
+          display_name: "Galera database backup"
+          discard:
+            build:
+              keep_num: 50
+          concurrent: true
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+            branch: "${_param:jenkins_pipelines_branch}"
+            credentials: "gerrit"
+            script: galera-database-backup-pipeline.groovy
+          param:
+            SALT_MASTER_CREDENTIALS:
+              type: string
+              default: "salt"
+            OVERRIDE_BACKUP_NODE:
+              type: string
+              default: "none"
+            SALT_MASTER_URL:
+              type: string
+              default: "${_param:jenkins_salt_api_url}"
+            ASK_CONFIRMATION:
+              type: boolean
+              default: 'true'
+          triggers:
+            - timed: "${_param:backup_min} ${_param:backup_hour} ${_param:backup_day_of_month} ${_param:backup_month} ${_param:backup_day_of_week}"
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index 0555271..952e5c8 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -41,7 +41,7 @@
     kubernetes_hyperkube_source: ${_param:kubernetes_hyperkube_repo}/hyperkube_v1.13.2-1_1549961718696
     kubernetes_hyperkube_source_hash: md5=802e0ee43fd2a41e9ed84b0f867e70a2
     kubernetes_pause_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/pause-amd64:v1.13.2-1
-    kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.4.4
+    kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.5.0
     kubernetes_criproxy_version: v0.14.0
     kubernetes_criproxy_checksum: md5=f0fa669295a156a588f3480c9909e6fd
     kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
diff --git a/kubernetes/master/kdt_cluster.yml b/kubernetes/master/kdt_cluster.yml
new file mode 100644
index 0000000..00b0cce
--- /dev/null
+++ b/kubernetes/master/kdt_cluster.yml
@@ -0,0 +1,15 @@
+classes:
+- service.kubernetes.master.cluster
+- service.haproxy.proxy.single
+- system.haproxy.proxy.listen.kubernetes.apiserver
+- system.keepalived.cluster.instance.kdt_kube_api_server_vip
+- system.kubernetes.master.common
+parameters:
+  kubernetes:
+    master:
+      network:
+        calico:
+          prometheus:
+            enabled: true
+          policy:
+            enabled: false