diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index db6b39b..444050a 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -4,6 +4,7 @@
 - service.haproxy.proxy.single
 - system.haproxy.proxy.listen.openstack.aodh
 - system.keepalived.cluster.instance.openstack_telemetry_vip
+- system.salt.minion.cert.rabbitmq.clients.openstack.aodh
 parameters:
   _param:
     openstack_event_alarm_topic: alarm.all
@@ -11,6 +12,9 @@
     aodh_alarm_history_ttl: 2592000
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       cron:
@@ -53,9 +57,10 @@
         user: aodh
         password: ${_param:keystone_aodh_password}
         region: ${_param:openstack_region}
+        protocol: ${_param:cluster_internal_protocol}
       message_queue:
         engine: rabbitmq
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
@@ -63,6 +68,13 @@
           - host: ${_param:openstack_message_queue_node01_address}
           - host: ${_param:openstack_message_queue_node02_address}
           - host: ${_param:openstack_message_queue_node03_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_aodh_ssl_ca_file}
+          key_file: ${_param:rabbitmq_aodh_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_aodh_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       # Check for expired alarm history every day at 2 AM
       expirer:
         cron:
diff --git a/aodh/server/single.yml b/aodh/server/single.yml
index f20195f..2dfdea9 100644
--- a/aodh/server/single.yml
+++ b/aodh/server/single.yml
@@ -1,6 +1,7 @@
 classes:
 - service.aodh.server.single
 - system.salt.minion.cert.mysql.clients.openstack.aodh
+- system.salt.minion.cert.rabbitmq.clients.openstack.aodh
 parameters:
   _param:
     openstack_event_alarm_topic: alarm.all
@@ -8,6 +9,9 @@
     aodh_alarm_history_ttl: 2592000
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       cron:
@@ -24,12 +28,22 @@
           cert_file: ${_param:mysql_aodh_client_ssl_cert_file}
         ssl:
           enabled: ${_param:galera_ssl_enabled}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_aodh_ssl_ca_file}
+          key_file: ${_param:rabbitmq_aodh_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_aodh_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       ttl: ${_param:aodh_alarm_history_ttl}
       role: ${_param:openstack_node_role}
       region: ${_param:openstack_region}
       event_alarm_topic: ${_param:openstack_event_alarm_topic}
       identity:
         region: ${_param:openstack_region}
+        protocol: ${_param:internal_protocol}
       # Check for expired alarm history every day at 2 AM
       expirer:
         cron:
diff --git a/apache/server/proxy/init.yml b/apache/server/proxy/init.yml
new file mode 100644
index 0000000..06921f8
--- /dev/null
+++ b/apache/server/proxy/init.yml
@@ -0,0 +1,7 @@
+parameters:
+  apache:
+    server:
+      modules:
+        - proxy
+        - proxy_http
+        - headers
diff --git a/apache/server/proxy/openstack/aodh.yml b/apache/server/proxy/openstack/aodh.yml
new file mode 100644
index 0000000..d8ae2eb
--- /dev/null
+++ b/apache/server/proxy/openstack/aodh.yml
@@ -0,0 +1,25 @@
+parameters:
+  _param:
+    apache_ssl:
+      enabled: false
+    apache_proxy_ssl: ${_param:apache_ssl}
+    apache_proxy_openstack_api_host: ${_param:cluster_public_host}
+    apache_proxy_openstack_api_address: 0.0.0.0
+    apache_proxy_openstack_aodh_host: ${_param:aodh_service_host}
+  apache:
+    server:
+      enabled: true
+      site:
+        apache_proxy_openstack_api_aodh:
+          enabled: true
+          type: proxy
+          name: openstack_api_aodh
+          proxy:
+            host: ${_param:apache_proxy_openstack_aodh_host}
+            port: 8042
+            protocol: http
+          host:
+            name: ${_param:apache_proxy_openstack_api_host}
+            port: 8042
+            address: ${_param:apache_proxy_openstack_api_address}
+          ssl: ${_param:apache_proxy_ssl}
diff --git a/apache/server/site/aodh.yml b/apache/server/site/aodh.yml
new file mode 100644
index 0000000..6ce5ede
--- /dev/null
+++ b/apache/server/site/aodh.yml
@@ -0,0 +1,36 @@
+parameters:
+  _param:
+    apache_ssl:
+      enabled: false
+    apache_aodh_ssl: ${_param:apache_ssl}
+    aodh_api_workers: 2
+    apache_aodh_api_host: ${linux:network:fqdn}
+    apache_aodh_api_address: ${_param:single_address}
+    apache_aodh_api_port: 8042
+  apache:
+    server:
+      site:
+        aodh:
+          enabled: false
+          available: true
+          type: wsgi
+          name: aodh
+          ssl: ${_param:apache_aodh_ssl}
+          host:
+            name: ${_param:apache_aodh_api_host}
+            address: ${_param:apache_aodh_api_address}
+            port: ${_param:apache_aodh_api_port}
+          log:
+            custom:
+              format: >-
+                %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+          wsgi:
+            daemon_process: aodh-api
+            processes: ${_param:aodh_api_workers}
+            threads: 1
+            user: aodh
+            group: aodh
+            display_name: '%{GROUP}'
+            script_alias: '/ /usr/share/aodh/app.wsgi'
+            application_group: '%{GLOBAL}'
+            authorization: 'On'
diff --git a/apache/server/site/manila.yml b/apache/server/site/manila.yml
index cecf1d4..3080d1d 100644
--- a/apache/server/site/manila.yml
+++ b/apache/server/site/manila.yml
@@ -12,6 +12,8 @@
     server:
       enabled: true
       default_mpm: event
+      modules:
+        - wsgi
       site:
         manila:
           enabled: false
diff --git a/barbican/server/cluster.yml b/barbican/server/cluster.yml
index 972c05d..7e4c0e4 100644
--- a/barbican/server/cluster.yml
+++ b/barbican/server/cluster.yml
@@ -1,9 +1,16 @@
 classes:
 - service.barbican.server.cluster
 - system.haproxy.proxy.listen.openstack.barbican
+- system.salt.minion.cert.mysql.clients.openstack.barbican
+- system.salt.minion.cert.rabbitmq.clients.openstack.barbican
 parameters:
   _param:
     cluster_internal_protocol: 'http'
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   barbican:
     server:
       role: ${_param:openstack_node_role}
@@ -11,6 +18,22 @@
         protocol: ${_param:cluster_internal_protocol}
       database:
         host: ${_param:openstack_database_address}
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_barbican_ssl_ca_file}
+          key_file: ${_param:mysql_barbican_client_ssl_key_file}
+          cert_file: ${_param:mysql_barbican_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_barbican_ssl_ca_file}
+          key_file: ${_param:rabbitmq_barbican_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_barbican_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
   linux:
     system:
       package:
diff --git a/barbican/server/single.yml b/barbican/server/single.yml
index 207957f..befad42 100644
--- a/barbican/server/single.yml
+++ b/barbican/server/single.yml
@@ -1,13 +1,37 @@
 classes:
 - service.barbican.server.single
+- system.salt.minion.cert.mysql.clients.openstack.barbican
+- system.salt.minion.cert.rabbitmq.clients.openstack.barbican
 parameters:
   _param:
     internal_protocol: 'http'
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   barbican:
     server:
+      database:
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_barbican_ssl_ca_file}
+          key_file: ${_param:mysql_barbican_client_ssl_key_file}
+          cert_file: ${_param:mysql_barbican_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
       role: ${_param:openstack_node_role}
       identity:
         protocol: ${_param:internal_protocol}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_barbican_ssl_ca_file}
+          key_file: ${_param:rabbitmq_barbican_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_barbican_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
   linux:
     system:
       package:
diff --git a/ceilometer/agent/cluster.yml b/ceilometer/agent/cluster.yml
index a598ee5..cadbaa9 100644
--- a/ceilometer/agent/cluster.yml
+++ b/ceilometer/agent/cluster.yml
@@ -1,6 +1,11 @@
 classes:
 - service.ceilometer.agent.cluster
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
 parameters:
+  _param:
+    openstack_rabbitmq_port: 5672
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
   ceilometer:
     agent:
       region: ${_param:openstack_region}
@@ -15,7 +20,9 @@
         user: ceilometer
         password: ${_param:keystone_ceilometer_password}
         region: ${_param:openstack_region}
+        protocol: ${_param:cluster_internal_protocol}
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         engine: rabbitmq
         members:
           - host: ${_param:openstack_message_queue_node01_address}
@@ -25,6 +32,13 @@
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
         ha_queues: true
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
   nova:
     compute:
       notification:
diff --git a/ceilometer/agent/single.yml b/ceilometer/agent/single.yml
index ebb1d60..3803d12 100644
--- a/ceilometer/agent/single.yml
+++ b/ceilometer/agent/single.yml
@@ -1,2 +1,21 @@
 classes:
 - service.ceilometer.agent.single
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
+parameters:
+  _param:
+    openstack_rabbitmq_port: 5672
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+  ceilometer:
+    agent:
+      identity:
+        protocol: ${_param:internal_protocol}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/ceilometer/agent/telemetry/cluster.yml b/ceilometer/agent/telemetry/cluster.yml
index bc67493..56ca6cc 100644
--- a/ceilometer/agent/telemetry/cluster.yml
+++ b/ceilometer/agent/telemetry/cluster.yml
@@ -1,6 +1,11 @@
 classes:
 - service.ceilometer.agent.cluster.common
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
 parameters:
+  _param:
+    openstack_rabbitmq_port: 5672
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
   ceilometer:
     agent:
       region: ${_param:openstack_region}
@@ -15,7 +20,9 @@
         user: ceilometer
         password: ${_param:keystone_ceilometer_password}
         region: ${_param:openstack_region}
+        protocol: ${_param:cluster_internal_protocol}
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         engine: rabbitmq
         members:
           - host: ${_param:openstack_message_queue_node01_address}
@@ -25,6 +32,13 @@
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
         ha_queues: true
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
   nova:
     compute:
       notification:
diff --git a/ceilometer/agent/telemetry/single.yml b/ceilometer/agent/telemetry/single.yml
index 6b42537..a5fcd51 100644
--- a/ceilometer/agent/telemetry/single.yml
+++ b/ceilometer/agent/telemetry/single.yml
@@ -1,2 +1,21 @@
 classes:
 - service.ceilometer.agent.single.common
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
+parameters:
+  _param:
+    openstack_rabbitmq_port: 5672
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+  ceilometer:
+    agent:
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
+      identity:
+        protocol: ${_param:internal_protocol}
diff --git a/ceilometer/server/cluster.yml b/ceilometer/server/cluster.yml
index ad804f8..31a0abe 100644
--- a/ceilometer/server/cluster.yml
+++ b/ceilometer/server/cluster.yml
@@ -4,7 +4,12 @@
 - service.haproxy.proxy.single
 - system.haproxy.proxy.listen.openstack.ceilometer
 - system.keepalived.cluster.instance.openstack_telemetry_vip
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
 parameters:
+  _param:
+    openstack_rabbitmq_port: 5672
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
   ceilometer:
     server:
       enabled: true
@@ -30,12 +35,21 @@
         user: ceilometer
         password: ${_param:keystone_ceilometer_password}
         region: ${_param:openstack_region}
+        protocol: ${_param:cluster_internal_protocol}
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         engine: rabbitmq
         members:
           - host: ${_param:openstack_message_queue_node01_address}
           - host: ${_param:openstack_message_queue_node02_address}
           - host: ${_param:openstack_message_queue_node03_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
diff --git a/ceilometer/server/single.yml b/ceilometer/server/single.yml
index ae642f1..37feddc 100644
--- a/ceilometer/server/single.yml
+++ b/ceilometer/server/single.yml
@@ -1,6 +1,11 @@
 classes:
 - service.ceilometer.server.single
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
 parameters:
+  _param:
+    openstack_rabbitmq_port: 5672
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
   ceilometer:
     server:
       role: ${_param:openstack_node_role}
@@ -15,3 +20,14 @@
           enabled: true
           host: ${_param:stacklight_monitor_address}
           port: 9200
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
+      identity:
+        protocol: ${_param:cluster_internal_protocol}
diff --git a/ceilometer/server/telemetry/cluster.yml b/ceilometer/server/telemetry/cluster.yml
index fdf3e03..a887536 100644
--- a/ceilometer/server/telemetry/cluster.yml
+++ b/ceilometer/server/telemetry/cluster.yml
@@ -2,7 +2,12 @@
 classes:
 - service.ceilometer.server.cluster.common
 - system.keepalived.cluster.instance.openstack_telemetry_vip
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
 parameters:
+  _param:
+    openstack_rabbitmq_port: 5672
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
   ceilometer:
     server:
       enabled: true
@@ -26,7 +31,9 @@
         user: ceilometer
         password: ${_param:keystone_ceilometer_password}
         region: ${_param:openstack_region}
+        protocol: ${_param:cluster_internal_protocol}
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         engine: rabbitmq
         members:
           - host: ${_param:openstack_message_queue_node01_address}
@@ -35,3 +42,10 @@
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/ceilometer/server/telemetry/single.yml b/ceilometer/server/telemetry/single.yml
index 2d8828c..9ff35d1 100644
--- a/ceilometer/server/telemetry/single.yml
+++ b/ceilometer/server/telemetry/single.yml
@@ -1,6 +1,22 @@
 classes:
 - service.ceilometer.server.single.common
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
 parameters:
+  _param:
+    openstack_rabbitmq_port: 5672
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
   ceilometer:
     server:
       role: ${_param:openstack_node_role}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
+      identity:
+        protocol: ${_param:internal_protocol}
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index 5bc5c75..e4a0718 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -4,11 +4,15 @@
 - service.keepalived.cluster.single
 - system.haproxy.proxy.listen.openstack.cinder
 - system.salt.minion.cert.mysql.clients.openstack.cinder
+- system.salt.minion.cert.rabbitmq.clients.openstack.cinder
 parameters:
   _param:
     cluster_internal_protocol: 'http'
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -59,6 +63,7 @@
         port: 9292
         protocol: ${_param:cluster_internal_protocol}
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         engine: rabbitmq
         members:
           - host: ${_param:openstack_message_queue_node01_address}
@@ -67,6 +72,13 @@
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_cinder_ssl_ca_file}
+          key_file: ${_param:rabbitmq_cinder_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_cinder_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       cache:
         engine: memcached
         members:
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index f38cfb4..0d29e31 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -1,11 +1,15 @@
 classes:
 - service.cinder.control.single
 - system.salt.minion.cert.mysql.clients.openstack.cinder
+- system.salt.minion.cert.rabbitmq.clients.openstack.cinder
 parameters:
   _param:
     internal_protocol: 'http'
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -31,4 +35,13 @@
       identity:
         protocol: ${_param:internal_protocol}
         region: ${_param:openstack_region}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_cinder_ssl_ca_file}
+          key_file: ${_param:rabbitmq_cinder_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_cinder_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
 
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index 51c3ba8..b0e179a 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -1,10 +1,14 @@
 classes:
 - service.cinder.volume.local
 - system.salt.minion.cert.mysql.clients.openstack.cinder
+- system.salt.minion.cert.rabbitmq.clients.openstack.cinder
 parameters:
   _param:
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   cinder:
     volume:
       enabled: True
@@ -20,7 +24,15 @@
       glance:
         host: ${_param:single_address}
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         host: ${_param:single_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_cinder_ssl_ca_file}
+          key_file: ${_param:rabbitmq_cinder_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_cinder_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       identity:
         host: ${_param:single_address}
         region: ${_param:openstack_region}
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index f6d4503..03c4b3c 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -1,11 +1,15 @@
 classes:
 - service.cinder.volume.single
 - system.salt.minion.cert.mysql.clients.openstack.cinder
+- system.salt.minion.cert.rabbitmq.clients.openstack.cinder
 parameters:
   _param:
     cluster_internal_protocol: 'http'
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -28,10 +32,18 @@
         host: ${_param:openstack_control_address}
         protocol: ${_param:cluster_internal_protocol}
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         members:
           - host: ${_param:openstack_message_queue_node01_address}
           - host: ${_param:openstack_message_queue_node02_address}
           - host: ${_param:openstack_message_queue_node03_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_cinder_ssl_ca_file}
+          key_file: ${_param:rabbitmq_cinder_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_cinder_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       identity:
         host: ${_param:openstack_control_address}
         protocol: ${_param:cluster_internal_protocol}
diff --git a/debmirror/mirror_mirantis_com/elasticsearch-5.x/xenial.yml b/debmirror/mirror_mirantis_com/elasticsearch-5.x/xenial.yml
new file mode 100644
index 0000000..fd80c19
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/elasticsearch-5.x/xenial.yml
@@ -0,0 +1,24 @@
+parameters:
+  _param:
+    apt_mk_version: 'stable'
+    mirror_mirantis_com_elasticsearch_5_x_xenial_force: False
+    debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
+  debmirror:
+    client:
+      enabled: true
+      mirrors:
+        mirror_mirantis_com_elasticsearch_5_x_xenial:
+          enabled: true
+          force: ${_param:mirror_mirantis_com_elasticsearch_5_x_xenial_force}
+          lock_target: True
+          extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+          method: "rsync"
+          arch: [ 'amd64' ]
+          mirror_host: "mirror.mirantis.com"
+          mirror_root: ":mirror/${_param:apt_mk_version}/elasticsearch-5.x/xenial/"
+          target_dir: "${_param:debmirror_mirrors_base_target_dir}/elasticsearch-5.x/xenial/"
+          log_file: "/var/log/debmirror/mirror_mirantis_com_elasticsearch_5_x_xenial.log"
+          dist: [ stable ]
+          section: [ main ]
+          filter:
+            001: "--exclude='-dbg_'"
diff --git a/debmirror/mirror_mirantis_com/elasticsearch-curator-5/xenial.yml b/debmirror/mirror_mirantis_com/elasticsearch-curator-5/xenial.yml
new file mode 100644
index 0000000..f939c79
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/elasticsearch-curator-5/xenial.yml
@@ -0,0 +1,22 @@
+parameters:
+  _param:
+    apt_mk_version: 'stable'
+    mirror_mirantis_com_elasticsearch_curator_5_xenial_force: False
+    debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
+  debmirror:
+    client:
+      enabled: true
+      mirrors:
+        mirror_mirantis_com_elasticsearch_curator_5_xenial:
+          enabled: true
+          force: ${_param:mirror_mirantis_com_elasticsearch_curator_5_xenial_force}
+          lock_target: True
+          extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+          method: "rsync"
+          arch: [ 'amd64' ]
+          mirror_host: "mirror.mirantis.com"
+          mirror_root: ":mirror/${_param:apt_mk_version}/elasticsearch-curator-5/xenial/"
+          target_dir: "${_param:debmirror_mirrors_base_target_dir}/elasticsearch-curator-5/xenial/"
+          log_file: "/var/log/debmirror/mirror_mirantis_com_elasticsearch_curator_5_xenial.log"
+          dist: [ stable ]
+          section: [ main ]
diff --git a/designate/server/cluster/default.yml b/designate/server/cluster/default.yml
index de2eb43..1e8076e 100644
--- a/designate/server/cluster/default.yml
+++ b/designate/server/cluster/default.yml
@@ -3,10 +3,17 @@
 - service.haproxy.proxy.single
 - system.haproxy.proxy.listen.openstack.designate
 - service.designate.server.cluster
+- system.salt.minion.cert.mysql.clients.openstack.designate
+- system.salt.minion.cert.rabbitmq.clients.openstack.designate
 parameters:
   _param:
     designate_admin_api_enabled: false
     cluster_internal_protocol: 'http'
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -36,6 +43,13 @@
           pool_manager: designate_pool_manager
         user: designate
         password: ${_param:mysql_designate_password}
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_designate_ssl_ca_file}
+          key_file: ${_param:mysql_designate_client_ssl_key_file}
+          cert_file: ${_param:mysql_designate_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
       identity:
         engine: keystone
         host: ${_param:openstack_control_address}
@@ -49,11 +63,18 @@
           address: ${_param:single_address}
       message_queue:
         engine: rabbitmq
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         members:
         - host: ${_param:openstack_message_queue_node01_address}
         - host: ${_param:openstack_message_queue_node02_address}
         - host: ${_param:openstack_message_queue_node03_address}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
-        virtual_host: '/openstack'
\ No newline at end of file
+        virtual_host: '/openstack'
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_designate_ssl_ca_file}
+          key_file: ${_param:rabbitmq_designate_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_designate_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/designate/server/cluster/simple.yml b/designate/server/cluster/simple.yml
index 06c6a33..459ab96 100644
--- a/designate/server/cluster/simple.yml
+++ b/designate/server/cluster/simple.yml
@@ -1,12 +1,16 @@
 classes:
 - service.designate.server.cluster
 - system.salt.minion.cert.mysql.clients.openstack.designate
+- system.salt.minion.cert.rabbitmq.clients.openstack.designate
 parameters:
   _param:
     designate_admin_api_enabled: false
     cluster_internal_protocol: 'http'
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -56,7 +60,7 @@
           address: ${_param:single_address}
       message_queue:
         engine: rabbitmq
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         members:
         - host: ${_param:openstack_message_queue_node01_address}
         - host: ${_param:openstack_message_queue_node02_address}
@@ -64,6 +68,13 @@
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_designate_ssl_ca_file}
+          key_file: ${_param:rabbitmq_designate_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_designate_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       pools:
         default:
           description: 'default pool'
diff --git a/designate/server/single.yml b/designate/server/single.yml
index 1bb51cb..e89afe1 100644
--- a/designate/server/single.yml
+++ b/designate/server/single.yml
@@ -1,12 +1,16 @@
 classes:
 - service.designate.server.single
 - system.salt.minion.cert.mysql.clients.openstack.designate
+- system.salt.minion.cert.rabbitmq.clients.openstack.designate
 parameters:
   _param:
     designate_admin_api_enabled: false
     internal_protocol: 'http'
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -54,10 +58,17 @@
       message_queue:
         engine: rabbitmq
         host: ${_param:cluster_vip_address}
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_designate_ssl_ca_file}
+          key_file: ${_param:rabbitmq_designate_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_designate_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       pools:
         default:
           description: 'default pool'
diff --git a/docker/host.yml b/docker/host.yml
index aef7a32..bb3dffa 100644
--- a/docker/host.yml
+++ b/docker/host.yml
@@ -1,6 +1,8 @@
 classes:
   - service.docker.host
 parameters:
+  _param:
+    docker_garbage_collection_enabled: false
   docker:
     host:
       pkgs:
@@ -14,3 +16,16 @@
         ipv6: true
         fixed-cidr-v6: fc00::/7
         storage-driver: overlay2
+  linux:
+    system:
+      cron:
+        user:
+          root:
+            enabled: true
+      job:
+        docker_garbage_collection:
+          command: docker system prune -f --filter until=$(date +%s -d "1 week ago")
+          enabled: ${_param:docker_garbage_collection_enabled}
+          user: root
+          hour: 6
+          minute: 0
diff --git a/docker/swarm/stack/artifactory.yml b/docker/swarm/stack/artifactory.yml
index caab0ee..2dd9f15 100644
--- a/docker/swarm/stack/artifactory.yml
+++ b/docker/swarm/stack/artifactory.yml
@@ -21,4 +21,4 @@
                 - /srv/volumes/artifactory/backup:/var/opt/jfrog/artifactory/backup
                 - /srv/volumes/artifactory/etc:/var/opt/jfrog/artifactory/etc
                 - /srv/volumes/artifactory/logs:/var/opt/jfrog/artifactory/logs
-                - /srv/volumes/artifactory/keys:/var/opt/jfrog/artifactory/access/etc/keys
+                - /srv/volumes/artifactory/access:/var/opt/jfrog/artifactory/access
diff --git a/fluentd/label/default_output/elasticsearch.yml b/fluentd/label/default_output/elasticsearch.yml
index aa96b31..398ea8c 100644
--- a/fluentd/label/default_output/elasticsearch.yml
+++ b/fluentd/label/default_output/elasticsearch.yml
@@ -1,5 +1,6 @@
 classes:
 - service.fluentd.agent.output.elasticsearch
+- system.fluentd.label.default_output.filter.common
 parameters:
   _param:
     fluentd_elasticsearch_host: 127.0.0.1
@@ -9,32 +10,6 @@
       config:
         label:
           default_output:
-            filter:
-              drop_nested_timestamp_and_sensitive_data:
-                tag: "openstack.**"
-                type: record_transformer
-                enable_ruby: true
-                remove_keys: '["_dummy_1", "_dummy_2", "_dummy_3"]'
-                record:
-                  - name: _dummy_1
-                    value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("timestamp") ; end; nil }
-                  - name: _dummy_2
-                    value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("auth_token"); end; nil}
-                  - name: _dummy_3
-                    value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("auth_token_info"); end; nil}
-              drop_hostname_field:
-                tag: "openstack.**"
-                type: record_transformer
-                enable_ruby: true
-                remove_keys: '["hostname"]'
-              change_pid_field_value:
-                tag: "haproxy.**"
-                type: record_transformer
-                enable_ruby: true
-                record:
-                  - name: Pid
-                    value: ${fluentd:dollar}{record["pid"]}
-                remove_keys: '["pid"]'
             match:
               elasticsearch_output:
                 host: ${_param:fluentd_elasticsearch_host}
diff --git a/fluentd/label/default_output/filter/common.yml b/fluentd/label/default_output/filter/common.yml
new file mode 100644
index 0000000..e9d2a67
--- /dev/null
+++ b/fluentd/label/default_output/filter/common.yml
@@ -0,0 +1,32 @@
+parameters:
+  fluentd:
+    agent:
+      config:
+        label:
+          default_output:
+            filter:
+              drop_nested_timestamp_and_sensitive_data:
+                tag: "openstack.**"
+                type: record_transformer
+                enable_ruby: true
+                remove_keys: '["_dummy_1", "_dummy_2", "_dummy_3"]'
+                record:
+                  - name: _dummy_1
+                    value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("timestamp") ; end; nil }
+                  - name: _dummy_2
+                    value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("auth_token"); end; nil}
+                  - name: _dummy_3
+                    value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("auth_token_info"); end; nil}
+              drop_hostname_field:
+                tag: "openstack.**"
+                type: record_transformer
+                enable_ruby: true
+                remove_keys: '["hostname"]'
+              change_pid_field_value:
+                tag: "haproxy.**"
+                type: record_transformer
+                enable_ruby: true
+                record:
+                  - name: Pid
+                    value: ${fluentd:dollar}{record["pid"]}
+                remove_keys: '["pid"]'
diff --git a/fluentd/label/default_output/forward.yml b/fluentd/label/default_output/forward.yml
new file mode 100644
index 0000000..50f55fa
--- /dev/null
+++ b/fluentd/label/default_output/forward.yml
@@ -0,0 +1,16 @@
+classes:
+- service.fluentd.agent.output.forward
+- system.fluentd.label.default_output.filter.common
+parameters:
+  _param:
+    fluentd_forward_host: 127.0.0.1
+    fluentd_forward_port: 24224
+  fluentd:
+    agent:
+      config:
+        label:
+          default_output:
+            match:
+              forward_output:
+                host: ${_param:fluentd_forward_host}
+                port: ${_param:fluentd_forward_port}
diff --git a/galera/server/database/manila.yml b/galera/server/database/manila.yml
index 3339b83..d233ce9 100644
--- a/galera/server/database/manila.yml
+++ b/galera/server/database/manila.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    mysql_manila_ssl_option: []
   mysql:
     server:
       database:
@@ -9,7 +11,9 @@
             password: ${_param:mysql_manila_password}
             host: '%'
             rights: all
+            ssl_option: ${_param:mysql_manila_ssl_option}
           - name: manila
             password: ${_param:mysql_manila_password}
             host: ${_param:cluster_local_address}
             rights: all
+            ssl_option: ${_param:mysql_manila_ssl_option}
diff --git a/galera/server/database/ssl/barbican.yml b/galera/server/database/ssl/barbican.yml
new file mode 100644
index 0000000..1b1c7c1
--- /dev/null
+++ b/galera/server/database/ssl/barbican.yml
@@ -0,0 +1,4 @@
+parameters:
+  _param:
+    mysql_barbican_ssl_option:
+      - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/ssl/gnocchi.yml b/galera/server/database/ssl/gnocchi.yml
new file mode 100644
index 0000000..c1bb459
--- /dev/null
+++ b/galera/server/database/ssl/gnocchi.yml
@@ -0,0 +1,4 @@
+parameters:
+  _param:
+    mysql_gnocchi_ssl_option:
+      - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/ssl/ironic.yaml b/galera/server/database/ssl/ironic.yaml
new file mode 100644
index 0000000..eeb9dbb
--- /dev/null
+++ b/galera/server/database/ssl/ironic.yaml
@@ -0,0 +1,4 @@
+parameters:
+  _param:
+    mysql_ironic_ssl_option:
+      - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/ssl/manila.yml b/galera/server/database/ssl/manila.yml
new file mode 100644
index 0000000..c3b30dd
--- /dev/null
+++ b/galera/server/database/ssl/manila.yml
@@ -0,0 +1,4 @@
+parameters:
+  _param:
+    mysql_manila_ssl_option:
+      - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/ssl/panko.yml b/galera/server/database/ssl/panko.yml
new file mode 100644
index 0000000..ce1c504
--- /dev/null
+++ b/galera/server/database/ssl/panko.yml
@@ -0,0 +1,4 @@
+parameters:
+  _param:
+    mysql_panko_ssl_option:
+      - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/x509/barbican.yml b/galera/server/database/x509/barbican.yml
new file mode 100644
index 0000000..ae1865f
--- /dev/null
+++ b/galera/server/database/x509/barbican.yml
@@ -0,0 +1,7 @@
+parameters:
+  _param:
+    mysql_barbican_client_ssl_x509_subject: '/C=cz/CN=mysql-barbican-client/L=Prague/O=Mirantis'
+    mysql_barbican_client_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+    mysql_barbican_ssl_option:
+      - SUBJECT: ${_param:mysql_barbican_client_ssl_x509_subject}
+      - ISSUER: ${_param:mysql_barbican_client_ssl_x509_issuer}
\ No newline at end of file
diff --git a/galera/server/database/x509/gnocchi.yml b/galera/server/database/x509/gnocchi.yml
new file mode 100644
index 0000000..5cb3c58
--- /dev/null
+++ b/galera/server/database/x509/gnocchi.yml
@@ -0,0 +1,7 @@
+parameters:
+  _param:
+    mysql_gnocchi_client_ssl_x509_subject: '/C=cz/CN=mysql-gnocchi-client/L=Prague/O=Mirantis'
+    mysql_gnocchi_client_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+    mysql_gnocchi_ssl_option:
+      - SUBJECT: ${_param:mysql_gnocchi_client_ssl_x509_subject}
+      - ISSUER: ${_param:mysql_gnocchi_client_ssl_x509_issuer}
\ No newline at end of file
diff --git a/galera/server/database/x509/ironic.yml b/galera/server/database/x509/ironic.yml
new file mode 100644
index 0000000..85082f5
--- /dev/null
+++ b/galera/server/database/x509/ironic.yml
@@ -0,0 +1,7 @@
+parameters:
+  _param:
+    mysql_ironic_client_ssl_x509_subject: '/C=cz/CN=mysql-ironic-client/L=Prague/O=Mirantis'
+    mysql_ironic_client_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+    mysql_ironic_ssl_option:
+      - SUBJECT: ${_param:mysql_ironic_client_ssl_x509_subject}
+      - ISSUER: ${_param:mysql_ironic_client_ssl_x509_issuer}
\ No newline at end of file
diff --git a/galera/server/database/x509/manila.yml b/galera/server/database/x509/manila.yml
new file mode 100644
index 0000000..15e6c88
--- /dev/null
+++ b/galera/server/database/x509/manila.yml
@@ -0,0 +1,7 @@
+parameters:
+  _param:
+    mysql_manila_client_ssl_x509_subject: '/C=cz/CN=mysql-manila-client/L=Prague/O=Mirantis'
+    mysql_manila_client_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+    mysql_manila_ssl_option:
+      - SUBJECT: ${_param:mysql_manila_client_ssl_x509_subject}
+      - ISSUER: ${_param:mysql_manila_client_ssl_x509_issuer}
\ No newline at end of file
diff --git a/galera/server/database/x509/panko.yml b/galera/server/database/x509/panko.yml
new file mode 100644
index 0000000..15c37bf
--- /dev/null
+++ b/galera/server/database/x509/panko.yml
@@ -0,0 +1,7 @@
+parameters:
+  _param:
+    mysql_panko_client_ssl_x509_subject: '/C=cz/CN=mysql-panko-client/L=Prague/O=Mirantis'
+    mysql_panko_client_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+    mysql_panko_ssl_option:
+      - SUBJECT: ${_param:mysql_panko_client_ssl_x509_subject}
+      - ISSUER: ${_param:mysql_panko_client_ssl_x509_issuer}
\ No newline at end of file
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index a9181de..c69cf55 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -4,10 +4,14 @@
 - service.haproxy.proxy.single
 - system.haproxy.proxy.listen.openstack.glance
 - system.salt.minion.cert.mysql.clients.openstack.glance
+- system.salt.minion.cert.rabbitmq.clients.openstack.glance
 parameters:
   _param:
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       cron:
@@ -41,6 +45,7 @@
       registry:
         host: ${_param:cluster_vip_address}
         port: 9191
+        protocol: ${_param:cluster_internal_protocol}
       bind:
         address: ${_param:cluster_local_address}
         port: 9292
@@ -52,9 +57,10 @@
         password: ${_param:keystone_glance_password}
         region: ${_param:openstack_region}
         tenant: service
+        protocol: ${_param:cluster_internal_protocol}
       message_queue:
         engine: rabbitmq
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
@@ -62,6 +68,13 @@
           - host: ${_param:openstack_message_queue_node01_address}
           - host: ${_param:openstack_message_queue_node02_address}
           - host: ${_param:openstack_message_queue_node03_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_glance_ssl_ca_file}
+          key_file: ${_param:rabbitmq_glance_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_glance_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       storage:
         engine: file
       images: []
diff --git a/glance/control/single.yml b/glance/control/single.yml
index a036077..a789a56 100644
--- a/glance/control/single.yml
+++ b/glance/control/single.yml
@@ -1,10 +1,14 @@
 classes:
 - service.glance.control.single
 - system.salt.minion.cert.mysql.clients.openstack.glance
+- system.salt.minion.cert.rabbitmq.clients.openstack.glance
 parameters:
   _param:
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       cron:
@@ -29,4 +33,16 @@
           enabled: ${_param:galera_ssl_enabled}
       identity:
         region: ${_param:openstack_region}
+        protocol: ${_param:internal_protocol}
+      registry:
+        protocol: ${_param:internal_protocol}
       show_multiple_locations: True
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_glance_ssl_ca_file}
+          key_file: ${_param:rabbitmq_glance_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_glance_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/glusterfs/server/cluster.yml b/glusterfs/server/cluster.yml
index 16453c9..f7c520e 100644
--- a/glusterfs/server/cluster.yml
+++ b/glusterfs/server/cluster.yml
@@ -8,6 +8,7 @@
       iptables:
         enabled: false
     server:
+      role: ${_param:glusterfs_node_role}
       peers:
       - ${_param:cluster_node01_address}
       - ${_param:cluster_node02_address}
diff --git a/gnocchi/common/cluster.yml b/gnocchi/common/cluster.yml
new file mode 100644
index 0000000..8d7ae5e
--- /dev/null
+++ b/gnocchi/common/cluster.yml
@@ -0,0 +1,17 @@
+classes:
+- service.gnocchi.common.cluster
+- system.salt.minion.cert.mysql.clients.openstack.gnocchi
+parameters:
+  _param:
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+  gnocchi:
+    common:
+      database:
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_gnocchi_ssl_ca_file}
+          key_file: ${_param:mysql_gnocchi_client_ssl_key_file}
+          cert_file: ${_param:mysql_gnocchi_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
diff --git a/gnocchi/common/single.yml b/gnocchi/common/single.yml
new file mode 100644
index 0000000..1f68f5c
--- /dev/null
+++ b/gnocchi/common/single.yml
@@ -0,0 +1,17 @@
+classes:
+- service.gnocchi.common.single
+- system.salt.minion.cert.mysql.clients.openstack.gnocchi
+parameters:
+  _param:
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+  gnocchi:
+    common:
+      database:
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_gnocchi_ssl_ca_file}
+          key_file: ${_param:mysql_gnocchi_client_ssl_key_file}
+          cert_file: ${_param:mysql_gnocchi_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
diff --git a/gnocchi/server/cluster.yml b/gnocchi/server/cluster.yml
index ede63c5..7de3ede 100644
--- a/gnocchi/server/cluster.yml
+++ b/gnocchi/server/cluster.yml
@@ -19,6 +19,7 @@
       identity:
         host: ${_param:openstack_control_address}
         region: ${_param:openstack_region}
+        protocol: ${_param:cluster_internal_protocol}
       cache:
         engine: memcached
         members:
diff --git a/gnocchi/server/single.yml b/gnocchi/server/single.yml
index 11ddf39..c4e1547 100644
--- a/gnocchi/server/single.yml
+++ b/gnocchi/server/single.yml
@@ -6,6 +6,7 @@
       role: ${_param:openstack_node_role}
       identity:
         region: ${_param:openstack_region}
+        protocol: ${_param:internal_protocol}
       metricd:
         metric_processing_delay: 15
         metric_reporting_delay: 30
diff --git a/grafana/client/datasource/gnocchi.yml b/grafana/client/datasource/gnocchi.yml
new file mode 100644
index 0000000..4266fe7
--- /dev/null
+++ b/grafana/client/datasource/gnocchi.yml
@@ -0,0 +1,23 @@
+parameters:
+  _param:
+    grafana_gnocchi_is_default: false
+    grafana_gnocchi_ds_name: gnocchi
+    grafana_gnocchi_address: ${_param:gnocchi_public_host}
+    keystone_public_url_path: /identity
+    keystone_gnocchi_user: gnocchi
+    grafana_gnocchi_domain: default
+    grafana_gnocchi_project: service
+  grafana:
+    client:
+      datasource:
+        gnocchi:
+          type: gnocchixyz-gnocchi-datasource
+          name: ${_param:grafana_gnocchi_ds_name}
+          host: ${_param:grafana_gnocchi_address}
+          url_path: ${_param:keystone_public_url_path}
+          mode: keystone
+          domain: ${_param:grafana_gnocchi_domain}
+          project: ${_param:grafana_gnocchi_project}
+          user: ${_param:keystone_gnocchi_user}
+          password: ${_param:keystone_gnocchi_password}
+          is_default: ${_param:grafana_gnocchi_is_default}
diff --git a/grafana/client/datasource/influxdb.yml b/grafana/client/datasource/influxdb.yml
index 7abe22f..7e2a459 100644
--- a/grafana/client/datasource/influxdb.yml
+++ b/grafana/client/datasource/influxdb.yml
@@ -14,4 +14,3 @@
           password: ${_param:grafana_influxdb_password}
           database: ${_param:grafana_influxdb_database}
           is_default: ${_param:grafana_influxdb_is_default}
-
diff --git a/haproxy/proxy/listen/opencontrail/control.yml b/haproxy/proxy/listen/opencontrail/control.yml
index 490d100..db407be 100644
--- a/haproxy/proxy/listen/opencontrail/control.yml
+++ b/haproxy/proxy/listen/opencontrail/control.yml
@@ -1,6 +1,8 @@
 parameters:
   _param:
     opencontrail_stats_password: password
+    opencontrail_api_start_offset: 0
+    opencontrail_api_workers_count: 1
   haproxy:
     proxy:
       listen:
@@ -15,14 +17,20 @@
             host: ${_param:cluster_node01_address}
             port: 9100
             params: check inter 2000 rise 2 fall 3
+            port_range_length: ${_param:opencontrail_api_workers_count}
+            port_range_start_offset: ${_param:opencontrail_api_start_offset}
           - name: ntw02
             host: ${_param:cluster_node02_address}
             port: 9100
             params: check inter 2000 rise 2 fall 3
+            port_range_length: ${_param:opencontrail_api_workers_count}
+            port_range_start_offset: ${_param:opencontrail_api_start_offset}
           - name: ntw03
             host: ${_param:cluster_node03_address}
             port: 9100
             params: check inter 2000 rise 2 fall 3
+            port_range_length: ${_param:opencontrail_api_workers_count}
+            port_range_start_offset: ${_param:opencontrail_api_start_offset}
         contrail_discovery:
           type: contrail-api
           service_name: contrail
diff --git a/haproxy/proxy/listen/openstack/aodh.yml b/haproxy/proxy/listen/openstack/aodh.yml
index acd6340..bf30f93 100644
--- a/haproxy/proxy/listen/openstack/aodh.yml
+++ b/haproxy/proxy/listen/openstack/aodh.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_aodh-api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,12 +14,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8042
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_aodh-api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8042
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_aodh-api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8042
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+            params: ${_param:haproxy_aodh-api_check_params}
diff --git a/haproxy/proxy/listen/openstack/aodh_large.yml b/haproxy/proxy/listen/openstack/aodh_large.yml
new file mode 100644
index 0000000..b70e1fb
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/aodh_large.yml
@@ -0,0 +1,31 @@
+parameters:
+  haproxy:
+    proxy:
+      listen:
+        aodh-api:
+          type: openstack-service
+          service_name: aodh
+          binds:
+          - address: ${_param:cluster_vip_address}
+            port: 8042
+          servers:
+          - name: ${_param:cluster_node01_hostname}
+            host: ${_param:cluster_node01_address}
+            port: 8042
+            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+          - name: ${_param:cluster_node02_hostname}
+            host: ${_param:cluster_node02_address}
+            port: 8042
+            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+          - name: ${_param:cluster_node03_hostname}
+            host: ${_param:cluster_node03_address}
+            port: 8042
+            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+          - name: ${_param:cluster_node04_hostname}
+            host: ${_param:cluster_node04_address}
+            port: 8042
+            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+          - name: ${_param:cluster_node05_hostname}
+            host: ${_param:cluster_node05_address}
+            port: 8042
+            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/openstack/barbican.yml b/haproxy/proxy/listen/openstack/barbican.yml
index c1f9877..d4a35d9 100644
--- a/haproxy/proxy/listen/openstack/barbican.yml
+++ b/haproxy/proxy/listen/openstack/barbican.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    haproxy_barbican-api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_barbican-admin-api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,15 +15,15 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 9311
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_barbican-api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 9311
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_barbican-api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 9311
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_barbican-api_check_params}
         barbican-admin-api:
           type: openstack-service
           service_name: barbican
@@ -31,12 +34,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 9312
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_barbican-admin-api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 9312
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_barbican-admin-api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 9312
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+            params: ${_param:haproxy_barbican-admin-api_check_params}
diff --git a/haproxy/proxy/listen/openstack/ceilometer.yml b/haproxy/proxy/listen/openstack/ceilometer.yml
index 68eef43..563aa21 100644
--- a/haproxy/proxy/listen/openstack/ceilometer.yml
+++ b/haproxy/proxy/listen/openstack/ceilometer.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_ceilometer_api_check_params: check
   haproxy:
     proxy:
       listen:
@@ -12,12 +14,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8777
-            params: check
+            params: ${_param:haproxy_ceilometer_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8777
-            params: check
+            params: ${_param:haproxy_ceilometer_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8777
-            params: check
\ No newline at end of file
+            params: ${_param:haproxy_ceilometer_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/ceilometer_large.yml b/haproxy/proxy/listen/openstack/ceilometer_large.yml
index 8b9fa7e..4ca55d9 100644
--- a/haproxy/proxy/listen/openstack/ceilometer_large.yml
+++ b/haproxy/proxy/listen/openstack/ceilometer_large.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_ceilometer_api_check_params: check
   haproxy:
     proxy:
       listen:
@@ -12,20 +14,20 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8777
-            params: check
+            params: ${_param:haproxy_ceilometer_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8777
-            params: check
+            params: ${_param:haproxy_ceilometer_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8777
-            params: check
+            params: ${_param:haproxy_ceilometer_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 8777
-            params: check
+            params: ${_param:haproxy_ceilometer_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 8777
-            params: check
+            params: ${_param:haproxy_ceilometer_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/cinder.yml b/haproxy/proxy/listen/openstack/cinder.yml
index c0bb7be..85f2c46 100644
--- a/haproxy/proxy/listen/openstack/cinder.yml
+++ b/haproxy/proxy/listen/openstack/cinder.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_cinder_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,12 +14,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8776
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_cinder_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8776
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_cinder_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8776
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+            params: ${_param:haproxy_cinder_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/cinder_large.yml b/haproxy/proxy/listen/openstack/cinder_large.yml
index 7721f94..e13f54b 100644
--- a/haproxy/proxy/listen/openstack/cinder_large.yml
+++ b/haproxy/proxy/listen/openstack/cinder_large.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_cinder_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,20 +14,20 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8776
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_cinder_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8776
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_cinder_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8776
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_cinder_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 8776
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_cinder_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 8776
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+            params: ${_param:haproxy_cinder_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/glance.yml b/haproxy/proxy/listen/openstack/glance.yml
index 144fd4e..aa1d923 100644
--- a/haproxy/proxy/listen/openstack/glance.yml
+++ b/haproxy/proxy/listen/openstack/glance.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    haproxy_glance_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_glance_registry_api_check_params: check
   haproxy:
     proxy:
       listen:
@@ -12,15 +15,15 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 9292
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glance_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 9292
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glance_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 9292
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glance_api_check_params}
         glance_registry_api:
           type: general-service
           service_name: glance
@@ -31,12 +34,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 9191
-            params: check
+            params: ${_param:haproxy_glance_registry_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 9191
-            params: check
+            params: ${_param:haproxy_glance_registry_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 9191
-            params: check
+            params: ${_param:haproxy_glance_registry_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/glance_large.yml b/haproxy/proxy/listen/openstack/glance_large.yml
index 6d88933..c6be106 100644
--- a/haproxy/proxy/listen/openstack/glance_large.yml
+++ b/haproxy/proxy/listen/openstack/glance_large.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    haproxy_glance_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_glance_registry_api_check_params: check
   haproxy:
     proxy:
       listen:
@@ -12,23 +15,23 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 9292
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glance_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 9292
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glance_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 9292
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glance_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 9292
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glance_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 9292
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glance_api_check_params}
         glance_registry_api:
           type: general-service
           service_name: glance
@@ -39,20 +42,20 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 9191
-            params: check
+            params: ${_param:haproxy_glance_registry_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 9191
-            params: check
+            params: ${_param:haproxy_glance_registry_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 9191
-            params: check
+            params: ${_param:haproxy_glance_registry_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 9191
-            params: check
+            params: ${_param:haproxy_glance_registry_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 9191
-            params: check
\ No newline at end of file
+            params: ${_param:haproxy_glance_registry_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/glare.yml b/haproxy/proxy/listen/openstack/glare.yml
index 36a6337..afdf436 100644
--- a/haproxy/proxy/listen/openstack/glare.yml
+++ b/haproxy/proxy/listen/openstack/glare.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_glare_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,12 +14,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 9494
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glare_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 9494
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glare_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 9494
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glare_check_params}
diff --git a/haproxy/proxy/listen/openstack/glare_large.yml b/haproxy/proxy/listen/openstack/glare_large.yml
index 4e3bd08..0e8c8d7 100644
--- a/haproxy/proxy/listen/openstack/glare_large.yml
+++ b/haproxy/proxy/listen/openstack/glare_large.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_glare_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,20 +14,20 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 9494
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glare_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 9494
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glare_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 9494
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glare_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 9494
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_glare_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 9494
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+            params: ${_param:haproxy_glare_check_params}
diff --git a/haproxy/proxy/listen/openstack/gnocchi.yml b/haproxy/proxy/listen/openstack/gnocchi.yml
index ec2bb20..8971d6d 100644
--- a/haproxy/proxy/listen/openstack/gnocchi.yml
+++ b/haproxy/proxy/listen/openstack/gnocchi.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_gnocchi_api_check_params: check
   haproxy:
     proxy:
       listen:
@@ -12,12 +14,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8041
-            params: check
+            params: ${_param:haproxy_gnocchi_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8041
-            params: check
+            params: ${_param:haproxy_gnocchi_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8041
-            params: check
\ No newline at end of file
+            params: ${_param:haproxy_gnocchi_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/heat.yml b/haproxy/proxy/listen/openstack/heat.yml
index 50595ea..cb24614 100644
--- a/haproxy/proxy/listen/openstack/heat.yml
+++ b/haproxy/proxy/listen/openstack/heat.yml
@@ -1,4 +1,8 @@
 parameters:
+  _param:
+    haproxy_heat_cloudwatch_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_heat_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_heat_cfn_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,15 +16,15 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8003
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cloudwatch_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8003
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cloudwatch_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8003
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cloudwatch_api_check_params}
         heat_api:
           type: openstack-service
           service_name: heat
@@ -31,15 +35,15 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8004
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8004
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8004
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_api_check_params}
         heat_cfn_api:
           type: openstack-service
           service_name: heat
@@ -50,12 +54,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cfn_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cfn_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cfn_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/heat_large.yml b/haproxy/proxy/listen/openstack/heat_large.yml
index 50ba69f..2272c3e 100644
--- a/haproxy/proxy/listen/openstack/heat_large.yml
+++ b/haproxy/proxy/listen/openstack/heat_large.yml
@@ -1,4 +1,8 @@
 parameters:
+  _param:
+    haproxy_heat_cloudwatch_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_heat_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_heat_cfn_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,23 +16,23 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8003
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cloudwatch_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8003
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cloudwatch_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8003
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cloudwatch_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 8003
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cloudwatch_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 8003
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cloudwatch_api_check_params}
         heat_api:
           type: openstack-service
           service_name: heat
@@ -39,23 +43,23 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8004
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8004
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8004
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 8004
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 8004
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_api_check_params}
         heat_cfn_api:
           type: openstack-service
           service_name: heat
@@ -66,20 +70,20 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cfn_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cfn_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cfn_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 8000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_heat_cfn_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 8000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+            params: ${_param:haproxy_heat_cfn_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/horizon.yml b/haproxy/proxy/listen/openstack/horizon.yml
index d507b96..dfa826b 100644
--- a/haproxy/proxy/listen/openstack/horizon.yml
+++ b/haproxy/proxy/listen/openstack/horizon.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_horizon_web_check_params: check
   haproxy:
     proxy:
       listen:
@@ -12,12 +14,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8078
-            params: check
+            params: ${_param:haproxy_horizon_web_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8078
-            params: check
+            params: ${_param:haproxy_horizon_web_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8078
-            params: check
+            params: ${_param:haproxy_horizon_web_check_params}
diff --git a/haproxy/proxy/listen/openstack/ironic.yml b/haproxy/proxy/listen/openstack/ironic.yml
index 1713085..9565ba6 100644
--- a/haproxy/proxy/listen/openstack/ironic.yml
+++ b/haproxy/proxy/listen/openstack/ironic.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_ironic_check_params: check
   haproxy:
     proxy:
       listen:
@@ -13,13 +15,13 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 6385
-            params: check
+            params: ${_param:haproxy_ironic_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 6385
-            params: check
+            params: ${_param:haproxy_ironic_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 6385
-            params: check
+            params: ${_param:haproxy_ironic_check_params}
 
diff --git a/haproxy/proxy/listen/openstack/ironic_deploy.yml b/haproxy/proxy/listen/openstack/ironic_deploy.yml
index f5e7a4f..fadc4c5 100644
--- a/haproxy/proxy/listen/openstack/ironic_deploy.yml
+++ b/haproxy/proxy/listen/openstack/ironic_deploy.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_ironic_deploy_check_params: check
   haproxy:
     proxy:
       listen:
@@ -13,12 +15,12 @@
           - name: bmt01
             host: ${_param:openstack_baremetal_node01_baremetal_address}
             port: 6385
-            params: check
+            params: ${_param:haproxy_ironic_deploy_check_params}
           - name: bmt02
             host: ${_param:openstack_baremetal_node02_baremetal_address}
             port: 6385
-            params: check
+            params: ${_param:haproxy_ironic_deploy_check_params}
           - name: bmt03
             host: ${_param:openstack_baremetal_node03_baremetal_address}
             port: 6385
-            params: check
+            params: ${_param:haproxy_ironic_deploy_check_params}
diff --git a/haproxy/proxy/listen/openstack/keystone/init.yml b/haproxy/proxy/listen/openstack/keystone/init.yml
index 32f776e..8fe4dad 100644
--- a/haproxy/proxy/listen/openstack/keystone/init.yml
+++ b/haproxy/proxy/listen/openstack/keystone/init.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    haproxy_keystone_public_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_keystone_admin_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -10,15 +13,15 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 5000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_public_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 5000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_public_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 5000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_public_api_check_params}
         keystone_admin_api:
           binds:
           - address: ${_param:cluster_vip_address}
@@ -27,12 +30,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 35357
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_admin_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 35357
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_admin_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 35357
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_admin_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/keystone/large.yml b/haproxy/proxy/listen/openstack/keystone/large.yml
index 17510ac..e40803b 100644
--- a/haproxy/proxy/listen/openstack/keystone/large.yml
+++ b/haproxy/proxy/listen/openstack/keystone/large.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    haproxy_keystone_public_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_keystone_admin_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -10,23 +13,23 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 5000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_public_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 5000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_public_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 5000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_public_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 5000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_public_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 5000
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_public_api_check_params}
         keystone_admin_api:
           binds:
           - address: ${_param:cluster_vip_address}
@@ -35,20 +38,20 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 35357
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_admin_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 35357
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_admin_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 35357
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_admin_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 35357
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_admin_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 35357
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_keystone_admin_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/manila.yml b/haproxy/proxy/listen/openstack/manila.yml
index a28f365..fcc09de 100644
--- a/haproxy/proxy/listen/openstack/manila.yml
+++ b/haproxy/proxy/listen/openstack/manila.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_manila_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,12 +14,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8786
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_manila_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8786
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_manila_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8786
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_manila_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/murano.yml b/haproxy/proxy/listen/openstack/murano.yml
index 0427820..1c9714e 100644
--- a/haproxy/proxy/listen/openstack/murano.yml
+++ b/haproxy/proxy/listen/openstack/murano.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_murano_api_check_params: check
   haproxy:
     proxy:
       listen:
@@ -12,7 +14,8 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8082
-            params: check
+            params: ${_param:haproxy_murano_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
-            port: 8082
\ No newline at end of file
+            port: 8082
+            params: ${_param:haproxy_murano_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/nova-placement.yml b/haproxy/proxy/listen/openstack/nova-placement.yml
index 58c9dd2..41bedc8 100644
--- a/haproxy/proxy/listen/openstack/nova-placement.yml
+++ b/haproxy/proxy/listen/openstack/nova-placement.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_nova_placement_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -21,12 +23,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_placement_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_placement_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_placement_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/nova-placement_large.yml b/haproxy/proxy/listen/openstack/nova-placement_large.yml
index 0139959..9d8dfb8 100644
--- a/haproxy/proxy/listen/openstack/nova-placement_large.yml
+++ b/haproxy/proxy/listen/openstack/nova-placement_large.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_nova_placement_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -21,20 +23,20 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_placement_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_placement_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_placement_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_placement_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_placement_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/nova.yml b/haproxy/proxy/listen/openstack/nova.yml
index 1e090ef..2abea3d 100644
--- a/haproxy/proxy/listen/openstack/nova.yml
+++ b/haproxy/proxy/listen/openstack/nova.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    haproxy_nova_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_nova_metadata_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,15 +15,15 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8774
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8774
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8774
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_api_check_params}
         nova_metadata_api:
           type: openstack-service
           binds:
@@ -30,12 +33,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8775
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_metadata_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8775
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_metadata_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8775
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_metadata_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/nova_large.yml b/haproxy/proxy/listen/openstack/nova_large.yml
index 645e904..b09a3b6 100644
--- a/haproxy/proxy/listen/openstack/nova_large.yml
+++ b/haproxy/proxy/listen/openstack/nova_large.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    haproxy_nova_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+    haproxy_nova_metadata_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,23 +15,23 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8774
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8774
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8774
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 8774
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 8774
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_api_check_params}
         nova_metadata_api:
           type: openstack-service
           binds:
@@ -38,20 +41,20 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8775
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_metadata_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8775
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_metadata_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8775
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_metadata_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 8775
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_metadata_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 8775
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_nova_metadata_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/novnc.yml b/haproxy/proxy/listen/openstack/novnc.yml
index 40b9d9c..37934c0 100644
--- a/haproxy/proxy/listen/openstack/novnc.yml
+++ b/haproxy/proxy/listen/openstack/novnc.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_nova_novnc_check_params: check
   haproxy:
     proxy:
       listen:
@@ -13,13 +15,13 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 6080
-            params: check
+            params: ${_param:haproxy_nova_novnc_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 6080
-            params: check
+            params: ${_param:haproxy_nova_novnc_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 6080
-            params: check
+            params: ${_param:haproxy_nova_novnc_check_params}
 
diff --git a/haproxy/proxy/listen/openstack/novnc_large.yml b/haproxy/proxy/listen/openstack/novnc_large.yml
index 0951777..2c2cbd6 100644
--- a/haproxy/proxy/listen/openstack/novnc_large.yml
+++ b/haproxy/proxy/listen/openstack/novnc_large.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_nova_novnc_check_params: check
   haproxy:
     proxy:
       listen:
@@ -13,20 +15,20 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 6080
-            params: check
+            params: ${_param:haproxy_nova_novnc_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 6080
-            params: check
+            params: ${_param:haproxy_nova_novnc_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 6080
-            params: check
+            params: ${_param:haproxy_nova_novnc_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 6080
-            params: check
+            params: ${_param:haproxy_nova_novnc_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 6080
-            params: check
+            params: ${_param:haproxy_nova_novnc_check_params}
diff --git a/haproxy/proxy/listen/openstack/octavia.yml b/haproxy/proxy/listen/openstack/octavia.yml
index c2b8e6d..89f0569 100644
--- a/haproxy/proxy/listen/openstack/octavia.yml
+++ b/haproxy/proxy/listen/openstack/octavia.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_octavia_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -12,12 +14,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 9876
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_octavia_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 9876
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_octavia_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 9876
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_octavia_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/panko.yml b/haproxy/proxy/listen/openstack/panko.yml
index 51eb030..bf638ef 100644
--- a/haproxy/proxy/listen/openstack/panko.yml
+++ b/haproxy/proxy/listen/openstack/panko.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_panko_api_check_params: check
   haproxy:
     proxy:
       listen:
@@ -12,12 +14,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8977
-            params: check
+            params: ${_param:haproxy_panko_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8977
-            params: check
+            params: ${_param:haproxy_panko_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8977
-            params: check
\ No newline at end of file
+            params: ${_param:haproxy_panko_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/placement.yml b/haproxy/proxy/listen/openstack/placement.yml
index f3b2b99..b2e37bb 100644
--- a/haproxy/proxy/listen/openstack/placement.yml
+++ b/haproxy/proxy/listen/openstack/placement.yml
@@ -2,6 +2,8 @@
 # returns 200 with version data instead of 401 as it was before.
 # This file should be included for nova/placement higher than Queens.
 parameters:
+  _param:
+    haproxy_placement_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -15,12 +17,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_placement_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_placement_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_placement_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/placement_large.yml b/haproxy/proxy/listen/openstack/placement_large.yml
index c871fd7..d559572 100644
--- a/haproxy/proxy/listen/openstack/placement_large.yml
+++ b/haproxy/proxy/listen/openstack/placement_large.yml
@@ -2,6 +2,8 @@
 # returns 200 with version data instead of 401 as it was before.
 # This file should be included for nova/placement higher than Queens.
 parameters:
+  _param:
+    haproxy_placement_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -15,20 +17,20 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_placement_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_placement_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_placement_api_check_params}
           - name: ${_param:cluster_node04_hostname}
             host: ${_param:cluster_node04_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_placement_api_check_params}
           - name: ${_param:cluster_node05_hostname}
             host: ${_param:cluster_node05_address}
             port: 8778
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_placement_api_check_params}
diff --git a/haproxy/proxy/listen/openstack/sahara.yml b/haproxy/proxy/listen/openstack/sahara.yml
index 335c4f6..7ece261 100644
--- a/haproxy/proxy/listen/openstack/sahara.yml
+++ b/haproxy/proxy/listen/openstack/sahara.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    haproxy_sahara_api_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   haproxy:
     proxy:
       listen:
@@ -13,12 +15,12 @@
           - name: ${_param:cluster_node01_hostname}
             host: ${_param:cluster_node01_address}
             port: 8386
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_sahara_api_check_params}
           - name: ${_param:cluster_node02_hostname}
             host: ${_param:cluster_node02_address}
             port: 8386
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_sahara_api_check_params}
           - name: ${_param:cluster_node03_hostname}
             host: ${_param:cluster_node03_address}
             port: 8386
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+            params: ${_param:haproxy_sahara_api_check_params}
diff --git a/heat/server/cluster.yml b/heat/server/cluster.yml
index 7bbc2ac..e11feae 100644
--- a/heat/server/cluster.yml
+++ b/heat/server/cluster.yml
@@ -4,12 +4,16 @@
 - service.keepalived.cluster.single
 - system.haproxy.proxy.listen.openstack.heat
 - system.salt.minion.cert.mysql.clients.openstack.heat
+- system.salt.minion.cert.rabbitmq.clients.openstack.heat
 parameters:
   _param:
     cluster_public_protocol: 'https'
     cluster_internal_protocol: 'http'
     openstack_mysql_x509_enabled: False
+    openstack_rabbitmq_x509_enabled: False
     galera_ssl_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -69,7 +73,7 @@
         protocol: ${_param:cluster_internal_protocol}
       message_queue:
         engine: rabbitmq
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
@@ -77,3 +81,10 @@
           - host: ${_param:openstack_message_queue_node01_address}
           - host: ${_param:openstack_message_queue_node02_address}
           - host: ${_param:openstack_message_queue_node03_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_heat_ssl_ca_file}
+          key_file: ${_param:rabbitmq_heat_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_heat_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/heat/server/single.yml b/heat/server/single.yml
index 208bdf0..1ecb122 100644
--- a/heat/server/single.yml
+++ b/heat/server/single.yml
@@ -1,10 +1,14 @@
 classes:
 - service.heat.server.single
 - system.salt.minion.cert.mysql.clients.openstack.heat
+- system.salt.minion.cert.rabbitmq.clients.openstack.heat
 parameters:
   _param:
     openstack_mysql_x509_enabled: False
+    openstack_rabbitmq_x509_enabled: False
     galera_ssl_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -32,4 +36,14 @@
           key_file: ${_param:mysql_heat_client_ssl_key_file}
           cert_file: ${_param:mysql_heat_client_ssl_cert_file}
         ssl:
-          enabled: ${_param:galera_ssl_enabled}
\ No newline at end of file
+          enabled: ${_param:galera_ssl_enabled}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_heat_ssl_ca_file}
+          key_file: ${_param:rabbitmq_heat_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_heat_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
+
diff --git a/horizon/server/plugin/lbaasv2.yml b/horizon/server/plugin/lbaasv2.yml
index 69e2682..37bf013 100644
--- a/horizon/server/plugin/lbaasv2.yml
+++ b/horizon/server/plugin/lbaasv2.yml
@@ -5,5 +5,5 @@
         lbaasv2:
           source:
             engine: pkg
-            name: python-horizon-neutron-lbaasv2-panel
+            name: python-neutron-lbaas-dashboard
 
diff --git a/horizon/server/plugin/octavia.yml b/horizon/server/plugin/octavia.yml
new file mode 100644
index 0000000..2dd5c69
--- /dev/null
+++ b/horizon/server/plugin/octavia.yml
@@ -0,0 +1,9 @@
+parameters:
+  horizon:
+    server:
+      plugin:
+        octavia-dashboard:
+          source:
+            engine: pkg
+            name: python-octavia-dashboard
+
diff --git a/ironic/api/cluster.yml b/ironic/api/cluster.yml
index b0bb69f..849b923 100644
--- a/ironic/api/cluster.yml
+++ b/ironic/api/cluster.yml
@@ -1,6 +1,14 @@
 classes:
+- system.salt.minion.cert.mysql.clients.openstack.ironic
+- system.salt.minion.cert.rabbitmq.clients.openstack.ironic
 - service.ironic.api.cluster
 parameters:
+  _param:
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -14,3 +22,20 @@
       role: ${_param:openstack_node_role}
       bind:
         address: ${_param:cluster_baremetal_local_address}
+      database:
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_ironic_ssl_ca_file}
+          key_file: ${_param:mysql_ironic_client_ssl_key_file}
+          cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ironic_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ironic_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ironic_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
\ No newline at end of file
diff --git a/ironic/api/single.yml b/ironic/api/single.yml
index 51c3f9c..3313eb2 100644
--- a/ironic/api/single.yml
+++ b/ironic/api/single.yml
@@ -1,6 +1,14 @@
 classes:
+- system.salt.minion.cert.mysql.clients.openstack.ironic
+- system.salt.minion.cert.rabbitmq.clients.openstack.ironic
 - service.ironic.api.single
 parameters:
+  _param:
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -12,3 +20,20 @@
       role: ${_param:openstack_node_role}
       bind:
         address: ${_param:single_address}
+      database:
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_ironic_ssl_ca_file}
+          key_file: ${_param:mysql_ironic_client_ssl_key_file}
+          cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ironic_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ironic_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ironic_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/ironic/conductor/cluster.yml b/ironic/conductor/cluster.yml
index 063719c..81fa2b5 100644
--- a/ironic/conductor/cluster.yml
+++ b/ironic/conductor/cluster.yml
@@ -1,6 +1,14 @@
 classes:
+- system.salt.minion.cert.mysql.clients.openstack.ironic
+- system.salt.minion.cert.rabbitmq.clients.openstack.ironic
 - service.ironic.conductor.cluster
 parameters:
+  _param:
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -10,3 +18,20 @@
   ironic:
     conductor:
       api_url: 'http://${_param:cluster_baremetal_vip_address}:6385'
+      database:
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_ironic_ssl_ca_file}
+          key_file: ${_param:mysql_ironic_client_ssl_key_file}
+          cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ironic_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ironic_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ironic_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/ironic/conductor/single.yml b/ironic/conductor/single.yml
index d827129..7a24028 100644
--- a/ironic/conductor/single.yml
+++ b/ironic/conductor/single.yml
@@ -1,6 +1,14 @@
 classes:
+- system.salt.minion.cert.mysql.clients.openstack.ironic
+- system.salt.minion.cert.rabbitmq.clients.openstack.ironic
 - service.ironic.conductor.single
 parameters:
+  _param:
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -11,3 +19,20 @@
     conductor:
       enabled: true
       version: ${_param:ironic_version}
+      database:
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_ironic_ssl_ca_file}
+          key_file: ${_param:mysql_ironic_client_ssl_key_file}
+          cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_ironic_ssl_ca_file}
+          key_file: ${_param:rabbitmq_ironic_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ironic_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 498cc62..ed6292e 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -1,6 +1,7 @@
 parameters:
   jenkins:
     client:
+      # Please keep those list sorted
       approved_scripts:
         - field java.lang.String value
         - field java.util.ArrayList size
@@ -12,13 +13,14 @@
         - method groovy.json.JsonSlurperClassic parseText java.lang.String
         - method groovy.lang.GString getBytes
         - method groovy.lang.GroovyObject getProperty java.lang.String
-        - method groovy.util.Node get java.lang.String
         - method groovy.util.Node attributes
+        - method groovy.util.Node get java.lang.String
         - method groovy.util.XmlParser parse java.io.File
         - method groovy.util.XmlParser parseText java.lang.String
         - method hudson.EnvVars get java.lang.String java.lang.String
         - method hudson.PluginManager getPlugins
         - method hudson.PluginWrapper getShortName
+        - method hudson.model.Actionable getAction java.lang.Class
         - method hudson.model.Hudson getSlaves
         - method hudson.model.Item getName
         - method hudson.model.ItemGroup getItem java.lang.String
@@ -26,21 +28,27 @@
         - method hudson.model.Job getBuildByNumber int
         - method hudson.model.Job getBuilds
         - method hudson.model.Job getLastBuild
+        - method hudson.model.Job getProperty java.lang.Class
         - method hudson.model.Node getLabelString
         - method hudson.model.Node getNodeName
+        - method hudson.model.ParameterDefinition getName
+        - method hudson.model.ParametersDefinitionProperty getParameterDefinitions
         - method hudson.model.Run getEnvironment
         - method hudson.model.Run getId
         - method hudson.model.Run getNumber
         - method hudson.model.Run getResult
         - method hudson.model.Run getTimeInMillis
         - method hudson.model.Run isBuilding
+        - method hudson.model.StringParameterDefinition getDefaultValue
         - method java.io.File getAbsolutePath
         - method java.io.File getName
         - method java.io.File getParent
+        - method java.io.File listFiles
         - method java.io.Writer write java.lang.String
         - method java.lang.AutoCloseable close
         - method java.lang.Class isInstance java.lang.Object
         - method java.lang.Iterable iterator
+        - method java.lang.String concat java.lang.String
         - method java.lang.Throwable printStackTrace
         - method java.net.HttpURLConnection getResponseCode
         - method java.net.HttpURLConnection setRequestMethod java.lang.String
@@ -52,17 +60,22 @@
         - method java.net.URLConnection getOutputStream
         - method java.net.URLConnection setDoOutput boolean
         - method java.net.URLConnection setRequestProperty java.lang.String java.lang.String
+        - method java.text.DateFormat parse java.lang.String
+        - method java.util.Calendar add int int
+        - method java.util.Calendar getTime
         - method java.util.Collection remove java.lang.Object
         - method java.util.Collection stream
+        - method java.util.Collection toArray
+        - method java.util.Date before java.util.Date
         - method java.util.Date getTime
         - method java.util.LinkedHashMap$LinkedHashIterator hasNext
         - method java.util.List add int java.lang.Object
         - method java.util.List subList int int
         - method java.util.Map containsValue java.lang.Object
         - method java.util.Map get java.lang.Object
+        - method java.util.Map isEmpty
         - method java.util.Map remove java.lang.Object
         - method java.util.Map size
-        - method java.util.Map isEmpty
         - method java.util.regex.MatchResult group int
         - method java.util.regex.MatchResult groupCount
         - method java.util.regex.Matcher find
@@ -70,16 +83,14 @@
         - method java.util.regex.Matcher matches
         - method java.util.regex.Pattern matcher java.lang.CharSequence
         - method java.util.stream.Stream collect java.util.stream.Collector
-        - method java.util.Calendar add int int
-        - method java.util.Calendar getTime
-        - method java.util.Date before java.util.Date
-        - method java.text.DateFormat parse java.lang.String
         - method jenkins.model.Jenkins getItemByFullName java.lang.String
         - method jenkins.model.Jenkins getPluginManager
         - method org.jenkinsci.plugins.workflow.job.WorkflowRun doStop
         - method org.jenkinsci.plugins.workflow.job.WorkflowRun finish hudson.model.Result java.lang.Throwable
+        - method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses
         - method org.jenkinsci.plugins.workflow.support.actions.EnvironmentAction getEnvironment
         - method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper build
+        - method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild
         - new groovy.json.JsonBuilder
         - new groovy.json.JsonBuilder java.lang.Object
         - new groovy.json.JsonSlurperClassic
@@ -94,12 +105,13 @@
         - new java.lang.StringBuilder
         - new java.lang.StringBuilder int
         - new java.net.URI java.lang.String
+        - new java.text.SimpleDateFormat java.lang.String java.util.Locale
         - new java.util.ArrayList
         - new java.util.Date
         - new java.util.HashMap
-        - new java.text.SimpleDateFormat java.lang.String java.util.Locale
         - staticField groovy.io.FileType FILES
         - staticMethod com.cloudbees.plugins.credentials.CredentialsProvider lookupCredentials java.lang.Class hudson.model.ItemGroup
+        - staticMethod hudson.model.Hudson getInstance
         - staticMethod java.lang.Double parseDouble java.lang.String
         - staticMethod java.lang.Integer valueOf int
         - staticMethod java.lang.Integer valueOf java.lang.String
@@ -113,6 +125,7 @@
         - staticMethod java.util.regex.Pattern quote java.lang.String
         - staticMethod java.util.stream.Collectors joining java.lang.CharSequence
         - staticMethod jenkins.model.Jenkins getInstance
+        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.lang.CharSequence
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.util.regex.Matcher
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods collect java.util.Map groovy.lang.Closure
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods eachFile java.io.File groovy.io.FileType groovy.lang.Closure
@@ -120,43 +133,31 @@
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods findAll java.util.List groovy.lang.Closure
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods get java.util.Map java.lang.Object java.lang.Object
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.Iterable int
+        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.Object java.lang.String
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.String int
+        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.Collection java.lang.String
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List groovy.lang.Range
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getBytes java.io.File
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getText java.io.InputStream
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods hasProperty java.lang.Object java.lang.String
+        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods init java.util.List
+        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods intersect java.util.List java.lang.Iterable
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods iterator java.lang.Object
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods iterator java.lang.Object[]
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods leftShift java.lang.StringBuffer java.lang.Object
+        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods minus java.lang.String java.lang.Object
+        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods multiply java.lang.String java.lang.Number
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.lang.Iterable
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.lang.Object
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.util.Collection
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods println java.lang.Object java.lang.Object
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods putAt java.lang.Object java.lang.String java.lang.Object
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods readLines java.lang.String
+        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods reverse java.util.List
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods sort java.util.Collection
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods split java.lang.String
         - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods takeRight java.util.List int
+        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toBoolean java.lang.Boolean
+        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toSorted java.lang.Iterable
         - staticMethod org.codehaus.groovy.runtime.EncodingGroovyMethods encodeBase64 byte[]
         - staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter bitwiseNegate java.lang.Object
-        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toBoolean java.lang.Boolean
-        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.Object java.lang.String
-        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods multiply java.lang.String java.lang.Number
-        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods minus java.lang.String java.lang.Object
-        - method java.io.File listFiles
-        - method java.lang.String concat java.lang.String
-        - method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses
-        - method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild
-        - method hudson.model.Actionable getAction java.lang.Class
-        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toSorted java.lang.Iterable
-        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods intersect java.util.List java.lang.Iterable
-        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods reverse java.util.List
-        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.Collection java.lang.String
-        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods init java.util.List
-        - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.lang.CharSequence
-        - staticMethod hudson.model.Hudson getInstance
-        - method hudson.model.Job getProperty java.lang.Class
-        - method hudson.model.ParametersDefinitionProperty getParameterDefinitions
-        - method hudson.model.ParameterDefinition getName
-        - method hudson.model.StringParameterDefinition getDefaultValue
-        - method java.util.Collection toArray
diff --git a/jenkins/client/credential/jenkins.yml b/jenkins/client/credential/jenkins.yml
new file mode 100644
index 0000000..da373db
--- /dev/null
+++ b/jenkins/client/credential/jenkins.yml
@@ -0,0 +1,8 @@
+parameters:
+  jenkins:
+    client:
+      credential:
+        jenkins:
+          desc: Credentials to access this Jenkins instance
+          username: ${_param:jenkins_client_user}
+          password: ${_param:jenkins_client_password}
diff --git a/jenkins/client/job/deploy/lab/deploy.yml b/jenkins/client/job/deploy/lab/deploy.yml
index b1deafa..f5d34f6 100644
--- a/jenkins/client/job/deploy/lab/deploy.yml
+++ b/jenkins/client/job/deploy/lab/deploy.yml
@@ -117,9 +117,6 @@
                 type: string
                 default: ""
                 description: "Formulas revision to install on Salt Master bootstrap stage"
-              EXTRA_FORMULAS:
-                type: string
-                default: ""
               STATIC_MGMT_NETWORK:
                   type: boolean
                   default: 'false'
diff --git a/jenkins/client/job/deploy/update/kubernetes_update.yml b/jenkins/client/job/deploy/update/kubernetes_update.yml
index acdb8e0..11279ed 100644
--- a/jenkins/client/job/deploy/update/kubernetes_update.yml
+++ b/jenkins/client/job/deploy/update/kubernetes_update.yml
@@ -38,6 +38,14 @@
             SALT_MASTER_CREDENTIALS:
               type: string
               default: "salt-qa-credentials"
+            SIMPLE_UPGRADE:
+              type: boolean
+              default: 'false'
+              description: "Choose between simple upgrade or upgrade with draining nodes"
+            UPGRADE_DOCKER:
+              type: boolean
+              default: 'false'
+              description: "Upgrade docker or not"
             PER_NODE:
               type: boolean
               default: 'true'
diff --git a/jenkins/client/job/deploy/update/upgrade.yml b/jenkins/client/job/deploy/update/upgrade.yml
index 01fdf2a..f4f5630 100644
--- a/jenkins/client/job/deploy/update/upgrade.yml
+++ b/jenkins/client/job/deploy/update/upgrade.yml
@@ -29,27 +29,19 @@
             SALT_MASTER_CREDENTIALS:
               type: string
               default: "salt"
-            STAGE_TEST_UPGRADE:
-              type: boolean
-              default: 'true'
-              description: "Test if syncdb and APIs succeed"
-            STAGE_REAL_UPGRADE:
-              type: boolean
-              default: 'true'
-              description: "Run real control upgrade"
-            STAGE_ROLLBACK_UPGRADE:
-              type: boolean
-              default: 'true'
-              description: "Rollback if control upgrade fails"
-            OPERATING_SYSTEM_RELEASE_UPGRADE:
+            OS_DIST_UPGRADE:
               type: boolean
               default: 'false'
-              description: "Set to true if operating system release upgrade is desired. For ex. from Ubuntu 14.04 currently running on ctl and prx nodes to Ubuntu 16.04"
-            SKIP_VM_RELAUNCH:
+              description: "Upgrade system packages including kernel (apt-get dist-upgrade)"
+            OS_UPGRADE:
               type: boolean
               default: 'false'
-              description: "Set to true if vms should not be recreated"
+              description: "Upgrade all installed applications (apt-get upgrade)"
             INTERACTIVE:
               type: boolean
               default: 'true'
               description: "Ask interactive questions during pipeline run (bool)"
+            TARGET_SERVERS:
+              type: string
+              default: 'ctl*'
+              description: "Salt compound expression to get control servers to upgrade."
diff --git a/jenkins/client/job/deploy/update/upgrade_compute.yml b/jenkins/client/job/deploy/update/upgrade_compute.yml
index 706863d..b4628fa 100644
--- a/jenkins/client/job/deploy/update/upgrade_compute.yml
+++ b/jenkins/client/job/deploy/update/upgrade_compute.yml
@@ -21,7 +21,7 @@
             url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
             branch: "${_param:jenkins_pipelines_branch}"
             credentials: "gerrit"
-            script: openstack-compute-upgrade.groovy
+            script: openstack-data-upgrade.groovy
           param:
             SALT_MASTER_URL:
               type: string
@@ -29,18 +29,19 @@
             SALT_MASTER_CREDENTIALS:
               type: string
               default: "salt"
-            TARGET_SERVERS:
-              type: string
-              default: "cmp*"
-              description: Salt compound target to match nodes to be updated [*, G@osfamily:debian].
-            TARGET_SUBSET_TEST:
-              type: string
-              description: Number of nodes to list package updates, empty string means all targetted nodes.
-            TARGET_SUBSET_LIVE:
-              type: string
-              default: '1'
-              description: Number of selected nodes to live apply upgrade.
+            OS_DIST_UPGRADE:
+              type: boolean
+              default: 'false'
+              description: "Upgrade system packages including kernel (apt-get dist-upgrade)"
+            OS_UPGRADE:
+              type: boolean
+              default: 'false'
+              description: "Upgrade all installed applications (apt-get upgrade)"
             INTERACTIVE:
               type: boolean
               default: 'true'
               description: "Ask interactive questions during pipeline run (bool)"
+            TARGET_SERVERS:
+              type: string
+              default: 'cmp*'
+              description: "Salt compound expression to get control servers to upgrade."
diff --git a/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml b/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml
index b0c92b7..76bf436 100644
--- a/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml
+++ b/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml
@@ -21,7 +21,7 @@
             url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
             branch: "${_param:jenkins_pipelines_branch}"
             credentials: "gerrit"
-            script: ovs-gateway-upgrade.groovy
+            script: openstack-data-upgrade.groovy
           param:
             SALT_MASTER_URL:
               type: string
@@ -29,18 +29,19 @@
             SALT_MASTER_CREDENTIALS:
               type: string
               default: "salt"
-            TARGET_SERVERS:
-              type: string
-              default: "gtw*"
-              description: Salt compound target to match nodes to be updated [*, G@osfamily:debian].
-            TARGET_SUBSET_TEST:
-              type: string
-              description: Number of nodes to list package updates, empty string means all targetted nodes.
-            TARGET_SUBSET_LIVE:
-              type: string
-              default: '1'
-              description: Number of selected nodes to live apply upgrade.
+            OS_DIST_UPGRADE:
+              type: boolean
+              default: 'false'
+              description: "Upgrade system packages including kernel (apt-get dist-upgrade)"
+            OS_UPGRADE:
+              type: boolean
+              default: 'false'
+              description: "Upgrade all installed applications (apt-get upgrade)"
             INTERACTIVE:
               type: boolean
               default: 'true'
               description: "Ask interactive questions during pipeline run (bool)"
+            TARGET_SERVERS:
+              type: string
+              default: 'gtw*'
+              description: "Salt compound expression to get control servers to upgrade."
diff --git a/jenkins/client/job/git-mirrors/2way.yml b/jenkins/client/job/git-mirrors/2way.yml
index bb6b44b..71d8f9a 100644
--- a/jenkins/client/job/git-mirrors/2way.yml
+++ b/jenkins/client/job/git-mirrors/2way.yml
@@ -11,7 +11,7 @@
             - name: mcp-common-scripts
               source: mcp/mcp-common-scripts
               target: Mirantis/mcp-common-scripts
-              branches: "master"
+              branches: "master,release/2018.8.1"
             - name: mcp-local-repo-model
               source: mcp/mcp-local-repo-model
               target: Mirantis/mcp-local-repo-model
@@ -24,6 +24,10 @@
               source: mcp/mcp-drivetrain-model
               target: Mirantis/mcp-drivetrain-model
               branches: "master"
+            - name: model-manager
+              source: python-apps/model-manager
+              target: salt-formulas/django-model-manager
+              branches: "master"
           template:
             description: ${_param:job_description_2way}
             discard:
diff --git a/jenkins/client/job/git-mirrors/downstream/pipelines.yml b/jenkins/client/job/git-mirrors/downstream/pipelines.yml
index 271a725..17611cb 100644
--- a/jenkins/client/job/git-mirrors/downstream/pipelines.yml
+++ b/jenkins/client/job/git-mirrors/downstream/pipelines.yml
@@ -8,8 +8,8 @@
       - name: pipeline-library
         downstream: mcp-ci/pipeline-library
         upstream: "${_param:gerrit_pipeline_library_repo}"
-        branches: master
+        branches: "master,release/2018.8.1"
       - name: mk-pipelines
         downstream: mk/mk-pipelines
         upstream: "${_param:gerrit_mk_pipelines_repo}"
-        branches: master
+        branches: "master,release/2018.8.1"
diff --git a/jenkins/client/job/git-mirrors/upstream/pipelines.yml b/jenkins/client/job/git-mirrors/upstream/pipelines.yml
index 20f7eb6..9e82f80 100644
--- a/jenkins/client/job/git-mirrors/upstream/pipelines.yml
+++ b/jenkins/client/job/git-mirrors/upstream/pipelines.yml
@@ -6,8 +6,8 @@
       - name: pipeline-library
         downstream: mcp-ci/pipeline-library
         upstream: "git@github.com:Mirantis/pipeline-library.git"
-        branches: master
+        branches: master,release/2018.8.1
       - name: mk-pipelines
         downstream: mk/mk-pipelines
         upstream: "git@github.com:Mirantis/mk-pipelines.git"
-        branches: master
+        branches: master,release/2018.8.1
diff --git a/jenkins/client/job/k8s-test/init.yml b/jenkins/client/job/k8s-test/init.yml
index c26bfce..7a391af 100644
--- a/jenkins/client/job/k8s-test/init.yml
+++ b/jenkins/client/job/k8s-test/init.yml
@@ -1,8 +1,6 @@
 classes:
 - system.jenkins.client.job.k8s-test.mcp-k8s-test-pipeline
 - system.jenkins.client.job.k8s-test.mcp-k8s-merge-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-dashboard-test-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-dashboard-merge-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-metallb-test-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-metallb-merge-pipeline
+- system.jenkins.client.job.k8s-test.mcp-k8s-generic-test-pipeline
+- system.jenkins.client.job.k8s-test.mcp-k8s-generic-merge-pipeline
 - system.jenkins.client.job.k8s-test.mcp-k8s-formula-test-pipeline
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-dashboard-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-dashboard-merge-pipeline.yml
deleted file mode 100644
index 8424f6a..0000000
--- a/jenkins/client/job/k8s-test/mcp-k8s-dashboard-merge-pipeline.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-parameters:
-  _param:
-    mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
-    mcp_prod_docker_registry: 'docker-prod-local.docker.mirantis.net'
-  jenkins:
-    client:
-      job:
-        mcp_k8s_dashboard_merge_pipeline:
-          type: workflow-scm
-          name: mcp-k8s-dashboard-merge-pipeline
-          display_name: "Kubernetes dashboard merge pipeline"
-          discard:
-            build:
-              keep_num: 20
-          concurrent: false
-          scm:
-            type: git
-            url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
-            credentials: "gerrit"
-            script: pipelines/mcp-k8s-dashboard-pipeline.groovy
-          trigger:
-            gerrit:
-              project:
-                kubernetes/dashboard:
-                  branches:
-                    - compare_type: "ANT"
-                      name: "**mcp**"
-              message:
-                build_successful: "Build successful"
-                build_unstable: "Build unstable"
-                build_failure: "Build failed"
-              event:
-                change:
-                  - merged
-          param:
-            KUBE_DOCKER_REGISTRY:
-              type: string
-              default: ${_param:mcp_docker_registry}
-              description: 'Docker registry for binaries and images'
-            KUBE_PROD_DOCKER_REGISTRY:
-              type: string
-              default: ${_param:mcp_prod_docker_registry}
-              description: 'Prod docker registry for binaries and images'
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-dashboard-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-dashboard-test-pipeline.yml
deleted file mode 100644
index ebb4692..0000000
--- a/jenkins/client/job/k8s-test/mcp-k8s-dashboard-test-pipeline.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-parameters:
-  _param:
-    mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
-  jenkins:
-    client:
-      job:
-        mcp_k8s_dashboard_test_pipeline:
-          type: workflow-scm
-          name: mcp-k8s-dashboard-test-pipeline
-          display_name: "Kubernetes dashboard tests pipeline"
-          discard:
-            build:
-              keep_num: 50
-          concurrent: true
-          scm:
-            type: git
-            url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
-            credentials: "gerrit"
-            script: pipelines/mcp-k8s-dashboard-pipeline.groovy
-          trigger:
-            gerrit:
-              project:
-                kubernetes/dashboard:
-                  branches:
-                    - compare_type: "ANT"
-                      name: "**"
-              message:
-                build_successful: "Build successful"
-                build_unstable: "Build unstable"
-                build_failure: "Build failed"
-              event:
-                patchset:
-                  - created:
-                      excludeDrafts: false
-                      excludeTrivialRebase: false
-                      excludeNoCodeChange: false
-                comment:
-                  - addedContains:
-                      commentAddedCommentContains: '(recheck|reverify)'
-              override-votes:
-                gerritBuildUnstableVerifiedValue: 1
-                gerritBuildUnstableCodeReviewValue: 1
-          param:
-            KUBE_DOCKER_REGISTRY:
-              type: string
-              default: ${_param:mcp_docker_registry}
-              description: 'Docker registry for binaries and images'
-
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-generic-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-generic-merge-pipeline.yml
new file mode 100644
index 0000000..0c01626
--- /dev/null
+++ b/jenkins/client/job/k8s-test/mcp-k8s-generic-merge-pipeline.yml
@@ -0,0 +1,65 @@
+parameters:
+  _param:
+    mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
+    mcp_prod_docker_registry: 'docker-prod-local.docker.mirantis.net'
+  jenkins:
+    client:
+      job_template:
+        mcp-k8s-generic-merge-pipeline:
+          name: mcp-k8s-{{name}}-merge-pipeline
+          jobs:
+            - name: coredns
+              display_name: "CoreDNS merge pipeline"
+              pipeline: mcp-k8s-coredns-pipeline.groovy
+              repo: kubernetes/coredns
+            - name: dashboard
+              display_name: "Kubernetes dashboard merge pipeline"
+              pipeline: mcp-k8s-dashboard-pipeline.groovy
+              repo: kubernetes/dashboard
+            - name: external-dns
+              display_name: "External DNS merge pipeline"
+              pipeline: mcp-k8s-ext-dns-pipeline.groovy
+              repo: kubernetes/external-dns
+            - name: metallb
+              display_name: "Metal LB merge pipeline"
+              pipeline: mcp-k8s-metallb-pipeline.groovy
+              repo: kubernetes/metallb
+            - name: nginx-ingress
+              display_name: "NGINX ingress merge pipeline"
+              pipeline: mcp-k8s-ingress-nginx-pipeline.groovy
+              repo: kubernetes/ingress-nginx
+          template:
+            type: workflow-scm
+            display_name: "{{display_name}}"
+            discard:
+              build:
+                keep_num: 20
+            concurrent: false
+            scm:
+              type: git
+              url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
+              credentials: "gerrit"
+              script: "pipelines/{{pipeline}}"
+            trigger:
+              gerrit:
+                project:
+                  "{{repo}}":
+                    branches:
+                      - compare_type: "ANT"
+                        name: "**mcp**"
+                message:
+                  build_successful: "Build successful"
+                  build_unstable: "Build unstable"
+                  build_failure: "Build failed"
+                event:
+                  change:
+                    - merged
+            param:
+              KUBE_DOCKER_REGISTRY:
+                type: string
+                default: ${_param:mcp_docker_registry}
+                description: 'Docker registry for binaries and images'
+              KUBE_PROD_DOCKER_REGISTRY:
+                type: string
+                default: ${_param:mcp_prod_docker_registry}
+                description: 'Prod docker registry for binaries and images'
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-generic-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-generic-test-pipeline.yml
new file mode 100644
index 0000000..de5e5a6
--- /dev/null
+++ b/jenkins/client/job/k8s-test/mcp-k8s-generic-test-pipeline.yml
@@ -0,0 +1,69 @@
+parameters:
+  _param:
+    mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
+  jenkins:
+    client:
+      job_template:
+        mcp-k8s-generic-test-pipeline:
+          name: mcp-k8s-{{name}}-test-pipeline
+          jobs:
+            - name: coredns
+              display_name: "CoreDNS test pipeline"
+              pipeline: mcp-k8s-coredns-pipeline.groovy
+              repo: kubernetes/coredns
+            - name: dashboard
+              display_name: "Kubernetes dashboard test pipeline"
+              pipeline: mcp-k8s-dashboard-pipeline.groovy
+              repo: kubernetes/dashboard
+            - name: external-dns
+              display_name: "External DNS test pipeline"
+              pipeline: mcp-k8s-ext-dns-pipeline.groovy
+              repo: kubernetes/external-dns
+            - name: metallb
+              display_name: "Metal LB test pipeline"
+              pipeline: mcp-k8s-metallb-pipeline.groovy
+              repo: kubernetes/metallb
+            - name: nginx-ingress
+              display_name: "NGINX ingress test pipeline"
+              pipeline: mcp-k8s-ingress-nginx-pipeline.groovy
+              repo: kubernetes/ingress-nginx
+          template:
+            type: workflow-scm
+            display_name: "{{display_name}}"
+            discard:
+              build:
+                keep_num: 50
+            concurrent: true
+            scm:
+              type: git
+              url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
+              credentials: "gerrit"
+              script: "pipelines/{{pipeline}}"
+            trigger:
+              gerrit:
+                project:
+                  "{{repo}}":
+                    branches:
+                      - compare_type: "ANT"
+                        name: "**"
+                message:
+                  build_successful: "Build successful"
+                  build_unstable: "Build unstable"
+                  build_failure: "Build failed"
+                event:
+                  patchset:
+                    - created:
+                        excludeDrafts: false
+                        excludeTrivialRebase: false
+                        excludeNoCodeChange: false
+                  comment:
+                    - addedContains:
+                        commentAddedCommentContains: '(recheck|reverify)'
+                override-votes:
+                  gerritBuildUnstableVerifiedValue: 1
+                  gerritBuildUnstableCodeReviewValue: 1
+            param:
+              KUBE_DOCKER_REGISTRY:
+                type: string
+                default: ${_param:mcp_docker_registry}
+                description: 'Docker registry for binaries and images'
diff --git a/jenkins/client/job/oscore/cookiecutter.yml b/jenkins/client/job/oscore/cookiecutter.yml
index 5ffe289..ca6e6f6 100644
--- a/jenkins/client/job/oscore/cookiecutter.yml
+++ b/jenkins/client/job/oscore/cookiecutter.yml
@@ -35,6 +35,10 @@
                 - openstack-ovs-core-manila-pike
                 - openstack-ovs-core-telemetry-pike
                 - openstack-ovs-core-queens
+                - openstack-ovs-core-extra-queens
+                - openstack-ovs-core-ssl-queens
+                - openstack-ovs-core-extra-ssl-queens
+                - openstack-ovs-core-barbican-ssl-queens
             STACK_INSTALL:
               type: string
               default: 'core,openstack,ovs'
@@ -42,6 +46,16 @@
               type: boolean
               description: "Delete Heat stack when finished (bool)"
               default: 'false'
+            OPENSTACK_ENVIRONMENT:
+              type: choice
+              description: "Target openstack environment."
+              choices:
+                - devcloud
+                - presales
+                - oscore_devcloud
+            OPENSTACK_API_CREDENTIALS:
+              type: string
+              description: "Credentials to the OpenStack API"
             OPENSTACK_API_PROJECT:
               type: string
               default: "mcp-oscore"
@@ -61,7 +75,7 @@
               default: |-
                 #Extra context that will be merged with content of COOKIECUTTER_TEMPLATE_CONTEXT_FILE
                 default_context:
-                  openssh_groups: "qa_scale,oscore_devops,networking,tcpcloud,stacklight,k8s_team"
+                  openssh_groups: "qa_scale,oscore_devops,networking,tcpcloud,stacklight,k8s_team,mcp_qa"
                   cookiecutter_template_url: https://gerrit.mcp.mirantis.net/mk/cookiecutter-templates.git
                   cookiecutter_template_branch: 'master'
                   shared_reclass_url: https://gerrit.mcp.mirantis.net/salt-models/reclass-system.git
@@ -113,6 +127,16 @@
               type: string
               default: "gerrit"
               description: "ID of jenkins credentials to be used when connecting to gerrit."
+            OPENSTACK_ENVIRONMENT:
+              type: choice
+              description: "Target openstack environment."
+              choices:
+                - devcloud
+                - presales
+                - oscore_devcloud
+            OPENSTACK_API_CREDENTIALS:
+              type: string
+              description: "Credentials to the OpenStack API"
             OPENSTACK_API_PROJECT:
               type: string
               default: "mcp-oscore-ci"
diff --git a/jenkins/client/job/oscore/release.yml b/jenkins/client/job/oscore/release.yml
index f73bd22..e471e9d 100644
--- a/jenkins/client/job/oscore/release.yml
+++ b/jenkins/client/job/oscore/release.yml
@@ -59,6 +59,10 @@
                 type: string
                 default: "{{test_scheme}}"
                 description: "Structure which defines parameters of deployment jobs"
+              TEST_MILESTONE:
+                type: string
+                description: Product milestone
+                default: "{{test_milestone}}"
               MIRROR_HOST:
                 type: string
                 default: "mirror.mirantis.com"
diff --git a/jenkins/client/job/oscore/salt_virtual_models.yml b/jenkins/client/job/oscore/salt_virtual_models.yml
index 49ef6df..7bffaf2 100644
--- a/jenkins/client/job/oscore/salt_virtual_models.yml
+++ b/jenkins/client/job/oscore/salt_virtual_models.yml
@@ -101,6 +101,10 @@
               type: string
               description: How much test threads to run
               default: "2"
+            RUN_SECURITY_CHECK:
+              type: boolean
+              description: Whether to run Openscap XCCDF evaluation
+              default: "false"
             RUN_SMOKE:
               type: boolean
               default: "false"
diff --git a/jenkins/client/job/oscore/test_upgrades.yml b/jenkins/client/job/oscore/test_upgrades.yml
index 26a9960..e193d58 100644
--- a/jenkins/client/job/oscore/test_upgrades.yml
+++ b/jenkins/client/job/oscore/test_upgrades.yml
@@ -19,17 +19,30 @@
               credentials: "gerrit"
               branch: 'master'
               script: test-openstack-upgrade-pipeline.groovy
+            trigger:
+              timer:
+               spec: "H 22 * * *"
             param:
               CREDENTIALS_ID:
                 type: string
                 description: "ID of jenkins credentials to be used when connecting to gerrit."
                 default: "gerrit"
+              OPENSTACK_ENVIRONMENT:
+                type: choice
+                description: "Target openstack environment."
+                choices:
+                  - devcloud
+                  - presales
+                  - oscore_devcloud
+              OPENSTACK_API_CREDENTIALS:
+                type: string
+                description: "Credentials to the OpenStack API"
               OPENSTACK_API_PROJECT:
                 type: string
-                default: "mcp-oscore"
+                default: "mcp-oscore-ci"
               HEAT_STACK_ZONE:
                 type: string
-                default: "mcp-oscore"
+                default: "mcp-oscore-ci"
               FLAVOR_PREFIX:
                 type: string
                 default: 'dev'
@@ -40,8 +53,57 @@
               TEST_SCHEME:
                 type: string
                 description: "Yaml based scheme to be applied in testing"
-                default: '{"old": {"context_file_name": "openstack-ovs-core-{{openstack_version_old}}","extra_context": {"default_context": {"openstack_version": "{{openstack_version_old}}"}}}, "new": {"extra_context": {"default_context": {"openstack_version": "{{openstack_version_new}}"}}}}'
+                default: '{"old": {"run_smoke": True, "context_file_name": "openstack-ovs-core-{{openstack_version_old}}","extra_context": {"default_context": {"openstack_version": "{{openstack_version_old}}"}}}, "new": {"run_smoke": True, "extra_context": {"default_context": {"openstack_version": "{{openstack_version_new}}"}}}}'
       job:
+        oscore-test-openstack-upgrade-mitaka-newton:
+          display_name: oscore-test-openstack-upgrade-mitaka-newton
+          name: oscore-test-openstack-upgrade-mitaka-newton
+          concurrent: true
+          description: Test upgrade flow for opentack cluster
+          discard:
+            build:
+             keep_num: 60
+            artifact:
+             keep_num: 60
+          type: workflow-scm
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines"
+            credentials: "gerrit"
+            branch: 'master'
+            script: test-openstack-upgrade-pipeline.groovy
+          param:
+            CREDENTIALS_ID:
+              type: string
+              description: "ID of jenkins credentials to be used when connecting to gerrit."
+              default: "gerrit"
+            OPENSTACK_ENVIRONMENT:
+              type: choice
+              description: "Target openstack environment."
+              choices:
+                - devcloud
+                - presales
+                - oscore_devcloud
+            OPENSTACK_API_CREDENTIALS:
+              type: string
+              description: "Credentials to the OpenStack API"
+            OPENSTACK_API_PROJECT:
+              type: string
+              default: "mcp-oscore"
+            HEAT_STACK_ZONE:
+              type: string
+              default: "mcp-oscore"
+            FLAVOR_PREFIX:
+              type: string
+              default: 'dev'
+            STACK_DELETE:
+              type: boolean
+              default: 'true'
+              description: Don't enable it if you need to use the lab after
+            TEST_SCHEME:
+              type: string
+              description: "Yaml based scheme to be applied in testing"
+              default: '{"old": {"run_smoke": True, "context_file_name": "openstack-ovs-core-mitaka","extra_context": {"default_context": {"openstack_version": "mitaka"}}}, "new": {"run_smoke": True, "extra_context": {"default_context": {"openstack_version": "newton"}}}}'
         oscore-test-adjust-cluster-model:
           display_name: oscore-test-adjust-cluster-model
           name: oscore-test-adjust-cluster-model
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index f4fb7e0..c082306 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -99,6 +99,11 @@
               OPENSTACK_API_VERSION:
                 type: string
                 default: "3"
+              # security test
+              RUN_SECURITY_CHECK:
+                type: boolean
+                description: Whether to run Openscap XCCDF evaluation
+                default: 'false'
               # test
               TEST_CONF:
                 type: string
@@ -682,7 +687,7 @@
             trigger:
               gerrit:
                 project:
-                  "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest|oslo-templates|auditd)$":
+                  "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest|oslo-templates|auditd|octavia|openscap)$":
                     compare_type: 'REG_EXP'
                     branches:
                       - master
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
index cae768a..f2efc67 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
@@ -338,6 +338,9 @@
             - name: sentry
               branches: ${_param:salt_formulas_branches}
               notification_recipients: ${_param:salt_formulas_notification_recipients}
+            - name: shibboleth
+              branches: ${_param:salt_formulas_branches}
+              notification_recipients: ${_param:salt_formulas_notification_recipients}
             - name: sphinx
               branches: ${_param:salt_formulas_branches}
               notification_recipients: ${_param:salt_formulas_notification_recipients}
@@ -453,7 +456,7 @@
               default: "gerrit"
             BRANCHES:
               type: string
-              default: "master"
+              default: "master,release/2018.8.1"
         git-mirror-2way-salt-formulas-cookiecutter:
           description: ${_param:job_description_2way}
           discard:
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index ca8d0a5..b5b286d 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -153,6 +153,7 @@
                   salt-formulas/{{name}}:
                     branches:
                       - master
+                      - '2018.8.1'
                 event:
                   comment:
                     - addedContains:
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index 4a18088..c6c54bb 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -48,10 +48,6 @@
               PARALLEL_NODE_GROUP_SIZE:
                 type: string
                 default: "9"
-              # Salt master setup extra formulas
-              EXTRA_FORMULAS:
-                type: string
-                default: "{{extra_formulas}}"
               FORMULAS_SOURCE:
                 type: string
                 default: "{{formulas_src}}"
@@ -158,10 +154,6 @@
               PARALLEL_NODE_GROUP_SIZE:
                 type: string
                 default: "9"
-              # Salt master setup extra formulas
-              EXTRA_FORMULAS:
-                type: string
-                default: "{{extra_formulas}}"
               FORMULAS_SOURCE:
                 type: string
                 default: "{{formulas_src}}"
@@ -235,6 +227,10 @@
               DEFAULT_GIT_REF:
                 type: string
                 default: master
+              EXTRA_VARIABLES_YAML:
+                type: text
+                default: ""
+                description: "Extra vars passed as YAML"
               PARALLEL_NODE_GROUP_SIZE:
                 type: string
                 default: "5"
@@ -244,10 +240,10 @@
             - cookiecutter_template: cookiecutter-templates
           template:
             discard:
-             build:
-               keep_num: 50
-             artifact:
-               keep_num: 50
+              build:
+                keep_days: 4
+              artifact:
+                keep_days: 4
             type: workflow-scm
             concurrent: true
             scm:
@@ -272,37 +268,40 @@
               COOKIECUTTER_TEMPLATE_URL:
                 type: string
                 default: "${_param:jenkins_gerrit_url}/mk/{{cookiecutter_template}}"
-              CREDENTIALS_ID:
-                type: string
-                default: gerrit
               COOKIECUTTER_TEMPLATE_BRANCH:
                 type: string
                 default: master
-              RECLASS_MODEL_URL:
+                description: "Those variable will be ignored, in case gerritTrigger=>GERRIT_BRANCH"
+              COOKIECUTTER_TEMPLATE_REF:
+                type: string
+                default: ""
+                description: "Example: refs/changes/49/25549/1"
+              RECLASS_SYSTEM_URL:
                 type: string
                 default: "${_param:jenkins_gerrit_url}/salt-models/reclass-system"
-              RECLASS_MODEL_BRANCH:
+              RECLASS_SYSTEM_BRANCH:
                 type: string
                 default: master
+                description: "Those variable will be ignored, in case gerritTrigger=>GERRIT_BRANCH"
+              RECLASS_SYSTEM_GIT_REF:
+                type: string
+                default: ""
+                description: "Example: refs/changes/49/25549/1"
               DISTRIB_REVISION:
                 type: string
                 default: 'nightly'
-              SYSTEM_GIT_URL:
-                type: string
-                default: ""
-              SYSTEM_GIT_REF:
-                type: string
-                default: ""
-              PARALLEL_NODE_GROUP_SIZE:
-                type: string
-                default: "1"
-              EXTRA_FORMULAS:
-                type: string
-                default: "aptly artifactory auditd backupninja collectd devops-portal docker elasticsearch fluentd freeipa gerrit glusterfs grafana haproxy heka horizon influxdb jenkins keepalived kibana libvirt maas memcached mysql nginx ntp openldap openscap openssh postfix prometheus rsync rsyslog rundeck sensu sphinx telegraf xtrabackup watchdog logrotate"
+                description: "Those variable will be ignored, in case gerritTrigger=>GERRIT_BRANCH. Version of bin-artifacts,passed to test-env"
               RECLASS_VERSION:
                 type: string
                 default: 'v1.5.4'
-                description: "Version (branch) of Reclass we will use"
+                description: "Version (branch) of reclass PACKAGE we will use"
+              CREDENTIALS_ID:
+                type: string
+                default: gerrit
+              EXTRA_VARIABLES_YAML:
+                type: text
+                default: ""
+                description: "Extra vars passed as YAML"
       job:
         test-salt-model-node:
           name: test-salt-model-node
@@ -341,9 +340,6 @@
             CREDENTIALS_ID:
               type: string
               default: "gerrit"
-            EXTRA_FORMULAS:
-              type: string
-              default: ""
             FORMULAS_SOURCE:
               type: string
               default: "pkg"
@@ -383,9 +379,9 @@
           name: test-mk-cookiecutter-templates-chunk
           discard:
             build:
-              keep_num: 300
+              keep_days: 3
             artifact:
-              keep_num: 30
+              keep_days: 3
           type: workflow-scm
           concurrent: true
           plugin_properties:
@@ -402,5 +398,5 @@
             script: test-cookiecutter-reclass-chunk.groovy
           param:
             EXTRA_VARIABLES_YAML:
-              type: string
+              type: text
               default: ""
diff --git a/jenkins/client/job/security/openscap.yml b/jenkins/client/job/security/openscap.yml
new file mode 100644
index 0000000..7bedf61
--- /dev/null
+++ b/jenkins/client/job/security/openscap.yml
@@ -0,0 +1,57 @@
+#
+# Job to collect oscap results based on input benchmarks
+#
+parameters:
+  jenkins:
+    client:
+      job:
+        run-openscap-xccdf-evaluation:
+          type: workflow-scm
+          concurrent: true
+          discard:
+            build:
+              keep_num: 10
+            artifact:
+              keep_num: 10
+          display_name: "Run openscap xccdf evaluation on given nodes"
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+            branch: "${_param:jenkins_pipelines_branch}"
+            credentials: "gerrit"
+            script: test-openscap-pipeline.groovy
+          param:
+            DASHBOARD_API_URL:
+              type: string
+              default: ""
+              description: "The WORP api base url. Mandatory if UPLOAD_TO_DASHBOARD is true"
+            SALT_MASTER_URL:
+              type: string
+              default: ""
+            SALT_MASTER_CREDENTIALS:
+              type: string
+              default: "salt-qa-credentials"
+            TARGET_SERVERS:
+              type: string
+              default: '*'
+              description: "The target Salt nodes"
+            UPLOAD_TO_DASHBOARD:
+              type: boolean
+              default: "false"
+              description: "Upload results to the WORP or not"
+            XCCDF_BENCHMARKS:
+              type: string
+              default: "cis_ubuntu_1604_server_l2/cis_ubuntu_1604_server_l2-xccdf.xml,default"
+              description: "List of pairs XCCDF benchmark filename and corresponding profile, format xccdf_benchmark 1, profile; xccdf_benchmark 2, profile"
+            XCCDF_BENCHMARKS_DIR:
+              type: string
+              default: "/usr/share/xccdf-benchmarks/mirantis/"
+              description: "The XCCDF benchmarks base directory"
+            XCCDF_VERSION:
+              type: string
+              default: "1.2"
+              description: "The XCCDF version"
+            XCCDF_TAILORING_ID:
+              type: string
+              default: "None"
+              description: "The tailoring id"
diff --git a/jenkins/client/job/stacklight/cookiecutter.yml b/jenkins/client/job/stacklight/cookiecutter.yml
index 0a2c6ed..0f40403 100644
--- a/jenkins/client/job/stacklight/cookiecutter.yml
+++ b/jenkins/client/job/stacklight/cookiecutter.yml
@@ -31,6 +31,16 @@
               type: string
               description: "Context for cookiecutter template specified as filename"
               default: 'stacklight-openstack-ovs-core-pike'
+            OPENSTACK_ENVIRONMENT:
+              type: choice
+              description: "Target openstack environment"
+              choices:
+                - devcloud
+                - presales
+                - oscore_devcloud
+            OPENSTACK_API_CREDENTIALS:
+              type: string
+              description: "Credentials to the OpenStack API"
             OPENSTACK_API_PROJECT:
               type: string
               default: "mcp-stacklight"
diff --git a/keepalived/cluster/instance/openstack_manila_vip.yml b/keepalived/cluster/instance/openstack_manila_vip.yml
new file mode 100644
index 0000000..d8330c4
--- /dev/null
+++ b/keepalived/cluster/instance/openstack_manila_vip.yml
@@ -0,0 +1,11 @@
+classes:
+- service.keepalived.cluster.single
+parameters:
+  _param:
+    keepalived_openstack_manila_vip_address: ${_param:cluster_vip_address}
+    keepalived_openstack_manila_vip_password: password
+    keepalived_openstack_manila_vip_interface: eth1
+    keepalived_vip_virtual_router_id: 235
+    keepalived_vip_address: ${_param:keepalived_openstack_manila_vip_address}
+    keepalived_vip_password: ${_param:keepalived_openstack_manila_vip_password}
+    keepalived_vip_interface: ${_param:keepalived_openstack_manila_vip_interface}
diff --git a/keystone/client/os_client_config/octavia_identity.yml b/keystone/client/os_client_config/octavia_identity.yml
new file mode 100644
index 0000000..3d84b0c
--- /dev/null
+++ b/keystone/client/os_client_config/octavia_identity.yml
@@ -0,0 +1,20 @@
+parameters:
+  keystone:
+    client:
+      os_client_config:
+        enabled: true
+        cfgs:
+          root:
+            content:
+              clouds:
+                octavia_identity:
+                  region_name: ${_param:openstack_region}
+                  identity_api_version: '3'
+                  interface: 'internal'
+                  auth:
+                    username: 'octavia'
+                    password: ${_param:keystone_octavia_password}
+                    user_domain_name: 'Default'
+                    project_name: 'service'
+                    project_domain_name: 'Default'
+                    auth_url: ${_param:keystone_service_protocol}://${_param:keystone_service_host}:5000
\ No newline at end of file
diff --git a/keystone/client/service/gnocchi.yml b/keystone/client/service/gnocchi.yml
index 27d38b0..1d1b075 100644
--- a/keystone/client/service/gnocchi.yml
+++ b/keystone/client/service/gnocchi.yml
@@ -5,6 +5,8 @@
     cluster_public_protocol: https
     gnocchi_service_protocol: http
     gnocchi_public_host: ${_param:cluster_public_host}
+    gnocchi_public_port: 8041
+    gnocchi_public_path: '/'
   keystone:
     client:
       server:
@@ -24,8 +26,8 @@
               - region: ${_param:openstack_region}
                 public_address: ${_param:gnocchi_public_host}
                 public_protocol: ${_param:cluster_public_protocol}
-                public_port: 8041
-                public_path: '/'
+                public_port: ${_param:gnocchi_public_port}
+                public_path: ${_param:gnocchi_public_path}
                 internal_address: ${_param:gnocchi_service_host}
                 internal_port: 8041
                 internal_path: '/'
diff --git a/keystone/client/service/keystone.yml b/keystone/client/service/keystone.yml
index 0cfa963..53e7cd1 100644
--- a/keystone/client/service/keystone.yml
+++ b/keystone/client/service/keystone.yml
@@ -7,6 +7,8 @@
     keystone_public_path: "/v2.0"
     keystone_internal_path: "/v2.0"
     keystone_admin_path: "/v2.0"
+    keystone_public_address: ${_param:cluster_public_host}
+    keystone_public_port: 5000
   keystone:
     client:
       server:
@@ -17,9 +19,9 @@
               description: OpenStack Identity Service
               endpoints:
               - region: ${_param:openstack_region}
-                public_address: ${_param:cluster_public_host}
+                public_address: ${_param:keystone_public_address}
                 public_protocol: ${_param:cluster_public_protocol}
-                public_port: 5000
+                public_port: ${_param:keystone_public_port}
                 public_path: ${_param:keystone_public_path}
                 internal_address: ${_param:keystone_service_host}
                 internal_port: 5000
diff --git a/keystone/client/service/octavia.yml b/keystone/client/service/octavia.yml
index 304d70f..bf16b79 100644
--- a/keystone/client/service/octavia.yml
+++ b/keystone/client/service/octavia.yml
@@ -9,6 +9,9 @@
     client:
       server:
         identity:
+          roles:
+          - load-balancer_member
+          - load-balancer_admin
           project:
             service:
               user:
@@ -18,7 +21,7 @@
                   email: ${_param:admin_email}
           service:
             octavia:
-              type: octavia
+              type: load-balancer
               description: OpenStack Loadbalancing Service
               endpoints:
               - region: ${_param:openstack_region}
diff --git a/keystone/client/v3/service/ironic.yml b/keystone/client/v3/service/ironic.yml
index 09c6967..bd101e6 100644
--- a/keystone/client/v3/service/ironic.yml
+++ b/keystone/client/v3/service/ironic.yml
@@ -15,20 +15,20 @@
                 service_admin:
                   name: admin
                   project_id: service
-          service:
+          services:
             ironic:
               type: baremetal
               description: OpenStack Baremetal Service
               endpoints:
                 ironic_public:
-                  internface: 'public'
+                  interface: 'public'
                   url: ${_param:cluster_public_protocol}://${_param:cluster_public_host}:6385
                   region: ${_param:openstack_region}
                 ironic_internal:
-                  internface: 'internal'
+                  interface: 'internal'
                   url: ${_param:ironic_service_protocol}://${_param:ironic_service_host}:6385
                   region: ${_param:openstack_region}
                 ironic_admin:
-                  internface: 'admin'
+                  interface: 'admin'
                   url: ${_param:ironic_service_protocol}://${_param:ironic_service_host}:6385
                   region: ${_param:openstack_region}
diff --git a/keystone/client/v3/service/octavia.yml b/keystone/client/v3/service/octavia.yml
index a43b0a9..56de95b 100644
--- a/keystone/client/v3/service/octavia.yml
+++ b/keystone/client/v3/service/octavia.yml
@@ -1,3 +1,6 @@
+classes:
+- system.keystone.client.os_client_config.octavia_identity
+
 parameters:
   _param:
     cluster_public_protocol: https
@@ -5,8 +8,25 @@
     octavia_service_protocol: http
   keystone:
     client:
+      server:
+        identity:
+          octavia:
+            api_version: 3
+        octavia_identity:
+          admin:
+            api_version: ''
+            user_domain_name: 'Default'
+            project_domain_name: 'Default'
       resources:
         v3:
+          cloud_name: 'octavia_identity'
+          roles:
+            global_load_balancer_member:
+              name: load-balancer_member
+              enabled: true
+            global_load_balancer_admin:
+              name: load-balancer_admin
+              enabled: true
           users:
             octavia:
               password: ${_param:keystone_octavia_password}
@@ -17,7 +37,7 @@
                   project_id: service
           services:
             octavia:
-              type: octavia
+              type: load-balancer
               description: OpenStack Loadbalancing Service
               endpoints:
                 octavia_public:
diff --git a/keystone/client/v3/service/radosgw-s3.yml b/keystone/client/v3/service/radosgw-s3.yml
index 25614cb..d069d9e 100644
--- a/keystone/client/v3/service/radosgw-s3.yml
+++ b/keystone/client/v3/service/radosgw-s3.yml
@@ -15,7 +15,7 @@
                 service_admin:
                   name: admin
                   project_id: service
-          service:
+          services:
             radosgw-s3:
               type: s3
               description: S3 Service (radosgw)
diff --git a/keystone/client/v3/service/radosgw-swift.yml b/keystone/client/v3/service/radosgw-swift.yml
index 4fa6756..e3b8ac3 100644
--- a/keystone/client/v3/service/radosgw-swift.yml
+++ b/keystone/client/v3/service/radosgw-swift.yml
@@ -15,7 +15,7 @@
                 service_admin:
                   name: admin
                   project_id: service
-          service:
+          services:
             radosgw-swift:
               type: object-store
               description: Swift Service (radosgw)
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 24840fe..a42d3b6 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -6,12 +6,16 @@
 - system.linux.system.users.keystone
 - system.keystone.server.fernet_rotation.cluster
 - system.salt.minion.cert.mysql.clients.openstack.keystone
+- system.salt.minion.cert.rabbitmq.clients.openstack.keystone
 parameters:
   _param:
     keystone_tokens_expiration: 3600
     openstack_node_role: primary
     openstack_mysql_x509_enabled: False
+    openstack_rabbitmq_x509_enabled: False
     galera_ssl_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -60,6 +64,7 @@
       credential:
         location: /var/lib/keystone/credential-keys
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         engine: rabbitmq
         members:
           - host: ${_param:openstack_message_queue_node01_address}
@@ -69,6 +74,13 @@
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
         ha_queues: true
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_keystone_ssl_ca_file}
+          key_file: ${_param:rabbitmq_keystone_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_keystone_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       auth_methods:
       - password
       - token
diff --git a/keystone/server/fernet_rotation/cluster.yml b/keystone/server/fernet_rotation/cluster.yml
index 7da8b5b..c34c4f8 100644
--- a/keystone/server/fernet_rotation/cluster.yml
+++ b/keystone/server/fernet_rotation/cluster.yml
@@ -24,6 +24,9 @@
         credential_rotation_driver: ${_param:credential_rotation_driver}
   linux:
     system:
+      package:
+        rsync:
+          version: latest
       cron:
         user:
           keystone:
diff --git a/keystone/server/fernet_rotation/single.yml b/keystone/server/fernet_rotation/single.yml
index bb6f234..8a3d6fb 100644
--- a/keystone/server/fernet_rotation/single.yml
+++ b/keystone/server/fernet_rotation/single.yml
@@ -10,6 +10,9 @@
         credential_rotation_driver: ${_param:credential_rotation_driver}
   linux:
     system:
+      package:
+        rsync:
+          version: latest
       cron:
         user:
           keystone:
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index d926c0d..10a5331 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -3,6 +3,7 @@
 - system.linux.system.users.keystone
 - system.keystone.server.fernet_rotation.single
 - system.salt.minion.cert.mysql.clients.openstack.keystone
+- system.salt.minion.cert.rabbitmq.clients.openstack.keystone
 parameters:
   _param:
     keystone_service_token: token
@@ -13,7 +14,10 @@
     keystone_tokens_expiration: 3600
     openstack_node_role: primary
     openstack_mysql_x509_enabled: False
+    openstack_rabbitmq_x509_enabled: False
     galera_ssl_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -59,12 +63,20 @@
       credential:
         location: /var/lib/keystone/credential-keys
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         engine: rabbitmq
         host: ${_param:single_address}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
         ha_queues: true
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_keystone_ssl_ca_file}
+          key_file: ${_param:rabbitmq_keystone_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_keystone_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       roles:
         - admin
         - Member
diff --git a/kubernetes/common.yml b/kubernetes/common.yml
deleted file mode 100644
index bf5886b..0000000
--- a/kubernetes/common.yml
+++ /dev/null
@@ -1,285 +0,0 @@
-parameters:
-  _param:
-    mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
-    kubernetes_calico_calicoctl_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
-    kubernetes_calico_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
-    kubernetes_calico_cni_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
-    kubernetes_calico_kube_ctl_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
-    kubernetes_hyperkube_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
-    kubernetes_contrail_cni_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
-    kubernetes_contrail_network_controller_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes/contrail-integration
-    kubernetes_netchecker_agent_repo: mirantis
-    kubernetes_netchecker_server_repo: mirantis
-    kubernetes_virtlet_repo: mirantis
-    kubernetes_kubedns_repo: gcr.io/google_containers
-    kubernetes_externaldns_repo: mirantis
-    kubernetes_genie_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/cni-genie
-    kubernetes_flannel_repo: quay.io/coreos
-    kubernetes_metallb_repo: metallb
-    kubernetes_sriov_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/sriov-cni
-    kubernetes_cniplugins_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/containernetworking-plugins
-    kubernetes_dashboard_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
-    kubernetes_coredns_repo: coredns
-
-    # component docker images
-    kubernetes_docker_package: docker-engine=1.13.1-0~ubuntu-xenial
-    kubernetes_calico_calicoctl_image: ${_param:kubernetes_calico_calicoctl_repo}/ctl:v3.1.3
-    kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v3.1.3
-    kubernetes_calico_cni_image: ${_param:kubernetes_calico_cni_repo}/cni:v3.1.3
-    kubernetes_calico_kube_controllers_image: ${_param:kubernetes_calico_kube_ctl_repo}/kube-controllers:v3.1.3
-    kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.11.2-1
-    kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.11.2-1
-    kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
-    kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
-    kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.1.2
-    kubernetes_criproxy_version: v0.11.1
-    kubernetes_criproxy_checksum: md5=a3f1f08bdc7a8d6eb73b7c8fa5bae200
-    kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
-    kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
-    kubernetes_kubedns_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-kube-dns-amd64:1.14.5
-    kubernetes_dnsmasq_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-dnsmasq-amd64:1.14.5
-    kubernetes_sidecar_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-sidecar-amd64:1.14.5
-    kubernetes_dns_autoscaler_image: ${_param:kubernetes_kubedns_repo}/cluster-proportional-autoscaler-amd64:1.0.0
-    kubernetes_externaldns_image: ${_param:kubernetes_externaldns_repo}/external-dns:v0.5.3
-    kubernetes_genie_source: ${_param:kubernetes_genie_repo}/genie_v1.0-138-gbf5dbaa
-    kubernetes_genie_source_hash: md5=b024052ed4ecb1d5354e0cc8f51afaca
-    kubernetes_flannel_image: ${_param:kubernetes_flannel_repo}/flannel:v0.10.0-amd64
-    kubernetes_metallb_controller_image: ${_param:kubernetes_metallb_repo}/controller:v0.7.3
-    kubernetes_metallb_speaker_image: ${_param:kubernetes_metallb_repo}/speaker:v0.7.3
-    kubernetes_sriov_source: ${_param:kubernetes_sriov_repo}/sriov_v0.3-8-g8b7ed98
-    kubernetes_sriov_source_hash: md5=c0cc33202afd02e4cc44b977a8faf6e7
-    kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/cni-plugins_v0.7.1-48-g696b1f9.tar.gz
-    kubernetes_cniplugins_source_hash: md5=5ec1cf5e989097c6127ea5365e277b02
-    kubernetes_dashboard_image: ${_param:kubernetes_dashboard_repo}/kubernetes-dashboard-amd64:v1.10.0-4
-    kubernetes_fluentd_aggregator_image: fluent/fluentd-kubernetes-daemonset:v1.2-debian-elasticsearch
-    kubernetes_fluentd_logger_image: fluent/fluentd-kubernetes-daemonset:v1.2-debian-stackdriver
-    kubernetes_telegraf_image: ${_param:mcp_docker_registry}/openstack-docker/telegraf:2018.8.0
-    kubernetes_coredns_image: ${_param:kubernetes_coredns_repo}/coredns:1.2.0
-
-    kubelet_fail_on_swap: true
-    kubernetes_dashboard_enabled: true
-    kubernetes_kubedns_enabled: false
-    kubernetes_externaldns_enabled: false
-    kubernetes_coredns_enabled: true
-    kubernetes_externaldns_provider: coredns
-    kubernetes_virtlet_enabled: false
-    kubernetes_flannel_enabled: false
-    kubernetes_genie_enabled: false
-    kubernetes_calico_enabled: false
-    kubernetes_opencontrail_enabled: false
-    kubernetes_contrail_network_controller_enabled: false
-    kubernetes_metallb_enabled: false
-    kubernetes_sriov_enabled: false
-    kubernetes_fluentd_enabled: false
-    kubernetes_telegraf_enabled: false
-
-    # the rest of fluentd related params, the non bools
-    kubernetes_fluentd_namespace: stacklight
-    kubernetes_fluentd_aggregator_resources_limits_memory: 500Mi
-    kubernetes_fluentd_aggregator_resources_requests_memory: 500Mi
-    kubernetes_fluentd_aggregator_config_forward_input_bind_port: 24224
-    kubernetes_fluentd_aggregator_config_general_time_format: '%Y-%m-%dT%H:%M:%S.%N%z'
-    kubernetes_fluentd_aggregator_config_systemd_filter_docker_parse_format: /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
-    kubernetes_fluentd_aggregator_config_output_log_level: 'info'
-    kubernetes_fluentd_aggregator_config_output_logstash_format: true
-    kubernetes_fluentd_aggregator_config_output_logstash_prefix: 'log'
-    kubernetes_fluentd_aggregator_config_output_logstash_dateformat: '%Y.%m.%d'
-    kubernetes_fluentd_aggregator_config_output_num_threads: 8
-    kubernetes_fluentd_aggregator_config_output_max_retry_wait: 30
-    kubernetes_fluentd_aggregator_config_output_flush_interval: '10s'
-    kubernetes_fluentd_aggregator_config_output_buffer_chunk_limit: '2m'
-    kubernetes_fluentd_aggregator_config_output_buffer_queue_limit: 32
-    kubernetes_fluentd_aggregator_config_output_request_timeout: '10s'
-    kubernetes_fluentd_aggregator_config_output_es_host: 127.0.0.1
-    kubernetes_fluentd_aggregator_config_output_es_port: 9200
-    kubernetes_fluentd_aggregator_config_output_es_scheme: http
-
-    kubernetes_fluentd_logger_resources_limits_memory: 500Mi
-    kubernetes_fluentd_logger_resources_requests_memory: 500Mi
-    kubernetes_fluentd_logger_config_kubernetes_input_time_format: '%Y-%m-%dT%H:%M:%S.%NZ'
-    kubernetes_fluentd_logger_config_forward_output_require_ack_response: true
-    kubernetes_fluentd_logger_config_forward_output_ack_response_timeout: 30
-    kubernetes_fluentd_logger_config_forward_output_recover_wait: '10s'
-    kubernetes_fluentd_logger_config_forward_output_heartbeat_interval: '1s'
-    kubernetes_fluentd_logger_config_forward_output_phi_threshold: 16
-    kubernetes_fluentd_logger_config_forward_output_send_timeout: '10s'
-    kubernetes_fluentd_logger_config_forward_output_hard_timeout: '10s'
-    kubernetes_fluentd_logger_config_forward_output_expire_dns_cache: 15
-    kubernetes_fluentd_logger_config_forward_output_heartbeat_type: 'tcp'
-    kubernetes_fluentd_logger_config_forward_output_buffer_chunk_limit: '2M'
-    kubernetes_fluentd_logger_config_forward_output_buffer_queue_limit: 32
-    kubernetes_fluentd_logger_config_forward_output_flush_interval: '5s'
-    kubernetes_fluentd_logger_config_forward_output_max_retry_wait: 15
-    kubernetes_fluentd_logger_config_forward_output_num_threads: 8
-
-    # telegraf stuff
-    kubernetes_telegraf_namespace: stacklight
-    kubernetes_telegraf_resources_limits_memory: 500Mi
-    kubernetes_telegraf_resources_requests_memory: 500Mi
-    kubernetes_telegraf_agent_interval: 15
-    kubernetes_telegraf_agent_round_interval: false
-    kubernetes_telegraf_agent_metric_batch_size: 1000
-    kubernetes_telegraf_agent_metric_buffer_limit: 10000
-    kubernetes_telegraf_agent_collection_jitter: 2
-    kubernetes_telegraf_agent_flush_interval: 10
-    kubernetes_telegraf_agent_flush_jitter: 2
-    kubernetes_telegraf_agent_precision: ms
-    kubernetes_telegraf_agent_logfile: etc/telegraf/log
-    kubernetes_telegraf_agent_debug: false
-    kubernetes_telegraf_agent_quiet: false
-    kubernetes_telegraf_agent_omit_hostname: false
-
-  docker:
-    host:
-      pkgs:
-        - ${_param:kubernetes_docker_package}
-        - python-docker
-      options:
-        bip: 172.31.255.1/24
-        storage-driver: overlay2
-
-  kubernetes:
-    common:
-      hyperkube:
-        image: ${_param:kubernetes_hyperkube_image}
-        pause_image: ${_param:kubernetes_pause_image}
-      cni:
-        plugins:
-          source: ${_param:kubernetes_cniplugins_source}
-          hash: ${_param:kubernetes_cniplugins_source_hash}
-      addons:
-        dashboard:
-          enabled: ${_param:kubernetes_dashboard_enabled}
-          image: ${_param:kubernetes_dashboard_image}
-        dns:
-          enabled: ${_param:kubernetes_kubedns_enabled}
-          kubedns_image: ${_param:kubernetes_kubedns_image}
-          dnsmasq_image: ${_param:kubernetes_dnsmasq_image}
-          sidecar_image: ${_param:kubernetes_sidecar_image}
-          autoscaler:
-            image: ${_param:kubernetes_dns_autoscaler_image}
-        externaldns:
-          enabled: ${_param:kubernetes_externaldns_enabled}
-          namespace: kube-system
-          image: ${_param:kubernetes_externaldns_image}
-          provider: ${_param:kubernetes_externaldns_provider}
-        coredns:
-          enabled: ${_param:kubernetes_coredns_enabled}
-          image: ${_param:kubernetes_coredns_image}
-        contrail_network_controller:
-          enabled: ${_param:kubernetes_contrail_network_controller_enabled}
-          image: ${_param:kubernetes_contrail_network_controller_image}
-        flannel:
-          image: ${_param:kubernetes_flannel_image}
-        fluentd:
-          enabled: ${_param:kubernetes_fluentd_enabled}
-          namespace: ${_param:kubernetes_fluentd_namespace}
-          aggregator:
-            image: ${_param:kubernetes_fluentd_aggregator_image}
-            resources:
-              limits:
-                memory: ${_param:kubernetes_fluentd_aggregator_resources_limits_memory}
-              requests:
-                memory: ${_param:kubernetes_fluentd_aggregator_resources_requests_memory}
-            config:
-              forward_input:
-                bind:
-                  port: ${_param:kubernetes_fluentd_aggregator_config_forward_input_bind_port}
-              general:
-                time_format: ${_param:kubernetes_fluentd_aggregator_config_general_time_format}
-              systemd_filter:
-                docker_parse_format: ${_param:kubernetes_fluentd_aggregator_config_systemd_filter_docker_parse_format}
-              output:
-                log_level: ${_param:kubernetes_fluentd_aggregator_config_output_log_level}
-                logstash_format: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_format}
-                logstash_prefix: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_prefix}
-                logstash_dateformat: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_dateformat}
-                request_timeout: ${_param:kubernetes_fluentd_aggregator_config_output_request_timeout}
-                buffer_chunk_limit: ${_param:kubernetes_fluentd_aggregator_config_output_buffer_chunk_limit}
-                buffer_queue_limit: ${_param:kubernetes_fluentd_aggregator_config_output_buffer_queue_limit}
-                flush_interval: ${_param:kubernetes_fluentd_aggregator_config_output_flush_interval}
-                num_threads: ${_param:kubernetes_fluentd_aggregator_config_output_num_threads}
-                max_retry_wait: ${_param:kubernetes_fluentd_aggregator_config_output_max_retry_wait}
-                es:
-                  host: ${_param:kubernetes_fluentd_aggregator_config_output_es_host}
-                  port: ${_param:kubernetes_fluentd_aggregator_config_output_es_port}
-                  scheme: ${_param:kubernetes_fluentd_aggregator_config_output_es_scheme}
-          logger:
-            image: ${_param:kubernetes_fluentd_logger_image}
-            resources:
-              limits:
-                memory: ${_param:kubernetes_fluentd_logger_resources_limits_memory}
-              requests:
-                memory: ${_param:kubernetes_fluentd_logger_resources_requests_memory}
-            config:
-              kubernetes_input:
-                time_format: ${_param:kubernetes_fluentd_logger_config_kubernetes_input_time_format}
-              forward_output:
-                require_ack_response: ${_param:kubernetes_fluentd_logger_config_forward_output_require_ack_response}
-                ack_response_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_ack_response_timeout}
-                recover_wait: ${_param:kubernetes_fluentd_logger_config_forward_output_recover_wait}
-                heartbeat_interval: ${_param:kubernetes_fluentd_logger_config_forward_output_heartbeat_interval}
-                phi_threshold: ${_param:kubernetes_fluentd_logger_config_forward_output_phi_threshold}
-                send_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_send_timeout}
-                hard_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_hard_timeout}
-                expire_dns_cache: ${_param:kubernetes_fluentd_logger_config_forward_output_expire_dns_cache}
-                heartbeat_type: ${_param:kubernetes_fluentd_logger_config_forward_output_heartbeat_type}
-                buffer_chunk_limit: ${_param:kubernetes_fluentd_logger_config_forward_output_buffer_chunk_limit}
-                buffer_queue_limit: ${_param:kubernetes_fluentd_logger_config_forward_output_buffer_queue_limit}
-                flush_interval: ${_param:kubernetes_fluentd_logger_config_forward_output_flush_interval}
-                max_retry_wait: ${_param:kubernetes_fluentd_logger_config_forward_output_max_retry_wait}
-                num_threads: ${_param:kubernetes_fluentd_logger_config_forward_output_num_threads}
-        telegraf:
-          enabled: ${_param:kubernetes_telegraf_enabled}
-          image: ${_param:kubernetes_telegraf_image}
-          resources:
-            limits:
-              memory: ${_param:kubernetes_telegraf_resources_limits_memory}
-            requests:
-              memory: ${_param:kubernetes_telegraf_resources_requests_memory}
-          agent:
-            interval: ${_param:kubernetes_telegraf_agent_interval}
-            round_interval: ${_param:kubernetes_telegraf_agent_round_interval}
-            metric_batch_size: ${_param:kubernetes_telegraf_agent_metric_batch_size}
-            metric_buffer_limit: ${_param:kubernetes_telegraf_agent_metric_buffer_limit}
-            collection_jitter: ${_param:kubernetes_telegraf_agent_collection_jitter}
-            flush_interval: ${_param:kubernetes_telegraf_agent_flush_interval}
-            flush_jitter: ${_param:kubernetes_telegraf_agent_flush_jitter}
-            precision: ${_param:kubernetes_telegraf_agent_precision}
-            logfile: ${_param:kubernetes_telegraf_agent_logfile}
-            debug: ${_param:kubernetes_telegraf_agent_debug}
-            quiet: ${_param:kubernetes_telegraf_agent_quiet}
-            omit_hostname: ${_param:kubernetes_telegraf_agent_omit_hostname}
-        virtlet:
-          enabled: ${_param:kubernetes_virtlet_enabled}
-          namespace: kube-system
-          image: ${_param:kubernetes_virtlet_image}
-          criproxy_version: ${_param:kubernetes_criproxy_version}
-          criproxy_source: ${_param:kubernetes_criproxy_checksum}
-        metallb:
-          enabled: ${_param:kubernetes_metallb_enabled}
-    pool:
-      enabled: false
-      kubelet:
-        fail_on_swap: ${_param:kubelet_fail_on_swap}
-      container: false
-      network:
-        genie:
-          enabled: ${_param:kubernetes_genie_enabled}
-          source: ${_param:kubernetes_genie_source}
-          source_hash: ${_param:kubernetes_genie_source_hash}
-        calico:
-          enabled: ${_param:kubernetes_calico_enabled}
-          image: ${_param:kubernetes_calico_image}
-          calicoctl_image: ${_param:kubernetes_calico_calicoctl_image}
-          cni_image: ${_param:kubernetes_calico_cni_image}
-          kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image}
-        opencontrail:
-          enabled: ${_param:kubernetes_opencontrail_enabled}
-          cni_image: ${_param:kubernetes_contrail_cni_image}
-        sriov:
-          enabled: ${_param:kubernetes_sriov_enabled}
-          source: ${_param:kubernetes_sriov_source}
-          source_hash: ${_param:kubernetes_sriov_source_hash}
-        flannel:
-          enabled: ${_param:kubernetes_flannel_enabled}
diff --git a/kubernetes/common/addons/alertmanager.yml b/kubernetes/common/addons/alertmanager.yml
new file mode 100644
index 0000000..c7483cf
--- /dev/null
+++ b/kubernetes/common/addons/alertmanager.yml
@@ -0,0 +1,24 @@
+classes:
+- system.prometheus.alertmanager.container
+parameters:
+  _param:
+    kubernetes_alertmanager_enabled: false
+    kubernetes_alertmanager_image: ${_param:mcp_docker_registry}/openstack-docker/alertmanager:2018.8.0
+    kubernetes_alertmanager_namespace: stacklight
+    kubernetes_alertmanager_node_port: 31993
+  kubernetes:
+    common:
+      addons:
+        alertmanager:
+          enabled: ${_param:kubernetes_alertmanager_enabled}
+          image: ${_param:kubernetes_alertmanager_image}
+          namespace: ${_param:kubernetes_alertmanager_namespace}
+          dir:
+            config: ${_param:prometheus_alertmanager_config_directory}
+            data: ${_param:prometheus_alertmanager_data_directory}
+            host_config: ${prometheus:alertmanager:dir:config}
+            host_data: ${prometheus:alertmanager:dir:data}
+          bind:
+            address: ${prometheus:alertmanager:bind:address}
+            port: ${prometheus:alertmanager:bind:port}
+            node_port: ${_param:kubernetes_alertmanager_node_port}
diff --git a/kubernetes/common/addons/fluentd.yml b/kubernetes/common/addons/fluentd.yml
new file mode 100644
index 0000000..16a6874
--- /dev/null
+++ b/kubernetes/common/addons/fluentd.yml
@@ -0,0 +1,36 @@
+parameters:
+  _param:
+     kubernetes_fluentd_aggregator_image: ${_param:mcp_docker_registry}/mirantis/external/fluentd-kubernetes-daemonset:stable
+     kubernetes_fluentd_enabled: false
+     kubernetes_fluentd_namespace: stacklight
+     kubernetes_fluentd_aggregator_resources_limits_memory: 500Mi
+     kubernetes_fluentd_aggregator_resources_requests_memory: 500Mi
+     kubernetes_fluentd_aggregator_bind_port: 24224
+     kubernetes_fluentd_aggregator_bind_host_port: 31950
+     kubernetes_fluentd_aggregator_config_output_es_host: 127.0.0.1
+     kubernetes_fluentd_aggregator_config_output_es_port: 9200
+     kubernetes_fluentd_aggregator_config_output_es_scheme: http
+     kubernetes_fluentd_aggregator_config_dir: /fluentd/etc
+  kubernetes:
+    common:
+      addons:
+        fluentd:
+          enabled: ${_param:kubernetes_fluentd_enabled}
+          namespace: ${_param:kubernetes_fluentd_namespace}
+          aggregator:
+            image: ${_param:kubernetes_fluentd_aggregator_image}
+            resources:
+              limits:
+                memory: ${_param:kubernetes_fluentd_aggregator_resources_limits_memory}
+              requests:
+                memory: ${_param:kubernetes_fluentd_aggregator_resources_requests_memory}
+            bind:
+              port: ${_param:kubernetes_fluentd_aggregator_bind_port}
+              host_port: ${_param:kubernetes_fluentd_aggregator_bind_host_port}
+            config:
+              config_dir: ${_param:kubernetes_fluentd_aggregator_config_dir}
+              output:
+                es:
+                  host: ${_param:kubernetes_fluentd_aggregator_config_output_es_host}
+                  port: ${_param:kubernetes_fluentd_aggregator_config_output_es_port}
+                  scheme: ${_param:kubernetes_fluentd_aggregator_config_output_es_scheme}
diff --git a/kubernetes/common/addons/prometheus.yml b/kubernetes/common/addons/prometheus.yml
new file mode 100644
index 0000000..5f5fcea
--- /dev/null
+++ b/kubernetes/common/addons/prometheus.yml
@@ -0,0 +1,37 @@
+classes:
+- system.prometheus.server.container
+parameters:
+  _param:
+    kubernetes_prometheus_image: ${_param:mcp_docker_registry}/openstack-docker/prometheus:2018.8.0
+    kubernetes_prometheus_enabled: false
+    kubernetes_prometheus_namespace: stacklight
+    kubernetes_prometheus_server_resources_limits_memory: 500M
+    kubernetes_prometheus_server_resources_requests_memory: 500M
+    kubernetes_prometheus_server_bind_host_port: 31990
+    kubernetes_prometheus_server_storage_local_engine: persisted
+    kubernetes_prometheus_server_use_static_datadir: true
+  kubernetes:
+    common:
+      addons:
+        prometheus:
+          enabled:  ${_param:kubernetes_prometheus_enabled}
+          image: ${_param:kubernetes_prometheus_image}
+          namespace: ${_param:kubernetes_prometheus_namespace}
+          server:
+            bind:
+              port: ${prometheus:server:bind:port}
+              host: ${prometheus:server:bind:address}
+              host_port: ${_param:kubernetes_prometheus_server_bind_host_port}
+            config:
+              config_dir: ${prometheus:server:dir:config_in_container}
+              host_config_dir: ${prometheus:server:dir:config}
+              data_dir: ${_param:prometheus_server_data_directory}
+              host_data_dir: ${prometheus:server:dir:data}
+              storage_local_engine: ${_param:kubernetes_prometheus_server_storage_local_engine}
+              storage_local_retention: ${prometheus:server:storage:local:retention}
+              use_static_datadir: ${_param:kubernetes_prometheus_server_use_static_datadir}
+            resources:
+              limits:
+                memory: ${_param:kubernetes_prometheus_server_resources_limits_memory}
+              requests:
+                memory: ${_param:kubernetes_prometheus_server_resources_requests_memory}
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
new file mode 100644
index 0000000..0d5bc95
--- /dev/null
+++ b/kubernetes/common/init.yml
@@ -0,0 +1,198 @@
+parameters:
+  _param:
+    mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
+    kubernetes_calico_calicoctl_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+    kubernetes_calico_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+    kubernetes_calico_cni_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+    kubernetes_calico_kube_ctl_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+    kubernetes_hyperkube_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
+    kubernetes_contrail_cni_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
+    kubernetes_contrail_network_controller_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes/contrail-integration
+    kubernetes_netchecker_agent_repo: mirantis
+    kubernetes_netchecker_server_repo: mirantis
+    kubernetes_virtlet_repo: mirantis
+    kubernetes_kubedns_repo: gcr.io/google_containers
+    kubernetes_externaldns_repo: ${_param:mcp_docker_registry}/mirantis/external-dns
+    kubernetes_genie_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/cni-genie
+    kubernetes_flannel_repo: quay.io/coreos
+    kubernetes_metallb_repo: ${_param:mcp_docker_registry}/mirantis/metallb
+    kubernetes_sriov_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/sriov-cni
+    kubernetes_cniplugins_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/containernetworking-plugins
+    kubernetes_dashboard_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
+    kubernetes_coredns_repo: ${_param:mcp_docker_registry}/mirantis/coredns
+    kubernetes_ingressnginx_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes-ingress-nginx
+
+    # component docker images
+    kubernetes_docker_package: docker-engine=1.13.1-0~ubuntu-xenial
+    kubernetes_calico_calicoctl_image: ${_param:kubernetes_calico_calicoctl_repo}/ctl:v3.1.3
+    kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v3.1.3
+    kubernetes_calico_cni_image: ${_param:kubernetes_calico_cni_repo}/cni:v3.1.3
+    kubernetes_calico_kube_controllers_image: ${_param:kubernetes_calico_kube_ctl_repo}/kube-controllers:v3.1.3
+    kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.11.3-2
+    kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.11.3-2
+    kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
+    kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
+    kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.4.0
+    kubernetes_criproxy_version: v0.12.0
+    kubernetes_criproxy_checksum: md5=371cacd3d8568eb88425498b48a649dd
+    kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
+    kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
+    kubernetes_kubedns_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-kube-dns-amd64:1.14.5
+    kubernetes_dnsmasq_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-dnsmasq-amd64:1.14.5
+    kubernetes_sidecar_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-sidecar-amd64:1.14.5
+    kubernetes_dns_autoscaler_image: ${_param:kubernetes_kubedns_repo}/cluster-proportional-autoscaler-amd64:1.0.0
+    kubernetes_externaldns_image: ${_param:kubernetes_externaldns_repo}/external-dns:v0.5.6-1
+    kubernetes_genie_source: ${_param:kubernetes_genie_repo}/genie_v1.0-138-gbf5dbaa
+    kubernetes_genie_source_hash: md5=b024052ed4ecb1d5354e0cc8f51afaca
+    kubernetes_flannel_image: ${_param:kubernetes_flannel_repo}/flannel:v0.10.0-amd64
+    kubernetes_metallb_controller_image: ${_param:kubernetes_metallb_repo}/controller:v0.7.3-2
+    kubernetes_metallb_speaker_image: ${_param:kubernetes_metallb_repo}/speaker:v0.7.3-2
+    kubernetes_sriov_source: ${_param:kubernetes_sriov_repo}/sriov_v0.3-8-g8b7ed98
+    kubernetes_sriov_source_hash: md5=c0cc33202afd02e4cc44b977a8faf6e7
+    kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/cni-plugins_v0.7.1-48-g696b1f9.tar.gz
+    kubernetes_cniplugins_source_hash: md5=5ec1cf5e989097c6127ea5365e277b02
+    kubernetes_dashboard_image: ${_param:kubernetes_dashboard_repo}/kubernetes-dashboard-amd64:v1.10.0-4
+    kubernetes_telegraf_image: ${_param:mcp_docker_registry}/openstack-docker/telegraf:2018.8.0
+    kubernetes_coredns_image: ${_param:kubernetes_coredns_repo}/coredns:v1.2.2-12
+    kubernetes_ingressnginx_controller_image: ${_param:kubernetes_ingressnginx_repo}/nginx-ingress-controller-amd64:nginx-0.19.0-1
+
+    kubelet_fail_on_swap: true
+    kubernetes_dashboard_enabled: true
+    kubernetes_kubedns_enabled: false
+    kubernetes_externaldns_enabled: false
+    kubernetes_coredns_enabled: true
+    kubernetes_externaldns_provider: coredns
+    kubernetes_virtlet_enabled: false
+    kubernetes_virtlet_use_apparmor: false
+    kubernetes_flannel_enabled: false
+    kubernetes_genie_enabled: false
+    kubernetes_calico_enabled: false
+    kubernetes_opencontrail_enabled: false
+    kubernetes_contrail_network_controller_enabled: false
+    kubernetes_metallb_enabled: false
+    kubernetes_sriov_enabled: false
+    kubernetes_telegraf_enabled: false
+    kubernetes_ingressnginx_enabled: false
+
+    kubernetes_ingressnginx_controller_replicas: 1
+
+    # telegraf stuff
+    kubernetes_telegraf_namespace: stacklight
+    kubernetes_telegraf_resources_limits_memory: 500Mi
+    kubernetes_telegraf_resources_requests_memory: 500Mi
+    kubernetes_telegraf_agent_interval: 15
+    kubernetes_telegraf_agent_round_interval: false
+    kubernetes_telegraf_agent_metric_batch_size: 1000
+    kubernetes_telegraf_agent_metric_buffer_limit: 10000
+    kubernetes_telegraf_agent_collection_jitter: 2
+    kubernetes_telegraf_agent_flush_interval: 10
+    kubernetes_telegraf_agent_flush_jitter: 2
+    kubernetes_telegraf_agent_precision: ms
+    kubernetes_telegraf_agent_logfile: etc/telegraf/log
+    kubernetes_telegraf_agent_debug: false
+    kubernetes_telegraf_agent_quiet: false
+    kubernetes_telegraf_agent_omit_hostname: false
+
+  docker:
+    host:
+      pkgs:
+        - ${_param:kubernetes_docker_package}
+        - python-docker
+      options:
+        bip: 172.31.255.1/24
+        storage-driver: overlay2
+
+  kubernetes:
+    common:
+      hyperkube:
+        image: ${_param:kubernetes_hyperkube_image}
+        pause_image: ${_param:kubernetes_pause_image}
+      cni:
+        plugins:
+          source: ${_param:kubernetes_cniplugins_source}
+          hash: ${_param:kubernetes_cniplugins_source_hash}
+      addons:
+        dashboard:
+          enabled: ${_param:kubernetes_dashboard_enabled}
+          image: ${_param:kubernetes_dashboard_image}
+        dns:
+          enabled: ${_param:kubernetes_kubedns_enabled}
+          kubedns_image: ${_param:kubernetes_kubedns_image}
+          dnsmasq_image: ${_param:kubernetes_dnsmasq_image}
+          sidecar_image: ${_param:kubernetes_sidecar_image}
+          autoscaler:
+            image: ${_param:kubernetes_dns_autoscaler_image}
+        externaldns:
+          enabled: ${_param:kubernetes_externaldns_enabled}
+          namespace: kube-system
+          image: ${_param:kubernetes_externaldns_image}
+          provider: ${_param:kubernetes_externaldns_provider}
+        coredns:
+          enabled: ${_param:kubernetes_coredns_enabled}
+          image: ${_param:kubernetes_coredns_image}
+        contrail_network_controller:
+          enabled: ${_param:kubernetes_contrail_network_controller_enabled}
+          image: ${_param:kubernetes_contrail_network_controller_image}
+        flannel:
+          image: ${_param:kubernetes_flannel_image}
+        telegraf:
+          enabled: ${_param:kubernetes_telegraf_enabled}
+          image: ${_param:kubernetes_telegraf_image}
+          resources:
+            limits:
+              memory: ${_param:kubernetes_telegraf_resources_limits_memory}
+            requests:
+              memory: ${_param:kubernetes_telegraf_resources_requests_memory}
+          agent:
+            interval: ${_param:kubernetes_telegraf_agent_interval}
+            round_interval: ${_param:kubernetes_telegraf_agent_round_interval}
+            metric_batch_size: ${_param:kubernetes_telegraf_agent_metric_batch_size}
+            metric_buffer_limit: ${_param:kubernetes_telegraf_agent_metric_buffer_limit}
+            collection_jitter: ${_param:kubernetes_telegraf_agent_collection_jitter}
+            flush_interval: ${_param:kubernetes_telegraf_agent_flush_interval}
+            flush_jitter: ${_param:kubernetes_telegraf_agent_flush_jitter}
+            precision: ${_param:kubernetes_telegraf_agent_precision}
+            logfile: ${_param:kubernetes_telegraf_agent_logfile}
+            debug: ${_param:kubernetes_telegraf_agent_debug}
+            quiet: ${_param:kubernetes_telegraf_agent_quiet}
+            omit_hostname: ${_param:kubernetes_telegraf_agent_omit_hostname}
+        virtlet:
+          enabled: ${_param:kubernetes_virtlet_enabled}
+          namespace: kube-system
+          image: ${_param:kubernetes_virtlet_image}
+          criproxy_version: ${_param:kubernetes_criproxy_version}
+          criproxy_source: ${_param:kubernetes_criproxy_checksum}
+          use_apparmor: ${_param:kubernetes_virtlet_use_apparmor}
+        metallb:
+          enabled: ${_param:kubernetes_metallb_enabled}
+          controller_image: ${_param:kubernetes_metallb_controller_image}
+          speaker_image: ${_param:kubernetes_metallb_speaker_image}
+        ingress-nginx:
+          enabled: ${_param:kubernetes_ingressnginx_enabled}
+          controller_image: ${_param:kubernetes_ingressnginx_controller_image}
+          controller_replicas: ${_param:kubernetes_ingressnginx_controller_replicas}
+    pool:
+      enabled: false
+      kubelet:
+        fail_on_swap: ${_param:kubelet_fail_on_swap}
+      container: false
+      network:
+        genie:
+          enabled: ${_param:kubernetes_genie_enabled}
+          source: ${_param:kubernetes_genie_source}
+          source_hash: ${_param:kubernetes_genie_source_hash}
+        calico:
+          enabled: ${_param:kubernetes_calico_enabled}
+          image: ${_param:kubernetes_calico_image}
+          calicoctl_image: ${_param:kubernetes_calico_calicoctl_image}
+          cni_image: ${_param:kubernetes_calico_cni_image}
+          kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image}
+        opencontrail:
+          enabled: ${_param:kubernetes_opencontrail_enabled}
+          cni_image: ${_param:kubernetes_contrail_cni_image}
+        sriov:
+          enabled: ${_param:kubernetes_sriov_enabled}
+          source: ${_param:kubernetes_sriov_source}
+          source_hash: ${_param:kubernetes_sriov_source_hash}
+        flannel:
+          enabled: ${_param:kubernetes_flannel_enabled}
diff --git a/kubernetes/control/opencontrail.yml b/kubernetes/control/opencontrail.yml
index e5556fa..2a46d00 100644
--- a/kubernetes/control/opencontrail.yml
+++ b/kubernetes/control/opencontrail.yml
@@ -20,6 +20,10 @@
           public_ip_range: ${_param:opencontrail_public_ip_range}
           public_network: ${_param:opencontrail_public_ip_network}
           private_ip_range: ${_param:opencontrail_private_ip_range}
+          cluster_network:
+            project: 'default'
+            domain: 'default-domain'
+            name: 'cluster-network'
           config:
             api:
               host: ${_param:opencontrail_control_address}
diff --git a/linux/system/repo/keystorage/elasticsearch.yml b/linux/system/repo/keystorage/elasticsearch.yml
new file mode 100644
index 0000000..9bb9dd2
--- /dev/null
+++ b/linux/system/repo/keystorage/elasticsearch.yml
@@ -0,0 +1,47 @@
+parameters:
+  linux:
+    system:
+      repo:
+        mcp_elasticsearch:
+          # pub   2048R/D88E42B4 2013-09-16
+          key: |
+            -----BEGIN PGP PUBLIC KEY BLOCK-----
+            Version: GnuPG v1
+
+            mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBD
+            A+bGFOwyhbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9
+            CUliQe324qvObU2QRtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZ
+            j3SF1SPO+TB5QrHkrQHBsmX+Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd
+            1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD
+            2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEBAAG0RUVsYXN0aWNzZWFyY2gg
+            KEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3BzQGVsYXN0aWNzZWFy
+            Y2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
+            F4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
+            nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/
+            7C2GuGCOlbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKm
+            TxcDTFrV7SmVPxCBcQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe
+            8d7sw+XvxB2aN4gnTlRzjL1nTRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/
+            eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUl
+            zcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNMKGTABFG1yRx9r+wa/fvqP6OT
+            RzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hplnpU+PBQZJ5XJ2I+
+            1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA07xx7Bj+
+            Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
+            KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0Kww
+            EwSk/UDuToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0
+            c3MIAIE9hAR20mqJWLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12J
+            TavnJ5MLaETlggXY+zDef9syTPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j
+            6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZEyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7
+            vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWgR7U2r+a210W6vnUxU4oN0PmM
+            cursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNtfllxIu9XYmiBERQ/
+            qPDlGRlOgVTd9xUfHFkzB52c70E=
+            =92oX
+            -----END PGP PUBLIC KEY BLOCK-----
+        mcp_elasticsearch_curator:
+          # pub   2048R/D88E42B4 2013-09-16
+          key: ${linux:system:repo:mcp_elasticsearch:key}
+        mcp_kibana_5x:
+          # pub   2048R/D88E42B4 2013-09-16
+          key: ${linux:system:repo:mcp_elasticsearch:key}
+        mcp_kibana_46:
+          # pub   2048R/D88E42B4 2013-09-16
+          key: ${linux:system:repo:mcp_elasticsearch:key}
diff --git a/linux/system/repo/keystorage/mirantis_com/init.yml b/linux/system/repo/keystorage/mirantis_com/init.yml
new file mode 100644
index 0000000..b6c9a86
--- /dev/null
+++ b/linux/system/repo/keystorage/mirantis_com/init.yml
@@ -0,0 +1,2 @@
+classes:
+- system.linux.system.repo.keystorage.mirantis_com.openstack
diff --git a/linux/system/repo/keystorage/mirantis_com/openstack.yml b/linux/system/repo/keystorage/mirantis_com/openstack.yml
new file mode 100644
index 0000000..12d5e73
--- /dev/null
+++ b/linux/system/repo/keystorage/mirantis_com/openstack.yml
@@ -0,0 +1,26 @@
+parameters:
+  linux:
+    system:
+      repo:
+        mirantis_openstack:
+          # pub   2048R/4C5289EF 2018-07-25
+          key: |
+            -----BEGIN PGP PUBLIC KEY BLOCK-----
+            Version: GnuPG v1
+
+            mQENBFtYVY8BCAC3oli93husG0ZVtv/L8I4/bcW60LFCyB0DuwEznGlSaj1fjOQu
+            C7QX9wvGRq8mRZ8mfZ6sbxGmgs0LnV5QIBle1l5I3B+AMGksf6UGEWgoN/vq86g+
+            0Jg6kJP/D0sjGXvdlfy+bgAqjsx2bWOLjQGtHSIxhe4cE9HPBfMiYsFwGQua3XN3
+            tiGKcifszvDA6uqdjS6DuTEPCzyKiSyUevnWtBh0oUtUt//X4lG2Mx0lU91uUQGj
+            KeZ+fYXOLqgZm/FxLVT5w3g/UGK9Cbz5h4kGCJOfk0EwIZp0IRRs1phOC6gVMwoV
+            yWKCtdHmg7Ob8I4AZ8OW5HJn1UPHTprxcHBnABEBAAG0LEF1dG9idWlsZGVyIDxp
+            bmZyYSthdXRpYnVpbGRlckBtaXJhbnRpcy5jb20+iQE4BBMBAgAiBQJbWFWPAhsD
+            BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCRZVp5TFKJ70cJB/9ArWrSFyEx
+            qs7Tyo9M5WCPjqw7y2F7jd4Et3hqwc5jx6KlxGpg17SHt4oWcmtML3VBx+ziBAi0
+            5Ry4Z4w0QqFW6gAqQepeW76Yq/OP5SoqEI9sUwzLfUY7raK/P1buvXB1eZh4mMw4
+            TFf4Hgo8yUQ3geYNnUBBfaSfkmiyBJGsMXBfW2zhlpVIyB6Cye5R823FxGNJe+li
+            hggNCQnKYqrGtr55RO6xYI1v89cgGrO2EVwPkFLA/MUnQEb433Ck+sjp1NZDUfuJ
+            U3gg8S0hT+Cf5XiknT/xqIhhTY/KzlNmynZt/51DzZzsbM+RO6JZFYJL2LuC69gB
+            +R5jrmaGu9fG
+            =sqIn
+            -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml b/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml
index 9fc19c6..13c30e7 100644
--- a/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml
@@ -1,3 +1,7 @@
+# DEPRECATED since 2018.7+ release.
+# Please use system/repo/mcp/apt_mirantis
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
 parameters:
   _param:
     apt_mk_version: stable
@@ -8,12 +12,10 @@
         mcp_elastic_2x:
           source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_elastic_2x_version}/elasticsearch-2.x/${_param:linux_system_codename}/ stable main"
           architectures: amd64
-          key_id: D88E42B4
-          key_server: keyserver.ubuntu.com
           clean_file: true
+          key: ${linux:system:repo:mcp_elasticsearch:key}
         mcp_elastic_curator_2x:
           source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_elastic_2x_version}/elasticsearch-curator/${_param:linux_system_codename}/ stable main"
           architectures: amd64
-          key_id: D88E42B4
-          key_server: keyserver.ubuntu.com
           clean_file: true
+          key: ${linux:system:repo:mcp_elasticsearch:key}
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml b/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml
index 01d2ff0..49e9eba 100644
--- a/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml
@@ -1,3 +1,7 @@
+# DEPRECATED since 2018.7+ release.
+# Please use system/repo/mcp/apt_mirantis
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
 parameters:
   _param:
     apt_mk_version: stable
@@ -8,13 +12,10 @@
         mcp_elastic_5x:
           source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_elastic_5x_version}/elasticsearch-5.x/${_param:linux_system_codename}/ stable main"
           architectures: amd64
-          key_id: D88E42B4
-          key_server: keyserver.ubuntu.com
           clean_file: true
+          key: ${linux:system:repo:mcp_elasticsearch:key}
         mcp_elastic_curator_5x:
           source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_elastic_5x_version}/elasticsearch-curator-5/${_param:linux_system_codename}/ stable main"
           architectures: amd64
-          key_id: D88E42B4
-          key_server: keyserver.ubuntu.com
           clean_file: true
-
+          key: ${linux:system:repo:mcp_elasticsearch:key}
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/es.yml b/linux/system/repo/mcp/apt_mirantis/elastic/es.yml
new file mode 100644
index 0000000..1e455c8
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/es.yml
@@ -0,0 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
+parameters:
+  _param:
+    apt_mk_version: stable
+    linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+    linux_system_repo_mcp_elasticsearch_url: ${_param:linux_system_repo_url}/elasticsearch-5.x/
+  linux:
+    system:
+      repo:
+        mcp_elasticsearch:
+          source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_elasticsearch_url}/${_param:linux_system_codename} stable main"
+          architectures: amd64
+          clean_file: true
+          pin:
+          - pin: 'release o=elastic'
+            priority: 1100
+            package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/es_curator.yml b/linux/system/repo/mcp/apt_mirantis/elastic/es_curator.yml
new file mode 100644
index 0000000..c099a03
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/es_curator.yml
@@ -0,0 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
+parameters:
+  _param:
+    apt_mk_version: stable
+    linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+    linux_system_repo_mcp_elasticsearch_curator_url: ${_param:linux_system_repo_url}/elasticsearch-curator-5/
+  linux:
+    system:
+      repo:
+        mcp_elasticsearch_curator:
+          source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_elasticsearch_curator_url}/${_param:linux_system_codename} stable main"
+          architectures: amd64
+          clean_file: true
+          pin:
+          - pin: 'release o=Elastic'
+            priority: 1100
+            package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/init.yml b/linux/system/repo/mcp/apt_mirantis/elastic/init.yml
index a66b757..08f54fd 100644
--- a/linux/system/repo/mcp/apt_mirantis/elastic/init.yml
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/init.yml
@@ -1,3 +1,3 @@
 classes:
-- system.linux.system.repo.mcp.apt_mirantis.elastic.2x
-- system.linux.system.repo.mcp.apt_mirantis.elastic.5x
\ No newline at end of file
+- system.linux.system.repo.mcp.apt_mirantis.elastic.es
+- system.linux.system.repo.mcp.apt_mirantis.elastic.es_curator
diff --git a/linux/system/repo/mcp/apt_mirantis/hotfix/init.yml b/linux/system/repo/mcp/apt_mirantis/hotfix/init.yml
new file mode 100644
index 0000000..e9e45e6
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/hotfix/init.yml
@@ -0,0 +1,2 @@
+classes:
+- system.linux.system.repo.mcp.apt_mirantis.hotfix.ubuntu
diff --git a/linux/system/repo/mcp/apt_mirantis/hotfix/ubuntu.yml b/linux/system/repo/mcp/apt_mirantis/hotfix/ubuntu.yml
new file mode 100644
index 0000000..77d5202
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/hotfix/ubuntu.yml
@@ -0,0 +1,22 @@
+parameters:
+  _param:
+    linux_system_repo_hotfix_url: http://mirror.mirantis.com/hotfix/${_param:apt_mk_version}/
+    linux_system_repo_hotfix_ubuntu_url: ${_param:linux_system_repo_hotfix_url}/ubuntu/
+  linux:
+    system:
+      repo:
+#        ubuntu_hotfix:
+#          refresh_db: ${_param:linux_repo_refresh_db}
+#          source: "deb [arch=amd64] ${_param:linux_system_repo_hotfix_ubuntu_url} ${_param:linux_system_codename} main restricted universe"
+#          architectures: amd64
+#          default: true
+#        ubuntu_updates_hotfix:
+#          refresh_db: ${_param:linux_repo_refresh_db}
+#          source: "deb [arch=amd64] ${_param:linux_system_repo_hotfix_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
+#          architectures: amd64
+#          default: true
+        ubuntu_security_hotfix:
+          refresh_db: ${_param:linux_repo_refresh_db}
+          source: "deb [arch=amd64] ${_param:linux_system_repo_hotfix_ubuntu_url} ${_param:linux_system_codename}-security main restricted universe"
+          architectures: amd64
+          default: true
diff --git a/linux/system/repo/mcp/apt_mirantis/kibana/46.yml b/linux/system/repo/mcp/apt_mirantis/kibana/46.yml
index 21ab878..cf3b2ba 100644
--- a/linux/system/repo/mcp/apt_mirantis/kibana/46.yml
+++ b/linux/system/repo/mcp/apt_mirantis/kibana/46.yml
@@ -1,6 +1,7 @@
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
 parameters:
   _param:
-    apt_mk_version: stable
     linux_system_repo_mcp_kibana_46_version: ${_param:apt_mk_version}
   linux:
     system:
@@ -8,6 +9,4 @@
         mcp_kibana_46:
           source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_kibana_46_version}/kibana-4.6/${_param:linux_system_codename}/ stable main"
           architectures: amd64
-          key_id: D88E42B4
-          key_server: keyserver.ubuntu.com
           clean_file: true
diff --git a/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml b/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml
index 3c3d128..99fa8ac 100644
--- a/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml
+++ b/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml
@@ -1,6 +1,7 @@
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
 parameters:
   _param:
-    apt_mk_version: stable
     linux_system_repo_mcp_kibana_5x_version: ${_param:apt_mk_version}
   linux:
     system:
@@ -8,6 +9,4 @@
         mcp_kibana_5x:
           source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_kibana_5x_version}/elasticsearch-5.x/${_param:linux_system_codename}/ stable main"
           architectures: amd64
-          key_id: D88E42B4
-          key_server: keyserver.ubuntu.com
           clean_file: true
diff --git a/linux/system/repo/mcp/apt_mirantis/kibana/init.yml b/linux/system/repo/mcp/apt_mirantis/kibana/init.yml
index daaf7ab..9a095d9 100644
--- a/linux/system/repo/mcp/apt_mirantis/kibana/init.yml
+++ b/linux/system/repo/mcp/apt_mirantis/kibana/init.yml
@@ -1,3 +1,2 @@
 classes:
-- system.linux.system.repo.mcp.apt_mirantis.kibana.46
-- system.linux.system.repo.mcp.apt_mirantis.kibana.5x
\ No newline at end of file
+- system.linux.system.repo.mcp.apt_mirantis.kibana.5x
diff --git a/linux/system/repo/mcp/apt_mirantis/saltstack.yml b/linux/system/repo/mcp/apt_mirantis/saltstack.yml
index 22b3bb8..5ba85c0 100644
--- a/linux/system/repo/mcp/apt_mirantis/saltstack.yml
+++ b/linux/system/repo/mcp/apt_mirantis/saltstack.yml
@@ -13,7 +13,16 @@
           source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_saltstack_url}/${_param:linux_system_codename}/ ${_param:linux_system_codename} main"
           architectures: amd64
           clean_file: true
-          pin:
-          - pin: 'release o=SaltStack'
-            priority: 1100
-            package: '*'
+          pinning:
+            10:
+              enabled: true
+              pin: 'release o=SaltStack'
+              # WA for https://github.com/saltstack/salt/issues/49653
+              # Should be removed with new version\fix in upstream.
+              priority: 50
+              package: 'libsodium18'
+            20:
+              enabled: true
+              pin: 'release o=SaltStack'
+              priority: 1100
+              package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/update/init.yml b/linux/system/repo/mcp/apt_mirantis/update/init.yml
new file mode 100644
index 0000000..167f896
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/update/init.yml
@@ -0,0 +1,2 @@
+classes:
+- system.linux.system.repo.mcp.apt_mirantis.update.ubuntu
diff --git a/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml b/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
new file mode 100644
index 0000000..d58ff85
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
@@ -0,0 +1,22 @@
+parameters:
+  _param:
+    linux_system_repo_update_url: http://mirror.mirantis.com/update/${_param:apt_mk_version}/
+    linux_system_repo_update_ubuntu_url: ${_param:linux_system_repo_update_url}/ubuntu/
+  linux:
+    system:
+      repo:
+#        ubuntu_update:
+#          refresh_db: ${_param:linux_repo_refresh_db}
+#          source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename} main restricted universe"
+#          architectures: amd64
+#          default: true
+#        ubuntu_updates_update:
+#          refresh_db: ${_param:linux_repo_refresh_db}
+#          source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
+#          architectures: amd64
+#          default: true
+        ubuntu_security_update:
+          refresh_db: ${_param:linux_repo_refresh_db}
+          source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-security main restricted universe"
+          architectures: amd64
+          default: true
diff --git a/linux/system/repo/mcp/mirror/v1/openstack.yml b/linux/system/repo/mcp/mirror/v1/openstack.yml
index a4a369b..37482da 100644
--- a/linux/system/repo/mcp/mirror/v1/openstack.yml
+++ b/linux/system/repo/mcp/mirror/v1/openstack.yml
@@ -1,15 +1,17 @@
+classes:
+- system.linux.system.repo.keystorage.mirantis_com
 parameters:
   _param:
-    apt_mk_version: stable
     linux_system_architecture: 'amd64'
+    linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+    linux_system_repo_mirantis_openstack_url: ${_param:linux_system_repo_url}/openstack-${_param:openstack_version}/
   linux:
     system:
       repo:
         mirantis_openstack:
-          source: "deb http://mirror.mirantis.com/${_param:apt_mk_version}/openstack-${_param:openstack_version}/${_param:linux_system_codename} ${_param:linux_system_codename} main"
+          source: "deb ${_param:linux_system_repo_mirantis_openstack_url}/${_param:linux_system_codename} ${_param:linux_system_codename} main"
           architectures: ${_param:linux_system_architecture}
           clean_file: true
-          key_url: https://mirror.mirantis.com/${_param:apt_mk_version}/openstack-${_param:openstack_version}/${_param:linux_system_codename}/archive-${_param:openstack_version}.key
           pin:
           - pin: 'release o=Mirantis'
             priority: 1100
diff --git a/manila/common/cluster.yml b/manila/common/cluster.yml
index d71364e..ad1254b 100644
--- a/manila/common/cluster.yml
+++ b/manila/common/cluster.yml
@@ -1,18 +1,33 @@
 classes:
- - service.manila.common.cluster
- - service.haproxy.proxy.single
- - system.haproxy.proxy.listen.openstack.manila
+- service.manila.common.cluster
+- system.salt.minion.cert.mysql.clients.openstack.manila
+- system.salt.minion.cert.rabbitmq.clients.openstack.manila
 parameters:
+  _param:
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+    manila_cluster_vip_address: ${_param:cluster_vip_address}
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
+    cluster_internal_protocol: 'http'
   manila:
     common:
       version: ${_param:openstack_version}
       message_queue:
         engine: rabbitmq
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
         host: ${_param:openstack_message_queue_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_manila_ssl_ca_file}
+          key_file: ${_param:rabbitmq_manila_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_manila_client_ssl_cert_file}
+        ssl:
+           enabled: ${_param:rabbitmq_ssl_enabled}
       database:
         engine: mysql
         host: ${_param:openstack_database_address}
@@ -20,10 +35,17 @@
         name: manila
         user: manila
         password: ${_param:mysql_manila_password}
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_manila_ssl_ca_file}
+          key_file: ${_param:mysql_manila_client_ssl_key_file}
+          cert_file: ${_param:mysql_manila_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
       identity:
         engine: keystone
         region: ${_param:openstack_region}
-        host: ${_param:cluster_vip_address}
+        host: ${_param:manila_cluster_vip_address}
         port: 35357
         user: manila
         password: ${_param:keystone_manila_password}
@@ -31,4 +53,4 @@
         auth_type: password
         user_domain_id: default
         project_domain_id: default
-        protocol: 'http'
+        protocol: ${_param:cluster_internal_protocol}
diff --git a/manila/common/single.yml b/manila/common/single.yml
index 1b139c2..c5a6f97 100644
--- a/manila/common/single.yml
+++ b/manila/common/single.yml
@@ -1,16 +1,32 @@
 classes:
- - service.manila.common.single
+- service.manila.common.single
+- system.salt.minion.cert.mysql.clients.openstack.manila
+- system.salt.minion.cert.rabbitmq.clients.openstack.manila
 parameters:
+  _param:
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
+    cluster_internal_protocol: 'http'
   manila:
     common:
       version: ${_param:openstack_version}
       message_queue:
         engine: rabbitmq
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
         host: ${_param:single_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_manila_ssl_ca_file}
+          key_file: ${_param:rabbitmq_manila_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_manila_client_ssl_cert_file}
+        ssl:
+           enabled: ${_param:rabbitmq_ssl_enabled}
       database:
         engine: mysql
         host: ${_param:single_address}
@@ -18,6 +34,13 @@
         name: manila
         user: manila
         password: ${_param:mysql_manila_password}
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_manila_ssl_ca_file}
+          key_file: ${_param:mysql_manila_client_ssl_key_file}
+          cert_file: ${_param:mysql_manila_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
       identity:
         engine: keystone
         region: ${_param:openstack_region}
@@ -29,4 +52,4 @@
         auth_type: password
         user_domain_id: default
         project_domain_id: default
-        protocol: 'http'
+        protocol: ${_param:cluster_internal_protocol}
diff --git a/manila/control/cluster.yml b/manila/control/cluster.yml
index 7ea128b..75b6f76 100644
--- a/manila/control/cluster.yml
+++ b/manila/control/cluster.yml
@@ -1,7 +1,8 @@
 classes:
- - system.manila.common.cluster
- - system.apache.server.site.manila
- - system.haproxy.proxy.listen.openstack.manila
+  - service.haproxy.proxy.single
+  - system.manila.common.cluster
+  - system.apache.server.site.manila
+  - system.haproxy.proxy.listen.openstack.manila
 parameters:
   manila:
     common:
diff --git a/manila/control/single.yml b/manila/control/single.yml
index 262a158..9d5f9f6 100644
--- a/manila/control/single.yml
+++ b/manila/control/single.yml
@@ -1,15 +1,18 @@
 classes:
- - system.manila.common.cluster
+ - system.manila.common.single
  - system.apache.server.site.manila
 parameters:
+  _param:
+    openstack_node_role: primary
   manila:
     common:
       dhss: false
+      default_share_type: default
       version: ${_param:openstack_version}
     api:
+      role: ${_param:openstack_node_role}
       enabled: true
       version: ${_param:openstack_version}
-      role: ${_param:openstack_node_role}
     scheduler:
       enabled: true
       version: ${_param:openstack_version}
diff --git a/manila/share/backend/lvm.yml b/manila/share/backend/lvm.yml
index fe709da..9f5c660 100644
--- a/manila/share/backend/lvm.yml
+++ b/manila/share/backend/lvm.yml
@@ -1,12 +1,13 @@
 parameters:
   _param:
     manila_share_address: ${_param:single_address}
+    manila_lvm_volume_name: manila-volume
   linux:
     storage:
       lvm:
         manila-vg:
           enabled: true
-          name: manila-volume
+          name: ${_param:manila_lvm_volume_name}
           devices: ${_param:manila_lvm_devices}
     system:
       package:
@@ -25,4 +26,4 @@
             - "${_param:manila_share_address}"
           dhss: false
           share_driver: manila.share.drivers.lvm.LVMShareDriver
-          lvm_share_volume_group: manila-volume
+          lvm_share_volume_group: ${_param:manila_lvm_volume_name}
diff --git a/manila/share/init.yml b/manila/share/init.yml
index 2c6558e..346bfcd 100644
--- a/manila/share/init.yml
+++ b/manila/share/init.yml
@@ -1,5 +1,5 @@
 classes:
- - service.manila.common.cluster
+  - system.manila.common.cluster
 parameters:
   manila:
     common:
diff --git a/neutron/client/service/public_v2.yml b/neutron/client/service/public_v2.yml
new file mode 100644
index 0000000..1cef167
--- /dev/null
+++ b/neutron/client/service/public_v2.yml
@@ -0,0 +1,24 @@
+classes:
+- service.neutron.client
+parameters:
+  neutron:
+    client:
+      resources:
+        v2:
+          admin_identity:
+            network:
+              public:
+                shared: False
+                router_external: True
+                default: True
+                provider_network_type: flat
+                provider_physical_network: physnet1
+                subnet:
+                  public-subnet:
+                    cidr: ${_param:openstack_public_neutron_subnet_cidr}
+                    gateway_ip: ${_param:openstack_public_neutron_subnet_gateway}
+                    allocation_pools:
+                      - start: ${_param:openstack_public_neutron_subnet_allocation_start}
+                        end: ${_param:openstack_public_neutron_subnet_allocation_end}
+                    enable_dhcp: False
+                    ip_version: 4
diff --git a/neutron/compute/cluster.yml b/neutron/compute/cluster.yml
index e348a93..92e3a2e 100644
--- a/neutron/compute/cluster.yml
+++ b/neutron/compute/cluster.yml
@@ -1,11 +1,15 @@
 classes:
 - service.neutron.compute.single
+- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
 parameters:
   _param:
     neutron_enable_qos: False
     neutron_enable_vlan_aware_vms: False
     neutron_enable_bgp_vpn: False
     neutron_bgp_vpn_driver: bagpipe
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -25,7 +29,15 @@
       backend:
         tenant_network_types: ${_param:neutron_tenant_network_types}"
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         members:
           - host: ${_param:openstack_message_queue_node01_address}
           - host: ${_param:openstack_message_queue_node02_address}
           - host: ${_param:openstack_message_queue_node03_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_neutron_ssl_ca_file}
+          key_file: ${_param:rabbitmq_neutron_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_neutron_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/neutron/control/cluster.yml b/neutron/control/cluster.yml
index 12baf43..ceaed1d 100644
--- a/neutron/control/cluster.yml
+++ b/neutron/control/cluster.yml
@@ -5,41 +5,36 @@
 - system.haproxy.proxy.listen.openstack.neutron
 - system.galera.server.database.neutron
 - system.salt.minion.cert.mysql.clients.openstack.neutron
+- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
 parameters:
   _param:
     cluster_internal_protocol: 'http'
     openstack_mysql_x509_enabled: False
+    openstack_rabbitmq_x509_enabled: False
     galera_ssl_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
         python-pymysql:
           fromrepo: ${_param:openstack_version}
           version: latest
-  haproxy:
-    proxy:
-      listen:
-        neutron_api:
-          type: openstack-service
-          service_name: neutron
-          binds:
-          - address: ${_param:cluster_vip_address}
-            port: 9696
-          servers:
-          - name: ${_param:cluster_node01_hostname}
-            host: ${_param:cluster_node01_address}
-            port: 9696
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
-          - name: ${_param:cluster_node02_hostname}
-            host: ${_param:cluster_node02_address}
-            port: 9696
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
-          - name: ${_param:cluster_node03_hostname}
-            host: ${_param:cluster_node03_address}
-            port: 9696
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
   neutron:
     server:
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        members:
+          - host: ${_param:openstack_message_queue_node01_address}
+          - host: ${_param:openstack_message_queue_node02_address}
+          - host: ${_param:openstack_message_queue_node03_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_neutron_ssl_ca_file}
+          key_file: ${_param:rabbitmq_neutron_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_neutron_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       database:
         x509:
           enabled: ${_param:openstack_mysql_x509_enabled}
@@ -49,6 +44,5 @@
         ssl:
           enabled: ${_param:galera_ssl_enabled}
       role: ${_param:openstack_node_role}
-      plugin: contrail
     identity:
       protocol: ${_param:cluster_internal_protocol}
diff --git a/neutron/control/opencontrail/cluster.yml b/neutron/control/opencontrail/cluster.yml
index d85e554..4bc0e71 100644
--- a/neutron/control/opencontrail/cluster.yml
+++ b/neutron/control/opencontrail/cluster.yml
@@ -1,9 +1,5 @@
 classes:
-- service.keepalived.cluster.single
-- service.haproxy.proxy.single
-- service.neutron.control.cluster
-- system.haproxy.proxy.listen.openstack.neutron
-- system.galera.server.database.neutron
+- system.neutron.control.cluster
 parameters:
   neutron:
     server:
@@ -13,11 +9,6 @@
       identity:
         region: ${_param:openstack_region}
         host: ${_param:openstack_control_address}
-      message_queue:
-        members:
-          - host: ${_param:openstack_message_queue_node01_address}
-          - host: ${_param:openstack_message_queue_node02_address}
-          - host: ${_param:openstack_message_queue_node03_address}
       compute:
         host: ${_param:openstack_control_address}
         region: ${_param:openstack_region}
@@ -28,4 +19,4 @@
         user: admin
         password: ${_param:keystone_admin_password}
         tenant: admin
-        token: ${_param:keystone_service_token}
\ No newline at end of file
+        token: ${_param:keystone_service_token}
diff --git a/neutron/control/opencontrail/single.yml b/neutron/control/opencontrail/single.yml
index 4bbd8f8..5cf06bf 100644
--- a/neutron/control/opencontrail/single.yml
+++ b/neutron/control/opencontrail/single.yml
@@ -1,5 +1,5 @@
 classes:
-- service.neutron.control.single
+- system.neutron.control.single
 - system.galera.server.database.neutron
 parameters:
   neutron:
@@ -12,7 +12,7 @@
         host: ${_param:openstack_control_address}
       message_queue:
         members:
-          - host: ${_param:openstack_message_queue_node01_address}
+          - host: ${_param:single_address}
       compute:
         host: ${_param:openstack_control_address}
         region: ${_param:openstack_region}
@@ -23,4 +23,4 @@
         user: admin
         password: ${_param:keystone_admin_password}
         tenant: admin
-        token: ${_param:keystone_service_token}
\ No newline at end of file
+        token: ${_param:keystone_service_token}
diff --git a/neutron/control/opendaylight/cluster.yml b/neutron/control/opendaylight/cluster.yml
index 1f8142e..2f22403 100644
--- a/neutron/control/opendaylight/cluster.yml
+++ b/neutron/control/opendaylight/cluster.yml
@@ -1,7 +1,4 @@
 classes:
-- service.keepalived.cluster.single
-- service.haproxy.proxy.single
-- service.neutron.control.cluster
 - system.neutron.control.openvswitch.cluster
 parameters:
   _param:
diff --git a/neutron/control/opendaylight/single.yml b/neutron/control/opendaylight/single.yml
index 297cfa0..c12d04a 100644
--- a/neutron/control/opendaylight/single.yml
+++ b/neutron/control/opendaylight/single.yml
@@ -1,5 +1,4 @@
 classes:
-- service.neutron.control.single
 - system.neutron.control.openvswitch.single
 parameters:
   _param:
diff --git a/neutron/control/openvswitch/cluster.yml b/neutron/control/openvswitch/cluster.yml
index 5800060..094449e 100644
--- a/neutron/control/openvswitch/cluster.yml
+++ b/neutron/control/openvswitch/cluster.yml
@@ -1,8 +1,5 @@
 classes:
-- service.keepalived.cluster.single
-- service.haproxy.proxy.single
-- service.neutron.control.cluster
-- system.galera.server.database.neutron
+- system.neutron.control.cluster
 parameters:
   _param:
     neutron_control_dvr: True
@@ -40,30 +37,3 @@
       identity:
         region: ${_param:openstack_region}
         protocol: ${_param:cluster_internal_protocol}
-      message_queue:
-        members:
-          - host: ${_param:openstack_message_queue_node01_address}
-          - host: ${_param:openstack_message_queue_node02_address}
-          - host: ${_param:openstack_message_queue_node03_address}
-  haproxy:
-    proxy:
-      listen:
-        neutron_api:
-          type: openstack-service
-          service_name: neutron
-          binds:
-          - address: ${_param:cluster_vip_address}
-            port: 9696
-          servers:
-          - name: ${_param:cluster_node01_hostname}
-            host: ${_param:cluster_node01_address}
-            port: 9696
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
-          - name: ${_param:cluster_node02_hostname}
-            host: ${_param:cluster_node02_address}
-            port: 9696
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
-          - name: ${_param:cluster_node03_hostname}
-            host: ${_param:cluster_node03_address}
-            port: 9696
-            params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/neutron/control/openvswitch/single.yml b/neutron/control/openvswitch/single.yml
index baa710e..5beb0ca 100644
--- a/neutron/control/openvswitch/single.yml
+++ b/neutron/control/openvswitch/single.yml
@@ -1,6 +1,5 @@
 classes:
-- service.neutron.control.single
-- system.galera.server.database.neutron
+- system.neutron.control.single
 parameters:
   _param:
     neutron_control_dvr: True
@@ -13,8 +12,10 @@
     neutron_enable_bgp_vpn: False
     neutron_bgp_vpn_driver: bagpipe
     internal_protocol: 'http'
+    openstack_node_role: primary
   neutron:
     server:
+      role: ${_param:openstack_node_role}
       global_physnet_mtu: ${_param:neutron_global_physnet_mtu}
       l3_ha: ${_param:neutron_l3_ha}
       dvr: ${_param:neutron_control_dvr}
@@ -39,4 +40,4 @@
         protocol: ${_param:internal_protocol}
       message_queue:
         members:
-          - host: ${_param:openstack_message_queue_node01_address}
+          - host: ${_param:single_address}
diff --git a/neutron/control/ovn/single.yml b/neutron/control/ovn/single.yml
index 92b8258..f3dd749 100644
--- a/neutron/control/ovn/single.yml
+++ b/neutron/control/ovn/single.yml
@@ -9,6 +9,7 @@
     neutron_tenant_network_types: "geneve,flat"
     neutron_enable_qos: False
     neutron_enable_vlan_aware_vms: False
+    neutron_ovn_metadata_enabled: True
   neutron:
     server:
       global_physnet_mtu: ${_param:neutron_global_physnet_mtu}
@@ -23,6 +24,8 @@
         mechanism:
           ovn:
             driver: ovn
+        ovn:
+          metadata_enabled: ${_param:neutron_ovn_metadata_enabled}
       compute:
         region: ${_param:openstack_region}
       database:
diff --git a/neutron/control/single.yml b/neutron/control/single.yml
index 6ced2f1..27d16e1 100644
--- a/neutron/control/single.yml
+++ b/neutron/control/single.yml
@@ -2,11 +2,15 @@
 - service.neutron.control.single
 - system.galera.server.database.neutron
 - system.salt.minion.cert.mysql.clients.openstack.neutron
+- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
 parameters:
   _param:
     internal_protocol: 'http'
     openstack_mysql_x509_enabled: False
+    openstack_rabbitmq_x509_enabled: False
     galera_ssl_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -17,7 +21,6 @@
     server:
       role: ${_param:openstack_node_role}
       database:
-        host: ${_param:single_address}
         x509:
           enabled: ${_param:openstack_mysql_x509_enabled}
           ca_file: ${_param:mysql_neutron_ssl_ca_file}
@@ -25,5 +28,14 @@
           cert_file: ${_param:mysql_neutron_client_ssl_cert_file}
         ssl:
           enabled: ${_param:galera_ssl_enabled}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_neutron_ssl_ca_file}
+          key_file: ${_param:rabbitmq_neutron_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_neutron_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       identity:
         protocol: ${_param:internal_protocol}
diff --git a/neutron/gateway/cluster.yml b/neutron/gateway/cluster.yml
index 558a814..03ab583 100644
--- a/neutron/gateway/cluster.yml
+++ b/neutron/gateway/cluster.yml
@@ -1,9 +1,13 @@
 classes:
 - service.neutron.gateway.single
+- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
 parameters:
   _param:
     neutron_enable_qos: False
     neutron_enable_vlan_aware_vms: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       kernel:
@@ -18,7 +22,15 @@
       backend:
         tenant_network_types: ${_param:neutron_tenant_network_types}"
       message_queue:
+        port: ${_param:openstack_rabbitmq_port}
         members:
           - host: ${_param:openstack_message_queue_node01_address}
           - host: ${_param:openstack_message_queue_node02_address}
           - host: ${_param:openstack_message_queue_node03_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_neutron_ssl_ca_file}
+          key_file: ${_param:rabbitmq_neutron_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_neutron_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index c88dcc7..b281f4d 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -1,5 +1,6 @@
 classes:
 - service.nova.compute.kvm
+- system.salt.minion.cert.rabbitmq.clients.openstack.nova
 parameters:
   _param:
     nova_vncproxy_url: https://${_param:cluster_public_host}:6080
@@ -36,6 +37,9 @@
       SG9MrLHCd5l60aCUQg0UA5ed7Hd6SA314k+HwxJno9/wJ+voBeacMg==
       -----END RSA PRIVATE KEY-----
     cluster_internal_protocol: 'http'
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   openssh:
     client:
       enabled: True
@@ -72,7 +76,7 @@
         protocol: ${_param:cluster_internal_protocol}
       message_queue:
         engine: rabbitmq
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
@@ -80,6 +84,13 @@
           - host: ${_param:openstack_message_queue_node01_address}
           - host: ${_param:openstack_message_queue_node02_address}
           - host: ${_param:openstack_message_queue_node03_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_nova_ssl_ca_file}
+          key_file: ${_param:rabbitmq_nova_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_nova_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       image:
         engine: glance
         host: ${_param:cluster_vip_address}
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index 9931cbd..87742e0 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -4,6 +4,7 @@
   nova:
     compute:
       libvirt:
+        uri: qemu+tls://${linux:system:name}.${_param:cluster_domain}/system
         tls:
           enabled: True
           key_file: ${_param:libvirtd_server_ssl_key_file}
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index 67c329d..32d5087 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -2,6 +2,7 @@
 - nova
 classes:
 - service.nova.compute.kvm
+- system.salt.minion.cert.rabbitmq.clients.openstack.nova
 parameters:
   _param:
     nova_vncproxy_url: https://${_param:cluster_public_host}:6080
@@ -36,6 +37,9 @@
       SG9MrLHCd5l60aCUQg0UA5ed7Hd6SA314k+HwxJno9/wJ+voBeacMg==
       -----END RSA PRIVATE KEY-----
     cluster_internal_protocol: 'http'
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   openssh:
     client:
       enabled: True
@@ -72,10 +76,17 @@
       message_queue:
         engine: rabbitmq
         host: ${_param:control_address}
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_nova_ssl_ca_file}
+          key_file: ${_param:rabbitmq_nova_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_nova_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       image:
         engine: glance
         host: ${_param:control_address}
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 2f411b5..3f0a644 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -5,6 +5,7 @@
 - system.haproxy.proxy.listen.openstack.nova
 - system.haproxy.proxy.listen.openstack.novnc
 - system.salt.minion.cert.mysql.clients.openstack.nova
+- system.salt.minion.cert.rabbitmq.clients.openstack.nova
 parameters:
   _param:
     nova_vncproxy_url: http://${_param:cluster_vip_address}:6080
@@ -15,6 +16,9 @@
     cluster_internal_protocol: 'http'
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -65,7 +69,7 @@
         protocol: ${_param:cluster_internal_protocol}
       message_queue:
         engine: rabbitmq
-        port: 5672
+        port: ${_param:openstack_rabbitmq_port}
         user: openstack
         password: ${_param:rabbitmq_openstack_password}
         virtual_host: '/openstack'
@@ -73,6 +77,13 @@
           - host: ${_param:openstack_message_queue_node01_address}
           - host: ${_param:openstack_message_queue_node02_address}
           - host: ${_param:openstack_message_queue_node03_address}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_nova_ssl_ca_file}
+          key_file: ${_param:rabbitmq_nova_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_nova_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
       glance:
         host: ${_param:cluster_vip_address}
         port: 9292
diff --git a/nova/control/single.yml b/nova/control/single.yml
index e7d7671..2a28cc7 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -1,11 +1,15 @@
 classes:
 - system.salt.minion.cert.mysql.clients.openstack.nova
+- system.salt.minion.cert.rabbitmq.clients.openstack.nova
 - service.nova.control.single
 parameters:
   _param:
     cluster_internal_protocol: 'http'
     openstack_mysql_x509_enabled: False
     galera_ssl_enabled: False
+    openstack_rabbitmq_x509_enabled: False
+    rabbitmq_ssl_enabled: False
+    openstack_rabbitmq_port: 5672
   linux:
     system:
       package:
@@ -32,3 +36,13 @@
         region: ${_param:openstack_region}
       glance:
         protocol: ${_param:cluster_internal_protocol}
+      message_queue:
+        port: ${_param:openstack_rabbitmq_port}
+        x509:
+          enabled: ${_param:openstack_rabbitmq_x509_enabled}
+          ca_file: ${_param:rabbitmq_nova_ssl_ca_file}
+          key_file: ${_param:rabbitmq_nova_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_nova_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:rabbitmq_ssl_enabled}
+
diff --git a/opencontrail/control/cluster4_0.yml b/opencontrail/control/cluster4_0.yml
index 4f1127f..c97196f 100644
--- a/opencontrail/control/cluster4_0.yml
+++ b/opencontrail/control/cluster4_0.yml
@@ -22,6 +22,7 @@
     opencontrail_controller_container_name: opencontrail_controller_1
     opencontrail_analytics_container_name: opencontrail_analytics_1
     opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
+    opencontrail_api_workers_count: 6
     analytics_vip_address: ${_param:opencontrail_analytics_address}
 # Temprorary fix for MOS9 packages to pin old version of kafka
   linux:
@@ -81,6 +82,7 @@
         host: None
       api:
         host: ${_param:opencontrail_control_address}
+        workers_count: ${_param:opencontrail_api_workers_count}
       analytics:
         members:
         - host: ${_param:cluster_node01_address}
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index 207e9da..123392c 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -14,6 +14,7 @@
     opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
     opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
     opencontrail_controller_container_name: opencontrail_controller_1
+    opencontrail_api_workers_count: 6
     analytics_vip_address: ${_param:opencontrail_analytics_address}
   opencontrail:
     common:
@@ -32,6 +33,7 @@
         host: None
       api:
         host: ${_param:opencontrail_control_address}
+        workers_count: ${_param:opencontrail_api_workers_count}
       analytics:
         members:
         - host: ${_param:opencontrail_analytics_node01_address}
diff --git a/openssh/server/team/all.yml b/openssh/server/team/all.yml
index 5daf27d..ce5270b 100644
--- a/openssh/server/team/all.yml
+++ b/openssh/server/team/all.yml
@@ -15,8 +15,3 @@
 - system.openssh.server.team.oscore_devops
 - system.openssh.server.team.k8s_team
 - system.openssh.server.team.k8s_apps_team
-# to include support team, please integrate submodule opscare into cluster model
-# https://gerrit.mirantis.com/#/admin/projects/mmo-support/reclass-opscare
-parameters:
-  _param:
-    linux_system_user_sudo: true
diff --git a/openssh/server/team/cicd.yml b/openssh/server/team/cicd.yml
index 99f6bd6..c839a22 100644
--- a/openssh/server/team/cicd.yml
+++ b/openssh/server/team/cicd.yml
@@ -1,16 +1,15 @@
 classes:
-- system.openssh.server.team.members.akomarek
+- system.openssh.server.team.members.deprecated.akomarek
 - system.openssh.server.team.members.atengler
-- system.openssh.server.team.members.fpytloun
-- system.openssh.server.team.members.jbroulik
+- system.openssh.server.team.members.deprecated.fpytloun
+- system.openssh.server.team.members.deprecated.jbroulik
 - system.openssh.server.team.members.jcach
-- system.openssh.server.team.members.jjosef
-- system.openssh.server.team.members.jpavlik
+- system.openssh.server.team.members.deprecated.jjosef
+- system.openssh.server.team.members.deprecated.jpavlik
 - system.openssh.server.team.members.mpolreich
-- system.openssh.server.team.members.rfelkl
-- system.openssh.server.team.members.tkukral
+- system.openssh.server.team.members.deprecated.rfelkl
+- system.openssh.server.team.members.deprecated.tkukral
 - system.openssh.server.team.members.psvimbersky
-
 parameters:
   _param:
     linux_system_user_sudo: true
diff --git a/openssh/server/team/drivetrain.yml b/openssh/server/team/drivetrain.yml
index a48400a..65117cd 100644
--- a/openssh/server/team/drivetrain.yml
+++ b/openssh/server/team/drivetrain.yml
@@ -1,7 +1,7 @@
 classes:
+- system.openssh.server.team.members.azvyagintsev
 - system.openssh.server.team.members.degorenko
 - system.openssh.server.team.members.iberezovskiy
-
 parameters:
   _param:
     linux_system_user_sudo: true
diff --git a/openssh/server/team/maintenance.yml b/openssh/server/team/maintenance.yml
index 6f79522..0bceaad 100644
--- a/openssh/server/team/maintenance.yml
+++ b/openssh/server/team/maintenance.yml
@@ -2,7 +2,6 @@
 - system.linux.system.sudo
 - system.openssh.server.team.members.dmeltsaykin
 - system.openssh.server.team.members.omolchanov
-- system.openssh.server.team.members.ibumarskov
 - system.openssh.server.team.members.vkhlyunev
 - system.openssh.server.team.members.dtsapikov
 - system.openssh.server.team.members.rlubianyi
diff --git a/openssh/server/team/members/akiseleva.yml b/openssh/server/team/members/akiseleva.yml
new file mode 100644
index 0000000..d7e8db0
--- /dev/null
+++ b/openssh/server/team/members/akiseleva.yml
@@ -0,0 +1,20 @@
+parameters:
+  linux:
+    system:
+      user:
+        akiseleva:
+          enabled: true
+          name: akiseleva
+          sudo: ${_param:linux_system_user_sudo}
+          full_name: Alena Kiseleva
+          home: /home/akiseleva
+          email: akiseleva@mirantis.com
+  openssh:
+    server:
+      enabled: true
+      user:
+        akiseleva:
+          enabled: true
+          public_keys:
+            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyxzlFKlCcfwagnnmCg1r9SUVfAgy/IdPSxsnpELjCRaz3FI66sYa1F1RdZngoXmYxe5qlmkiRQ0rCjIYk12I08du5FJGYQvMttJEgmVeHtFKW0o3uGBIKNJ5nCni3lR8idPTRXqhwdXYeA4A9+COQO4MGcaJZrqHgEviZt4jQrYy90WdqbKTD4meBRy4MC9+TOUs719kTxK54tmMHBq2l/ukmv3FwgtLz2xMeNW7htiS/1rzA9CEerjkvpc0mOxc4DCY4bH8sR2Ts3Y33Rx6aUN8shTij2aX2v8UvUay2JPqQTJicY+IsYl4D8w/XPx00Oj/3b54f6kTLlzzoNDq5 alena@alena-Lenovo-V580c
+          user: ${linux:system:user:akiseleva}
diff --git a/openssh/server/team/members/akomarek.yml b/openssh/server/team/members/akomarek.yml
deleted file mode 100644
index 1fc9f49..0000000
--- a/openssh/server/team/members/akomarek.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        newt:
-          enabled: false
-          name: newt
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/newt
-          email: mail@newt.cz
-  openssh:
-    server:
-      enabled: true
-      user:
-        newt:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
-          user: ${linux:system:user:newt}
diff --git a/openssh/server/team/members/alis.yml b/openssh/server/team/members/alis.yml
new file mode 100644
index 0000000..2714198
--- /dev/null
+++ b/openssh/server/team/members/alis.yml
@@ -0,0 +1,19 @@
+parameters:
+  linux:
+    system:
+      user:
+        alis:
+          enabled: true
+          name: alis
+          sudo: ${_param:linux_system_user_sudo}
+          full_name: Adam Lis
+          home: /home/alis
+          email: alis@mirantis.com
+  openssh:
+    server:
+      user:
+        alis:
+          enabled: true
+          public_keys:
+            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDW3VR61NPwpwW0PGAaIuimtOtQjXIp3zAE15KphEejPEciceE/AJeKTsBpvKmP23pCJYhoCJOSQxxxWIiLHPoUEr2aGgy8+wLnResqEOtobpbtGHYzvsAUY/Uc+1Vk6S6Ho9ysrhlpY+Ih4yuSzTaZKqMFXx47/L0HZLNZmCbPD/siki0X3tnCS09RS8KSaTJdZ/Sd/PnUEb6JGg5taid9VNkUUOcgYoudNWPJS3Pjrtijiczq9IZ0cArueEVx4NCkKEb+dDUls4BRVGfNUt3iZY2LrGTd4FeyrWV7IGoPTxyiaJdtpcjDHe4omqsY705LRvBQs6de6enG0PMpQ9KR adamlis@tuchiegu
+          user: ${linux:system:user:alis}
diff --git a/openssh/server/team/members/anatoliineliubin.yml b/openssh/server/team/members/anatoliineliubin.yml
index a8b1f21..9d21eb3 100644
--- a/openssh/server/team/members/anatoliineliubin.yml
+++ b/openssh/server/team/members/anatoliineliubin.yml
@@ -19,5 +19,4 @@
           user: ${linux:system:user:aneliubin}
   public_keys:
     aneliubin:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCSj7OItCm3z4PerRp+KIh50YpYMzE2QV6xq+PnqrK4otDqjrXWRSEXiimsyWM7s3a9XsgGC9Tc1SUPX2r1ZLsKZUVpP0V8Amz1YTKAw9dJ43rhTMQEIPCsr5Bk3/b/criaWSWly7jsRDonqGor+EJAfQg/mEyYpa04wRZ2TYQKhM0o2mx7BKDV/Xc2QqskT4Vqimp91F/OXwDsLUP+NDSPtyG/AalNBez0p7PDPV1J/S8MipgPUGvQLddvvJ8VYxH66WpNt4IJVrc5YBp0ty8lj+WPFFxgaQ0yWHvjmlatGeAI70F8M/szdbIyn3ph9t7aXaGhOnWumqZkwqSWvY0F
-
+      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCSj7OItCm3z4PerRp+KIh50YpYMzE2QV6xq+PnqrK4otDqjrXWRSEXiimsyWM7s3a9XsgGC9Tc1SUPX2r1ZLsKZUVpP0V8Amz1YTKAw9dJ43rhTMQEIPCsr5Bk3/b/criaWSWly7jsRDonqGor+EJAfQg/mEyYpa04wRZ2TYQKhM0o2mx7BKDV/Xc2QqskT4Vqimp91F/OXwDsLUP+NDSPtyG/AalNBez0p7PDPV1J/S8MipgPUGvQLddvvJ8VYxH66WpNt4IJVrc5YBp0ty8lj+WPFFxgaQ0yWHvjmlatGeAI70F8M/szdbIyn3ph9t7aXaGhOnWumqZkwqSWvY0F aneliuubin@mirantis.com
diff --git a/openssh/server/team/members/apetrenko.yml b/openssh/server/team/members/apetrenko.yml
deleted file mode 100644
index 22ee651..0000000
--- a/openssh/server/team/members/apetrenko.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        apetrenko:
-          enabled: false
-          name: apetrenko
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disable
-          home: /home/apetrenko
-          email: apetrenko@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        apetrenko:
-          enabled: false
-          public_keys:
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU7eLohJKXXB57H/buBlUcBTQXgsXmGXxMao0PQthdfDWhFKXc9fI+1rdsNjA8NPmq8gYdqldOgoIFAmBSwK/+z12ihIGmQJY8vRhr5jnsxee8VZczEj1bhYq/72mpN2KMxiL7Sv2l+WknviqitLzLgYZr17nJtqRdbhiqhEVQOZWKIngRZb4HIdRyA8qCpCFFbUN1etgsVuQaPMwcPdHKHHUzf2hBaELDBF+liVAJzwYlxBQ7m183K6zZ7Gs+wMKphVA5PjyPQbpA3ascF3fdottsat9QJOjrQsXlu+gekPy+fK8GkzDCrCWVcg5LHO+hj3ZnFIjEPxcPPEFo/NRF apl@MMO.mirantis.com
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9cTDTzDVzIhZi/2F4tdEEIqewAOr8YY55Hk+zhuNZSZeI47eKVBvn09p0uiBLQIjrtO3TNh/93Bd+ts/wqwyembXdx5/hW+WdbpneRr8dRI03VEkLomHQqSsXMkr+VvegMc7i+266i5yDC1u4awX5+pR9WWzqaJrybNItmVucRGLGucx7qownV+Kp+8xXIG3lgT2fJw0qbv6hTbdvl7uw1JJ7bKhVxdeyeiv9blWLdQ7oCzQbjrQq8wlJvUfzNOGURMaFRQO4MHvecsBO99EgAaSqRmsDSLGQ/90RMH72BfP8YU/zSRwZNZDDq091oRhowgB1zfy1VgKm0/At1sswcsmfH+H/aC/RBB3NmG5GZq5uqRvgjlC4dz0GXalcJLN/NqQYywQ5WlOp518C5m2Is6t8mNvZh+is2GrmvCX97Y1gvzn65lUdfCP+Ee397mBi8XP5QZ4ojZ+SDt9efgpFUbmhbei2mNF9hpt2fhvLCv3HCayG9M/1QA9m3WdKo3gZKTBbMfKxU5mlTWsSLOt/44zMxdBLFq5gyhof7GxZiMeEllMF9v1cX0MCFlqbRSxfpqJv/0qsU3w9xRwDjWnm51uVeo69apRTlSNOyuXOsLyxzBS3n5cvlJ8L6r1cikmd0sx9LlrNw1ENxELDDIxj77BTcXNQVLfOfrEnSDIt+Q== apetrenko@mirantis.com
-          user: ${linux:system:user:apetrenko}
diff --git a/openssh/server/team/members/ashishkin.yml b/openssh/server/team/members/ashishkin.yml
deleted file mode 100644
index 4659ff5..0000000
--- a/openssh/server/team/members/ashishkin.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        ashishkin:
-          enabled: false
-          name: ashishkin
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/ashishkin
-          email: ashishkin@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        ashishkin:
-          enabled: false
-          public_keys:
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWlGbkhGN+DPrs3S/szWdwieH3Zu/E5bXnm8OCNSSS/xHbeSimqCIoAlZny58GYYabvsOmwh6qjiFmLmZq0MIlEc1RjMR95XLBWmhtpvYABRzMnUZUoFQ+cq1Lzo3ina4mLZAs2u27eEFmLLtV3sCcRAiDUnc6VoUne55NwjP4Ns+OL0Yin46Fr6SFxh6NUwi6woH58DWm1bfaisRyHzCBQJNmI3k0XKB9L9inpPMdmjzbdbitlrokHhDHE+ospLjZMBcV+8h1pK0yq/klT04ClJ58KXJeWJq2dz4nNyyVFNE2+DKwk18YUmtKLz/+BZxiaYY4Z5o6tXIttjfzf6Bn ashishkin@m83.local
-          user: ${linux:system:user:ashishkin}
diff --git a/openssh/server/team/members/astupnikov.yml b/openssh/server/team/members/astupnikov.yml
deleted file mode 100644
index 41b8e34..0000000
--- a/openssh/server/team/members/astupnikov.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        astupnikov:
-          enabled: false
-          name: astupnikov
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/astupnikov
-          email: astupnikov@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        astupnikov:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrV6q403BYodTCb8BCsWlkW6AHxvtCH5JxI9gUANsvbQd9n8fd16xqgXVecCRBJOS4PVauLNiQPMaj6ZuFeRZ8ZXvX498eNSNa5WhBbSwk0X/DqdK1LN/MStTAtL60JQV0yQSY+BghVJkREw4MJJBksyP0X+OG5AB+ijh/bjsabYr+EQNK+WJblrsRvNNCbjiWPcjzXVMxUrzphB09CYMwWFgx1An5jS7c1EGvXrzf0aK1KkadhGnXcjPACFaMGPYmu5HNgQcRnzNXDQU6PLGeyqNnZYZjHdQWZR88cQywznqzI8y9P4qSOTVStYoKLlYsdQFRTw8sJrRpPZupgSED astupnikov@astupnikov-srv
-          user: ${linux:system:user:astupnikov}
diff --git a/openssh/server/team/members/atarasov.yml b/openssh/server/team/members/atarasov.yml
deleted file mode 100644
index 5c50be8..0000000
--- a/openssh/server/team/members/atarasov.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        atarasov:
-          enabled: false
-          name: atarasov
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/atarasov
-          email: atarasov@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        atarasov:
-          enabled: false
-          public_keys:
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSY2GXoKjTudh4iB8rXj6LP5nARndPoh4WeRYxcz57BdT9Xl9gN4E7wGn81kXoJOue5mYUNhjAvUCzKHOB2I6m/zSp5Fv6YDn6oeuD50vKhA6DkMllTVDX+UAegNRVNRRaTCeiqFlqym+2WbxaPjpuWvxuMcR9aZU5MT8H+UMWKbFpuvS83c/nD9QMC0s80bfz9e8OV/ysHsAvXmgQrkl3T0aKpV6IGU597li9k2z2DO9vLxd61rEsYsedPXpUGVn9l3NGW3Ix7dIOQPDFc/rOHVpwLu8V/Lq9zeo8g/12/50RewQ5TIOA3NPeO0D4FUUfj+yBvSjTDj4v6oTY+dyn tonyco@Tonys-MBP
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDI9aXXUufNBbexFsXVPSoaZ8S1gX9gdMGFZUNz9yGdkO5AtGp8A925UCYXZyENB1ZOO7GRFrfeWG2HZEGkcAANw/mWewdNZ1ESnLHSJa/VLtkhOp50647QdaSS5N9jvWbfJOepF6qxfuOpcSZjMj06cfFTXkv65A8jFq4iU/HV6V31csYl00WRF6aFX5u1sgpg4QzklvM4gJykNn8cw2Igi7UhjIvo74HG0UlVFt6qc4yahD2YURn8ZF8A62KVwZ26HbFejzD0S48DivldFGF4AH+tY81CCOrCfJSPs1nemoORwp9J20AnjZ7tGZR5KA9+Op+klvaJxsP4K/y1rBUH tonyco@atarasov-pc
-          user: ${linux:system:user:atarasov}
diff --git a/openssh/server/team/members/azvyagintsev.yml b/openssh/server/team/members/azvyagintsev.yml
new file mode 100644
index 0000000..c6c62a0
--- /dev/null
+++ b/openssh/server/team/members/azvyagintsev.yml
@@ -0,0 +1,20 @@
+parameters:
+  linux:
+    system:
+      user:
+        azvyagintsev:
+          enabled: true
+          name: azvyagintsev
+          sudo: ${_param:linux_system_user_sudo}
+          full_name: Aleksey Zvyagintsev
+          home: /home/azvyagintsev
+          email: azvyagintsev@mirantis.com
+  openssh:
+    server:
+      enabled: true
+      user:
+        azvyagintsev:
+          enabled: true
+          public_keys:
+            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGmNI+xV2sgIZX6tr5i4eQcxM4rkNoMiFbUuxtZYw5rKci9cSp9C/NC11VnJzpLG3lf11vLwTztlaM7hjdYlKoynpfDhfRhg1p5w/Pd/uoh6bO7KP/r2QuSpVsc6NGAHD2f0qxmrFX81xMG6zq0MCHXc+BGMZTKWAW7dMGsjJUnIa/wv24J25DOILoEBhclGQHx5r7R5ysqSOTdBEgN304KL8XPP+bAwDFTNJIwtfBdNt8jSv6yR2CyfB7t8pqXf93DvwaGBJfuu1r4gljj5ozCyvGExEtRTzvAC+oLq2NIfDOCC3iRWXrls3iDLZYxwm7VLcQSre4Yp6jfp+WuRI7 azvyagintsev@mirantis.com
+          user: ${linux:system:user:azvyagintsev}
diff --git a/openssh/server/team/members/cade.yml b/openssh/server/team/members/cade.yml
deleted file mode 100644
index 692f07c..0000000
--- a/openssh/server/team/members/cade.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        cade:
-          enabled: false
-          name: cade
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/cade
-          email: cade@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        cade:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDpSYtgC/lSMXCfjjxSWFJ8WUjhGfBWLnCJ4n8AzXGw/t/x+DBjMQz40D0T4ymvn/8/vRDwZ8stISWGeTGn0G4z1H4FWM+orBbT2srPHL2/XbjKUYRQOUxp8f4wBW4VNsaTPbzjh6A1BY0d7dOee6k2N5ramIibojzbWSEkxFG9vxtXm5jDYs4gcx0rYN11+9wamsHYAdXv4VJmUMS8TEP/8p67NtRNcq1m9uuHlZE5CxTcF6CvflgnXrDrF6QrdbjPVpzXKZmvdYom0OT97FJRtcdojovsZpOo59vozmyUh2g0ycq1izpLT0uQQ3vT6mz53gc5wiUynY6yX7wedqq74/vFz/QKBYjh/OqxZMhkH4GsWXs7yGW7q4+cNEDzARyTj7ikhg/C+UrXZ5jKx7Xc7cbhyuyzHm55+AgfhPLQoiYL3trONdH539kYnY6IAAsz0213ulJRPUHN3+M0x4iEoFAqwWo3wqdkH24v8plqLga7Q3zTbLYX+FOZOv0WC9gI3elmcd9ZBHHh0SOatQEg+Eu0m3ezyLmLHQ3pidWbksz9pnkLWBxeBq3x/xSXM5geI2BgMWVV+74YhBb9+irCpaU0BPYOpX023yNskXODF5RYAt5I5fVAfogHy4S2c3xgGlYUklUEvWBtl6bFYQjQfK2xeANaFUIBKdD5hgDdhQ== cade@mirantis.com
-          user: ${linux:system:user:cade}
diff --git a/openssh/server/team/members/chnyda.yml b/openssh/server/team/members/chnyda.yml
deleted file mode 100644
index 401a416..0000000
--- a/openssh/server/team/members/chnyda.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        chnyda:
-          enabled: false
-          name: chnyda
-          sudo: true
-          full_name: disabled
-          home: /home/chnyda
-          email: chnyda@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        chnyda:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHmLTwDSFslOUVo4ViT0bqVLhSaweuLt0QNWhnIaSPgqWhHOSkdqt3+Tg4l8Vd4O4Z44Yv/rXqhmO5X1AIytNccA6+nJe4Km3JC6QzG6npS3ghtHWDU3DOGgWd5RrULviEDSIj1w1oG8oHxdycGkbfjApAkiDR/xr7NHhTcPhEuvn/q7i1raj4vpNdIrR+cr6XA3l+I4cmaizpjuWaFrag1q24RS7PVEUmcPRSODrkdwFREsrLkIlIgtIoMIIjtEDdk1RU/loiXrNwuVRI3KTLqhheFlHedQd13uzpn66KF6UVlZAm+k2y2jLdEi5IFKD3g6mmWsNH6xSZYVn6d84/XvLjMsS/UL+WHr5xetHNSi3RtQOkCPYphq1KcRAXLwH0dgtDwfyg2F+5ezG3wMsZAqD3KiaGNmDcA6R19Fpjm0S4SXa+QnX5eZcO9DS5cYTjs8F2T9Vsaspvwc0U80M6+JvOlV1PBNJYQhSxdX1Plf2p1MrrRnYhlgMdzCiPSQHsKp3tei8I+bqCvV9iScLAbLxKaW/yWdeuh74oGitTfI4R0h0HMJ1lqK+rT5wtMXyJSvFMK6Zph0GqJf3QHBhzCfs5PIto1pyNdXbI8KzfgTgyo+3gpIPAQ2VD/pf8mOD218UPNQglYWP6wniTq/hVtC2tl3DW53qx5qv10osGmw== chnyda@mirantis.com
-          user: ${linux:system:user:chnyda}
diff --git a/openssh/server/team/members/collinmay.yml b/openssh/server/team/members/collinmay.yml
deleted file mode 100644
index b944537..0000000
--- a/openssh/server/team/members/collinmay.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        cmay:
-          enabled: false
-          name: cmay
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/cmay
-          email: cmay@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        cmay:
-          enabled: false
-          public_keys: ${public_keys:cmay}
-          user: ${linux:system:user:cmay}
-  public_keys:
-    cmay:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjJ7z4adgi3Ha/eoLV/f/Q9eKN3lXaOE/WWvLIDC4KhGzJLjrrOAC/Qbmd+rD/k2VFPg/7m9KiyRJiRpBeda58CAKIP2I+DDpKpaRAKblrTvuDRPaTPgoo52viF8KsILGp2l5IEwmI5DceCzyEZaZh4X8qa4sXgASa8XFLcVpK0JJDZ7uxYuJ8u5KRGqXFI16dO2NuB1AY1E3XPaQA3vqFEnv+PyRvYDSmmZ2Ey5nLI5x1UeszLM5OvNojYUYH6N1BovoH08p4YIzPK0vQj40AneDehldskKu1JUC7VBFeOvFjSclWjgieqavFNKQrcyj5NO3bqSUmRW0cnS8MMv00whzb/r6NHcubKkSW7zgUP6WCdyr6BK/HYCNxkKV1P/vizBAwa4cN7w9MxDHXnfSmxujjHEZ3TJaKM0RCpMs4Ss1U6dwftLptKRs/0u5ma2FAaWFp1tYLccE2joe1knwjJdlZVFY2jJu2RMt4KfAs6Dp7FiuzWBMiZV3oLsGM8oORbYaHUVtLGaoFu0doIcqogdQ02RrQLrF89HLDSGmUJph195OmauATbkejPxAwLkf9jLcGVesvPByIldENoCAhaxlE3y0Lxdm+DOlg1Sg2iqo06O9hAtEye6G0+zfv0bEdw1CYlBJWAPIRAIvuiFarx1eTH7wfT3zWgXdRlTp5eQ== cmay@Collin.May.Workstation
-
-
diff --git a/openssh/server/team/members/daniillapshin.yml b/openssh/server/team/members/daniillapshin.yml
deleted file mode 100644
index df80183..0000000
--- a/openssh/server/team/members/daniillapshin.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        dlapshin:
-          enabled: false
-          name: dlapshin
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/dlapshin
-          email: dlapshin@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        dlapshin:
-          enabled: false
-          public_keys: ${public_keys:dlapshin}
-          user: ${linux:system:user:dlapshin}
-  public_keys:
-    dlapshin:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDD8H0HjsSYujNEyR9xTM55l0mpdXyvvjKHAVqRbmep7xvRgY6fdiQmkaAEgcbtGpoopTgwTX7P5GAIbioG4Nfy2pl8l+KwqxA5nCST1AzzxzwL7XJDqpeKUDXzlzNeLZhBS9MuDkuX+NXRCt51s5Dza1wa01asaX1vgTPO42EFfp6a/TNq/db3+8qV7GOK7PHLbGN4fB8KBbPr9ygzby7C4XbDZwLTz7yjr1yTSMLLiRguasGvcun+Q2U9i6J/nHd0Tw1V/FO+CKS0p/L+QVnQ8VhjyiodA6phn4llI6Q0BzIHafFjxqzJ1oiZ30iJSchmVDi9p6Q4VnhkuDxjmNZ6Fukn9SDMEHEgPSIcRSs9yiRXbOd3eBXQaDkAQ++9jFnbyNH5mQQm/hyrwJU6Kwpye168bIl6LT76C+3KIVMSNWTDZQNAU3FWvUXxKRABxoolNrs+rkmOs0rFwWrx+PDX0rydGmwG5QrAHkA1NGZD2dhZCx/NZMfeM8VR/YaiWhL5dOas8Tk1EQpmX1uewEAwCQwQHZTDeenS6mS5AE2wqyYI60meSW1euE9aXjtC0hAlZuxslzAQ9sgShdyBy3sc4Kr3l7fxV/LXlMg/ugb8SMU8vXDgIf3Glz2wFE8jS1T+c27em5L3seTWm/SRIdylewb5GYP8HAPwm6xWLaZZmQ==
-
diff --git a/openssh/server/team/members/deprecated/akomarek.yml b/openssh/server/team/members/deprecated/akomarek.yml
new file mode 100644
index 0000000..6901e59
--- /dev/null
+++ b/openssh/server/team/members/deprecated/akomarek.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        newt:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/newt
+          name: newt
+  openssh:
+    server:
+      user:
+        newt:
+          enabled: false
+          user: ${linux:system:user:newt}
diff --git a/openssh/server/team/members/deprecated/apetrenko.yml b/openssh/server/team/members/deprecated/apetrenko.yml
new file mode 100644
index 0000000..30bf624
--- /dev/null
+++ b/openssh/server/team/members/deprecated/apetrenko.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        apetrenko:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/apetrenko
+          name: apetrenko
+  openssh:
+    server:
+      user:
+        apetrenko:
+          enabled: false
+          user: ${linux:system:user:apetrenko}
diff --git a/openssh/server/team/members/deprecated/ashishkin.yml b/openssh/server/team/members/deprecated/ashishkin.yml
new file mode 100644
index 0000000..797acfa
--- /dev/null
+++ b/openssh/server/team/members/deprecated/ashishkin.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        ashishkin:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/ashishkin
+          name: ashishkin
+  openssh:
+    server:
+      user:
+        ashishkin:
+          enabled: false
+          user: ${linux:system:user:ashishkin}
diff --git a/openssh/server/team/members/deprecated/askotnicky.yml b/openssh/server/team/members/deprecated/askotnicky.yml
new file mode 100644
index 0000000..455d382
--- /dev/null
+++ b/openssh/server/team/members/deprecated/askotnicky.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        askotnicky:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/askotnicky
+          name: askotnicky
+  openssh:
+    server:
+      user:
+        askotnicky:
+          enabled: false
+          user: ${linux:system:user:askotnicky}
diff --git a/openssh/server/team/members/deprecated/astupnikov.yml b/openssh/server/team/members/deprecated/astupnikov.yml
new file mode 100644
index 0000000..564ada1
--- /dev/null
+++ b/openssh/server/team/members/deprecated/astupnikov.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        astupnikov:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/astupnikov
+          name: astupnikov
+  openssh:
+    server:
+      user:
+        astupnikov:
+          enabled: false
+          user: ${linux:system:user:astupnikov}
diff --git a/openssh/server/team/members/deprecated/atarasov.yml b/openssh/server/team/members/deprecated/atarasov.yml
new file mode 100644
index 0000000..a1e624e
--- /dev/null
+++ b/openssh/server/team/members/deprecated/atarasov.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        atarasov:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/atarasov
+          name: atarasov
+  openssh:
+    server:
+      user:
+        atarasov:
+          enabled: false
+          user: ${linux:system:user:atarasov}
diff --git a/openssh/server/team/members/deprecated/cade.yml b/openssh/server/team/members/deprecated/cade.yml
new file mode 100644
index 0000000..4b0dc7a
--- /dev/null
+++ b/openssh/server/team/members/deprecated/cade.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        cade:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/cade
+          name: cade
+  openssh:
+    server:
+      user:
+        cade:
+          enabled: false
+          user: ${linux:system:user:cade}
diff --git a/openssh/server/team/members/deprecated/chnyda.yml b/openssh/server/team/members/deprecated/chnyda.yml
new file mode 100644
index 0000000..bf5678f
--- /dev/null
+++ b/openssh/server/team/members/deprecated/chnyda.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        chnyda:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/chnyda
+          name: chnyda
+  openssh:
+    server:
+      user:
+        chnyda:
+          enabled: false
+          user: ${linux:system:user:chnyda}
diff --git a/openssh/server/team/members/deprecated/collinmay.yml b/openssh/server/team/members/deprecated/collinmay.yml
new file mode 100644
index 0000000..d4d64dc
--- /dev/null
+++ b/openssh/server/team/members/deprecated/collinmay.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        cmay:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/cmay
+          name: cmay
+  openssh:
+    server:
+      user:
+        cmay:
+          enabled: false
+          user: ${linux:system:user:cmay}
diff --git a/openssh/server/team/members/deprecated/daniillapshin.yml b/openssh/server/team/members/deprecated/daniillapshin.yml
new file mode 100644
index 0000000..179899b
--- /dev/null
+++ b/openssh/server/team/members/deprecated/daniillapshin.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        dlapshin:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/dlapshin
+          name: dlapshin
+  openssh:
+    server:
+      user:
+        dlapshin:
+          enabled: false
+          user: ${linux:system:user:dlapshin}
diff --git a/openssh/server/team/members/deprecated/dmitrygoloshubov.yml b/openssh/server/team/members/deprecated/dmitrygoloshubov.yml
new file mode 100644
index 0000000..7185952
--- /dev/null
+++ b/openssh/server/team/members/deprecated/dmitrygoloshubov.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        dgoloshubov:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/dgoloshubov
+          name: dgoloshubov
+  openssh:
+    server:
+      user:
+        dgoloshubov:
+          enabled: false
+          user: ${linux:system:user:dgoloshubov}
diff --git a/openssh/server/team/members/deprecated/dszeluga.yml b/openssh/server/team/members/deprecated/dszeluga.yml
new file mode 100644
index 0000000..0b6fd58
--- /dev/null
+++ b/openssh/server/team/members/deprecated/dszeluga.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        dszeluga:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/dszeluga
+          name: dszeluga
+  openssh:
+    server:
+      user:
+        dszeluga:
+          enabled: false
+          user: ${linux:system:user:dszeluga}
diff --git a/openssh/server/team/members/deprecated/ecantwell.yml b/openssh/server/team/members/deprecated/ecantwell.yml
new file mode 100644
index 0000000..12a9f22
--- /dev/null
+++ b/openssh/server/team/members/deprecated/ecantwell.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        ecantwell:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/ecantwell
+          name: ecantwell
+  openssh:
+    server:
+      user:
+        ecantwell:
+          enabled: false
+          user: ${linux:system:user:ecantwell}
diff --git a/openssh/server/team/members/deprecated/ekozhemyakin.yml b/openssh/server/team/members/deprecated/ekozhemyakin.yml
new file mode 100644
index 0000000..0156356
--- /dev/null
+++ b/openssh/server/team/members/deprecated/ekozhemyakin.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        ekozhemyakin:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/ekozhemyakin
+          name: ekozhemyakin
+  openssh:
+    server:
+      user:
+        ekozhemyakin:
+          enabled: false
+          user: ${linux:system:user:ekozhemyakin}
diff --git a/openssh/server/team/members/deprecated/fpytloun.yml b/openssh/server/team/members/deprecated/fpytloun.yml
new file mode 100644
index 0000000..c0dbffe
--- /dev/null
+++ b/openssh/server/team/members/deprecated/fpytloun.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        filip:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/filip
+          name: filip
+  openssh:
+    server:
+      user:
+        filip:
+          enabled: false
+          user: ${linux:system:user:filip}
diff --git a/openssh/server/team/members/deprecated/fsoppelsa.yml b/openssh/server/team/members/deprecated/fsoppelsa.yml
new file mode 100644
index 0000000..1d92a3b
--- /dev/null
+++ b/openssh/server/team/members/deprecated/fsoppelsa.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        fsoppelsa:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/fsoppelsa
+          name: fsoppelsa
+  openssh:
+    server:
+      user:
+        fsoppelsa:
+          enabled: false
+          user: ${linux:system:user:fsoppelsa}
diff --git a/openssh/server/team/members/deprecated/jbroulik.yml b/openssh/server/team/members/deprecated/jbroulik.yml
new file mode 100644
index 0000000..bed7c03
--- /dev/null
+++ b/openssh/server/team/members/deprecated/jbroulik.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        jbroulik:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/jbroulik
+          name: jbroulik
+  openssh:
+    server:
+      user:
+        jbroulik:
+          enabled: false
+          user: ${linux:system:user:jbroulik}
diff --git a/openssh/server/team/members/deprecated/jjosef.yml b/openssh/server/team/members/deprecated/jjosef.yml
new file mode 100644
index 0000000..0c340a4
--- /dev/null
+++ b/openssh/server/team/members/deprecated/jjosef.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        jjosef:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/jjosef
+          name: jjosef
+  openssh:
+    server:
+      user:
+        jjosef:
+          enabled: false
+          user: ${linux:system:user:jjosef}
diff --git a/openssh/server/team/members/deprecated/jpavlik.yml b/openssh/server/team/members/deprecated/jpavlik.yml
new file mode 100644
index 0000000..740311e
--- /dev/null
+++ b/openssh/server/team/members/deprecated/jpavlik.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        jpavlik:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/jpavlik
+          name: jpavlik
+  openssh:
+    server:
+      user:
+        jpavlik:
+          enabled: false
+          user: ${linux:system:user:jpavlik}
diff --git a/openssh/server/team/members/deprecated/kkushaev.yml b/openssh/server/team/members/deprecated/kkushaev.yml
new file mode 100644
index 0000000..8ff8d0c
--- /dev/null
+++ b/openssh/server/team/members/deprecated/kkushaev.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        kkushaev:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/kkushaev
+          name: kkushaev
+  openssh:
+    server:
+      user:
+        kkushaev:
+          enabled: false
+          user: ${linux:system:user:kkushaev}
diff --git a/openssh/server/team/members/deprecated/krzysztoffranckowski.yml b/openssh/server/team/members/deprecated/krzysztoffranckowski.yml
new file mode 100644
index 0000000..02b0187
--- /dev/null
+++ b/openssh/server/team/members/deprecated/krzysztoffranckowski.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        kfranckowski:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/kfranckowski
+          name: kfranckowski
+  openssh:
+    server:
+      user:
+        kfranckowski:
+          enabled: false
+          user: ${linux:system:user:kfranckowski}
diff --git a/openssh/server/team/members/deprecated/matthewroark.yml b/openssh/server/team/members/deprecated/matthewroark.yml
new file mode 100644
index 0000000..d51a8b7
--- /dev/null
+++ b/openssh/server/team/members/deprecated/matthewroark.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        mroark:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/mroark
+          name: mroark
+  openssh:
+    server:
+      user:
+        mroark:
+          enabled: false
+          user: ${linux:system:user:mroark}
diff --git a/openssh/server/team/members/deprecated/mceloud.yml b/openssh/server/team/members/deprecated/mceloud.yml
new file mode 100644
index 0000000..c25d778
--- /dev/null
+++ b/openssh/server/team/members/deprecated/mceloud.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        marco:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/marco
+          name: marco
+  openssh:
+    server:
+      user:
+        marco:
+          enabled: false
+          user: ${linux:system:user:marco}
diff --git a/openssh/server/team/members/deprecated/michaelpetersen.yml b/openssh/server/team/members/deprecated/michaelpetersen.yml
new file mode 100644
index 0000000..81e3d49
--- /dev/null
+++ b/openssh/server/team/members/deprecated/michaelpetersen.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        mpetersen:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/mpetersen
+          name: mpetersen
+  openssh:
+    server:
+      user:
+        mpetersen:
+          enabled: false
+          user: ${linux:system:user:mpetersen}
diff --git a/openssh/server/team/members/deprecated/mrelewicz.yml b/openssh/server/team/members/deprecated/mrelewicz.yml
new file mode 100644
index 0000000..d23e3ae
--- /dev/null
+++ b/openssh/server/team/members/deprecated/mrelewicz.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        mrelewicz:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/mrelewicz
+          name: mrelewicz
+  openssh:
+    server:
+      user:
+        mrelewicz:
+          enabled: false
+          user: ${linux:system:user:mrelewicz}
diff --git a/openssh/server/team/members/deprecated/mwilson.yml b/openssh/server/team/members/deprecated/mwilson.yml
new file mode 100644
index 0000000..64d3e03
--- /dev/null
+++ b/openssh/server/team/members/deprecated/mwilson.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        mwilson:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/mwilson
+          name: mwilson
+  openssh:
+    server:
+      user:
+        mwilson:
+          enabled: false
+          user: ${linux:system:user:mwilson}
diff --git a/openssh/server/team/members/deprecated/myatsenko.yml b/openssh/server/team/members/deprecated/myatsenko.yml
new file mode 100644
index 0000000..2e16fd4
--- /dev/null
+++ b/openssh/server/team/members/deprecated/myatsenko.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        myatsenko:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/myatsenko
+          name: myatsenko
+  openssh:
+    server:
+      user:
+        myatsenko:
+          enabled: false
+          user: ${linux:system:user:myatsenko}
diff --git a/openssh/server/team/members/deprecated/nkabanova.yml b/openssh/server/team/members/deprecated/nkabanova.yml
new file mode 100644
index 0000000..2c1bb7c
--- /dev/null
+++ b/openssh/server/team/members/deprecated/nkabanova.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        nkabanova:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/nkabanova
+          name: nkabanova
+  openssh:
+    server:
+      user:
+        nkabanova:
+          enabled: false
+          user: ${linux:system:user:nkabanova}
diff --git a/openssh/server/team/members/deprecated/nkondra.yml b/openssh/server/team/members/deprecated/nkondra.yml
new file mode 100644
index 0000000..b8d42de
--- /dev/null
+++ b/openssh/server/team/members/deprecated/nkondra.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        nkondra:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/nkondra
+          name: nkondra
+  openssh:
+    server:
+      user:
+        nkondra:
+          enabled: false
+          user: ${linux:system:user:nkondra}
diff --git a/openssh/server/team/members/deprecated/osergiyuk.yml b/openssh/server/team/members/deprecated/osergiyuk.yml
new file mode 100644
index 0000000..41a0ef9
--- /dev/null
+++ b/openssh/server/team/members/deprecated/osergiyuk.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        osergiyuk:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/osergiyuk
+          name: osergiyuk
+  openssh:
+    server:
+      user:
+        osergiyuk:
+          enabled: false
+          user: ${linux:system:user:osergiyuk}
diff --git a/openssh/server/team/members/deprecated/osmola.yml b/openssh/server/team/members/deprecated/osmola.yml
new file mode 100644
index 0000000..c4c2c37
--- /dev/null
+++ b/openssh/server/team/members/deprecated/osmola.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        osmola:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/osmola
+          name: osmola
+  openssh:
+    server:
+      user:
+        osmola:
+          enabled: false
+          user: ${linux:system:user:osmola}
diff --git a/openssh/server/team/members/deprecated/pjediny.yml b/openssh/server/team/members/deprecated/pjediny.yml
new file mode 100644
index 0000000..cb6ac87
--- /dev/null
+++ b/openssh/server/team/members/deprecated/pjediny.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        pjediny:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/pjediny
+          name: pjediny
+  openssh:
+    server:
+      user:
+        pjediny:
+          enabled: false
+          user: ${linux:system:user:pjediny}
diff --git a/openssh/server/team/members/deprecated/pmathews.yml b/openssh/server/team/members/deprecated/pmathews.yml
new file mode 100644
index 0000000..98b94d9
--- /dev/null
+++ b/openssh/server/team/members/deprecated/pmathews.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        pmathews:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/pmathews
+          name: pmathews
+  openssh:
+    server:
+      user:
+        pmathews:
+          enabled: false
+          user: ${linux:system:user:pmathews}
diff --git a/openssh/server/team/members/deprecated/renesoto.yml b/openssh/server/team/members/deprecated/renesoto.yml
new file mode 100644
index 0000000..33adfea
--- /dev/null
+++ b/openssh/server/team/members/deprecated/renesoto.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        rsoto:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/rsoto
+          name: rsoto
+  openssh:
+    server:
+      user:
+        rsoto:
+          enabled: false
+          user: ${linux:system:user:rsoto}
diff --git a/openssh/server/team/members/deprecated/rfelkl.yml b/openssh/server/team/members/deprecated/rfelkl.yml
new file mode 100644
index 0000000..1655bd3
--- /dev/null
+++ b/openssh/server/team/members/deprecated/rfelkl.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        rfelkl:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/rfelkl
+          name: rfelkl
+  openssh:
+    server:
+      user:
+        rfelkl:
+          enabled: false
+          user: ${linux:system:user:rfelkl}
diff --git a/openssh/server/team/members/deprecated/rsafonov.yml b/openssh/server/team/members/deprecated/rsafonov.yml
new file mode 100644
index 0000000..9805d7c
--- /dev/null
+++ b/openssh/server/team/members/deprecated/rsafonov.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        rsafonov:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/rsafonov
+          name: rsafonov
+  openssh:
+    server:
+      user:
+        rsafonov:
+          enabled: false
+          user: ${linux:system:user:rsafonov}
diff --git a/openssh/server/team/members/deprecated/rsatek.yml b/openssh/server/team/members/deprecated/rsatek.yml
new file mode 100644
index 0000000..7aa75c5
--- /dev/null
+++ b/openssh/server/team/members/deprecated/rsatek.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        rsatek:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/rsatek
+          name: rsatek
+  openssh:
+    server:
+      user:
+        rsatek:
+          enabled: false
+          user: ${linux:system:user:rsatek}
diff --git a/openssh/server/team/members/deprecated/samstoelinga.yml b/openssh/server/team/members/deprecated/samstoelinga.yml
new file mode 100644
index 0000000..b0b51b2
--- /dev/null
+++ b/openssh/server/team/members/deprecated/samstoelinga.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        sstoelinga:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/sstoelinga
+          name: sstoelinga
+  openssh:
+    server:
+      user:
+        sstoelinga:
+          enabled: false
+          user: ${linux:system:user:sstoelinga}
diff --git a/openssh/server/team/members/deprecated/scottmachtmes.yml b/openssh/server/team/members/deprecated/scottmachtmes.yml
new file mode 100644
index 0000000..f56ef1d
--- /dev/null
+++ b/openssh/server/team/members/deprecated/scottmachtmes.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        smachtmes:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/smachtmes
+          name: smachtmes
+  openssh:
+    server:
+      user:
+        smachtmes:
+          enabled: false
+          user: ${linux:system:user:smachtmes}
diff --git a/openssh/server/team/members/deprecated/sovsianikov.yml b/openssh/server/team/members/deprecated/sovsianikov.yml
new file mode 100644
index 0000000..6fa24dc
--- /dev/null
+++ b/openssh/server/team/members/deprecated/sovsianikov.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        sovsianikov:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/sovsianikov
+          name: sovsianikov
+  openssh:
+    server:
+      user:
+        sovsianikov:
+          enabled: false
+          user: ${linux:system:user:sovsianikov}
diff --git a/openssh/server/team/members/deprecated/tkukral.yml b/openssh/server/team/members/deprecated/tkukral.yml
new file mode 100644
index 0000000..3b89b7b
--- /dev/null
+++ b/openssh/server/team/members/deprecated/tkukral.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        tkukral:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/tkukral
+          name: tkukral
+  openssh:
+    server:
+      user:
+        tkukral:
+          enabled: false
+          user: ${linux:system:user:tkukral}
diff --git a/openssh/server/team/members/deprecated/vmikes.yml b/openssh/server/team/members/deprecated/vmikes.yml
new file mode 100644
index 0000000..83a0848
--- /dev/null
+++ b/openssh/server/team/members/deprecated/vmikes.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        vmikes:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/vmikes
+          name: vmikes
+  openssh:
+    server:
+      user:
+        vmikes:
+          enabled: false
+          user: ${linux:system:user:vmikes}
diff --git a/openssh/server/team/members/deprecated/vzach.yml b/openssh/server/team/members/deprecated/vzach.yml
new file mode 100644
index 0000000..6d3cdf7
--- /dev/null
+++ b/openssh/server/team/members/deprecated/vzach.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        vzach:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/vzach
+          name: vzach
+  openssh:
+    server:
+      user:
+        vzach:
+          enabled: false
+          user: ${linux:system:user:vzach}
diff --git a/openssh/server/team/members/deprecated/zahedkhurasani.yml b/openssh/server/team/members/deprecated/zahedkhurasani.yml
new file mode 100644
index 0000000..f9ac538
--- /dev/null
+++ b/openssh/server/team/members/deprecated/zahedkhurasani.yml
@@ -0,0 +1,16 @@
+parameters:
+  linux:
+    system:
+      user:
+        zkhurasani:
+          email: disabled
+          enabled: false
+          full_name: disabled
+          home: /home/zkhurasani
+          name: zkhurasani
+  openssh:
+    server:
+      user:
+        zkhurasani:
+          enabled: false
+          user: ${linux:system:user:zkhurasani}
diff --git a/openssh/server/team/members/dmitrygoloshubov.yml b/openssh/server/team/members/dmitrygoloshubov.yml
deleted file mode 100644
index ab76658..0000000
--- a/openssh/server/team/members/dmitrygoloshubov.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        dgoloshubov:
-          enabled: false
-          name: dgoloshubov
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/dgoloshubov
-          email: dgoloshubov@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        dgoloshubov:
-          enabled: false
-          public_keys: ${public_keys:dgoloshubov}
-          user: ${linux:system:user:dgoloshubov}
-  public_keys:
-    dgoloshubov:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3k+8GqLyioUc3bEYRHvId62f+KnOvZvVRQH71q1iynbG6ELOZVoxs2AuVjej7weEI7SBsrTKraHkZ7DumKHFMqDG6hiVW2YxJWtX1smcHyapL0k4Tq61MjdwZ6QzNcVstPh/fnbAQCdBEzL8pxbxgRj3xmgPm8pP3RAyBFZOuovfa+VmJXx8kdu8bhieWHTTlrBuhlBc0tM5RBm3WFK0jIK1qO0UJ5Ji0I1hhdg6ti5hEY76Binwzh0A75UDAQ7RmJxWwXiXs/RJOR1c9Wsr4FlLJ5bfMT6bpdYQcPtq3WEkgT0xZTZ5u4hOLsZNJDET+wH/4nL/3/ejtADujQaUJ
-
diff --git a/openssh/server/team/members/dstremkouski.yml b/openssh/server/team/members/dstremkouski.yml
index ba3233b..d283c07 100644
--- a/openssh/server/team/members/dstremkouski.yml
+++ b/openssh/server/team/members/dstremkouski.yml
@@ -5,7 +5,7 @@
         dstremkouski:
           enabled: true
           name: dstremkouski
-          sudo: true
+          sudo: ${_param:linux_system_user_sudo}
           full_name: Dzmitry Stremkouski
           home: /home/dstremkouski
           email: dstremkouski@mirantis.com
diff --git a/openssh/server/team/members/dszeluga.yml b/openssh/server/team/members/dszeluga.yml
deleted file mode 100644
index b035f42..0000000
--- a/openssh/server/team/members/dszeluga.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-##Disabled user
-parameters:
-  linux:
-    system:
-      user:
-        dszeluga:
-          enabled: false
-          name: dszeluga
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/dszeluga
-          email: dszeluga@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        dszeluga:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEEFoCOaivah6AjFZmPIDlDlp8mUfsh9UFrjgLL8vqVYoyVnuZ5DQZTeZsCgFCPxodEsgHDkSEFwkB6hbyqEXszGIL8dWwSBR3QfNJD2cjZ8ZYqXsKN63RzHGAjTXMjlCB7TZtcui1SWpKjGd+x3gQ0KkHZI9V9WVYDcC75kyEAHZptM2N9jlwbhr9lXZ77gZacjaGoKN0Agb/ydd1TyhQ1F3g56pnvgZtkOe/bStwjpz2NS0FqiqAR3wOeZZUGsR3TCP70oYfaeJvpCDVRR/gVXqqvcBAiNYTGC/tMlKuECKPtOOAP8Oc+bt1eOrbiPVJ5NfoOIpmMCDUUSnFoNGN damjanek@cocaine.local
-          user: ${linux:system:user:dszeluga}
diff --git a/openssh/server/team/members/dteselkin.yml b/openssh/server/team/members/dteselkin.yml
new file mode 100644
index 0000000..3ddc751
--- /dev/null
+++ b/openssh/server/team/members/dteselkin.yml
@@ -0,0 +1,20 @@
+parameters:
+  linux:
+    system:
+      user:
+        dteselkin:
+          enabled: true
+          name: dteselkin
+          sudo: ${_param:linux_system_user_sudo}
+          full_name: Dmitry Teselkin
+          home: /home/dteselkin
+          email: dteselkin@mirantis.com
+  openssh:
+    server:
+      enabled: true
+      user:
+        dteselkin:
+          enabled: true
+          public_keys:
+            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxE+TvswmBZP8xIz4DRlyrQV6CEk1ZDCc8vXT8yYB2VgW7PpYt6ukuV+UjUp18/51JBKbxJIGplF4i1rgEvKX/kfi/FWM3uiqPq9ivLzuykIGiRccsU3kzIntIec7WDDcJeo/P4r5eXWhI+idMvcfLcxCLbN1OKZfBllhagv8oUrWLVCPaPvcWXxUQ8gvylP3Mk+G/OtaTJSk0udG2S4vh1Rg+TU7x8RHV0q8P8LPz19pvWQu5yWbeKd4FbKGUNx9eBqdGR6+nsfpjJZWeeSkUT9C77ihkMtIGJ7EacNYbgYhtIKZeBrfJcw+M1JTXdd8quwVPSA46D4xldQZ7aM7t
+          user: ${linux:system:user:dteselkin}
diff --git a/openssh/server/team/members/ecantwell.yml b/openssh/server/team/members/ecantwell.yml
deleted file mode 100644
index 6003b15..0000000
--- a/openssh/server/team/members/ecantwell.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        ecantwell:
-          enabled: false
-          name: ecantwell
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/ecantwell
-          email: ecantwell@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        ecantwell:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYAORp6uIs68C7P2QbNh/Jd58NudtLZrCLir/iGbHx8w1kV4yHG+o1N2wS5PYTkvIAl1/bMexniQiBKSmHvT8GnLJjyNBZL9PcLvCdYQQyQsXtd9LMUAaQehwQnQhB59CDOpTyIwrUuG+z8W5DFx47wKh6yVWCAwTVDJ3bRcL4bv16TE2A3PfCUNxFy8q6Z2RbL1YdIJwsywBBTj8wT1HuEImhefRmC0PuWPzoZZdezRQs05+fgNjw3gcVh3vdzWg6Klfz2FTQl0CgXOVaFWGIE8mi+uh/g0ML5JVQNEpqGxtHtHADykZvac+ozOTthSu+JaQEgUhc8bwV/31Hzh/9r3hOlkMj/Gmsprd+JWyeKewbBKVmaCVFsN7h8WSmBoSkk4uK7yPpR3xkC+Fs5vtXGqEBYFO/44b2WNgwZNE/gEgaxQFqAvg/E2bJVLwQ8ePUxIYoZN2qv2yIvqHCmWSDs6clTz+TGPPh92Txsp2/iTodhDk1muHfS4NGf9wkSMJQPuHFR+izsC5byPYKT4QfpWOrFDa1hHEgO4Hf/zpfAS4yIeo+hNIpE740w6tZINE9RJLutiTq+datt7M9qzqMVq9xEON/I8zBmfY5Srky9gTNhSdViWVPB6Tb8xiIXHZAx4YcJ1waZNZP6Yqn0WsEkAYC3vCXqpeRNcCVu3NIkw==
-          user: ${linux:system:user:ecantwell}
diff --git a/openssh/server/team/members/ekozhemyakin.yml b/openssh/server/team/members/ekozhemyakin.yml
deleted file mode 100644
index 70dc2b2..0000000
--- a/openssh/server/team/members/ekozhemyakin.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        ekozhemyakin:
-          enabled: false
-          name: ekozhemyakin
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/ekozhemyakin
-          email: ekozhemyakin@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        ekozhemyakin:
-          enabled: false
-          public_keys:
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAnQ3OD1g35wYDnHwnNKuA/daYMJ7YmMsGoucOG8Y4HFXv9JXMd7MgqpfgyRc22y3VqV6G7ddGgjI0TDzENAzxUAd6pjIhl8GPtwBRY0q5LDPZwatkX8KH1T/da5EDM3iwekftd50s8hsUKRhmCfuFlgC9R0eVAVbzLMsB+OgtasLygoCrfWa5chZ6exbIkDnQRN+SDxBEHjpAK22OGeDuW4Vuf8DS74cNgX2zZBkcQEwxfzGBi3AsJhUEm91d1JJqYtD4nwcRSIUEEiKLroW/AKACko8GihHXCRxmgLSFNhMLwV9g5LE4E9O/MMN8E7ik2JnmAVuhjttsa4tzj62raAlrUBvA/4KBwwocXgR6lLZ/dLBcCdbSZ8UQJy3IM9rwa/r9v/T6qGWm1GwTqL7MWAp4XKPpUbHvykSh9XqQm0Zs2/eTsa387Oxo40IuLcJk8tOlZwYiu2wdnrhnex90dMweMEHTe9lBi0JOqz48uFDYa3NsNQ6ZhkZGYgGblH1Ip3Z75K69HDZJUrM++4bDRuN2y5BL3K1M2GKZVnSwVvkcw7wCL7KyEMzX5uyHc1IiBtpZjPGorIQvJvmUzNe/IDSwVwu2Lm8YsYyMmboyiQ+NZex9+9ZW7htyREYGKNJZHAB+YIgvXRKJOjw0JyCXDqkNOeMDOlkfwYEcrhsN7A8= evg@ThinkPad
-          user: ${linux:system:user:ekozhemyakin}
diff --git a/openssh/server/team/members/fpytloun.yml b/openssh/server/team/members/fpytloun.yml
deleted file mode 100644
index 70f8b73..0000000
--- a/openssh/server/team/members/fpytloun.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        filip:
-          enabled: false
-          name: filip
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/filip
-          email: filip@pytloun.cz
-  openssh:
-    server:
-      enabled: true
-      user:
-        filip:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCcuHTjJ3CoWdkmvtag07bIWeyAMqFLAN+QApat7TXUcDYmm/neK4Asg3m/UicofZnB80cI4tjnB84Z8WazLHMxVTLwHbEqTVbXVeKebiZ5yn0yo4ndRzmppUfSvs0xcMysBwu+hYAnIDXTedctbciMSYKbuQ+b9XZ4mFZ/2RHG4QBA/dPUxJdCwvkBu7AOV+6zaRSR99UETr5nxICQUGVJBTy6VkCsch4mK3/K2SrujODUhytcROg+6ejV/aZHWH9xIFRBLfhmSFeOC6oneBWo4QBQ2tTZgb7Go744JpkhkoMfWQnR2s6cCgUN60BJ6j5snqmbv9/2CmgbI4UprC+E6lL04K/Jbgjv+fi3KqnCIpRiQzahmjSeeYdPducWme3BVDceUSb5EzF/RjSDi4yHcTWJS0TcPf195p42O1G6tLw5zfmIu2+PWUq1L4pLualboUbaDtwqg0WaLWKONi9tJkOS1OMz4hxqEbWBAtFNJLHC5K+OXcV8Yt6C7iB2dEZ4c26MAi1pdMqhFjxYiCGYKZ4lyV9xo8tWcs5fiUIi2PKyLQ9SMRQbhXIcb9ENby2D/ijh5AVpbBew8iaUQQKg83Yo0z2PwTWyNFuXECAl667XaTNZEMVUjo5yU/OtktVZiH6ZfvEFwj+7OpLBiZ3sFgp/7EHcGXa0FL6BcXuwfQ== filip@pytloun.cz
-          user: ${linux:system:user:filip}
diff --git a/openssh/server/team/members/fsoppelsa.yml b/openssh/server/team/members/fsoppelsa.yml
deleted file mode 100644
index 7921474..0000000
--- a/openssh/server/team/members/fsoppelsa.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        fsoppelsa:
-          enabled: false
-          name: fsoppelsa
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/fsoppelsa
-          email: fsoppelsa@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        fsoppelsa:
-          enabled: false
-          public_keys:
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCs1bA1kgjstOfTVlS5+COuv3U1UYmAkDkTHHCw188XmZKQwmjrHQdbxA91fi/LmGNO87r9S3Sy6bmwYeBd8MUycYKXYPvHaS2JnflgtOy8L1xxubOgA+bpaziHImC0Xf6AQZRbVNlegVG5dVxZ1b1gNIaxufO8BmR4X/apG7TBXAhd+IYRzXsHlZVyrnZyUHNWJWQaUt+640ziR2+1mQZMktgfC9X3G9FxXtCEl6zvkHv8I2XOuzAfHFyoZlv32fo7BF1SjJnMkAhU5jMaliKQNt9Z3G3zcW0yA4D2IruueCJ7HNbXP2wxxiCpTxfpadfglUhm4U0wvTluippKlC1j fsoppelsa@yoda.local
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDTui9BfPuQgiGH0MkOrjWAkveC2J6Kh8zWmPMj3x2QIlHaXoMjnOTsfYqSSzlXIdswU6+46MMOG2jn1D78/hOEqNOFhOp+jtrjAhNUsufDdHclcMQJXPh/m/OaKyJq5UeNdFpq7UdhwA6E8Z9w4Jld/MzoV675RvI2OrzjSw8/K8pxf5YDOPrsxohFTwHaosbqrt/Owjiyqsh8NnJkEnNoFjvVNebpiKDZB2hOTOGjSOmHExQ7rmWNcdUISe/jwLrl5oR7ciwg4BnvcBye1W8l68w5vJ1dlUH8k3NNx010nnKal4MvL0mSYVqd32m5stBLSwZ57UBVVTJl6i3aSQz fsoppelsa@darthvader.local
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkuI6Hfp6dXFHNtL4c3GaIJM13fAJMaUyTatWJ8//qhJz5brbdeF9IQBykPkA59mtWJ6hx81jWgrzp8rHauAQdVEOsn+ZfcTA8zcQaqEv0qe2FxJKN7Ex7YTtXa90uLUiiGTJFy8D9rjKVQLqWjtqo1n94XIvJncw/HmX/RK7lMVmEjUAJmBRo7yCr0N/6i7ITN7Nnn8bB/eKy27TGao5Sw/2fdWKlh+XPvDskpxKL0/jcoBOg5QiB0zT/XTq3ZL6xCTOQ9JUDKmIvHQIJ2ykxyZE/Kh1yHwU0sifz6PLi+z5OhOFpEEFyAtSLeOyZj+gnBtw4DjsglZ10+Q2uJ0Ir fsoppelsa@anakin.msk.mirantis.com
-          user: ${linux:system:user:fsoppelsa}
diff --git a/openssh/server/team/members/jbroulik.yml b/openssh/server/team/members/jbroulik.yml
deleted file mode 100644
index 6b25ae9..0000000
--- a/openssh/server/team/members/jbroulik.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        jbroulik:
-          enabled: true
-          name: jbroulik
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Jiri Broulik
-          home: /home/jbroulik
-          email: jbroulik@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        jbroulik:
-          enabled: true
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCBPHunnzTMg2I88ZIaiQ5eJYJRq/hQcB5UtDZTC7hO0ce+oEpftcLQiQ69xKbOPb5xiK6VMJd6a53gZykabMTov6y+nECMr4B1i6tgK1NPCU/sGhvsUKeiRo7ZVMScRPuJuTGRLjR6Ac3pRrwrWpmoRvJtLnbrvjEYlt9V7ui/VFkl7uiPQc3AjNiSkgBekDGtrqZktjUstEosucjfriF/PVtlZqha7d3rHLpK1KBzzaSMNMxCgBitEtqjgHLtcR1H/KgPQpYAwkokmvAGH8/fqcd+tpmp6hiH3k2Haf8EjVBTcw71fbmqC0rpL8/r74jyYAmkfPG8LISb/T9gPcV jiri@jiri-Mirantis
-          user: ${linux:system:user:jbroulik}
\ No newline at end of file
diff --git a/openssh/server/team/members/jjosef.yml b/openssh/server/team/members/jjosef.yml
deleted file mode 100644
index df6d0dd..0000000
--- a/openssh/server/team/members/jjosef.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        jjosef:
-          enabled: true
-          name: jjosef
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Jakub Josef
-          home: /home/jjosef
-          email: jakub.josef@gmail.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        jjosef:
-          enabled: true
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkK55PVyvnhW2XiIyDUTWOaW1frsd7g9t8SLRmjtEjKqJOBaRk48bSUfcV2twGcSOq3E2dUikh3URobYIZ6WBEiWrl1e7MYCJJAE+8qzVoskk01mC6tp9HGbsSRKrZTgpjzReM+kN6jffi/P1rSqgeg4U0O99N2aWqdfc7UJPFM09z9nqfB1Gj4HUnBkC1X+di4U3S6W8q62JLgxuK2MAry3xSnPztFVH5OXXbBltdVIxshOHj9i8wyof9iFHGdjFNvB+c5I3RJ2HRmmmHm3zey9iHU7PNIppXKglUFZ0EKIB4LsDjL6xrEjo2A5tfCaVZLNJgP95tdbGEcYQuDv3N jakub.josef@gmail.com
-          user: ${linux:system:user:jjosef}
\ No newline at end of file
diff --git a/openssh/server/team/members/jorgesorondo.yml b/openssh/server/team/members/jorgesorondo.yml
index 38ecf77..9ffbb4c 100644
--- a/openssh/server/team/members/jorgesorondo.yml
+++ b/openssh/server/team/members/jorgesorondo.yml
@@ -15,8 +15,6 @@
       user:
         jsorondo:
           enabled: true
-          public_keys: ${public_keys:jsorondo}
+          public_keys:
+            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYN/Y6PeKVaW+ouilurh9jyi2k+PDn097LPXxi82ODgPJ+p/qzr6oBYIWDNtudMhNTWA1uV2ZnMbbl67REWAc8V++NFQWtAX9lmtQ4S5w/CvWutgGqrUr7gjJJoq/ySMMFE1F3sekdPM90y2JS4K1L300de5UviAwgPMo48wq292MaESqq6/X7CV3VHDy5srA1VFI1oZMv66NpOO2mHzElKMtVISTHF8/W4yg1P7LvjlcH2vB2clfO6UtOZfcDaAibAyE+bClUYzK6YSRejni5hWaRYFOvza3PyIF6YvjznPxtTU4aclmiZrtMm5gLZB/euvkijXuBOPFO0xgDw6Q9
           user: ${linux:system:user:jsorondo}
-  public_keys:
-    jsorondo:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYN/Y6PeKVaW+ouilurh9jyi2k+PDn097LPXxi82ODgPJ+p/qzr6oBYIWDNtudMhNTWA1uV2ZnMbbl67REWAc8V++NFQWtAX9lmtQ4S5w/CvWutgGqrUr7gjJJoq/ySMMFE1F3sekdPM90y2JS4K1L300de5UviAwgPMo48wq292MaESqq6/X7CV3VHDy5srA1VFI1oZMv66NpOO2mHzElKMtVISTHF8/W4yg1P7LvjlcH2vB2clfO6UtOZfcDaAibAyE+bClUYzK6YSRejni5hWaRYFOvza3PyIF6YvjznPxtTU4aclmiZrtMm5gLZB/euvkijXuBOPFO0xgDw6Q9
diff --git a/openssh/server/team/members/jpavlik.yml b/openssh/server/team/members/jpavlik.yml
deleted file mode 100644
index 4474062..0000000
--- a/openssh/server/team/members/jpavlik.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        jpavlik:
-          enabled: false
-          name: jpavlik
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/jpavlik
-          email: jpavlik@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        jpavlik:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAylDZDzgMuEsJQpwFHDW+QivCVhryxXd1/HWqq1TVhJmT9oNAYdhUBnf/9kVtgmP0EWpDJtGSEaSugCmx8KE76I64RhpOTlm7wO0FFUVnzhFtTPx38WHfMjMdk1HF8twZU4svi72Xbg1KyBimwvaxTTd4zxq8Mskp3uwtkqPcQJDSQaZYv+wtuB6m6vHBCOTZwAognDGEvvCg0dgTU4hch1zoHSaxedS1UFHjUAM598iuI3+hMos/5hjG/vuay4cPLBJX5x1YF6blbFALwrQw8ZmTPaimqDUA9WD6KSmS1qg4rOkk4cszIfJ5vyymMrG+G3qk5LeT4VrgIgWQTAHyXw== pavlk.jakub@gmail.com
-          user: ${linux:system:user:jpavlik}
diff --git a/openssh/server/team/members/kkushaev.yml b/openssh/server/team/members/kkushaev.yml
deleted file mode 100644
index 978c6f1..0000000
--- a/openssh/server/team/members/kkushaev.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        kkushaev:
-          enabled: true
-          name: kkushaev
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Kairat Kushaev
-          home: /home/kkushaev
-          email: kkushaev@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        kkushaev:
-          enabled: true
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqsPMcXdObuEZCBqw3t+AutfjA6mxNJ9o4jZb+ov4Tatw0mlGZtpQXyOnn1kkvIW0TAmMdT8dXeSHusc/Ujd8MHFBDSnvGid/jtSpA7q4Op0VNo4cOFx1fw5KqnsZyymhafiVQywgj6UQOEYNpX7VHgPOMLL2Ymm3i9RF986jLpLqXJHWbJuy+0rOHzjFh127QuTV01AYONOaiDdcwZlHyFZgWShL5NSJCMhmREPLn118JTEsN8w+r10a51plzrrV3Tqcz6q7znfftBKlzKrPACVmbMdOzOQ+XBMuN3VmsFxtS//qcqd7y+YAgG1CJ+E+nk4JUYU5fxeiUWntvqFKl
-          user: ${linux:system:user:kkushaev}
diff --git a/openssh/server/team/members/krzysztoffranckowski.yml b/openssh/server/team/members/krzysztoffranckowski.yml
deleted file mode 100644
index 9d8a95c..0000000
--- a/openssh/server/team/members/krzysztoffranckowski.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        kfranckowski:
-          enabled: false
-          name: kfranckowski
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Krzysztof Franckowski
-          home: /home/kfranckowski
-          email: kfranckowski@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        kfranckowski:
-          enabled: false
-          public_keys: ${public_keys:kfranckowski}
-          user: ${linux:system:user:kfranckowski}
-  public_keys:
-    kfranckowski:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVoTlgIijwEHGDbkKD3IBQHjHOjaM3z9VtIPxFZx0uTzyQ2qgeCS1Nd4VTFM1u677SspcAeZkgoMhuKqPcD+JypApA9bfmELu7QrDdnzro2bW/Sj5fMbfCR5V2KfqCj4nQmzcBLlx0Lj+JRQgzx4NThveOZHRQfO1tFSRNJMM/DmxCZsUCs3tl3WYyWEZkKYx/vPWoGe+Hf7VU/tsH/Yp1syhfJBNwyuCmfsobrUrvcVL+troX7hefXNJOuum6KvTDAPM9XzJvR0TU63bkGpOpACPr7axXOjJ0Y3X2qrXRRXc+IGaWY1O+MQ55jxOJX7SD74lbdy8WRxdmHt6V6QRL
-
diff --git a/openssh/server/team/members/matthewroark.yml b/openssh/server/team/members/matthewroark.yml
deleted file mode 100644
index ef6f755..0000000
--- a/openssh/server/team/members/matthewroark.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        mroark:
-          enabled: false
-          name: mroark
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Matthew Roark
-          home: /home/mroark
-          email: mroark@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        mroark:
-          enabled: false
-          public_keys: ${public_keys:mroark}
-          user: ${linux:system:user:mroark}
-  public_keys:
-    mroark:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwCoVNR4+UdV2GQDUHYxy34cNFr/mdcHn0LjEzoJfm/qqFzRFOw7KUvBiDgW1J6TKTOu74gZADlwem5hDHlW+Z60CiSCx1xdOxtmMI8667mrtnD8m3LRWVDAoJzGpP8e2qiq7sBA+U973pQH3+5x3aHJXWoA/zDZzCdsweWIDhHiMbs24/flzXsnpS9BRmbyRoh+wrnM7h+iGRCzDuOZYJkcABvXy9Hs9ZZhDL16mqDJv8WdEF28/aUvVE62AJHLQuSy4mvDL+57XkFlSyMbK1jCJaRzU1B/4TBOtsBCbVNP0VonZEh0vK3d1fu83MwYhAvv+tf+cVvZ6Xn+VXpWcn
-
diff --git a/openssh/server/team/members/mceloud.yml b/openssh/server/team/members/mceloud.yml
deleted file mode 100644
index a00afb8..0000000
--- a/openssh/server/team/members/mceloud.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        marco:
-          enabled: false
-          name: marco
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/marco
-          email: mceloud@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        marco:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmrJJsRR1dIqaomk83+sn5OnRLvVqrxtROT2uO83W0C4036t3OfJEBL2COJ4Z1iQmyoQUcIpRdJns+Ft8GpVEEQ+mW4eo33jhVEkfLBzRTE7f/WqDmMeDbdxO7LdUNlIIc40KBPcnJWvEorqV2z2UF0+xqittTE34A3CgF82BI2Nx6vCNhgnJJnCyYisD+wT4f+Ovor3Rm2s6zdnJRqcLgx5lkNx6fM2ffkD36MjyPyVYWvFqw68kEsBPcpB0EmiINKQRg3A/iPvUgRWMl9nSvSMVopkbTOBpSK3H9hzGCLiQJvE8pGjHhb7SOix0p0sFdNrNRiC5ayaGQUDQgWH8h marco@marco-MS-7699
-          user: ${linux:system:user:marco}
diff --git a/openssh/server/team/members/michaelpetersen.yml b/openssh/server/team/members/michaelpetersen.yml
deleted file mode 100644
index e19ed2f..0000000
--- a/openssh/server/team/members/michaelpetersen.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        mpetersen:
-          enabled: false
-          name: mpetersen
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Michael Petersen
-          home: /home/mpetersen
-          email: mpetersen@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        mpetersen:
-          enabled: false
-          public_keys: ${public_keys:mpetersen}
-          user: ${linux:system:user:mpetersen}
-  public_keys:
-    mpetersen:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJzKgMddHiRYBewGuS9aIHJWrwoz3lTms0obWttyKCFCr9ULwVvok8NbFQQPPoh0uZIMLh6q7Uu1iJLgrRcPfEuzzwujdy8uZ4EN+xRDpcBJJs8laaRrigwjLEfOjayytHddgS6CnzL4zYmkd2mnvmB6YwWGid0NEAHTHmTS1LOxkn+YYUvHjWi4HZnAyjX0/udDDHYRCE/dcSpG6t2wXmddPJGcgUbniwEDEGlwM0nSEvi4K9hUcP53d8zkn7Klc9NC2DGnFKelTiNoizKGrimB7PKUuVJ38/OMwodMt0VAQmBeObKvNEmsz3thWv2UM21RvPNYDISf1f5YxDpMLQF9A8YwODhLQjS7Gb/7eiZhcEjNKVkKiSyqdohV2ZTZCaBfpeW/yzXaNC1oGDEWJPX3KmBsQaT5w9NSl5oj7qtMTSVH/qY2QQIgz1cNhQDRrH48YRykVt+3iu/qToB8FFe5MPixKvxnGlk0weLCn1liasNDu2LjWALD8WTV+ksi80OwVUtrMkI1d5+doXKtf4+4zNGZT8G2EnenkkFyBfe+T7de9NXGdiMorsukf0Iq6OXMYWIi5nO/bnuU9p0dFCk5U9jfxdlLKFLUI5Web1xVfm5qlYyMjhfkP9JAZViA80+WUUx1cIcI2KR7Sd8uwxdyscF8dWj2ouyluLwHpmsw==
-
diff --git a/openssh/server/team/members/mkarpin.yml b/openssh/server/team/members/mkarpin.yml
index 32cc689..dc504d3 100644
--- a/openssh/server/team/members/mkarpin.yml
+++ b/openssh/server/team/members/mkarpin.yml
@@ -5,7 +5,7 @@
         mkarpin:
           enabled: true
           name: mkarpin
-          sudo: true
+          sudo: ${_param:linux_system_user_sudo}
           full_name: Mykyta Karpin
           home: /home/mkarpin
           email: mkarpin@mirantis.com
@@ -17,4 +17,4 @@
           enabled: true
           public_keys:
             - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcO+qMO4z5O75JmeoyHQKNjq72psAMO2lebEMl5MbgVs7BAOT3PChamRId3xhwX2X5R0vS1ZSgRm0XC4br2OpJ9DsBhOBbPRK/EyjAm5aTBW8eZZ69NDFam/hLJ6Xq+jZDdlBT8iK7CPxTJD+0wz1KqpIgYlUNkix5EEj2wfUAfw3j6lGiEVQ0Cpbejey9sYlUSitKcYs/EAX5byBBqkFCLL4/D77fLOIuWfDzAAStUR/wbOJnWNiIScifu4EUdcSdHra9RoQaRgo31ALq+BeYVpvqnyHTOw9t2q04sZVDN4anhUMAFh0n1CkbY/2HWpX/RYWt1bV6XtDeoCpsC5Ar nkarpin@nkarpin-pc
-          user: ${linux:system:user:mkarpin}
\ No newline at end of file
+          user: ${linux:system:user:mkarpin}
diff --git a/openssh/server/team/members/mrasskazov.yml b/openssh/server/team/members/mrasskazov.yml
new file mode 100644
index 0000000..23926e8
--- /dev/null
+++ b/openssh/server/team/members/mrasskazov.yml
@@ -0,0 +1,20 @@
+parameters:
+  linux:
+    system:
+      user:
+        mrasskazov:
+          enabled: true
+          name: mrasskazov
+          sudo: ${_param:linux_system_user_sudo}
+          full_name: Maxim Rasskazov
+          home: /home/mrasskazov
+          email: mrasskazov@mirantis.com
+  openssh:
+    server:
+      enabled: true
+      user:
+        mrasskazov:
+          enabled: true
+          public_keys:
+            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCysPXCuMbUjqjtO/n0jVZK13/uMA/TI6Qsdyciih6jWJLbd6FCL/GWvkykngLHGH9lVGFYsOPRiAmlh8gXfYohCZFYuHxE88GoiycvJGRGoBDdxd/beDca6nP4Peqlg3TUUum9PefULDiv3eVHKwX4BC9mGIR6bWB41O003OxJMwEN9lLGmWqxAlAdCUwRIm9TlgTu6Fq3ZIkjSwGsZg4E+saBLnUiOjwYWSwmTiB8WTR2b19lZhXFEovdVY3/gF8Td84WT1TDXeWBAvwmAcFLRPEx/AI1Nt4AhM1toMMoq64pYbGCOYSgI7DZR/2vtxGa0IjQclLZ+M8YktyNErc9
+          user: ${linux:system:user:mrasskazov}
diff --git a/openssh/server/team/members/mrelewicz.yml b/openssh/server/team/members/mrelewicz.yml
deleted file mode 100644
index 144379b..0000000
--- a/openssh/server/team/members/mrelewicz.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-##Disabled user
-parameters:
-  linux:
-    system:
-      user:
-        mrelewicz:
-          enabled: false
-          name: mrelewicz
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Maciej Relewicz
-          home: /home/mrelewicz
-          email: mrelewicz@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        mrelewicz:
-          enabled: true
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsB8R/Sv7hI7kHnOa7slfRQUhx3uVo3lDT7SLZw6m5Xnc7JVmQBmsO3s0lLHWRcxBUNso8P5xd8XG30VaW2MPrHGEMy6TbwxJmoFb8+zZaETjcaXvXig2RAQe/I3GAplptCz76GFM9SQavXtqb4D7wPi/AGs7yTFBa1rlVPdmhnlQ2woZoF/Hb5vPpFbK8ucR79eopNyd+g9mhLALJGRIUkRh6q66LCUAbMHA/Lm01IV//mGFUS1Sh0lcM34LOl99SyRVKW7kbql4vWE/4ZSxX1GJC4WVxxBitdWAypGuq3PY8L/+JDjXK7hXSrYaVWygrrluQh+ZXY8S1zx1SoPEG8uzyqdei8VxDPJd+3Y+w3YvWiYI2QA7fdtf4AW57OjZJrCgC2SpUuO6TNGcQ3gxV2/IChHQMHUV6IYc+ENaKuFIXVfvFBa/VMVRoTFXKVdE1cycDR3mgygGxE9QWxLmsJf7ZaK6A0zQjxTQs0GJi6Id9dgjDsh90uPIaVJWGKZZqDH+/cbXqN1AOTK3ecVji2fOfL3JQfY4wTFt/WmGa2VrdTfv/d9bcvEvhHYaCUs3sWy3sobJXwYCiXwuZVTTLj4EvN6L+jt8I9nG/6OWILUPVjrx84ikZ3Ig1Tbts2giIuB8JpQRup1mrEtpxoeOga1ts5ZGF8XfIKOpqaBpTsw== mrelewicz@mirantis.com
-          user: ${linux:system:user:mrelewicz}
diff --git a/openssh/server/team/members/mwilson.yml b/openssh/server/team/members/mwilson.yml
deleted file mode 100644
index 9f2d63d..0000000
--- a/openssh/server/team/members/mwilson.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        mwilson:
-          enabled: false
-          name: mwilson
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Mike Wilson
-          home: /home/mwilson
-          email: mwilson@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        mwilson:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3ltgS2MbSWR6c/V60oEHtUnLQ3bm5sSqnjFEvL00Y/aVuNL6VCnPCrWXlYSbp6P70UYuD+ngD4x7aW8jg13ii9rw2RntlaPfmttIOb6REDFohOhC4T3BPdeCd5wVe9p/ioyiFCqNi6/m/RWL7Iv8IlR/2IetQHL14VWwTgGd62sqExdb6oZM3Yux/S4jSTcMYBzt49t+QKTLiYTvQJl7Tzv8RJNzAWMsgBwo9M1N73Zqa0hA46sGkbwmWXoBhnJwowGD38q54P+WaSrar/9FT7l+uCXMwbsyYDpoRJH8SQOOpKrymEeyKCjXQUVtLopmfZMZ6COBpLsTSq1BCytwQw== /home/mwilson/.ssh/id_rsa
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDV6H07IEV9merlHUFV8O/Y7sczYXNZjysTBg4TkUW3mWzvW0PJMKnP6Fc1XfFE53fR71N09gkmnVlEtbHa8PTXoS89JVuUHTnitAbDdINShm0pFNWsi/3f00nbfQ8hjaxEWeZ4VlwYzP4v5IPVtpDug+epK65clIG8Xfxlp+CcckyeDdBNSztHHDuQiholzmPicN6EFM6bVUqUZSGnmxiOCrYUOMXBbYChBc3otfeF6vO3WvnKF77nixgOGGmuS0+t96vPKLB3cl5GYpTFyOmrt3tu7JPlTsqwUa0yqDa3ny+5BToIpnROhAqTZV5fV3LHgtObcWYRGANdjVWyPiNOiywiDzsw7/xzuuqV2wLeLnFG1Z+G550F1Ed4lrsPYKc7+qxZYLquI0iJoIjg5WPzNw5QBLdb1srL9zo+0A91Asx8U95IjIMWumowWjDN3Mn0qJwxW5d8SUign3wksIu2FlkLCT4u95CEIebDVEhTQQR0AOP00/KLKtBDn9a5H0UnJZZSTG4+prU3CnqyXqyp6dano86fGEkkcP2PDi/SUwoxdBvMVbdZxYpPYm+8Oe0TjLWPlwu4kYCwVnl3EYgJZAHjT6wVHOjyXcJYezPvvXY8B/VR8UfupetHg5/mVjoQQy2+Nl34AaDN2TLQLXRuG+U+hZqV5Jzc3JO+KKfDUw== mwilson@mwilson-ThinkPad-W530
-          user: ${linux:system:user:mwilson}
diff --git a/openssh/server/team/members/myatsenko.yml b/openssh/server/team/members/myatsenko.yml
deleted file mode 100644
index 839a868..0000000
--- a/openssh/server/team/members/myatsenko.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        myatsenko:
-          enabled: false
-          name: myatsenko
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/myatsenko
-          email: myatsenko@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        myatsenko:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3wCjIm2PVzViGp5NFxeDHLVLxSq67gR+mm4jarHyDVb8wz9kfSG6cWGXNZhrqse7NgpDZpurFunFddXQBOgR6LmOfo9sDlcl4oT0+OnWHgyK6RMYcigkVYVYI5W2f5M+3Dz/KjV1S/VmRYlh/tz46PECV+Y93RaUUXS/91Uv19SAzuCd3Rj0l43HY5ROZNK0VZSrIsnhOqLZxF71v0jY/AbFxswooMH0NCM7XFqVBsRjwclfQjIGkV1j4xeWGM1xWkvvHCSEz2JdeAR5w3C7mhCzPpQJXvQGJNuccyZzoNbHPgDdFPx76MGj/VdmeUu5yKnFSnNNoQ1CcbxmaYeJ7 myatsenko@myatsenko-pc
-          user: ${linux:system:user:myatsenko}
diff --git a/openssh/server/team/members/nkabanova.yml b/openssh/server/team/members/nkabanova.yml
deleted file mode 100644
index fdbb827..0000000
--- a/openssh/server/team/members/nkabanova.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        nkabanova:
-          enabled: true
-          name: nkabanova
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Nadezhda Kabanova
-          home: /home/nkabanova
-          email: nkabanova@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        nkabanova:
-          enabled: true
-          public_keys: ${public_keys:nkabanova}
-          user: ${linux:system:user:nkabanova}
-  public_keys:
-    nkabanova:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuI74hcXTCbbvWoWHNLkng0nDBBwEzZJu8APmKVBukr9Lldz5r8n4OLRzlMI9oKbzvOuY082Cwp+9f5w5ViF/wmmEBa5sktUOBI5Jsi+g5ulb1i2HQOiaRibFJZZcoW03YRQCqQ8D9H4QcuXkT4oNuL5Wcj0UKPQT5r6N2kvuNXlJfEezQQim4nVRymel2USPt/AhlN4AUfBShR8Ykaky2Me4pt5xi0fLOJ9ZDWlEa4dl19Jd4tPz66+dLPiWql+6dgd9GiN+f7NLdDOv3RfOBH6n/It4y/fI+2/UY57X13dWauQNIQHQHDTpCCRiB+XOHwoCRaV81XTHbR865+/sP
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTOke7Y9PB9lbFxaOHVq/YriVzPWsjH+Ie/KiqfjkeLLy3HsUIAJGrxeDbT1YB8Y6OBEKrCk45ECgsRu6MS6jMx4CmJPEV2QNf05Y7g3XBoTeNZwUQtW1aUER6ZXALiBon81cAvVhHDIRHDwTxrSMUTyY0m4sInSt+M6yg22nW24BJLNbRvKwMvO0bdVFzCHrTWbODAOGNplQf63eWlYC2t87PsqTT8CVHgv40QGLIbmGFCyMhnTk2TUMW8d8qMLzHAQU8Cd50HLW6mCEF1oW5QNffpemqeW0oA8vi2iLcRV0lbD5yuwaojYRMpudXOzMttkfjz/+ok/d+qWpiUzep root@Nadezhda
-
-
diff --git a/openssh/server/team/members/nkondra.yml b/openssh/server/team/members/nkondra.yml
deleted file mode 100644
index 33685eb..0000000
--- a/openssh/server/team/members/nkondra.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        nkondra:
-          enabled: false
-          name: nkondra
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/nkondra
-          email: nkondra@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        nkondra:
-          enabled: false
-          public_keys:
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9A6qJfHEIegIcHHgbBFONf3Yld5cbvhvylqDsy+Cu0vSkGHjMRATQJcTeMuG9HGOirVFMzmlKZHPJoQyFGo7FsJS81ZHwPCnh4UnQ3AL5CBp2nofeeXjOInA1CBJfqXgPhwjPexN1k/P7a7psmZ6nD61BHHeHR8U8SHy0Q0SxQPW9S2aFUxt1HVeZYTdWsSe4TIANepZomokcNi2s5GbfAzYo11ga0i56+ZHP0plrQXu8HYHPBjpHctFgE1NpE7vvrIo3c8E154jkxPj8vD+snHsQjpwUmK5lbbkOq9clchPtRtiTu83qZO0/es4zwyohrbqiqvKUITnzz/NcKPbD root@nazaros
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4UpJRI+XeVqSU8ENSgQwQyqEKwmuV+xsr1xqd6hm8cIGTImnJQSAKKHErgW0Dm5LIaZFOzYEhrxuFxPymQ5jBCyh9kK/SpeFYZNn7PUo7QLvRE12eze2EfEIS8OeLeyew3UJE+ropP7sZTBUbO9ZeOjVN0sU0GT1XMGOr3AcKB5R6P84ZIzL8KX+vw7VRGoWqgNmM4ZSM1JIp1n6S//2Is78hmoQjaw6SqcDJxqfNT4VtLnV8BDFJyiiu/ufWZ1FwSoFOSUpUYkI+Bg8zF0hHP2mf0gr/8hlTubM5UGtIWO6K849D7H43LF2QxlOXqisMJTYnIzIEVlSz9QWyRmAD nazaros@nazaros
-          user: ${linux:system:user:nkondra}
-
diff --git a/openssh/server/team/members/obryndzii.yml b/openssh/server/team/members/obryndzii.yml
index 9f7498c..911bdd8 100644
--- a/openssh/server/team/members/obryndzii.yml
+++ b/openssh/server/team/members/obryndzii.yml
@@ -16,6 +16,5 @@
         obryndzii:
           enabled: true
           public_keys:
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdHeeCZb+4YOBC925Byc0JkdFiNHnxl1DikrJlvza66n+URnfpTvtYhy70oT4jWruWf5dGAh81LK6SJfcLKqDvSNwAU4utQp1t71VllPB482oUhFSBAPOhWHElFakWcgnayOFVtMKhUZ4d5i+C7vXr+JpporBk6le7LuHD0/vNEG6SywexV3/lDZV1kahPSHblBxaED6nNeAODXXRMAOzgV25+UcDINaVTSzzQtCfUHydkVmw+TmxYc5wbdac1AtUkFmFbC6XTsv4VyZsH563jHNRf4UYPN6MP4SWv8axPiGUU5jr4laaIpDQ0TF/b+0Z+QidDxxTIsQxR0r/auUJp obryndzii@obryndzii-pc
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD+5Ykrt46voaBAZ4BnYCB7EjRWNd6R+IqLaoQJzHh0joXVyZj/MsV0LcegxVV21Qnecp3qSw9XQiyJ9cghJbN3/AhEFpx7yZzf7sHez7FxRFefBSCO2IYSDBabO4eyv1X8UXtJrZ88lJBmWQr8nVy3E78za1cq0jRKNlGyvTrRtwY69WDhhc6k8CxIGAUrT6uAFeNCfroRKuw3zDm0FIxoq0eExNwBNw0rIXXUowDoCafTYSVpqSQ+Sby/wfRMc12ISmUnOQ2d9A1+YWoZgdHs+G/OK1ADQu/6edaSOWhX0BGLNRig5lWfgbOmAlzIqNqcLDMaBrcwcpi2LN5pIQf obryndzii@obryndzii-pc
+          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCHoSxtdURZfgjJbbcKDA4TUUTixKVcRkGfgISYu55IF3scjoFRynaFP4zjBIitcTzxuvo7ZlE5ymxMHC0UNm5HU8tjmVscKcQs73lrjTr7jT24dZ8mr27nEbuTOa73FotPoIH5ao0wSSDc7PDXRUvJNI3xoZAd2KW1NZVRFFJ5jo/byuIfqIJLIAvOBTyUDoIrbL+3/WFIjdZ8MPlfyC8Bi09KfrM4hmzGDja4Mcfm4M7kMcw+B2DCpTtYUFCqjuYgTNC6EbTch21Afe9MCtdVqBBddFKFDU0WZtKfcHTuOVfiSrK47jA0ljU6HdHxFGmh3cz1ajux58T6/RHfXID obryndzii@obryndzii-pc
           user: ${linux:system:user:obryndzii}
diff --git a/openssh/server/team/members/omolchanov.yml b/openssh/server/team/members/omolchanov.yml
index 61289ed..85b8ccf 100644
--- a/openssh/server/team/members/omolchanov.yml
+++ b/openssh/server/team/members/omolchanov.yml
@@ -13,7 +13,7 @@
     server:
       enabled: true
       user:
-        myatsenko:
+        omolchanov:
           enabled: true
           public_keys:
             - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCulNT7qgpJtIoLshljGonHfWk5IYh/MhzO2PEh3GnzrsnI8Mgv2W8TCD4ZB7RbSP6Jt74T7P6F4Mgzag/Nxjwimh7cUJoJZQH54QC4GVBN+YG+CRjEhIDn/OEM9q+6fnAWqBLBf/k0pzeRxWM4mLpcU+6DSPS57qjEKG5OfLCgFbBFg+4EdGP9HNVTLcMBglo7vTWtvzaGjJgH0XFXjx1fXW9JftEmwMzNdoYpQ/a19JYC2x5vu0cGWUjdMWmrzJbnTJ7SwnVYfD2mhUYDi8WGy/nCk67tb6qKCAUN5kvCEWrMPDhVEcBfvyhXU2wVnZHJbOoZxrBiici9q2U7KDYT alex@alex-B85M-DS3H
diff --git a/openssh/server/team/members/osergiyuk.yml b/openssh/server/team/members/osergiyuk.yml
deleted file mode 100644
index 01fe7f9..0000000
--- a/openssh/server/team/members/osergiyuk.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        osergiyuk:
-          enabled: true
-          name: osergiyuk
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Oleg Sergiyuk
-          home: /home/osergiyuk
-          email: osergiyuk@mirantis.com
-  openssh:
-    server:
-      user:
-        osergiyuk:
-          enabled: true
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmdJA5DWI9BQuvIzaPSdLDoK1QwUOI0Z1XjlXlaySFUuknDpYOZpBCi8SyNxS3uR8G1iO069tQ7e72cTxwP3lBJGSjgo0sg3lBuaXfunZo4D1dcjpOgKSIRMVZSB2W1pWzVuk5wjLSxePj6yaUUcCemWuELzMix3Ew8GBeWYVfgcAZPtXy4l5slxvK7lRxZZGwX1HTja0uN3UbR3J3pGDDsFN+qLdqnAtbofu9wlpXd7ffshB5dWUXHk9SEh20V/HVk1K7mDCEpKTYRC/vRlPaovauoldHEzwGcEnToXmWSmS8wrCYCTAmCw3jVHDNcYJ+kjDkaJsyTQ+KrLcSYzgMc2efRE5L98ShLZCWQMEd8ldSZ5FIynbTPhJ+9KzS4fnwoX+wCpwYGwpYKkw6zs/N+oXw2CTk5tmc2br84qHkY6spr2+ydTn0cbsMxN/XlPIz5Zn6A5O4yBZA0LRf4A+bKMijn596/XH/TPuy+LdTwEbhA13v2o6beA5xlt1TSxmvumzwXfvzMpmzWlyC+xjUR/2x6ak1RxIi1zlDnULyZRtrHdAxz/SiEgRUVmet8uGhwYKno/GMa45UfzzAX+6w2M6rFBfqvia5Wmg19UheVVvVP08ssm4Cb6l7I58sMkFcLnazf918T8uxqE+1E82ZhbkXi2X3c6C7jY2UkVf3dw== osergiyuk@mirantis.com
-          user: ${linux:system:user:osergiyuk}
diff --git a/openssh/server/team/members/osmola.yml b/openssh/server/team/members/osmola.yml
deleted file mode 100644
index 2083ddf..0000000
--- a/openssh/server/team/members/osmola.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        osmola:
-          enabled: true
-          name: osmola
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Ondrej Smola
-          home: /home/osmola
-          email: osmola@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        osmola:
-          enabled: true
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGcF8AI/8hOeKlda4vniFVBbD3wOK4D2+/z+pB7kK0JyxfVC3XccYbpqQioWjt96JwDX8dSio07OUAFqOWQH2cTp6wjqNmpIaAODo44kQgKDXrjEq61fYW+L6JYZHxsFUPLvlNlwQwND2F5HU8oWbsneGu+Psb/COQebcGDdT1v/f2G9r5br2O43P/XPx8+YGKd+OiHPIN4Fk8fZzCGX7oJ7GGGr8YTL/Y8ULF3WiTXbQEWusU52Sf7/Is0A6BQOH+OuBGrVCT+j2XI9QBMyVSYtaKCnRDlEGessnGIGRGrNza/xYivWBw8IsVziDC8x7zZByAwmctWoWED6wWs4YU7SqoonEaYEog32J6Uw9tGtTgvkRC1mpMtgR2eenjNax8Fpoc6uTb/l0gevaRE6IqNMS0FBIIbkCYcoxfj7zIsYms/9IhsXGk1lW5ZrouCFICGEVa7zJ2F+3DvyQDCSuqsk/bfUQZEFw1FdAYIsZYQR+LIOSVQplapGVyqhlbkeUEVdILzgdMAfkPa80ZnGvTO729G/8uP78k1QhZUHAypkeWQ/aJfOKrxXyAxtMZiuyK31zf4OZdKSDS9bAWlmyKkohp7cEjLU0ex4AYDS231Y6JywL+RnucMJ4gFqSfSYfkM6+23gFbYfP7NcEKrkCaim/9RMU1RsunBk8As2K5gw== ondrej.smola@tcpcloud.eu
-          user: ${linux:system:user:osmola}
\ No newline at end of file
diff --git a/openssh/server/team/members/pjediny.yml b/openssh/server/team/members/pjediny.yml
deleted file mode 100644
index 968ec33..0000000
--- a/openssh/server/team/members/pjediny.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        pjediny:
-          enabled: true
-          name: pjediny
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Petr Jediny
-          home: /home/pjediny
-          email: pjediny@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        pjediny:
-          enabled: true
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAgPX2oPwcmBMjf46UC+1vUBnKn9iBG88VD7lNiMN2UGBNihfCfSt4vOSNcVotyCSTrgm1dzHWN3nDt/fYiWvEimVE8VrawU9nJQ48o+M546SMCSYL9jqm+j+oSTd9CP7TeMgRw7hob+/vXREJVmol9cynsQei7HoFeo6iw7ZYMqgI1qOtHwN5Xep/7XZbQ0znweQY4hvywl47dK1GxnoQQUi1v30MzKRVIasf3cCMVr3qJ3ECxyQ2+Po/899jYLDdeJvJeG6dJQf1aDEDSHkoEjVup4jl5xu8y3jAYxOfKwMPe+Lb6lF3zRCB9QRZN71cxLVm+w7LfLtgLfsKv3xPeNpvvOvEQOdFg5jx9Z8w1KRkU2Zkc4fRTcWis89/9va3QL7W1pini3fM+WrpFatc02i7KjoJApeNQt0pwFl33DW+Zz8bQQZT7PT7LWNZjuvB4YmZYA6t9hj5rzUdUN2IyD2mNvPeNykdCLuFh7N7A67tpFSh48UHGld2ckdNmPQR8Ev50Fxu9jj13Cs4l3VMxzOF5I6VOS7g5vEKcCpIyDTtjSk4fGZhyeea5l8unCQzMw9UjkZjgy4nTZvxeqdRNnXSMrb0SzNuqbSM1J67GAUPxfxjb5HSmCYK/KSK3RXHrhwrW+t6B5x72KCCmYYJfUwofm6GIPEYGDxPL/VWGKM= pjediny key
-          user: ${linux:system:user:pjediny}
\ No newline at end of file
diff --git a/openssh/server/team/members/pmathews.yml b/openssh/server/team/members/pmathews.yml
deleted file mode 100644
index 749fed7..0000000
--- a/openssh/server/team/members/pmathews.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        pmathews:
-          enabled: false
-          name: pmathews
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Paul Mathews
-          home: /home/pmathews
-          email: pmathews@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        pmathews:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAIAQCt98sNV0lNpOK3HBAdv44hGv+0INrqfZsaZgTdGsJi1aZp8QymbusSW/86XnuQLrJKqPe8xrJn3/PBCqSgEXnye2J5cculBHoW3ehTwlQk/SSlM4GqeSEhn+6r07Gt3Y41EbsbgJYDFUZe395DVfAp5I/HBEG0Hf4b9zamzDX4OGXiBNhIDMjmnBHTbVAiYJ/igrGtDKTt1qNfDX7b7ViLSNv3nw2F2vBBzXQashGW6e/qJWjrdxjR6WNldmq2/KjxFec2k4J1RhItxEFNaPPAULkUUwXZugyid1fDxUlrpMryG+edCXtIMKD3caGTJD1S4QX6wQlPL/dOn+U+qu2Aa2tG5fKF3ECrfgQapOND239XRANm4+lSFgR8ucD4VO7EcYNLwS9DBNNvvnZWcVtgWwR9ULx0Cr85uySVJr+Wzj5GmX6m0uzeTFyUITn3CpQf2ONSi4g06Vwguvm0NxiMwjnirrkwlw9tVgbZpGAo/rlIa6t1brKKKkZQhm4JpK/xFd0qUWva1pME/G1AkRYAGm8EQsR3N6nEHFW3eJci9/Y/vHigxfXhN9rCJranKogP4v24gv00fVPPrFzxnC9/pfSrbpbh+5RsiZ8ZdUc+rrAM0qSauH1TvD+x6Al2R03ABtnKbhQhw2wkCMPiUpb7MeIYcYw0NTLhF/KocKamRQx/dDr9zzvNkMsbFs9eUipHAQoDcDgYPvYaR3q1kGZpteUO1qMYCMNxmAkUte+ggsorZQ/avwa87nd6KBUSjRraxyZKxZMLbTIYKE5ElduySq3ltZLkwnjiHCmJ934rlOyZro/pREi24L1cYdy1oUsckEiDmR8p715Idh4crxSfcvT8h1MNPV9bvdKsjKO1CtWz4xaSXG1DZ7PmByHqMzJi8mNZI2f/ZbCXNFA1S5bT5NeUO3x5Aw3lD49fQIxFc8WSvD0bBuGk+1DaLjCMNQnBSFJaCB79HQXYqVkNoUH+V4HEnvinoqXOKI5jVy3vNkm8C9DSnJQHUotbyGw+yikXTLg3EFAxJC7eeC/aPblF21TZDmaYGh0y7UNrV/RAVSLO87DOdELCij/GUqW0ANsgJIE/GVDog1AGIM8S+7kwzWDHZSlb1VC8gEk1xL8FIPdUmxHi0Azk5aWUqzXqC+0Qwx4UKsLwjLgRhW35u+3wDzlphgO3+4DR26daUp8RynfUnoHoj7WIy+B3mfE4bTGHUIr0WFoV5kkcOYdYdbLDD7sWJk3XPBqaCr7WJPOCOof7iyVSsH5sZ1/l6UCwfkuSCLwSMw1MYRRkQ8qqRB02auG8uYZ5ismyqfSJHH6bIXnUxpw4PabM7KmpNKXO0ZQi80QhnwY4yshfBESWJDpcfjqlEUSbLY5nqoQ99N2LHahr43/FO8P6iuARuVxaDv0VOkWaOFL2Zmj5udk0U6osODK+Uj+DE3Y0AuTGlMLh634ycx6fp5kdnBjmlvVMSmJCoi47AaTJFXLvsfXvafIfglouVuFtAWmriU1BIPq+uoTwqgZAZkTySGvvFZLyTMES9NTexodkrOdhJM3yGfCkTCq1C90VywdmsyPIeajEhlDcLFZIkUzIxlaJplGF/1DHg6ZafFnQSBNBfr9GMem4FnW2EUNM7WUFZSXvA85DYs4B1oKTU1chqIk+cg6MxX3xA6NSL1RhqhW+x8Dt6EWT6g3WTQM8ychO2GUNRR8VFpt/mVbxkiH0h9MRFwu9uQTLZR/c/TT1DIh6eyIIneIbPkHDhRIHiURW5deELMtsMq21o3heCNk1Qa4wIjQ9e6Ikn4BxMRHeuW5VL2oaHxgT88tCKjGETqYDKE0e++ZaS93GMOMeesApM88rySIOqcidQE2Jh0DRHQ1A5FsoSw69zPgZYYiVLYW7MupimmiWcBGoB+SWQl3OLytDX8/MC4KHZf8oxUiWdORXWplEULy9P3mYV7K3hSU9Wb28EoDYnusdyu3I5peqIV8DAfOsCOOXvKbfd4hogV79y8ul4EnTrKZXEa96Nl8+BQ+xXa28MufAZOmODfKE48/ywzc1H2dXhZZWtXxNZez+qmkqVsIMGG32YlpwdTdH4FGxg9d64fHAtPGqY2stmHWyFUB6+ky2A7XvoqSR1k1cLKaEM5dZe9sWCsHalsA1yd+s+VL14OFB1tgaA2y6GMaPftYELnvvGvAaeBRVpdHNel3TKbQXCl0wGdJ2BzreG9kIzSntjl0/3hkrl32+l3xfdZGJetYtyO8fdzF70J1kBft2CbewwJdC6X1Nkr+nUspHCAkWtB8TcO08xnrpQKnXiXidfCtmcbZa51e7mzSmZTCAKlV2eM6B/G97COezG1+SenKh4YeD22jSuXa/ZW+9RswKzCwXXA9poncIRHMMwkQUq87GGG/WAOZ0CkvJwfw2eGtQ8L2eikEi6x7DyWczzJxAeJ3uFj4S0iZrR7XVnRb+x4DsEo/FPRH/+L103R6nTmtkZw6XAMXEjNuaPOBV9FaQ6neeBab8a+Gfe3+9Gzv2tspgcl1fK56UtCoL3NDAMMGpxK8KykPnkQcMeu6B8H8f6xxAtNQHW3y+vZrkWma/VBriCKv67Uaxj8yF2Kqn/VDZskcBGwvOYIfJPOQHKDYyBoS10WmP6vk5l9s3LhuBJfartbC5NIZb5mJ9a/nHhcdzKnJ+yJk2I6YcOECwBXz2rJ4Y+IfwDJaRl1god8DGLvEPvWko3WinHERC+e7VXyb1CQ==
-          user: ${linux:system:user:pmathews}
diff --git a/openssh/server/team/members/psvimbersky.yml b/openssh/server/team/members/psvimbersky.yml
index 2fc10b1..9ed28ce 100644
--- a/openssh/server/team/members/psvimbersky.yml
+++ b/openssh/server/team/members/psvimbersky.yml
@@ -5,7 +5,7 @@
         psvimbersky:
           enabled: true
           name: psvimbersky
-          sudo: true
+          sudo: ${_param:linux_system_user_sudo}
           full_name: Pavel Svimbersky
           home: /home/psvimbersky
           email: psvimbersky@mirantis.com
diff --git a/openssh/server/team/members/renesoto.yml b/openssh/server/team/members/renesoto.yml
deleted file mode 100644
index e05a090..0000000
--- a/openssh/server/team/members/renesoto.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        rsoto:
-          enabled: false
-          name: rsoto
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/rsoto
-          email: rsoto@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        rsoto:
-          enabled: false
-          public_keys: ${public_keys:rsoto}
-          user: ${linux:system:user:rsoto}
-  public_keys:
-    rsoto:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCSmved/uNo6pkce9z52wiapxXXQ6nRadSzQhcYqegltYRbvDbAPe5oh/LGUoxybyIP6OAormVJlb85JojG1s7Aom6YtiFNTlddORWXZ1fuxqg7ue2++wQW3Zf2uJMFGKPAByucF8Oqix5WmLd8X8wpTEhX0x4aP9AwDNg2AdPqCGwb0ulwJ6Q6E8UBtHgFq/xF5mNX6NkefemhdxguQDiC2nGedSBuxXzSs7W6DIgL29N3IP2M9N5SjoFsY9cB/kbESchxnbKi7lQOmF0SsTxsshBjO3quHzYVvbSfeAmGb1stF5QHw1fMDGpBpM+yBLAIByQalpz6nkIT5ZgtlML
-
diff --git a/openssh/server/team/members/rfelkl.yml b/openssh/server/team/members/rfelkl.yml
deleted file mode 100644
index a2151f9..0000000
--- a/openssh/server/team/members/rfelkl.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        rfelkl:
-          enabled: true
-          name: rfelkl
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Richard Felkl
-          home: /home/rfelkl
-          email: rfelkl@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        rfelkl:
-          enabled: true
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDlvQKWbEQ8bM2rtE35sA5+y//YKMLNJ48d+/RxWlUx6G8xJusUhrKZuMRMgN5NqJQ92Z0Yd2lulsPeKEfSbqAxBxmNZ+mAAy8w8P/BHlQImi2HgMpWtQ5yExsAvCUAqq6KclJBhzjArg4+ztmKmNvjM8ZktJYeCM8VJ+qT01B8/3+frgltIDCDcC8YpRwbAt7aLjuB2Jk5Q9daQbtZ4XyXwHgPDpyZUkcuueUk/iklUBkAh9P3CFJBpttXEyKI0+cJAtM9vCXXPWmWt7nFAyQ8nH9+lTv/ZuD+pipKJBW2sp8+fFUWJ/Z6GzWhyh2KxiY7eK3kgabg1i7FtLFtRbZj richard@richard-inspiron
-          user: ${linux:system:user:rfelkl}
\ No newline at end of file
diff --git a/openssh/server/team/members/rsafonov.yml b/openssh/server/team/members/rsafonov.yml
deleted file mode 100644
index 75eac67..0000000
--- a/openssh/server/team/members/rsafonov.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        rsafonov:
-          enabled: false
-          name: rsafonov
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/rsafonov
-          email: rsafonov@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        rsafonov:
-          enabled: false
-          public_keys: ${public_keys:rsafonov}
-          user: ${linux:system:user:rsafonov}
-  public_keys:
-    rsafonov:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCaVDVMjNUXR+SP4xjH4vX9zfqzYHosQRO4MlVxE8uJPIIQdF1+iPWtggLrsRDZTSQ0JNzCYGXPv8fK6iKBQ/cX5KgMnVPQmFn4Q+Ip/oWotkbVZtR1F0ZVw01KNBYE0LMXrV9dxhX6qUFCO0IV9inbOZ+6zhYOLPddG2WVc8htz8XH7xdWqGbU1GBwyEoRFjITZ9GAYMRNrSjlzPsoBVkQwGKNtvh8uCFZasfAMr2mV1XVFcJlK52T6bNqIXOYPmRc9mSoQoD0UHRRYwlWAZHzW+2e8SABT+NRT1Cc/BoioRC2SBKj9tsZgy9nhq5O0EfuvWVL3ZCM6+RviNxkEL7Z roman@roman
-
diff --git a/openssh/server/team/members/rsatek.yml b/openssh/server/team/members/rsatek.yml
deleted file mode 100644
index fb394e1..0000000
--- a/openssh/server/team/members/rsatek.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        rsatek:
-          enabled: false
-          name: rsatek
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/rsatek
-          email: rsatek@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        rsatek:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC63DK9CdBB2WNHcbgzReBlcVY7YDvVKBJI4P5O8N3lg/T+01ROL99/6k8drFYFJjdeXJaMkCg7UM17yIyouDijBHB9G9AM7jkefBZrGDF7QaWJeGvpxB9W3BQnhotCeuP363CNBup+oUfPwXVnkE5iGuLJAGS8SENpVZpZsF0gXAUuVtvl5D8h1wIqQtFveJSV6qJkjVIudZYJfOMDBfiyS5nEwKmboP5jFtrm3e64HpxDhm2J5irNtzw3hOO8cq2ssnZ0ZAHFf2FfnPAzZ2L0Z1MpZcEPdzBonsdO8/cfxdbov9hW4iLmpJF80KxgPyHU0R304uyfnsfkC164l0Rx rsatek@Rudolfs-MacBook-Pro.local
-          user: ${linux:system:user:rsatek}
diff --git a/openssh/server/team/members/samstoelinga.yml b/openssh/server/team/members/samstoelinga.yml
deleted file mode 100644
index e4e45a4..0000000
--- a/openssh/server/team/members/samstoelinga.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        sstoelinga:
-          enabled: true
-          name: sstoelinga
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: Sam Stoelinga
-          home: /home/sstoelinga
-          email: sstoelinga@mirantis.com
-  openssh:
-    server:
-      user:
-        sstoelinga:
-          enabled: true
-          public_keys:
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh3j+qNzTJJJrbgWaNEJ4/wF0HZB8jFlz8jO3tA4QJCPJGT76LeFZgeFK1Avp0rRHD4dnHyDvjynJpE5TckBEFiQ2kbyRRiv4SmJe+cEaSz+okoXSuW4ZbsiOhX7IZfWqhR9ra0uxviiaecWOIwoci55EPob34stthIbLPlcSYS81kdivhJLUZwRTvVX4rRf6gFiAjYyv5Zc4ckwwtkIG0A6XiuoHEpO7lDlps12GfN9DEsNUfzFGrEWzucGsPIBIDmHiods4kMv3UNYKImX0EltLF5bGlSDOsy6t65Qr/zCXyB23yF4oU7991/yIjMWzSwUJzcmcHk+0Fr0b1WHh/
-          user: ${linux:system:user:sstoelinga}
-
diff --git a/openssh/server/team/members/scottmachtmes.yml b/openssh/server/team/members/scottmachtmes.yml
deleted file mode 100644
index 0daf80f..0000000
--- a/openssh/server/team/members/scottmachtmes.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        smachtmes:
-          enabled: false
-          name: smachtmes
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/smachtmes
-          email: smachtmes@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        smachtmes:
-          enabled: false
-          public_keys: ${public_keys:smachtmes}
-          user: ${linux:system:user:smachtmes}
-  public_keys:
-    smachtmes:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHGFStJ/pZhZP1c28yubmxGvkCI6UqcxIYZ4oi1QBP0yir2fib/2K8MJcqmRwYhrhw09DAaTnMWhssBhvvgVKX2wS1VhHDo82yRftgN6boo+55zi9Y9o/8IXme1vVTGp8MZV9UCPJMPYrhGxFwOBWIdIYtI0ayDVic54EsTVHUld0ED5NHOBBTJIIz2nXxX8GKC86qPrAlV28VM+Bq8yTNmj18lBTqNXoTswHALNbG8zeV0s8LiDH8LyHgaF8hlmI9EMfGidVQN5txG7x077SQ8Sgs/UfX3q7INyriAVBA5okNoLb0bR9QcRUtQrynOdPp89PoyzNT9JTwmVUWFYkd
-
diff --git a/openssh/server/team/members/sovsianikov.yml b/openssh/server/team/members/sovsianikov.yml
deleted file mode 100644
index cab343e..0000000
--- a/openssh/server/team/members/sovsianikov.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        sovsianikov:
-          enabled: false
-          name: sovsianikov
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/sovsianikov
-          email: sovsianikov@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        sovsianikov:
-          enabled: false
-          public_keys:
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC728opxEr1QAil48NXPoA1QH4qzbGy8OjEq0s+JuovWYg6eRxf4UEhZgtxW3z3vls0xV5fNpoGa1j2xIDYRIxdZV05X9J+CZ9hxUfE0tIi8iS8/r5x+SFeWQmf4zVOwQMRwXujNsmKBDQVpP/y/2wlYHk3RPrPLGZAH5LkO29W4iTKDciOF4p9uGw55CCR7Iaw/S3fq/CV3rSbtsxXpnYzJ0JZEYIVhO8ZRN9kP1upmTOGeC3g8ahSWgkWOD4xLbrUjoaOTqZjEVIUxDf0bLT2/ztihgqvKG9CTObKrHM8/V3tPqns9Xhu+uDc+h0pplxrVAlVtGiC9yx/R3e3gahJ sovsianikov@sovsianikov-nbook
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqe1+ymHcc750HopiD17J79Yh2P3Bdg7csJi1C/1B8Xk09rOoo5eIGGdo+7EqO2alRqzdan8Um7eSd6sH2sGUakHXApz0ig1xyqDcKpbla+13kJ9bEYyI3+7kXdm5/iAIzRmQVBYbtf6MK7GwLv6+5h+QKA4yiHr1xj2mXgmakU8B5r7GZXCq+DDEDXL+7r9h68DqOuQacKesbQZHPUBLCjINigLHA24Z+8Fglk0BkH+EiuBj91/QBT7Wy003njMz4/ecx0t1jRE6yMImDq62h/L7dS17no2ghVhZbFfDTBoyGuMp200tnhIP9Dwuisy0TuGBjiSVO/QJ2o0aAptwl sovsianikov@sovsianikov-lin
-          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd1/kdx3SIx6BxEMpO1+t05ZLVqYGlxxS0oPcpnMAR+t6dBjdmYqMIUb817easmPFDpC38DgClqAzAHoCoPSj5LymiKpkVI0qinyS3b+V/9AK3fdlkE5lUIi7Ij/aCIO197teo1rhUbOjwXVRRqCWPAsAZ1v3ljmHVdBIjva5RraCHM1HDt12c1QdnQdNyQuXXKCx18DpfHcfICVYBXDubEjyGxjomk2nAwF4wH1Zol7I3+djOZcKOw0AVhI8VHb73MIaPSF3/oadsVle6XIlr6HJq8PlmmZ2Bs6cCM8ndRvPycKO+d2Rhm2qGiCWQzz4bLJuEqP9ez1bUQ+1VcJpR sovsianikov@Serhiis-PC.local
-          user: ${linux:system:user:sovsianikov}
diff --git a/openssh/server/team/members/tkukral.yml b/openssh/server/team/members/tkukral.yml
deleted file mode 100644
index 915af8b..0000000
--- a/openssh/server/team/members/tkukral.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        tkukral:
-          enabled: false
-          name: tkukral
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/tkukral
-          email: tkukral@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        tkukral:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRM6WquKic6i6v/JbNR2XuMqCCYqlfyGU1K7XHK7tWFordRLz2/o4S76sZULBTXR0rLHtynvHM4QHlloE1/XJnd0BtI/3y8aY0OkXyu6PHvTC8Az8SyGj2XAcaiPlaT2f+oTJHoPc9rxLhMMD7OTwias6QeVKB3UrT0OaHfy2wWCF7t8cQeofi2ldEHKeCsC1jrT1vaVuoThQgZ00h0rNk4COPZEW34FXdmdJFUmZcUIDMa71HtYgnn4gmE8sUiJ/j6ardvPaycCDT9j1GW1Yu6UVLBWOoMMCb04bDJiidlvY1fQqbM/G4cR4ZPHFZ0RQiM2+wnRaB5RCmBVgNT0Tj
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDIcEZKBvsDAVOeUyucpTXH7nubNjXxlQSMf6oXmcXW5EFzQ7bcBjUJIC2/w4NV2v+/qbbvax1BiI5wU3TWM+LKx6VyhexwrnGQ4p9xprbAIiYaDAbT4KsSOyFnItmbD3qo5JzYruF/jxpus2fV/rBjfsgENHSDSL7ZNO5XLRhdfdcjGrReYf6MU+Py90mOxIcafJQ0nI2PkZ4JURtiJmd/lBp+QJH+6JpQ4Fjm1C0stJFLZfyn0r9YtMXs7j3LK5QaypbZO63NvBKp/1GhZUbC48Cb19SqIoBfQl8JroT93PFzhcQaXd/iXbbBg1WPhEJLAaJEJ7aHGVN+93YHoukP+AFobrpCES3LPFrwbRXpjZNCbKtQCMS1oZHLNBrIsa6uuvAhd9ni3Q/iJq4O6uZ8g0gW69+VI3FT7l3adBCBlOQUVvN51k2k3Q18oeFZAuVPoH49gUDXgxaUHjA5nE0hgPd6KaZkh5UGs/8jyvDLRLVRCUGYfVZcXlMAa5uc1SaUGR3XZgciUlY9DWAGTS8mA4ZnD6mXdnQmjDqhaI2S9jFmuO1Z4YAlHCs+qqMmnFBwbIZuIJaTgl9blr2pi8g6SVQGOE8eA9SDZYTH2EM741ZgVxBPTC/QjMcRtERWNTzfK+R6nZgsdozi9w8MMlmLgvjhney+YuhPhBI2YUwafV2wngqcz7qKP35Jx4E0AeI/Z6z2duuP4JHtaswkR7Zwk4/ebRm1DGIvImh4UxucumEMpXrNOyPZqyJwOb1GM7U5w/kfGSU10y6Y2/db23eYvIb2c1aIbKcGI+Db+1UuED9KcmI9JuYnxqzQZe66T56s+jOi0zyjQDlx9gu2ib/ORE+XVuKqvqii/WF4dTK42YgzTY1RX4wag4mNOEhY4hX+VA6eEFLruqIE+zQ9L+vjf4w2jqpC2CTtY+UtgAbkpZWn9/00CqS9EAh3cmYVgL8se+mfo9iQkcOrHoJ/hN9wyWOK8yQXACMtm/zdFyMtCzhWeSvz03SPz4o1L5QcS3VG+FF6XE5jb0KCWH2C0U6ufgKhpna+LXmG1nXGtay7KqUkQeIwOXq2nq2xehPwgfM25xIPHJ+t1dQMstXrR/h0Bs9lHM7V7mTcgA4MtuYM1mwUpuK9QYantvWE7aq1KtFwFBaP/4swtSoxWsotIDv9GxJhWRJ8aUJIAbsN2znMlbtsIDGTMlWLW3pbpr+1ANAZx6YiQOSCkDDzk4eaFMhlGaa+4sBVfIU0QwnO9swOjQMQH+3/qaeGl9LOZEf87kwFKnQDpMEdDl4vmpsSwzcyGT8AIFl/ybrrl///v3cvCZe1lDJZxPag6KT4BOwycoWTKfL5ll06v+JzW67XqkQT
-          user: ${linux:system:user:tkukral}
diff --git a/openssh/server/team/members/vmikes.yml b/openssh/server/team/members/vmikes.yml
deleted file mode 100644
index 5a1b6de..0000000
--- a/openssh/server/team/members/vmikes.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        vmikes:
-          enabled: false
-          name: vmikes
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/vmikes
-          email: vmikes@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        vmikes:
-          enabled: false
-          public_keys:
-            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXng0oUbSGMlZCamlSWuc4jzgTym+p9u0ukbQvaWW2cneOhLw6QbVkOgRETBIfXitiIB+5nNqTYy7lrYqc3wofjZJzonR07oFoNcyhITLnKjLHV9eZ8aRhwKL2PONyp8d61cdm5zqeth1tMP8uBB+SOn+aD12Hu5tfTJjQeH286p+Xt75Llo/bHybfYmt2HaV9Ts6qb/Kw3Eom0Jkjh8837navek/PnFF7WAkM8GvP5Taqzp4Tmu2UfLeMv4459q+ZiS56WRbcixBQGb7uUUy4jkuis0batBNoY0pwMaaTj8KzSwrQ8shc/LuU2QhR7xwXVIgZR/Yqa/Ojw/U36N4t v.mikes@tcpisek.cz
-          user: ${linux:system:user:vmikes}
diff --git a/openssh/server/team/members/zahedkhurasani.yml b/openssh/server/team/members/zahedkhurasani.yml
deleted file mode 100644
index 423828a..0000000
--- a/openssh/server/team/members/zahedkhurasani.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
-  linux:
-    system:
-      user:
-        zkhurasani:
-          enabled: false
-          name: zkhurasani
-          sudo: ${_param:linux_system_user_sudo}
-          full_name: disabled
-          home: /home/zkhurasani
-          email: zkhurasani@mirantis.com
-  openssh:
-    server:
-      enabled: true
-      user:
-        zkhurasani:
-          enabled: false
-          public_keys: ${public_keys:zkhurasani}
-          user: ${linux:system:user:zkhurasani}
-  public_keys:
-    zkhurasani:
-      - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdj43vCWri1SfE0/z24blmTG229kdbwmkK4R5ZzGx63r9Elj1NeOj7Bu7o3QwdtusAEq24dnIs3bSJEgMm+vsYyKcHMoPzrEeD4b42SEZnINBvUTaYHKjZKw9JvaNL8ZibfubiMeDVsefHX0/swAGPosCVNDiTYlIWUT2gKoFcHH8vyRzCC+KOxXvkWQtmJHML5lVHkTVhpgQln8G7aAmyvLMNFzDkOASkMU29uAA/9fWLqtc4T3fA3AUVEcClVI8fFYcDZDP6Y7HZP+hDZYe8vFxHEEpOM7CCq38M22p6nf00ITia60QyYGjpm2cgJPv1DmPZ4cwrbSCpMcvFu7kt
-
diff --git a/openssh/server/team/members/mcp-scale-jenkins.yml b/openssh/server/team/members_ci/mcp-scale-jenkins.yml
similarity index 100%
rename from openssh/server/team/members/mcp-scale-jenkins.yml
rename to openssh/server/team/members_ci/mcp-scale-jenkins.yml
diff --git a/openssh/server/team/mmo_devops.yml b/openssh/server/team/mmo_devops.yml
index 986c5e3..e85f8fe 100644
--- a/openssh/server/team/mmo_devops.yml
+++ b/openssh/server/team/mmo_devops.yml
@@ -1,14 +1,14 @@
 ## DEPRECATED, this class will be removed 01/2018
 classes:
 # DevOps/SRE Team
-- system.openssh.server.team.members.cade
+- system.openssh.server.team.members.deprecated.cade
 - system.openssh.server.team.members.jmosher
-- system.openssh.server.team.members.ecantwell
+- system.openssh.server.team.members.deprecated.ecantwell
 - system.openssh.server.team.members.lmercl
-- system.openssh.server.team.members.mwilson
-- system.openssh.server.team.members.osmola
+- system.openssh.server.team.members.deprecated.mwilson
+- system.openssh.server.team.members.deprecated.osmola
 - system.openssh.server.team.members.pcizinsky
-- system.openssh.server.team.members.pmathews
+- system.openssh.server.team.members.deprecated.pmathews
 - system.openssh.server.team.members.pmichalec
 # Missing- team members still in flux
 # - system.openssh.server.team.members.bpiotrowski
diff --git a/openssh/server/team/networking.yml b/openssh/server/team/networking.yml
index 219c2ee..bd60788 100644
--- a/openssh/server/team/networking.yml
+++ b/openssh/server/team/networking.yml
@@ -1,6 +1,6 @@
 classes:
-- system.openssh.server.team.members.mceloud
-- system.openssh.server.team.members.pjediny
+- system.openssh.server.team.members.deprecated.mceloud
+- system.openssh.server.team.members.deprecated.pjediny
 - system.openssh.server.team.members.skreys
 - system.openssh.server.team.members.smatov
 - system.openssh.server.team.members.ivasilevskaya
@@ -9,6 +9,8 @@
 - system.openssh.server.team.members.gzimin
 - system.openssh.server.team.members.dpyzhov
 - system.openssh.server.team.members.asamoylov
+- system.openssh.server.team.members.mrasskazov
+- system.openssh.server.team.members.ibumarskov
 parameters:
   _param:
     linux_system_user_sudo: true
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index 31830fc..b2ef7eb 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -8,10 +8,12 @@
 - system.openssh.server.team.members.ikolodyazhny
 - system.openssh.server.team.members.ohryhorov
 - system.openssh.server.team.members.ogrudev
-- system.openssh.server.team.members.kkushaev
+- system.openssh.server.team.members.deprecated.kkushaev
 - system.openssh.server.team.members.sgarbuz
 - system.openssh.server.team.members.oshyshko
 - system.openssh.server.team.members.pshchelo
+- system.openssh.server.team.members.obryndzii
+- system.openssh.server.team.members.dteselkin
 parameters:
   _param:
     linux_system_user_sudo: true
diff --git a/openssh/server/team/presales.yml b/openssh/server/team/presales.yml
index 8361a39..41e0220 100644
--- a/openssh/server/team/presales.yml
+++ b/openssh/server/team/presales.yml
@@ -1,5 +1,5 @@
 classes:
-- system.openssh.server.team.members.samstoelinga
+- system.openssh.server.team.members.deprecated.samstoelinga
 - system.openssh.server.team.members.sachintripathi
 - system.openssh.server.team.members.ryanday
 - system.openssh.server.team.members.pmichalec
diff --git a/openssh/server/team/qa_scale.yml b/openssh/server/team/qa_scale.yml
index 2013d07..af797d9 100644
--- a/openssh/server/team/qa_scale.yml
+++ b/openssh/server/team/qa_scale.yml
@@ -4,7 +4,7 @@
 - system.openssh.server.team.members.obasov
 - system.openssh.server.team.members.mikhailkraynov
 - system.openssh.server.team.members.prazumovsky
-- system.openssh.server.team.members.mcp-scale-jenkins
+- system.openssh.server.team.members_ci.mcp-scale-jenkins
 
 parameters:
   _param:
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index 3116d90..21ccba7 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -20,6 +20,7 @@
 - system.openssh.server.team.members.mchernik
 - system.openssh.server.team.members.hkraemer
 - system.openssh.server.team.members.pbasov
+- system.openssh.server.team.members.alis
 parameters:
   _param:
     linux_system_user_sudo: true
diff --git a/openssh/server/team/stacklight.yml b/openssh/server/team/stacklight.yml
index 032466b..4736b4a 100644
--- a/openssh/server/team/stacklight.yml
+++ b/openssh/server/team/stacklight.yml
@@ -1,3 +1,5 @@
+classes:
+- system.openssh.server.team.members.akiseleva
 parameters:
   _param:
     linux_system_user_sudo: true
@@ -123,6 +125,13 @@
           full_name: Michal Kobus
           home: /home/mkobus
           email: mkobus@mirantis.com
+        akiseleva:
+          enabled: true
+          name: akiseleva
+          sudo: true
+          full_name: Alena Kiseleva
+          home: /home/akiseleva
+          email: akiseleva@mirantis.com
   openssh:
     client:
       enabled: true
@@ -214,6 +223,11 @@
           public_keys:
           - ${public_keys:mkobus}
           user: ${linux:system:user:mkobus}
+        akiseleva:
+          enabled: true
+          public_keys:
+          - ${public_keys:akiseleva}
+          user: ${linux:system:user:akiseleva}
   public_keys:
     newt:
       key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
@@ -249,3 +263,5 @@
       key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDC6TGCQAH3FGNSOhSbovhwODabOAsgVqG71rEDdXvDSShwyNB3RIICefas3mdSLsG7+1K9mZ1jicWzNbotvePwzrM/MESzntzp4QZ5J/9L3BMiqWWKL2u6BQ65LGe0YMzMmdSkqMAj0uxt3+OiFDPDrwqH6qN0hwxAJM+byeUlQW8uWQYm/pmWMD60GUrnjYUfKfEa/S3symaZBHQvjtp26De8D6u/jr4TWi5VJpKqVREqU7Z4IKwn8JvHMmUbRO4endW3cRiv35Qb7s66rO6TD0KlDFnnTxOtFvLhL51j58X4MrV9FHUI6czoqjAgEDe9CW7DzZ1xMj03d6IAipgL
     mkobus:
       key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCBqe3X+LrneiuieWGjlw5wRtgixBu2Q8LZjH6W+8nsOkB7iN6qRdKom3jac1Cdd5wSJ0NFAhDNcTLK4Etz/3YACglsTxk09TzXlqs1V0Y7U5a2eqn3KTOgMNsJ1aOhFq/LnmUwTdN8NXac6TIkwZZBj5KhHSvIoO+mfsascct5FIVU/+p32d3o/4NqMDDdTg/qxIMKQsh5sw5Y9Tz9h28LGbDh+QF2lW+b5YJhnCG21Uw17xcyxf3/53EpJwTXfElonSR7HMVLxrq7oDzmqKFZ2z8i9do6EgODKlZpSkxiAFOBw5oA2hPtEeqtXqvddu2FcNGuSNhx/6O8ZHIKq3Xh/tTOYnoc+qYDMRCzDwzeyivfr5Ci3n64giUaZl+KUr6D1CKeL2s8j9+kod/1JJDEeoYR+V93MTiTD/39N8eQAGv+6r9HBapXIkvr3iNuTH1+5eN36Vc90jXXRmGMZkF5P9ivNGDZGcy2pBwwPg/bRn2xb0zx1fsxd4qOi+Cd7mBCF4+SfnVCqUd2H9R0O3S7WgfLr+wOXpFq6/WwgjzI9RVhLJ5cZmePJKvYZYYhkAxsVwWSE639zFFuU1zhFXr49wa0njK9DdYWiQEhOki0ki3huABmVbWKg/zP1Rlllmtk0S4mwggJ57JYbuhEV3a1x1KOtWMzODW5cb3HlPTQw==
+    akiseleva:
+      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyxzlFKlCcfwagnnmCg1r9SUVfAgy/IdPSxsnpELjCRaz3FI66sYa1F1RdZngoXmYxe5qlmkiRQ0rCjIYk12I08du5FJGYQvMttJEgmVeHtFKW0o3uGBIKNJ5nCni3lR8idPTRXqhwdXYeA4A9+COQO4MGcaJZrqHgEviZt4jQrYy90WdqbKTD4meBRy4MC9+TOUs719kTxK54tmMHBq2l/ukmv3FwgtLz2xMeNW7htiS/1rzA9CEerjkvpc0mOxc4DCY4bH8sR2Ts3Y33Rx6aUN8shTij2aX2v8UvUay2JPqQTJicY+IsYl4D8w/XPx00Oj/3b54f6kTLlzzoNDq5 alena@alena-Lenovo-V580c
diff --git a/openssh/server/team/support.yml b/openssh/server/team/support.yml
index 046aa9b..bb8382b 100644
--- a/openssh/server/team/support.yml
+++ b/openssh/server/team/support.yml
@@ -8,44 +8,44 @@
 - system.openssh.server.team.members.aleksandrrubtsov
 - system.openssh.server.team.members.anatoliineliubin
 - system.openssh.server.team.members.antonrodionov
-- system.openssh.server.team.members.collinmay
+- system.openssh.server.team.members.deprecated.collinmay
 - system.openssh.server.team.members.danilakhmetov
 - system.openssh.server.team.members.deniskostriukov
-- system.openssh.server.team.members.dmitrygoloshubov
+- system.openssh.server.team.members.deprecated.dmitrygoloshubov
 - system.openssh.server.team.members.javierdiaz
 - system.openssh.server.team.members.jorgesorondo
 - system.openssh.server.team.members.josuepalmerin
-- system.openssh.server.team.members.krzysztoffranckowski
-- system.openssh.server.team.members.matthewroark
+- system.openssh.server.team.members.deprecated.krzysztoffranckowski
+- system.openssh.server.team.members.deprecated.matthewroark
 - system.openssh.server.team.members.maximefimov
 - system.openssh.server.team.members.mikhailkraynov
-- system.openssh.server.team.members.renesoto
-- system.openssh.server.team.members.rsafonov
+- system.openssh.server.team.members.deprecated.renesoto
+- system.openssh.server.team.members.deprecated.rsafonov
 - system.openssh.server.team.members.mmazepa
-- system.openssh.server.team.members.scottmachtmes
-- system.openssh.server.team.members.zahedkhurasani
+- system.openssh.server.team.members.deprecated.scottmachtmes
+- system.openssh.server.team.members.deprecated.zahedkhurasani
 # L2OPS
 - system.openssh.server.team.members.aepifanov
-- system.openssh.server.team.members.apetrenko
-- system.openssh.server.team.members.atarasov
+- system.openssh.server.team.members.deprecated.apetrenko
+- system.openssh.server.team.members.deprecated.atarasov
 - system.openssh.server.team.members.dklepikov
 - system.openssh.server.team.members.dsutyagin
-- system.openssh.server.team.members.ekozhemyakin
+- system.openssh.server.team.members.deprecated.ekozhemyakin
 - system.openssh.server.team.members.enikanorov
-- system.openssh.server.team.members.fsoppelsa
+- system.openssh.server.team.members.deprecated.fsoppelsa
 - system.openssh.server.team.members.manashkin
-- system.openssh.server.team.members.nkondra
-- system.openssh.server.team.members.nkabanova
+- system.openssh.server.team.members.deprecated.nkondra
+- system.openssh.server.team.members.deprecated.nkabanova
 - system.openssh.server.team.members.obryndzii
 - system.openssh.server.team.members.oliemieshko
-- system.openssh.server.team.members.sovsianikov
-- system.openssh.server.team.members.cade
+- system.openssh.server.team.members.deprecated.sovsianikov
+- system.openssh.server.team.members.deprecated.cade
 - system.openssh.server.team.members.jmosher
-- system.openssh.server.team.members.ecantwell
+- system.openssh.server.team.members.deprecated.ecantwell
 - system.openssh.server.team.members.lmercl
-- system.openssh.server.team.members.osmola
+- system.openssh.server.team.members.deprecated.osmola
 - system.openssh.server.team.members.pcizinsky
-- system.openssh.server.team.members.pmathews
+- system.openssh.server.team.members.deprecated.pmathews
 - system.openssh.server.team.members.pmichalec
 parameters:
   _param:
diff --git a/openssh/server/team/tcpcloud.yml b/openssh/server/team/tcpcloud.yml
index 5f9af00..9c96881 100644
--- a/openssh/server/team/tcpcloud.yml
+++ b/openssh/server/team/tcpcloud.yml
@@ -1,68 +1,25 @@
 classes:
-- system.openssh.server.team.members.akomarek
+- system.openssh.server.team.members.deprecated.akomarek
+- system.openssh.server.team.members.deprecated.chnyda
+- system.openssh.server.team.members.deprecated.fpytloun
+- system.openssh.server.team.members.deprecated.jbroulik
+- system.openssh.server.team.members.deprecated.jjosef
+- system.openssh.server.team.members.deprecated.jpavlik
+- system.openssh.server.team.members.deprecated.mceloud
+- system.openssh.server.team.members.deprecated.osmola
+- system.openssh.server.team.members.deprecated.rfelkl
+- system.openssh.server.team.members.deprecated.tkukral
+- system.openssh.server.team.members.deprecated.vmikes
+- system.openssh.server.team.members.deprecated.askotnicky
+- system.openssh.server.team.members.deprecated.vzach
+- system.openssh.server.team.members.deprecated.pjediny
 - system.openssh.server.team.members.atengler
 - system.openssh.server.team.members.dcech
-- system.openssh.server.team.members.fpytloun
-- system.openssh.server.team.members.jbroulik
 - system.openssh.server.team.members.jcach
-- system.openssh.server.team.members.jjosef
-- system.openssh.server.team.members.jpavlik
 - system.openssh.server.team.members.lmercl
-- system.openssh.server.team.members.mceloud
 - system.openssh.server.team.members.mpolreich
-- system.openssh.server.team.members.osmola
 - system.openssh.server.team.members.pcizinsky
-- system.openssh.server.team.members.pjediny
 - system.openssh.server.team.members.pmichalec
-- system.openssh.server.team.members.rfelkl
+- system.openssh.server.team.members.psvimbersky
 - system.openssh.server.team.members.skreys
 - system.openssh.server.team.members.smatov
-- system.openssh.server.team.members.tkukral
-- system.openssh.server.team.members.vmikes
-- system.openssh.server.team.members.psvimbersky
-- system.openssh.server.team.members.chnyda
-parameters:
-  _param:
-    linux_system_user_sudo: true
-  linux:
-    system:
-      user:
-        root:
-          enabled: true
-          name: root
-          home: /root
-        askotnicky:
-          enabled: true
-          name: askotnicky
-          sudo: true
-          full_name: Adam Skotnicky
-          home: /home/askotnicky
-        vzach:
-          enabled: true
-          name: vzach
-          sudo: true
-          full_name: Vlastimil Zach
-          home: /home/vzach
-      group:
-        libvirtd:
-          enabled: true
-          name: libvirtd
-  openssh:
-    server:
-      enabled: true
-      user:
-        askotnicky:
-          enabled: true
-          public_keys:
-          - ${public_keys:askotnicky}
-          user: ${linux:system:user:askotnicky}
-        vzach:
-          enabled: true
-          public_keys:
-          - ${public_keys:vzach}
-          user: ${linux:system:user:vzach}
-  public_keys:
-    askotnicky:
-      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO6EnDYaGdF/Nn6lntxDNnKanCsheZRdh8kA/6ImyeRSjT2cgepm1Fsgv7wXBYoy0OxhB5wgCp5Az/Pj4oLkG3g+G05sUPUxxGCGRiwjcnyQ/FTz4TzHglAVqgbdgWoQYf9Hg6EKZovvPcH3STbEwcl+MhLqvxz0wm5+StE+wvp6I9dEfRV+2/e1uepauOTZ1+Ui1DMNXiMefTlbiIBHzUk7RiwJWgqzQXBndgunmbJWSed8zC0Ug97waDOFIX/oKZmAmsv0NLJ2e/kC3oUTuziGT74F9sh7Pqiw/9HZxvP45hJwEvytfUjfuiikIBbmYdF7Je93czaG/qjXGN8YvP== a.skotnicky@tcpisek.cz
-    vzach:
-      key: AAAAB3NzaC1yc2EAAAABJQAAAQEAn4MJUkXbiZPPEcdKijB4MqnjPGk80x5W+8XsMvZuUqElmuLgB30kdCnSCBgipYPor3m8wakdJTTwiY6P50yhtp/tD2b4t1TC1djPwiNS/6JwjZawj30bS5ZrVKeTHtOq6E0tf927svXgEE21/ADgWpMoDeQ/pKlbt0m/U8YGBCmJ7cBa8ggGHhvJIwCNhpELn02vKV8Qfx44rk+DoxLBwQUHQ8PsEwtoSCLMIulpLflptak1pgvN6ggA5p15i36OyJkobI1yR9YEgtb+8yQqofu2DZ+v+9Qhbb+C0446RnyGzfvk/DreCeI4rJh5/6QZjwv3XfYDER5LbNCnoOQAsQ== v.zach@tcpcloud.eu
diff --git a/panko/server/cluster.yml b/panko/server/cluster.yml
index 3a4cb65..7954944 100644
--- a/panko/server/cluster.yml
+++ b/panko/server/cluster.yml
@@ -4,6 +4,7 @@
 - system.apache.server.site.panko
 - system.haproxy.proxy.listen.openstack.panko
 - system.keepalived.cluster.instance.openstack_telemetry_vip
+- system.salt.minion.cert.mysql.clients.openstack.panko
 parameters:
   _param:
     panko_memcached_node01_address: ${_param:cluster_node01_address}
@@ -11,6 +12,8 @@
     panko_memcached_node03_address: ${_param:cluster_node03_address}
     # Keep events in database for 30 days
     panko_event_time_to_live: 2592000
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
   linux:
     system:
       cron:
@@ -23,8 +26,16 @@
       event_time_to_live: ${_param:panko_event_time_to_live}
       identity:
         host: ${_param:openstack_control_address}
+        protocol: ${_param:cluster_internal_protocol}
       database:
         host: ${_param:openstack_database_address}
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_panko_ssl_ca_file}
+          key_file: ${_param:mysql_panko_client_ssl_key_file}
+          cert_file: ${_param:mysql_panko_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
       cache:
         engine: memcached
         members:
diff --git a/panko/server/single.yml b/panko/server/single.yml
index 4ba2787..968267c 100644
--- a/panko/server/single.yml
+++ b/panko/server/single.yml
@@ -1,10 +1,13 @@
 classes:
 - service.panko.server.single
 - system.apache.server.site.panko
+- system.salt.minion.cert.mysql.clients.openstack.panko
 parameters:
   _param:
     # Keep events in database for 30 days
     panko_event_time_to_live: 2592000
+    openstack_mysql_x509_enabled: False
+    galera_ssl_enabled: False
   linux:
     system:
       cron:
@@ -13,6 +16,16 @@
             enabled: true
   panko:
     server:
+      identity:
+        protocol: ${_param:internal_protocol}
+      database:
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
+          ca_file: ${_param:mysql_panko_ssl_ca_file}
+          key_file: ${_param:mysql_panko_client_ssl_key_file}
+          cert_file: ${_param:mysql_panko_client_ssl_cert_file}
+        ssl:
+          enabled: ${_param:galera_ssl_enabled}
       role: ${_param:openstack_node_role}
       event_time_to_live: ${_param:panko_event_time_to_live}
       # Check for expired events every day at 2 AM
diff --git a/prometheus/server/alertmanager/kubernetes.yml b/prometheus/server/alertmanager/kubernetes.yml
new file mode 100644
index 0000000..3b1ff1c
--- /dev/null
+++ b/prometheus/server/alertmanager/kubernetes.yml
@@ -0,0 +1,11 @@
+parameters:
+  prometheus:
+    server:
+      config:
+        alertmanager:
+          kubernetes_alertmanager:
+            enabled: true
+            kubernetes_sd_configs:
+              role: pod
+              namespace: ${_param:kubernetes_alertmanager_namespace}
+              pod_name_regex: ^alertmanager.*
diff --git a/prometheus/server/init.yml b/prometheus/server/init.yml
index 5d115ac..cd511d4 100644
--- a/prometheus/server/init.yml
+++ b/prometheus/server/init.yml
@@ -2,10 +2,12 @@
   _param:
     prometheus_server_config_directory: /srv/prometheus
     prometheus_server_data_directory: /data
+    prometheus_server_host_config_directory: /srv/volumes/local/prometheus/config
+    prometheus_server_host_data_directory: /srv/volumes/local/prometheus/data
   prometheus:
     server:
       version: 2.0
       dir:
-        data: /srv/volumes/local/prometheus/data
-        config: /srv/volumes/local/prometheus/config
+        data: ${_param:prometheus_server_host_data_directory}
+        config: ${_param:prometheus_server_host_config_directory}
         config_in_container: ${_param:prometheus_server_config_directory}
diff --git a/rabbitmq/server/ssl/init.yml b/rabbitmq/server/ssl/init.yml
index 7fefae7..961d28d 100644
--- a/rabbitmq/server/ssl/init.yml
+++ b/rabbitmq/server/ssl/init.yml
@@ -4,8 +4,11 @@
 parameters:
   _param:
     rabbitmq_ssl_enabled: true
-    rabbitmq_port: 5671 # for non-ssl use 5672 / for ssl 5671
+    openstack_rabbitmq_x509_enabled: false
+    openstack_rabbitmq_port: 5671 # for non-ssl use 5672 / for ssl 5671
   rabbitmq:
     server:
       ssl:
         enabled: ${_param:rabbitmq_ssl_enabled}
+      x509:
+        enabled: ${_param:openstack_rabbitmq_x509_enabled}
diff --git a/reclass/storage/salt.yml b/reclass/storage/salt.yml
index 0a21cdb..b2025c4 100644
--- a/reclass/storage/salt.yml
+++ b/reclass/storage/salt.yml
@@ -8,6 +8,8 @@
         engine: git
         address: '${_param:reclass_data_repository}'
         branch: ${_param:reclass_data_revision}
+
+  # TODO, remove this once not required for backward compatibility
   salt:
     master:
       pillar:
diff --git a/reclass/storage/system/cicd_control_cluster.yml b/reclass/storage/system/cicd_control_cluster.yml
index bc31944..34f0de1 100644
--- a/reclass/storage/system/cicd_control_cluster.yml
+++ b/reclass/storage/system/cicd_control_cluster.yml
@@ -18,6 +18,7 @@
             single_address: ${_param:cicd_control_node01_address}
             keepalived_vip_priority: 103
             cicd_database_id: 1
+            glusterfs_node_role: primary
         cicd_control_node02:
           name: ${_param:cicd_control_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -29,6 +30,7 @@
             single_address: ${_param:cicd_control_node02_address}
             keepalived_vip_priority: 102
             cicd_database_id: 2
+            glusterfs_node_role: secondary
         cicd_control_node03:
           name: ${_param:cicd_control_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -40,3 +42,4 @@
             single_address: ${_param:cicd_control_node03_address}
             keepalived_vip_priority: 101
             cicd_database_id: 3
+            glusterfs_node_role: secondary
diff --git a/reclass/storage/system/kubernetes_contrail_cluster.yml b/reclass/storage/system/kubernetes_contrail_cluster.yml
index 49a70e2..c85f6f0 100644
--- a/reclass/storage/system/kubernetes_contrail_cluster.yml
+++ b/reclass/storage/system/kubernetes_contrail_cluster.yml
@@ -15,7 +15,6 @@
           domain: ${_param:cluster_domain}
           classes:
           - cluster.${_param:cluster_name}.kubernetes.control
-          - cluster.${_param:cluster_name}.opencontrail.control
           params:
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: ${_param:kubernetes_control_system_codename}
@@ -29,7 +28,6 @@
           domain: ${_param:cluster_domain}
           classes:
           - cluster.${_param:cluster_name}.kubernetes.control
-          - cluster.${_param:cluster_name}.opencontrail.control
           params:
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: ${_param:kubernetes_control_system_codename}
@@ -43,7 +41,6 @@
           domain: ${_param:cluster_domain}
           classes:
           - cluster.${_param:cluster_name}.kubernetes.control
-          - cluster.${_param:cluster_name}.opencontrail.control
           params:
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: ${_param:kubernetes_control_system_codename}
diff --git a/reclass/storage/system/openstack_control_cluster.yml b/reclass/storage/system/openstack_control_cluster.yml
index e05b3e9..cf21437 100644
--- a/reclass/storage/system/openstack_control_cluster.yml
+++ b/reclass/storage/system/openstack_control_cluster.yml
@@ -20,6 +20,7 @@
             opencontrail_database_id: 1
             rabbitmq_cluster_role: master
             openstack_node_role: primary
+            glusterfs_node_role: primary
         openstack_control_node02:
           name: ${_param:openstack_control_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -33,6 +34,7 @@
             opencontrail_database_id: 2
             rabbitmq_cluster_role: slave
             openstack_node_role: secondary
+            glusterfs_node_role: secondary
         openstack_control_node03:
           name: ${_param:openstack_control_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -46,3 +48,4 @@
             opencontrail_database_id: 3
             rabbitmq_cluster_role: slave
             openstack_node_role: secondary
+            glusterfs_node_role: secondary
diff --git a/reclass/storage/system/openstack_control_large.yml b/reclass/storage/system/openstack_control_large.yml
index 4ad2e90..f02b24c 100644
--- a/reclass/storage/system/openstack_control_large.yml
+++ b/reclass/storage/system/openstack_control_large.yml
@@ -20,6 +20,7 @@
             single_address: ${_param:openstack_control_node01_address}
             keepalived_vip_priority: 105
             openstack_node_role: primary
+            glusterfs_node_role: primary
         openstack_control_node02:
           name: ${_param:openstack_control_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -31,6 +32,7 @@
             single_address: ${_param:openstack_control_node02_address}
             keepalived_vip_priority: 104
             openstack_node_role: secondary
+            glusterfs_node_role: secondary
         openstack_control_node03:
           name: ${_param:openstack_control_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -42,6 +44,7 @@
             single_address: ${_param:openstack_control_node03_address}
             keepalived_vip_priority: 103
             openstack_node_role: secondary
+            glusterfs_node_role: secondary
         openstack_control_node04:
           name: ${_param:openstack_control_node04_hostname}
           domain: ${_param:cluster_domain}
@@ -53,6 +56,7 @@
             single_address: ${_param:openstack_control_node04_address}
             keepalived_vip_priority: 102
             openstack_node_role: secondary
+            glusterfs_node_role: secondary
         openstack_control_node05:
           name: ${_param:openstack_control_node05_hostname}
           domain: ${_param:cluster_domain}
@@ -64,3 +68,4 @@
             single_address: ${_param:openstack_control_node05_address}
             keepalived_vip_priority: 101
             openstack_node_role: secondary
+            glusterfs_node_role: secondary
diff --git a/reclass/storage/system/openstack_control_upgrade_single.yml b/reclass/storage/system/openstack_control_upgrade_single.yml
index b00cc81..a48c9a3 100644
--- a/reclass/storage/system/openstack_control_upgrade_single.yml
+++ b/reclass/storage/system/openstack_control_upgrade_single.yml
@@ -15,3 +15,4 @@
             linux_system_codename: ${_param:openstack_upgrade_system_codename}
             single_address: ${_param:openstack_upgrade_node01_address}
             openstack_node_role: primary
+            glusterfs_node_role: primary
diff --git a/reclass/storage/system/openstack_share_multi.yml b/reclass/storage/system/openstack_share_multi.yml
index a70af28..abc52ce 100644
--- a/reclass/storage/system/openstack_share_multi.yml
+++ b/reclass/storage/system/openstack_share_multi.yml
@@ -20,6 +20,8 @@
             linux_system_codename: ${_param:linux_system_codename}
             single_address: ${_param:openstack_share_node01_address}
             manila_share_address: ${_param:openstack_share_node01_share_address}
+            keepalived_vip_priority: 103
+            openstack_node_role: primary
         openstack_share_node02:
           name: ${_param:openstack_share_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -30,6 +32,8 @@
             linux_system_codename: ${_param:linux_system_codename}
             single_address: ${_param:openstack_share_node02_address}
             manila_share_address: ${_param:openstack_share_node02_share_address}
+            keepalived_vip_priority: 102
+            openstack_node_role: secondary
         openstack_share_node03:
           name: ${_param:openstack_share_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -40,3 +44,5 @@
             linux_system_codename: ${_param:linux_system_codename}
             single_address: ${_param:openstack_share_node03_address}
             manila_share_address: ${_param:openstack_share_node03_share_address}
+            keepalived_vip_priority: 101
+            openstack_node_role: secondary
diff --git a/reclass/storage/system/openstack_telemetry_cluster.yml b/reclass/storage/system/openstack_telemetry_cluster.yml
index 4c688a8..198c356 100644
--- a/reclass/storage/system/openstack_telemetry_cluster.yml
+++ b/reclass/storage/system/openstack_telemetry_cluster.yml
@@ -18,6 +18,7 @@
             single_address: ${_param:openstack_telemetry_node01_address}
             keepalived_vip_priority: 103
             openstack_node_role: primary
+            glusterfs_node_role: primary
             ceilometer_create_gnocchi_resources: true
             redis_cluster_role: 'master'
         openstack_telemetry_node02:
@@ -31,6 +32,7 @@
             single_address: ${_param:openstack_telemetry_node02_address}
             keepalived_vip_priority: 102
             openstack_node_role: secondary
+            glusterfs_node_role: secondary
             redis_cluster_role: 'slave'
         openstack_telemetry_node03:
           name: ${_param:openstack_telemetry_node03_hostname}
@@ -43,4 +45,5 @@
             single_address: ${_param:openstack_telemetry_node03_address}
             keepalived_vip_priority: 101
             openstack_node_role: secondary
+            glusterfs_node_role: secondary
             redis_cluster_role: 'slave'
diff --git a/reclass/storage/system/oss_cluster.yml b/reclass/storage/system/oss_cluster.yml
index 71d42ce..784d8a7 100644
--- a/reclass/storage/system/oss_cluster.yml
+++ b/reclass/storage/system/oss_cluster.yml
@@ -19,6 +19,7 @@
             linux_system_codename: ${_param:oss_system_codename}
             single_address: ${_param:oss_node01_address}
             keepalived_vip_priority: 103
+            glusterfs_node_role: primary
         stacklight_server_node02:
           name: ${_param:oss_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -30,6 +31,7 @@
             linux_system_codename: ${_param:oss_system_codename}
             single_address: ${_param:oss_node02_address}
             keepalived_vip_priority: 102
+            glusterfs_node_role: secondary
         stacklight_server_node03:
           name: ${_param:oss_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -41,3 +43,4 @@
             linux_system_codename: ${_param:oss_system_codename}
             single_address: ${_param:oss_node03_address}
             keepalived_vip_priority: 101
+            glusterfs_node_role: secondary
diff --git a/reclass/storage/system/physical_control_cluster.yml b/reclass/storage/system/physical_control_cluster.yml
index ebd0eb0..1621a4c 100644
--- a/reclass/storage/system/physical_control_cluster.yml
+++ b/reclass/storage/system/physical_control_cluster.yml
@@ -32,6 +32,7 @@
             deploy_address: ${_param:infra_kvm_node01_deploy_address}
             public_address: ${_param:infra_kvm_node01_public_address}
             storage_address: ${_param:infra_kvm_node01_storage_address}
+            glusterfs_node_role: primary
         infra_kvm_node02:
           name: ${_param:infra_kvm_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -44,6 +45,7 @@
             deploy_address: ${_param:infra_kvm_node02_deploy_address}
             public_address: ${_param:infra_kvm_node02_public_address}
             storage_address: ${_param:infra_kvm_node02_storage_address}
+            glusterfs_node_role: secondary
         infra_kvm_node03:
           name: ${_param:infra_kvm_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -56,3 +58,4 @@
             deploy_address: ${_param:infra_kvm_node03_deploy_address}
             public_address: ${_param:infra_kvm_node03_public_address}
             storage_address: ${_param:infra_kvm_node03_storage_address}
+            glusterfs_node_role: secondary
diff --git a/reclass/storage/system/physical_control_full.yml b/reclass/storage/system/physical_control_full.yml
index 1bdd345..7c3b030 100644
--- a/reclass/storage/system/physical_control_full.yml
+++ b/reclass/storage/system/physical_control_full.yml
@@ -57,6 +57,7 @@
             deploy_address: ${_param:infra_kvm_node01_deploy_address}
             public_address: ${_param:infra_kvm_node01_public_address}
             storage_address: ${_param:infra_kvm_node01_storage_address}
+            glusterfs_node_role: primary
         infra_kvm_node02:
           name: ${_param:infra_kvm_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -69,6 +70,7 @@
             deploy_address: ${_param:infra_kvm_node02_deploy_address}
             public_address: ${_param:infra_kvm_node02_public_address}
             storage_address: ${_param:infra_kvm_node02_storage_address}
+            glusterfs_node_role: secondary
         infra_kvm_node03:
           name: ${_param:infra_kvm_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -81,6 +83,7 @@
             deploy_address: ${_param:infra_kvm_node03_deploy_address}
             public_address: ${_param:infra_kvm_node03_public_address}
             storage_address: ${_param:infra_kvm_node03_storage_address}
+            glusterfs_node_role: secondary
         infra_kvm_node04:
           name: ${_param:infra_kvm_node04_hostname}
           domain: ${_param:cluster_domain}
diff --git a/reclass/storage/system/physical_control_large.yml b/reclass/storage/system/physical_control_large.yml
index 1070f47..93cc565 100644
--- a/reclass/storage/system/physical_control_large.yml
+++ b/reclass/storage/system/physical_control_large.yml
@@ -81,6 +81,7 @@
             deploy_address: ${_param:infra_kvm_node01_deploy_address}
             public_address: ${_param:infra_kvm_node01_public_address}
             storage_address: ${_param:infra_kvm_node01_storage_address}
+            glusterfs_node_role: primary
         infra_kvm_node02:
           name: ${_param:infra_kvm_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -93,6 +94,7 @@
             deploy_address: ${_param:infra_kvm_node02_deploy_address}
             public_address: ${_param:infra_kvm_node02_public_address}
             storage_address: ${_param:infra_kvm_node02_storage_address}
+            glusterfs_node_role: secondary
         infra_kvm_node03:
           name: ${_param:infra_kvm_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -105,6 +107,7 @@
             deploy_address: ${_param:infra_kvm_node03_deploy_address}
             public_address: ${_param:infra_kvm_node03_public_address}
             storage_address: ${_param:infra_kvm_node03_storage_address}
+            glusterfs_node_role: secondary
         infra_kvm_node04:
           name: ${_param:infra_kvm_node04_hostname}
           domain: ${_param:cluster_domain}
diff --git a/reclass/storage/system/physical_control_medium.yml b/reclass/storage/system/physical_control_medium.yml
index 5ad7d24..70d7313 100644
--- a/reclass/storage/system/physical_control_medium.yml
+++ b/reclass/storage/system/physical_control_medium.yml
@@ -69,6 +69,7 @@
             deploy_address: ${_param:infra_kvm_node01_deploy_address}
             public_address: ${_param:infra_kvm_node01_public_address}
             storage_address: ${_param:infra_kvm_node01_storage_address}
+            glusterfs_node_role: primary
         infra_kvm_node02:
           name: ${_param:infra_kvm_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -81,6 +82,7 @@
             deploy_address: ${_param:infra_kvm_node02_deploy_address}
             public_address: ${_param:infra_kvm_node02_public_address}
             storage_address: ${_param:infra_kvm_node02_storage_address}
+            glusterfs_node_role: secondary
         infra_kvm_node03:
           name: ${_param:infra_kvm_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -93,6 +95,7 @@
             deploy_address: ${_param:infra_kvm_node03_deploy_address}
             public_address: ${_param:infra_kvm_node03_public_address}
             storage_address: ${_param:infra_kvm_node03_storage_address}
+            glusterfs_node_role: secondary
         infra_kvm_node04:
           name: ${_param:infra_kvm_node04_hostname}
           domain: ${_param:cluster_domain}
diff --git a/reclass/storage/system/physical_control_small.yml b/reclass/storage/system/physical_control_small.yml
index 4ce3759..5727dd6 100644
--- a/reclass/storage/system/physical_control_small.yml
+++ b/reclass/storage/system/physical_control_small.yml
@@ -45,6 +45,7 @@
             deploy_address: ${_param:infra_kvm_node01_deploy_address}
             public_address: ${_param:infra_kvm_node01_public_address}
             storage_address: ${_param:infra_kvm_node01_storage_address}
+            glusterfs_node_role: primary
         infra_kvm_node02:
           name: ${_param:infra_kvm_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -57,6 +58,7 @@
             deploy_address: ${_param:infra_kvm_node02_deploy_address}
             public_address: ${_param:infra_kvm_node02_public_address}
             storage_address: ${_param:infra_kvm_node02_storage_address}
+            glusterfs_node_role: secondary
         infra_kvm_node03:
           name: ${_param:infra_kvm_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -69,6 +71,7 @@
             deploy_address: ${_param:infra_kvm_node03_deploy_address}
             public_address: ${_param:infra_kvm_node03_public_address}
             storage_address: ${_param:infra_kvm_node03_storage_address}
+            glusterfs_node_role: secondary
         infra_kvm_node04:
           name: ${_param:infra_kvm_node04_hostname}
           domain: ${_param:cluster_domain}
diff --git a/salt/control/cluster/ceph_mon_cluster.yml b/salt/control/cluster/ceph_mon_cluster.yml
index bccec01..39cee29 100644
--- a/salt/control/cluster/ceph_mon_cluster.yml
+++ b/salt/control/cluster/ceph_mon_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    ceph_mon_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:ceph_mon_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:ceph_mon_backend_image}
               size: ceph.mon
             cmn02:
               name: ${_param:ceph_mon_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:ceph_mon_backend_image}
               size: ceph.mon
             cmn03:
               name: ${_param:ceph_mon_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
-              size: ceph.mon
\ No newline at end of file
+              backend: ${_param:ceph_mon_backend_image}
+              size: ceph.mon
diff --git a/salt/control/cluster/ceph_rgw_cluster.yml b/salt/control/cluster/ceph_rgw_cluster.yml
index 6f24819..e0109db 100644
--- a/salt/control/cluster/ceph_rgw_cluster.yml
+++ b/salt/control/cluster/ceph_rgw_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    ceph_rgw_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:ceph_rgw_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:ceph_rgw_backend_image}
               size: ceph.rgw
             rgw02:
               name: ${_param:ceph_rgw_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:ceph_rgw_backend_image}
               size: ceph.rgw
             rgw03:
               name: ${_param:ceph_rgw_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
-              size: ceph.rgw
\ No newline at end of file
+              backend: ${_param:ceph_rgw_backend_image}
+              size: ceph.rgw
diff --git a/salt/control/cluster/cicd_control_cluster.yml b/salt/control/cluster/cicd_control_cluster.yml
index 82366a8..33945e2 100644
--- a/salt/control/cluster/cicd_control_cluster.yml
+++ b/salt/control/cluster/cicd_control_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    cicd_control_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:cicd_control_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               size: cicd.control
             cid02:
               name: ${_param:cicd_control_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               size: cicd.control
             cid03:
               name: ${_param:cicd_control_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               size: cicd.control
diff --git a/salt/control/cluster/infra_idm_cluster.yml b/salt/control/cluster/infra_idm_cluster.yml
index ff135a1..f322910 100644
--- a/salt/control/cluster/infra_idm_cluster.yml
+++ b/salt/control/cluster/infra_idm_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_centos7_image_backend: /var/lib/libvirt/images/backends/centos7.qcow2
+    infra_idm_backend_image: ${_param:salt_control_centos7_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:infra_idm_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_centos7_image}
+              backend: ${_param:infra_idm_backend_image}
               size: infra.idm
             idm02:
               name: ${_param:infra_idm_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_centos7_image}
+              backend: ${_param:infra_idm_backend_image}
               size: infra.idm
             idm03:
               name: ${_param:infra_idm_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_centos7_image}
+              backend: ${_param:infra_idm_backend_image}
               size: infra.idm
diff --git a/salt/control/cluster/infra_integration_single.yml b/salt/control/cluster/infra_integration_single.yml
index 66de895..0c774ab 100644
--- a/salt/control/cluster/infra_integration_single.yml
+++ b/salt/control/cluster/infra_integration_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    infra_integration_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,4 +19,5 @@
               name: ${_param:cicd_control_node01_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:infra_integration_backend_image}
               size: infra.integration
diff --git a/salt/control/cluster/infra_maas_single.yml b/salt/control/cluster/infra_maas_single.yml
index d8675e8..9bd4fe2 100644
--- a/salt/control/cluster/infra_maas_single.yml
+++ b/salt/control/cluster/infra_maas_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    infra_maas_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,5 +19,6 @@
               name: ${_param:infra_maas_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:infra_maas_backend_image}
               size: infra.maas
 
diff --git a/salt/control/cluster/infra_proxy_cluster.yml b/salt/control/cluster/infra_proxy_cluster.yml
index f3453ff..00c9679 100644
--- a/salt/control/cluster/infra_proxy_cluster.yml
+++ b/salt/control/cluster/infra_proxy_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    infra_proxy_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,9 +19,11 @@
               name: ${_param:openstack_proxy_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:infra_proxy_backend_image}
               size: infra.proxy
             prx02:
               name: ${_param:openstack_proxy_node01_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:infra_proxy_backend_image}
               size: infra.proxy
diff --git a/salt/control/cluster/infra_proxy_single.yml b/salt/control/cluster/infra_proxy_single.yml
index 7d092fa..483b2d4 100644
--- a/salt/control/cluster/infra_proxy_single.yml
+++ b/salt/control/cluster/infra_proxy_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    infra_proxy_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,4 +19,5 @@
               name: ${_param:openstack_proxy_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:infra_proxy_backend_image}
               size: infra.proxy
diff --git a/salt/control/cluster/infra_storage_single.yml b/salt/control/cluster/infra_storage_single.yml
index ca8ce26..b6c0a85 100644
--- a/salt/control/cluster/infra_storage_single.yml
+++ b/salt/control/cluster/infra_storage_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    infra_storage_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -15,4 +18,5 @@
             sto01:
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:infra_storage_backend_image}
               size: infra.storage
diff --git a/salt/control/cluster/infra_version_control_single.yml b/salt/control/cluster/infra_version_control_single.yml
index 10e01ab..d7e02d5 100644
--- a/salt/control/cluster/infra_version_control_single.yml
+++ b/salt/control/cluster/infra_version_control_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    infra_version_control_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -15,4 +18,5 @@
             git01:
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:infra_version_control_backend_image}
               size: infra.version_control
diff --git a/salt/control/cluster/kubernetes_control_cluster.yml b/salt/control/cluster/kubernetes_control_cluster.yml
index c3049ec..252ccbf 100644
--- a/salt/control/cluster/kubernetes_control_cluster.yml
+++ b/salt/control/cluster/kubernetes_control_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    kubernetes_control_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:kubernetes_control_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:kubernetes_control_backend_image}
               size: kubernetes.control
             ctl02:
               name: ${_param:kubernetes_control_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:kubernetes_control_backend_image}
               size: kubernetes.control
             ctl03:
               name: ${_param:kubernetes_control_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:kubernetes_control_backend_image}
               size: kubernetes.control
diff --git a/salt/control/cluster/kubernetes_proxy_cluster.yml b/salt/control/cluster/kubernetes_proxy_cluster.yml
index 379a333..0a47f39 100644
--- a/salt/control/cluster/kubernetes_proxy_cluster.yml
+++ b/salt/control/cluster/kubernetes_proxy_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    kubernetes_proxy_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,10 +19,12 @@
               name: ${_param:kubernetes_proxy_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:kubernetes_proxy_backend_image}
               size: kubernetes.proxy
             prx02:
               name: ${_param:kubernetes_proxy_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:kubernetes_proxy_backend_image}
               size: kubernetes.proxy
 
diff --git a/salt/control/cluster/opencontrail_analytics_cluster.yml b/salt/control/cluster/opencontrail_analytics_cluster.yml
index 37fb60a..b4e7b75 100644
--- a/salt/control/cluster/opencontrail_analytics_cluster.yml
+++ b/salt/control/cluster/opencontrail_analytics_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    opencontrail_analytics_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:opencontrail_analytics_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               size: opencontrail.analytics
             nal02:
               name: ${_param:opencontrail_analytics_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               size: opencontrail.analytics
             nal03:
               name: ${_param:opencontrail_analytics_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               size: opencontrail.analytics
diff --git a/salt/control/cluster/opencontrail_control_cluster.yml b/salt/control/cluster/opencontrail_control_cluster.yml
index 10ddf5e..9d2fbb9 100644
--- a/salt/control/cluster/opencontrail_control_cluster.yml
+++ b/salt/control/cluster/opencontrail_control_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    opencontrail_control_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:opencontrail_control_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:opencontrail_control_backend_image}
               size: opencontrail.control
             ntw02:
               name: ${_param:opencontrail_control_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:opencontrail_control_backend_image}
               size: opencontrail.control
             ntw03:
               name: ${_param:opencontrail_control_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:opencontrail_control_backend_image}
               size: opencontrail.control
diff --git a/salt/control/cluster/openstack_barbican_cluster.yml b/salt/control/cluster/openstack_barbican_cluster.yml
index cfa7ba6..b24c0fa 100644
--- a/salt/control/cluster/openstack_barbican_cluster.yml
+++ b/salt/control/cluster/openstack_barbican_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_barbican_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:openstack_barbican_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_barbican_backend_image}
               size: openstack.barbican
             kmn02:
               name: ${_param:openstack_barbican_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_barbican_backend_image}
               size: openstack.barbican
             kmn03:
               name: ${_param:openstack_barbican_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_barbican_backend_image}
               size: openstack.barbican
diff --git a/salt/control/cluster/openstack_baremetal_cluster.yml b/salt/control/cluster/openstack_baremetal_cluster.yml
index 4dd62e4..f166484 100644
--- a/salt/control/cluster/openstack_baremetal_cluster.yml
+++ b/salt/control/cluster/openstack_baremetal_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_baremetal_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:openstack_baremetal_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_baremetal_backend_image}
               size: openstack.baremetal
             bmt02:
               name: ${_param:openstack_baremetal_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_baremetal_backend_image}
               size: openstack.baremetal
             bmt03:
               name: ${_param:openstack_baremetal_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_baremetal_backend_image}
               size: openstack.baremetal
diff --git a/salt/control/cluster/openstack_baremetal_single.yml b/salt/control/cluster/openstack_baremetal_single.yml
index f0aa319..853f45e 100644
--- a/salt/control/cluster/openstack_baremetal_single.yml
+++ b/salt/control/cluster/openstack_baremetal_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_baremetal_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,4 +19,5 @@
               name: ${_param:openstack_baremetal_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_baremetal_backend_image}
               size: openstack.baremetal
diff --git a/salt/control/cluster/openstack_benchmark_single.yml b/salt/control/cluster/openstack_benchmark_single.yml
index ea10fc3..83c18f5 100644
--- a/salt/control/cluster/openstack_benchmark_single.yml
+++ b/salt/control/cluster/openstack_benchmark_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    openstack_benchmark_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,4 +19,5 @@
               name: ${_param:openstack_benchmark_node01_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_benchmark_backend_image}
               size: openstack.benchmark
diff --git a/salt/control/cluster/openstack_billing_single.yml b/salt/control/cluster/openstack_billing_single.yml
index f8dacf7..36f9824 100644
--- a/salt/control/cluster/openstack_billing_single.yml
+++ b/salt/control/cluster/openstack_billing_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    openstack_billing_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -15,4 +18,5 @@
             bil01:
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_billing_backend_image}
               size: openstack.control
diff --git a/salt/control/cluster/openstack_control_cluster.yml b/salt/control/cluster/openstack_control_cluster.yml
index f28a7d0..328cfd0 100644
--- a/salt/control/cluster/openstack_control_cluster.yml
+++ b/salt/control/cluster/openstack_control_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    openstack_control_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:openstack_control_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_control_backend_image}
               size: openstack.control
             ctl02:
               name: ${_param:openstack_control_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_control_backend_image}
               size: openstack.control
             ctl03:
               name: ${_param:openstack_control_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_control_backend_image}
               size: openstack.control
diff --git a/salt/control/cluster/openstack_database_cluster.yml b/salt/control/cluster/openstack_database_cluster.yml
index 2a00308..acbcc36 100644
--- a/salt/control/cluster/openstack_database_cluster.yml
+++ b/salt/control/cluster/openstack_database_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    openstack_database_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:openstack_database_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_database_backend_image}
               size: openstack.database
             dbs02:
               name: ${_param:openstack_database_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_database_backend_image}
               size: openstack.database
             dbs03:
               name: ${_param:openstack_database_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_database_backend_image}
               size: openstack.database
diff --git a/salt/control/cluster/openstack_dns_cluster.yml b/salt/control/cluster/openstack_dns_cluster.yml
index 7f1dbb8..6fcc546 100644
--- a/salt/control/cluster/openstack_dns_cluster.yml
+++ b/salt/control/cluster/openstack_dns_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_dns_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,9 +19,11 @@
               name: ${_param:openstack_dns_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_dns_backend_image}
               size: openstack.dns
             dns02:
               name: ${_param:openstack_dns_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_dns_backend_image}
               size: openstack.dns
diff --git a/salt/control/cluster/openstack_gateway_cluster.yml b/salt/control/cluster/openstack_gateway_cluster.yml
index 1a7e06b..8475004 100644
--- a/salt/control/cluster/openstack_gateway_cluster.yml
+++ b/salt/control/cluster/openstack_gateway_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_gateway_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:openstack_gateway_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               size: openstack.gateway
             gtw02:
               name: ${_param:openstack_gateway_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               size: openstack.gateway
             gtw03:
               name: ${_param:openstack_gateway_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               size: openstack.gateway
diff --git a/salt/control/cluster/openstack_gateway_single.yml b/salt/control/cluster/openstack_gateway_single.yml
index 801ee0c..e240d12 100644
--- a/salt/control/cluster/openstack_gateway_single.yml
+++ b/salt/control/cluster/openstack_gateway_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_gateway_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,4 +19,5 @@
               name: ${_param:openstack_gateway_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               size: openstack.gateway
diff --git a/salt/control/cluster/openstack_manila_cluster.yml b/salt/control/cluster/openstack_manila_cluster.yml
index feb1d4f..477d6ca 100644
--- a/salt/control/cluster/openstack_manila_cluster.yml
+++ b/salt/control/cluster/openstack_manila_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_manila_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:openstack_share_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_manila_backend_image}
               size: openstack.manila
             share02:
               name: ${_param:openstack_share_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_manila_backend_image}
               size: openstack.manila
             share03:
               name: ${_param:openstack_share_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_manila_backend_image}
               size: openstack.manila
diff --git a/salt/control/cluster/openstack_message_queue_cluster.yml b/salt/control/cluster/openstack_message_queue_cluster.yml
index cab5adb..f91faf6 100644
--- a/salt/control/cluster/openstack_message_queue_cluster.yml
+++ b/salt/control/cluster/openstack_message_queue_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    openstack_message_queue_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:openstack_message_queue_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               size: openstack.message_queue
             msg02:
               name: ${_param:openstack_message_queue_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               size: openstack.message_queue
             msg03:
               name: ${_param:openstack_message_queue_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               size: openstack.message_queue
diff --git a/salt/control/cluster/openstack_proxy_cluster.yml b/salt/control/cluster/openstack_proxy_cluster.yml
index 628dcd8..87a5176 100644
--- a/salt/control/cluster/openstack_proxy_cluster.yml
+++ b/salt/control/cluster/openstack_proxy_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    openstack_proxy_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,10 +19,12 @@
               name: ${_param:openstack_proxy_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_proxy_backend_image}
               size: openstack.proxy
             prx02:
               name: ${_param:openstack_proxy_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_proxy_backend_image}
               size: openstack.proxy
 
diff --git a/salt/control/cluster/openstack_proxy_single.yml b/salt/control/cluster/openstack_proxy_single.yml
index 8ad0baf..ca5c751 100644
--- a/salt/control/cluster/openstack_proxy_single.yml
+++ b/salt/control/cluster/openstack_proxy_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    openstack_proxy_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,4 +19,5 @@
               name: ${_param:openstack_proxy_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_proxy_backend_image}
               size: openstack.proxy
diff --git a/salt/control/cluster/openstack_telemetry_cluster.yml b/salt/control/cluster/openstack_telemetry_cluster.yml
index 633b984..bbf6fd1 100644
--- a/salt/control/cluster/openstack_telemetry_cluster.yml
+++ b/salt/control/cluster/openstack_telemetry_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+    openstack_telemetry_backend_image: ${_param:salt_control_trusty_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:openstack_telemetry_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_telemetry_backend_image}
               size: openstack.telemetry
             mdb02:
               name: ${_param:openstack_telemetry_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_telemetry_backend_image}
               size: openstack.telemetry
             mdb03:
               name: ${_param:openstack_telemetry_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_trusty_image}
+              backend: ${_param:openstack_telemetry_backend_image}
               size: openstack.telemetry
diff --git a/salt/control/cluster/openstack_upgrade_single.yml b/salt/control/cluster/openstack_upgrade_single.yml
index 3189f3e..0b5e0fb 100644
--- a/salt/control/cluster/openstack_upgrade_single.yml
+++ b/salt/control/cluster/openstack_upgrade_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_upgrade_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -15,4 +18,5 @@
             upg01:
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_upgrade_backend_image}
               size: openstack.upgrade
diff --git a/salt/control/cluster/rsyslog_single.yml b/salt/control/cluster/rsyslog_single.yml
index 72e6c86..dd64869 100644
--- a/salt/control/cluster/rsyslog_single.yml
+++ b/salt/control/cluster/rsyslog_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    rsyslog_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,4 +19,5 @@
               name: ${_param:rsyslog_node01_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:rsyslog_backend_image}
               size: infra.rsyslog
diff --git a/salt/control/cluster/stacklight_log_cluster.yml b/salt/control/cluster/stacklight_log_cluster.yml
index e4c08b6..6d3dba9 100644
--- a/salt/control/cluster/stacklight_log_cluster.yml
+++ b/salt/control/cluster/stacklight_log_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    stacklight_log_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:stacklight_log_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               size: stacklight.log
             log02:
               name: ${_param:stacklight_log_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               size: stacklight.log
             log03:
               name: ${_param:stacklight_log_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               size: stacklight.log
diff --git a/salt/control/cluster/stacklight_server_cluster.yml b/salt/control/cluster/stacklight_server_cluster.yml
index 6e7da61..8ab6a9d 100644
--- a/salt/control/cluster/stacklight_server_cluster.yml
+++ b/salt/control/cluster/stacklight_server_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    stacklight_server_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:stacklight_monitor_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_server_backend_image}
               size: stacklight.server
             mon02:
               name: ${_param:stacklight_monitor_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_server_backend_image}
               size: stacklight.server
             mon03:
               name: ${_param:stacklight_monitor_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_server_backend_image}
               size: stacklight.server
diff --git a/salt/control/cluster/stacklight_telemetry_cluster.yml b/salt/control/cluster/stacklight_telemetry_cluster.yml
index 1b39b61..4a58a23 100644
--- a/salt/control/cluster/stacklight_telemetry_cluster.yml
+++ b/salt/control/cluster/stacklight_telemetry_cluster.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    stacklight_telemetry_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,14 +19,17 @@
               name: ${_param:stacklight_telemetry_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               size: stacklight.telemetry
             mtr02:
               name: ${_param:stacklight_telemetry_node02_hostname}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               size: stacklight.telemetry
             mtr03:
               name: ${_param:stacklight_telemetry_node03_hostname}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               size: stacklight.telemetry
diff --git a/salt/control/cluster/stacklight_telemetry_single.yml b/salt/control/cluster/stacklight_telemetry_single.yml
index 81fd6fb..3012dc6 100644
--- a/salt/control/cluster/stacklight_telemetry_single.yml
+++ b/salt/control/cluster/stacklight_telemetry_single.yml
@@ -1,4 +1,7 @@
 parameters:
+  _param:
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    stacklight_telemetry_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       size:
@@ -16,4 +19,5 @@
               name: ${_param:stacklight_telemetry_node01_hostname}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               size: stacklight.telemetry
diff --git a/salt/control/placement/cicd/compact.yml b/salt/control/placement/cicd/compact.yml
index 9bdf4a4..9f700f1 100644
--- a/salt/control/placement/cicd/compact.yml
+++ b/salt/control/placement/cicd/compact.yml
@@ -6,6 +6,8 @@
     cicd_control_node01_hostname: cid01
     cicd_control_node02_hostname: cid02
     cicd_control_node03_hostname: cid03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    cicd_control_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -14,15 +16,18 @@
             cid01:
               name: ${_param:cicd_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: cicd.control
             cid02:
               name: ${_param:cicd_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: cicd.control
             cid03:
               name: ${_param:cicd_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: cicd.control
\ No newline at end of file
+              size: cicd.control
diff --git a/salt/control/placement/cicd/large.yml b/salt/control/placement/cicd/large.yml
index 9bdf4a4..9f700f1 100644
--- a/salt/control/placement/cicd/large.yml
+++ b/salt/control/placement/cicd/large.yml
@@ -6,6 +6,8 @@
     cicd_control_node01_hostname: cid01
     cicd_control_node02_hostname: cid02
     cicd_control_node03_hostname: cid03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    cicd_control_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -14,15 +16,18 @@
             cid01:
               name: ${_param:cicd_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: cicd.control
             cid02:
               name: ${_param:cicd_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: cicd.control
             cid03:
               name: ${_param:cicd_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: cicd.control
\ No newline at end of file
+              size: cicd.control
diff --git a/salt/control/placement/cicd/medium.yml b/salt/control/placement/cicd/medium.yml
index 9bdf4a4..9f700f1 100644
--- a/salt/control/placement/cicd/medium.yml
+++ b/salt/control/placement/cicd/medium.yml
@@ -6,6 +6,8 @@
     cicd_control_node01_hostname: cid01
     cicd_control_node02_hostname: cid02
     cicd_control_node03_hostname: cid03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    cicd_control_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -14,15 +16,18 @@
             cid01:
               name: ${_param:cicd_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: cicd.control
             cid02:
               name: ${_param:cicd_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: cicd.control
             cid03:
               name: ${_param:cicd_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: cicd.control
\ No newline at end of file
+              size: cicd.control
diff --git a/salt/control/placement/cicd/minimal.yml b/salt/control/placement/cicd/minimal.yml
index 9bdf4a4..9f700f1 100644
--- a/salt/control/placement/cicd/minimal.yml
+++ b/salt/control/placement/cicd/minimal.yml
@@ -6,6 +6,8 @@
     cicd_control_node01_hostname: cid01
     cicd_control_node02_hostname: cid02
     cicd_control_node03_hostname: cid03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    cicd_control_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -14,15 +16,18 @@
             cid01:
               name: ${_param:cicd_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: cicd.control
             cid02:
               name: ${_param:cicd_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: cicd.control
             cid03:
               name: ${_param:cicd_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: cicd.control
\ No newline at end of file
+              size: cicd.control
diff --git a/salt/control/placement/cicd/small.yml b/salt/control/placement/cicd/small.yml
index 9bdf4a4..9f700f1 100644
--- a/salt/control/placement/cicd/small.yml
+++ b/salt/control/placement/cicd/small.yml
@@ -6,6 +6,8 @@
     cicd_control_node01_hostname: cid01
     cicd_control_node02_hostname: cid02
     cicd_control_node03_hostname: cid03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    cicd_control_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -14,15 +16,18 @@
             cid01:
               name: ${_param:cicd_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: cicd.control
             cid02:
               name: ${_param:cicd_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: cicd.control
             cid03:
               name: ${_param:cicd_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:cicd_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: cicd.control
\ No newline at end of file
+              size: cicd.control
diff --git a/salt/control/placement/opencontrail/compact.yml b/salt/control/placement/opencontrail/compact.yml
index a619956..584b65e 100644
--- a/salt/control/placement/opencontrail/compact.yml
+++ b/salt/control/placement/opencontrail/compact.yml
@@ -9,6 +9,9 @@
     opencontrail_analytics_node01_hostname: nal01
     opencontrail_analytics_node02_hostname: nal02
     opencontrail_analytics_node03_hostname: nal03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    opencontrail_control_backend_image: ${_param:salt_control_xenial_image_backend}
+    opencontrail_analytics_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -17,30 +20,36 @@
             ntw01:
               name: ${_param:opencontrail_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             ntw02:
               name: ${_param:opencontrail_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             ntw03:
               name: ${_param:opencontrail_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             nal01:
               name: ${_param:opencontrail_analytics_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: opencontrail.analytics
             nal02:
               name: ${_param:opencontrail_analytics_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: opencontrail.analytics
             nal03:
               name: ${_param:opencontrail_analytics_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: opencontrail.analytics
\ No newline at end of file
+              size: opencontrail.analytics
diff --git a/salt/control/placement/opencontrail/large.yml b/salt/control/placement/opencontrail/large.yml
index 1aabd0d..d7e662c 100644
--- a/salt/control/placement/opencontrail/large.yml
+++ b/salt/control/placement/opencontrail/large.yml
@@ -9,6 +9,9 @@
     opencontrail_analytics_node01_hostname: nal01
     opencontrail_analytics_node02_hostname: nal02
     opencontrail_analytics_node03_hostname: nal03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    opencontrail_control_backend_image: ${_param:salt_control_xenial_image_backend}
+    opencontrail_analytics_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -17,30 +20,36 @@
             ntw01:
               name: ${_param:opencontrail_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node10_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             ntw02:
               name: ${_param:opencontrail_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node11_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             ntw03:
               name: ${_param:opencontrail_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node12_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             nal01:
               name: ${_param:opencontrail_analytics_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node10_hostname}.${_param:cluster_domain}
               size: opencontrail.analytics
             nal02:
               name: ${_param:opencontrail_analytics_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node11_hostname}.${_param:cluster_domain}
               size: opencontrail.analytics
             nal03:
               name: ${_param:opencontrail_analytics_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node12_hostname}.${_param:cluster_domain}
-              size: opencontrail.analytics
\ No newline at end of file
+              size: opencontrail.analytics
diff --git a/salt/control/placement/opencontrail/medium.yml b/salt/control/placement/opencontrail/medium.yml
index dfc32f3..448cd23 100644
--- a/salt/control/placement/opencontrail/medium.yml
+++ b/salt/control/placement/opencontrail/medium.yml
@@ -9,6 +9,9 @@
     opencontrail_analytics_node01_hostname: nal01
     opencontrail_analytics_node02_hostname: nal02
     opencontrail_analytics_node03_hostname: nal03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    opencontrail_control_backend_image: ${_param:salt_control_xenial_image_backend}
+    opencontrail_analytics_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -17,30 +20,36 @@
             ntw01:
               name: ${_param:opencontrail_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node07_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             ntw02:
               name: ${_param:opencontrail_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node08_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             ntw03:
               name: ${_param:opencontrail_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node09_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             nal01:
               name: ${_param:opencontrail_analytics_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node07_hostname}.${_param:cluster_domain}
               size: opencontrail.analytics
             nal02:
               name: ${_param:opencontrail_analytics_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node08_hostname}.${_param:cluster_domain}
               size: opencontrail.analytics
             nal03:
               name: ${_param:opencontrail_analytics_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node09_hostname}.${_param:cluster_domain}
-              size: opencontrail.analytics
\ No newline at end of file
+              size: opencontrail.analytics
diff --git a/salt/control/placement/opencontrail/minimal.yml b/salt/control/placement/opencontrail/minimal.yml
index a619956..584b65e 100644
--- a/salt/control/placement/opencontrail/minimal.yml
+++ b/salt/control/placement/opencontrail/minimal.yml
@@ -9,6 +9,9 @@
     opencontrail_analytics_node01_hostname: nal01
     opencontrail_analytics_node02_hostname: nal02
     opencontrail_analytics_node03_hostname: nal03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    opencontrail_control_backend_image: ${_param:salt_control_xenial_image_backend}
+    opencontrail_analytics_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -17,30 +20,36 @@
             ntw01:
               name: ${_param:opencontrail_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             ntw02:
               name: ${_param:opencontrail_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             ntw03:
               name: ${_param:opencontrail_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             nal01:
               name: ${_param:opencontrail_analytics_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: opencontrail.analytics
             nal02:
               name: ${_param:opencontrail_analytics_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: opencontrail.analytics
             nal03:
               name: ${_param:opencontrail_analytics_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: opencontrail.analytics
\ No newline at end of file
+              size: opencontrail.analytics
diff --git a/salt/control/placement/opencontrail/small.yml b/salt/control/placement/opencontrail/small.yml
index a619956..584b65e 100644
--- a/salt/control/placement/opencontrail/small.yml
+++ b/salt/control/placement/opencontrail/small.yml
@@ -9,6 +9,9 @@
     opencontrail_analytics_node01_hostname: nal01
     opencontrail_analytics_node02_hostname: nal02
     opencontrail_analytics_node03_hostname: nal03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    opencontrail_control_backend_image: ${_param:salt_control_xenial_image_backend}
+    opencontrail_analytics_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -17,30 +20,36 @@
             ntw01:
               name: ${_param:opencontrail_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             ntw02:
               name: ${_param:opencontrail_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             ntw03:
               name: ${_param:opencontrail_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: opencontrail.control
             nal01:
               name: ${_param:opencontrail_analytics_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: opencontrail.analytics
             nal02:
               name: ${_param:opencontrail_analytics_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: opencontrail.analytics
             nal03:
               name: ${_param:opencontrail_analytics_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:opencontrail_analytics_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: opencontrail.analytics
\ No newline at end of file
+              size: opencontrail.analytics
diff --git a/salt/control/placement/openstack/compact.yml b/salt/control/placement/openstack/compact.yml
index 8c62e28..83f2254 100644
--- a/salt/control/placement/openstack/compact.yml
+++ b/salt/control/placement/openstack/compact.yml
@@ -14,6 +14,11 @@
     openstack_message_queue_node03_hostname: msg03
     openstack_proxy_node01_hostname: prx01
     openstack_proxy_node02_hostname: prx02
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_control_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_database_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_message_queue_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_proxy_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -22,55 +27,66 @@
             ctl01:
               name: ${_param:openstack_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl02:
               name: ${_param:openstack_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl03:
               name: ${_param:openstack_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.control
             dbs01:
               name: ${_param:openstack_database_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.database
             dbs02:
               name: ${_param:openstack_database_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.database
             dbs03:
               name: ${_param:openstack_database_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.database
             msg01:
               name: ${_param:openstack_message_queue_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             msg02:
               name: ${_param:openstack_message_queue_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             msg03:
               name: ${_param:openstack_message_queue_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             prx01:
               name: ${_param:openstack_proxy_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_proxy_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.proxy
             prx02:
               name: ${_param:openstack_proxy_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_proxy_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.proxy
diff --git a/salt/control/placement/openstack/large.yml b/salt/control/placement/openstack/large.yml
index cb056dd..f09d3f6 100644
--- a/salt/control/placement/openstack/large.yml
+++ b/salt/control/placement/openstack/large.yml
@@ -21,6 +21,11 @@
     openstack_message_queue_node03_hostname: msg03
     openstack_proxy_node01_hostname: prx01
     openstack_proxy_node02_hostname: prx02
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_control_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_database_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_message_queue_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_proxy_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -29,65 +34,78 @@
             ctl01:
               name: ${_param:openstack_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl02:
               name: ${_param:openstack_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl03:
               name: ${_param:openstack_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node04_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl04:
               name: ${_param:openstack_control_node04_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node05_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl05:
               name: ${_param:openstack_control_node05_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node06_hostname}.${_param:cluster_domain}
               size: openstack.control
             dbs01:
               name: ${_param:openstack_database_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node04_hostname}.${_param:cluster_domain}
               size: openstack.database
             dbs02:
               name: ${_param:openstack_database_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node05_hostname}.${_param:cluster_domain}
               size: openstack.database
             dbs03:
               name: ${_param:openstack_database_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node06_hostname}.${_param:cluster_domain}
               size: openstack.database
             msg01:
               name: ${_param:openstack_message_queue_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node07_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             msg02:
               name: ${_param:openstack_message_queue_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node08_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             msg03:
               name: ${_param:openstack_message_queue_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node09_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             prx01:
               name: ${_param:openstack_proxy_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_proxy_backend_image}
               provider: ${_param:infra_kvm_node07_hostname}.${_param:cluster_domain}
               size: openstack.proxy
             prx02:
               name: ${_param:openstack_proxy_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_proxy_backend_image}
               provider: ${_param:infra_kvm_node08_hostname}.${_param:cluster_domain}
               size: openstack.proxy
diff --git a/salt/control/placement/openstack/medium.yml b/salt/control/placement/openstack/medium.yml
index 7d0e166..2419c74 100644
--- a/salt/control/placement/openstack/medium.yml
+++ b/salt/control/placement/openstack/medium.yml
@@ -17,6 +17,11 @@
     openstack_message_queue_node03_hostname: msg03
     openstack_proxy_node01_hostname: prx01
     openstack_proxy_node02_hostname: prx02
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_control_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_database_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_message_queue_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_proxy_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -25,55 +30,66 @@
             ctl01:
               name: ${_param:openstack_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl02:
               name: ${_param:openstack_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl03:
               name: ${_param:openstack_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.control
             dbs01:
               name: ${_param:openstack_database_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.database
             dbs02:
               name: ${_param:openstack_database_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.database
             dbs03:
               name: ${_param:openstack_database_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.database
             msg01:
               name: ${_param:openstack_message_queue_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node04_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             msg02:
               name: ${_param:openstack_message_queue_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node05_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             msg03:
               name: ${_param:openstack_message_queue_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node06_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             prx01:
               name: ${_param:openstack_proxy_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_proxy_backend_image}
               provider: ${_param:infra_kvm_node04_hostname}.${_param:cluster_domain}
               size: openstack.proxy
             prx02:
               name: ${_param:openstack_proxy_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_proxy_backend_image}
               provider: ${_param:infra_kvm_node05_hostname}.${_param:cluster_domain}
               size: openstack.proxy
diff --git a/salt/control/placement/openstack/minimal.yml b/salt/control/placement/openstack/minimal.yml
index 8c62e28..83f2254 100644
--- a/salt/control/placement/openstack/minimal.yml
+++ b/salt/control/placement/openstack/minimal.yml
@@ -14,6 +14,11 @@
     openstack_message_queue_node03_hostname: msg03
     openstack_proxy_node01_hostname: prx01
     openstack_proxy_node02_hostname: prx02
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_control_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_database_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_message_queue_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_proxy_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -22,55 +27,66 @@
             ctl01:
               name: ${_param:openstack_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl02:
               name: ${_param:openstack_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl03:
               name: ${_param:openstack_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.control
             dbs01:
               name: ${_param:openstack_database_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.database
             dbs02:
               name: ${_param:openstack_database_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.database
             dbs03:
               name: ${_param:openstack_database_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.database
             msg01:
               name: ${_param:openstack_message_queue_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             msg02:
               name: ${_param:openstack_message_queue_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             msg03:
               name: ${_param:openstack_message_queue_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             prx01:
               name: ${_param:openstack_proxy_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_proxy_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.proxy
             prx02:
               name: ${_param:openstack_proxy_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_proxy_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.proxy
diff --git a/salt/control/placement/openstack/small.yml b/salt/control/placement/openstack/small.yml
index 8c62e28..83f2254 100644
--- a/salt/control/placement/openstack/small.yml
+++ b/salt/control/placement/openstack/small.yml
@@ -14,6 +14,11 @@
     openstack_message_queue_node03_hostname: msg03
     openstack_proxy_node01_hostname: prx01
     openstack_proxy_node02_hostname: prx02
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_control_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_database_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_message_queue_backend_image: ${_param:salt_control_xenial_image_backend}
+    openstack_proxy_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -22,55 +27,66 @@
             ctl01:
               name: ${_param:openstack_control_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl02:
               name: ${_param:openstack_control_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.control
             ctl03:
               name: ${_param:openstack_control_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_control_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.control
             dbs01:
               name: ${_param:openstack_database_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.database
             dbs02:
               name: ${_param:openstack_database_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.database
             dbs03:
               name: ${_param:openstack_database_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_database_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.database
             msg01:
               name: ${_param:openstack_message_queue_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             msg02:
               name: ${_param:openstack_message_queue_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             msg03:
               name: ${_param:openstack_message_queue_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_message_queue_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.message_queue
             prx01:
               name: ${_param:openstack_proxy_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_proxy_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.proxy
             prx02:
               name: ${_param:openstack_proxy_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_proxy_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: openstack.proxy
diff --git a/salt/control/placement/ovs/compact.yml b/salt/control/placement/ovs/compact.yml
index 3102b3e..de0569c 100644
--- a/salt/control/placement/ovs/compact.yml
+++ b/salt/control/placement/ovs/compact.yml
@@ -6,6 +6,8 @@
     openstack_gateway_node01_hostname: gtw01
     openstack_gateway_node02_hostname: gtw02
     openstack_gateway_node03_hostname: gtw03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_gateway_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -14,15 +16,18 @@
             gtw01:
               name: ${_param:openstack_gateway_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.gateway
             gtw02:
               name: ${_param:openstack_gateway_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.gateway
             gtw03:
               name: ${_param:openstack_gateway_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: openstack.gateway
\ No newline at end of file
+              size: openstack.gateway
diff --git a/salt/control/placement/ovs/minimal.yml b/salt/control/placement/ovs/minimal.yml
index 3102b3e..de0569c 100644
--- a/salt/control/placement/ovs/minimal.yml
+++ b/salt/control/placement/ovs/minimal.yml
@@ -6,6 +6,8 @@
     openstack_gateway_node01_hostname: gtw01
     openstack_gateway_node02_hostname: gtw02
     openstack_gateway_node03_hostname: gtw03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_gateway_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -14,15 +16,18 @@
             gtw01:
               name: ${_param:openstack_gateway_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.gateway
             gtw02:
               name: ${_param:openstack_gateway_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.gateway
             gtw03:
               name: ${_param:openstack_gateway_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: openstack.gateway
\ No newline at end of file
+              size: openstack.gateway
diff --git a/salt/control/placement/ovs/small.yml b/salt/control/placement/ovs/small.yml
index 3102b3e..de0569c 100644
--- a/salt/control/placement/ovs/small.yml
+++ b/salt/control/placement/ovs/small.yml
@@ -6,6 +6,8 @@
     openstack_gateway_node01_hostname: gtw01
     openstack_gateway_node02_hostname: gtw02
     openstack_gateway_node03_hostname: gtw03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    openstack_gateway_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -14,15 +16,18 @@
             gtw01:
               name: ${_param:openstack_gateway_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: openstack.gateway
             gtw02:
               name: ${_param:openstack_gateway_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: openstack.gateway
             gtw03:
               name: ${_param:openstack_gateway_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:openstack_gateway_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: openstack.gateway
\ No newline at end of file
+              size: openstack.gateway
diff --git a/salt/control/placement/stacklight/compact.yml b/salt/control/placement/stacklight/compact.yml
index 2cde570..e03ea85 100644
--- a/salt/control/placement/stacklight/compact.yml
+++ b/salt/control/placement/stacklight/compact.yml
@@ -12,6 +12,10 @@
     stacklight_telemetry_node01_hostname: mtr01
     stacklight_telemetry_node02_hostname: mtr02
     stacklight_telemetry_node03_hostname: mtr03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    stacklight_log_backend_image: ${_param:salt_control_xenial_image_backend}
+    stacklight_monitor_backend_image: ${_param:salt_control_xenial_image_backend}
+    stacklight_telemetry_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -20,45 +24,54 @@
             mtr01:
               name: ${_param:stacklight_telemetry_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             mtr02:
               name: ${_param:stacklight_telemetry_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             mtr03:
               name: ${_param:stacklight_telemetry_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             log01:
               name: ${_param:stacklight_log_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: stacklight.log
             log02:
               name: ${_param:stacklight_log_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: stacklight.log
             log03:
               name: ${_param:stacklight_log_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: stacklight.log
             mon01:
               name: ${_param:stacklight_monitor_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: stacklight.server
             mon02:
               name: ${_param:stacklight_monitor_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: stacklight.server
             mon03:
               name: ${_param:stacklight_monitor_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: stacklight.server
\ No newline at end of file
+              size: stacklight.server
diff --git a/salt/control/placement/stacklight/large.yml b/salt/control/placement/stacklight/large.yml
index 7b380d8..7b1f716 100644
--- a/salt/control/placement/stacklight/large.yml
+++ b/salt/control/placement/stacklight/large.yml
@@ -12,6 +12,10 @@
     stacklight_telemetry_node01_hostname: mtr01
     stacklight_telemetry_node02_hostname: mtr02
     stacklight_telemetry_node03_hostname: mtr03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    stacklight_log_backend_image: ${_param:salt_control_xenial_image_backend}
+    stacklight_monitor_backend_image: ${_param:salt_control_xenial_image_backend}
+    stacklight_telemetry_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -20,45 +24,54 @@
             mtr01:
               name: ${_param:stacklight_telemetry_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node13_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             mtr02:
               name: ${_param:stacklight_telemetry_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node14_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             mtr03:
               name: ${_param:stacklight_telemetry_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node15_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             log01:
               name: ${_param:stacklight_log_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node13_hostname}.${_param:cluster_domain}
               size: stacklight.log
             log02:
               name: ${_param:stacklight_log_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node14_hostname}.${_param:cluster_domain}
               size: stacklight.log
             log03:
               name: ${_param:stacklight_log_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node15_hostname}.${_param:cluster_domain}
               size: stacklight.log
             mon01:
               name: ${_param:stacklight_monitor_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node13_hostname}.${_param:cluster_domain}
               size: stacklight.server
             mon02:
               name: ${_param:stacklight_monitor_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node14_hostname}.${_param:cluster_domain}
               size: stacklight.server
             mon03:
               name: ${_param:stacklight_monitor_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node15_hostname}.${_param:cluster_domain}
-              size: stacklight.server
\ No newline at end of file
+              size: stacklight.server
diff --git a/salt/control/placement/stacklight/medium.yml b/salt/control/placement/stacklight/medium.yml
index 7f54f4d..a9643fe 100644
--- a/salt/control/placement/stacklight/medium.yml
+++ b/salt/control/placement/stacklight/medium.yml
@@ -12,6 +12,10 @@
     stacklight_telemetry_node01_hostname: mtr01
     stacklight_telemetry_node02_hostname: mtr02
     stacklight_telemetry_node03_hostname: mtr03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    stacklight_log_backend_image: ${_param:salt_control_xenial_image_backend}
+    stacklight_monitor_backend_image: ${_param:salt_control_xenial_image_backend}
+    stacklight_telemetry_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -20,45 +24,54 @@
             mtr01:
               name: ${_param:stacklight_telemetry_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node10_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             mtr02:
               name: ${_param:stacklight_telemetry_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node11_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             mtr03:
               name: ${_param:stacklight_telemetry_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node12_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             log01:
               name: ${_param:stacklight_log_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node10_hostname}.${_param:cluster_domain}
               size: stacklight.log
-            lop02:
+            log02:
               name: ${_param:stacklight_log_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node11_hostname}.${_param:cluster_domain}
               size: stacklight.log
             log03:
               name: ${_param:stacklight_log_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node12_hostname}.${_param:cluster_domain}
               size: stacklight.log
             mon01:
               name: ${_param:stacklight_monitor_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node10_hostname}.${_param:cluster_domain}
               size: stacklight.server
             mon02:
               name: ${_param:stacklight_monitor_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node11_hostname}.${_param:cluster_domain}
               size: stacklight.server
             mon03:
               name: ${_param:stacklight_monitor_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node12_hostname}.${_param:cluster_domain}
-              size: stacklight.server
\ No newline at end of file
+              size: stacklight.server
diff --git a/salt/control/placement/stacklight/minimal.yml b/salt/control/placement/stacklight/minimal.yml
index 2cde570..e03ea85 100644
--- a/salt/control/placement/stacklight/minimal.yml
+++ b/salt/control/placement/stacklight/minimal.yml
@@ -12,6 +12,10 @@
     stacklight_telemetry_node01_hostname: mtr01
     stacklight_telemetry_node02_hostname: mtr02
     stacklight_telemetry_node03_hostname: mtr03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    stacklight_log_backend_image: ${_param:salt_control_xenial_image_backend}
+    stacklight_monitor_backend_image: ${_param:salt_control_xenial_image_backend}
+    stacklight_telemetry_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -20,45 +24,54 @@
             mtr01:
               name: ${_param:stacklight_telemetry_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             mtr02:
               name: ${_param:stacklight_telemetry_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             mtr03:
               name: ${_param:stacklight_telemetry_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             log01:
               name: ${_param:stacklight_log_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: stacklight.log
             log02:
               name: ${_param:stacklight_log_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: stacklight.log
             log03:
               name: ${_param:stacklight_log_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
               size: stacklight.log
             mon01:
               name: ${_param:stacklight_monitor_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
               size: stacklight.server
             mon02:
               name: ${_param:stacklight_monitor_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
               size: stacklight.server
             mon03:
               name: ${_param:stacklight_monitor_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
-              size: stacklight.server
\ No newline at end of file
+              size: stacklight.server
diff --git a/salt/control/placement/stacklight/small.yml b/salt/control/placement/stacklight/small.yml
index e16a7cb..fec0fbf 100644
--- a/salt/control/placement/stacklight/small.yml
+++ b/salt/control/placement/stacklight/small.yml
@@ -12,6 +12,10 @@
     stacklight_telemetry_node01_hostname: mtr01
     stacklight_telemetry_node02_hostname: mtr02
     stacklight_telemetry_node03_hostname: mtr03
+    salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
+    stacklight_log_backend_image: ${_param:salt_control_xenial_image_backend}
+    stacklight_monitor_backend_image: ${_param:salt_control_xenial_image_backend}
+    stacklight_telemetry_backend_image: ${_param:salt_control_xenial_image_backend}
   salt:
     control:
       cluster:
@@ -20,45 +24,54 @@
             mtr01:
               name: ${_param:stacklight_telemetry_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node04_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             mtr02:
               name: ${_param:stacklight_telemetry_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node05_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             mtr03:
               name: ${_param:stacklight_telemetry_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_telemetry_backend_image}
               provider: ${_param:infra_kvm_node06_hostname}.${_param:cluster_domain}
               size: stacklight.telemetry
             log01:
               name: ${_param:stacklight_log_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node04_hostname}.${_param:cluster_domain}
               size: stacklight.log
             log02:
               name: ${_param:stacklight_log_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node05_hostname}.${_param:cluster_domain}
               size: stacklight.log
             log03:
               name: ${_param:stacklight_log_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_log_backend_image}
               provider: ${_param:infra_kvm_node06_hostname}.${_param:cluster_domain}
               size: stacklight.log
             mon01:
               name: ${_param:stacklight_monitor_node01_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node04_hostname}.${_param:cluster_domain}
               size: stacklight.server
             mon02:
               name: ${_param:stacklight_monitor_node02_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node05_hostname}.${_param:cluster_domain}
               size: stacklight.server
             mon03:
               name: ${_param:stacklight_monitor_node03_hostname}
               image: ${_param:salt_control_xenial_image}
+              backend: ${_param:stacklight_monitor_backend_image}
               provider: ${_param:infra_kvm_node06_hostname}.${_param:cluster_domain}
-              size: stacklight.server
\ No newline at end of file
+              size: stacklight.server
diff --git a/salt/master/pillar/composite/reclass.yml b/salt/master/pillar/composite/reclass.yml
index 0b5443b..601f3bf 100644
--- a/salt/master/pillar/composite/reclass.yml
+++ b/salt/master/pillar/composite/reclass.yml
@@ -1,2 +1,15 @@
 classes:
 - service.salt.master.pillar.composite.reclass
+
+parameters:
+  salt:
+    master:
+      pillar:
+        reclass:
+          allow_none_override: True
+
+  # NOTE, it's not good practice to combine formula pillars here
+  # exception: in this case is required to sync the same options
+  reclass:
+    storage:
+      allow_none_override: True
diff --git a/salt/master/pillar/reclass.yml b/salt/master/pillar/reclass.yml
index cfeca33..8b88bf4 100644
--- a/salt/master/pillar/reclass.yml
+++ b/salt/master/pillar/reclass.yml
@@ -1,2 +1,9 @@
 classes:
 - service.salt.master.pillar.reclass
+
+parameters:
+  salt:
+    master:
+      pillar:
+        engine: reclass
+        data_dir: /srv/salt/reclass
diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
index bf0ce83..31c1b32 100644
--- a/salt/minion/cert/libvirtd/client.yml
+++ b/salt/minion/cert/libvirtd/client.yml
@@ -18,4 +18,7 @@
           key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
           key_file: ${_param:libvirtd_client_ssl_key_file}
           cert_file: ${_param:libvirtd_client_ssl_cert_file}
-          ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
+          ca_file: ${_param:libvirtd_ssl_ca_file}
+          user: root
+          group: nova
+          mode: 640
diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
index 9080672..b091d86 100644
--- a/salt/minion/cert/libvirtd/server.yml
+++ b/salt/minion/cert/libvirtd/server.yml
@@ -18,4 +18,7 @@
           key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
           key_file: ${_param:libvirtd_server_ssl_key_file}
           cert_file: ${_param:libvirtd_server_ssl_cert_file}
-          ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
+          ca_file: ${_param:libvirtd_ssl_ca_file}
+          user: root
+          group: nova
+          mode: 640
diff --git a/salt/minion/cert/mysql/clients/openstack/barbican.yml b/salt/minion/cert/mysql/clients/openstack/barbican.yml
new file mode 100644
index 0000000..8d158ee
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/barbican.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    mysql_barbican_client_ssl_key_file: /etc/barbican/ssl/mysql/client-key.pem
+    mysql_barbican_client_ssl_cert_file: /etc/barbican/ssl/mysql/client-cert.pem
+    mysql_barbican_ssl_ca_file: /etc/barbican/ssl/mysql/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        mysql-barbican-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: mysql-barbican-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:mysql_barbican_client_ssl_key_file}
+          cert_file: ${_param:mysql_barbican_client_ssl_cert_file}
+          ca_file: ${_param:mysql_barbican_ssl_ca_file}
+          user: barbican
+          group: barbican
+          mode: 640
diff --git a/salt/minion/cert/mysql/clients/openstack/gnocchi.yml b/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
new file mode 100644
index 0000000..1aa31c9
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    mysql_gnocchi_client_ssl_key_file: /etc/gnocchi/ssl/mysql/client-key.pem
+    mysql_gnocchi_client_ssl_cert_file: /etc/gnocchi/ssl/mysql/client-cert.pem
+    mysql_gnocchi_ssl_ca_file: /etc/gnocchi/ssl/mysql/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        mysql-gnocchi-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: mysql-gnocchi-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:mysql_gnocchi_client_ssl_key_file}
+          cert_file: ${_param:mysql_gnocchi_client_ssl_cert_file}
+          ca_file: ${_param:mysql_gnocchi_ssl_ca_file}
+          user: gnocchi
+          group: gnocchi
+          mode: 640
diff --git a/salt/minion/cert/mysql/clients/openstack/ironic.yml b/salt/minion/cert/mysql/clients/openstack/ironic.yml
new file mode 100644
index 0000000..fe4aa19
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/ironic.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    mysql_ironic_client_ssl_key_file: /etc/ironic/ssl/mysql/client-key.pem
+    mysql_ironic_client_ssl_cert_file: /etc/ironic/ssl/mysql/client-cert.pem
+    mysql_ironic_ssl_ca_file: /etc/ironic/ssl/mysql/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        mysql-ironic-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: mysql-ironic-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:mysql_ironic_client_ssl_key_file}
+          cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
+          ca_file: ${_param:mysql_ironic_ssl_ca_file}
+          user: ironic
+          group: ironic
+          mode: 640
diff --git a/salt/minion/cert/mysql/clients/openstack/manila.yml b/salt/minion/cert/mysql/clients/openstack/manila.yml
new file mode 100644
index 0000000..a1ca797
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/manila.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    mysql_manila_client_ssl_key_file: /etc/manila/ssl/mysql/client-key.pem
+    mysql_manila_client_ssl_cert_file: /etc/manila/ssl/mysql/client-cert.pem
+    mysql_manila_ssl_ca_file: /etc/manila/ssl/mysql/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        mysql-manila-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: mysql-manila-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:mysql_manila_client_ssl_key_file}
+          cert_file: ${_param:mysql_manila_client_ssl_cert_file}
+          ca_file: ${_param:mysql_manila_ssl_ca_file}
+          user: manila
+          group: manila
+          mode: 640
diff --git a/salt/minion/cert/mysql/clients/openstack/panko.yml b/salt/minion/cert/mysql/clients/openstack/panko.yml
new file mode 100644
index 0000000..0593ae2
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/panko.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    mysql_panko_client_ssl_key_file: /etc/panko/ssl/mysql/client-key.pem
+    mysql_panko_client_ssl_cert_file: /etc/panko/ssl/mysql/client-cert.pem
+    mysql_panko_ssl_ca_file: /etc/panko/ssl/mysql/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        mysql-panko-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: mysql-panko-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:mysql_panko_client_ssl_key_file}
+          cert_file: ${_param:mysql_panko_client_ssl_cert_file}
+          ca_file: ${_param:mysql_panko_ssl_ca_file}
+          user: panko
+          group: panko
+          mode: 640
diff --git a/salt/minion/cert/openstack_api.yml b/salt/minion/cert/openstack_api.yml
new file mode 100644
index 0000000..1095f7e
--- /dev/null
+++ b/salt/minion/cert/openstack_api.yml
@@ -0,0 +1,22 @@
+parameters:
+  _param:
+    salt_minion_ca_host: ${linux:network:fqdn}
+    salt_minion_ca_authority: salt_master_ca
+    openstack_api_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+    openstack_api_cert_key_file: "/etc/ssl/private/openstack_api.key"
+    openstack_api_cert_cert_file: "/etc/ssl/certs/openstack_api.crt"
+    openstack_api_cert_all_file: "/etc/ssl/certs/openstack_api_with_chain.crt"
+  salt:
+    minion:
+      cert:
+        openstack_api:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: openstack_api
+          signing_policy: cert_server
+          alternative_names: ${_param:openstack_api_cert_alternative_names}
+          key_file: ${_param:openstack_api_cert_key_file}
+          cert_file: ${_param:openstack_api_cert_cert_file}
+          all_file: ${_param:openstack_api_cert_all_file}
+          enabled: true
+          engine: salt
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml b/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
new file mode 100644
index 0000000..537a3a4
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_aodh_client_ssl_key_file: /etc/aodh/ssl/rabbitmq/client-key.pem
+    rabbitmq_aodh_client_ssl_cert_file: /etc/aodh/ssl/rabbitmq/client-cert.pem
+    rabbitmq_aodh_ssl_ca_file: /etc/aodh/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-aodh-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-aodh-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_aodh_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_aodh_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_aodh_ssl_ca_file}
+          user: aodh
+          group: aodh
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml b/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
new file mode 100644
index 0000000..9fa04ef
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
@@ -0,0 +1,22 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_barbican_client_ssl_key_file: /etc/barbican/ssl/rabbitmq/client-key.pem
+    rabbitmq_barbican_client_ssl_cert_file: /etc/barbican/ssl/rabbitmq/client-cert.pem
+    rabbitmq_barbican_ssl_ca_file: /etc/barbican/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-barbican-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-barbican-client
+          signing_policy: cert_client
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_barbican_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_barbican_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_barbican_ssl_ca_file}
+          user: barbican
+          group: barbican
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml b/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
new file mode 100644
index 0000000..a2b91fd
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
@@ -0,0 +1,22 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_ceilometer_client_ssl_key_file: /etc/ceilometer/ssl/rabbitmq/client-key.pem
+    rabbitmq_ceilometer_client_ssl_cert_file: /etc/ceilometer/ssl/rabbitmq/client-cert.pem
+    rabbitmq_ceilometer_ssl_ca_file: /etc/ceilometer/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-ceilometer-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-ceilometer-client
+          signing_policy: cert_client
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+          user: ceilometer
+          group: ceilometer
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml b/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
new file mode 100644
index 0000000..576c135
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_cinder_client_ssl_key_file: /etc/cinder/ssl/rabbitmq/client-key.pem
+    rabbitmq_cinder_client_ssl_cert_file: /etc/cinder/ssl/rabbitmq/client-cert.pem
+    rabbitmq_cinder_ssl_ca_file: /etc/cinder/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-cinder-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-cinder-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_cinder_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_cinder_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_cinder_ssl_ca_file}
+          user: cinder
+          group: cinder
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/designate.yml b/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
new file mode 100644
index 0000000..f5eb631
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
@@ -0,0 +1,22 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_designate_client_ssl_key_file: /etc/designate/ssl/rabbitmq/client-key.pem
+    rabbitmq_designate_client_ssl_cert_file: /etc/designate/ssl/rabbitmq/client-cert.pem
+    rabbitmq_designate_ssl_ca_file: /etc/designate/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-designate-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-designate-client
+          signing_policy: cert_client
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_designate_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_designate_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_designate_ssl_ca_file}
+          user: designate
+          group: designate
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/glance.yml b/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
new file mode 100644
index 0000000..94749ae
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_glance_client_ssl_key_file: /etc/glance/ssl/rabbitmq/client-key.pem
+    rabbitmq_glance_client_ssl_cert_file: /etc/glance/ssl/rabbitmq/client-cert.pem
+    rabbitmq_glance_ssl_ca_file: /etc/glance/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-glance-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-glance-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_glance_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_glance_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_glance_ssl_ca_file}
+          user: glance
+          group: glance
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/heat.yml b/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
new file mode 100644
index 0000000..e69ab14
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_heat_client_ssl_key_file: /etc/heat/ssl/rabbitmq/client-key.pem
+    rabbitmq_heat_client_ssl_cert_file: /etc/heat/ssl/rabbitmq/client-cert.pem
+    rabbitmq_heat_ssl_ca_file: /etc/heat/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-heat-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-heat-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_heat_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_heat_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_heat_ssl_ca_file}
+          user: heat
+          group: heat
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml b/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
new file mode 100644
index 0000000..f9b0d74
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
@@ -0,0 +1,22 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_ironic_client_ssl_key_file: /etc/ironic/ssl/rabbitmq/client-key.pem
+    rabbitmq_ironic_client_ssl_cert_file: /etc/ironic/ssl/rabbitmq/client-cert.pem
+    rabbitmq_ironic_ssl_ca_file: /etc/ironic/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-ironic-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-ironic-client
+          signing_policy: cert_client
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_ironic_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_ironic_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_ironic_ssl_ca_file}
+          user: ironic
+          group: ironic
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml b/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
new file mode 100644
index 0000000..8261f73
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_keystone_client_ssl_key_file: /etc/keystone/ssl/rabbitmq/client-key.pem
+    rabbitmq_keystone_client_ssl_cert_file: /etc/keystone/ssl/rabbitmq/client-cert.pem
+    rabbitmq_keystone_ssl_ca_file: /etc/keystone/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-keystone-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-keystone-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_keystone_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_keystone_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_keystone_ssl_ca_file}
+          user: keystone
+          group: keystone
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/manila.yml b/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
new file mode 100644
index 0000000..345b697
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
@@ -0,0 +1,22 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_manila_client_ssl_key_file: /etc/manila/ssl/rabbitmq/client-key.pem
+    rabbitmq_manila_client_ssl_cert_file: /etc/manila/ssl/rabbitmq/client-cert.pem
+    rabbitmq_manila_ssl_ca_file: /etc/manila/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-manila-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-manila-client
+          signing_policy: cert_client
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_manila_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_manila_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_manila_ssl_ca_file}
+          user: manila
+          group: manila
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml b/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
new file mode 100644
index 0000000..2f8f5c3
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
@@ -0,0 +1,25 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_neutron_client_ssl_key_file: /etc/neutron/ssl/rabbitmq/client-key.pem
+    rabbitmq_neutron_client_ssl_cert_file: /etc/neutron/ssl/rabbitmq/client-cert.pem
+    rabbitmq_neutron_ssl_ca_file: /etc/neutron/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-neutron-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-neutron-client
+          signing_policy: cert_client
+          alternative_names: >
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_neutron_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_neutron_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_neutron_ssl_ca_file}
+          user: neutron
+          group: neutron
+          mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/nova.yml b/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
new file mode 100644
index 0000000..04a6078
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    salt_minion_ca_host: cfg01.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+    rabbitmq_nova_client_ssl_key_file: /etc/nova/ssl/rabbitmq/client-key.pem
+    rabbitmq_nova_client_ssl_cert_file: /etc/nova/ssl/rabbitmq/client-cert.pem
+    rabbitmq_nova_ssl_ca_file: /etc/nova/ssl/rabbitmq/ca-cert.pem
+  salt:
+    minion:
+      cert:
+        rabbitmq-nova-client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: rabbitmq-nova-client
+          signing_policy: cert_client
+          alternative_names: >
+            IP:${_param:cluster_local_address},
+            DNS:${_param:cluster_local_address},
+            DNS:${linux:system:name},
+            DNS:${linux:network:fqdn}
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: ${_param:rabbitmq_nova_client_ssl_key_file}
+          cert_file: ${_param:rabbitmq_nova_client_ssl_cert_file}
+          ca_file: ${_param:rabbitmq_nova_ssl_ca_file}
+          user: nova
+          group: nova
+          mode: 640