Merge "Add fluentd-based notification transport"
diff --git a/defaults/glusterfs.yml b/defaults/glusterfs.yml
new file mode 100644
index 0000000..72a68da
--- /dev/null
+++ b/defaults/glusterfs.yml
@@ -0,0 +1,4 @@
+parameters:
+  _param:
+    glusterfs_allow_ips: '*'
+    glusterfs_reject_ips: none
diff --git a/defaults/init.yml b/defaults/init.yml
index 72ca17c..2683f28 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -10,6 +10,7 @@
 - system.defaults.linux_system_file
 - system.defaults.backupninja
 - system.defaults.git
+- system.defaults.glusterfs
 - system.defaults.jenkins
 - system.defaults.postgresql
 - system.defaults.maas
diff --git a/docker/client/compose/service/jenkins.yml b/docker/client/compose/service/jenkins.yml
index 55aacdc..7045b66 100644
--- a/docker/client/compose/service/jenkins.yml
+++ b/docker/client/compose/service/jenkins.yml
@@ -3,7 +3,7 @@
 parameters:
   _param:
     jenkins_master_extra_opts: ""
-    jenkins_master_executors_num: 4
+    jenkins_master_executors_num: 0
     jenkins_master_max_concurent_requests: 40
     jenkins_home_dir_path: /var/jenkins_home
   docker:
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index ab850c0..ea4dfe5 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -4,7 +4,7 @@
 parameters:
   _param:
     jenkins_master_extra_opts: ""
-    jenkins_master_executors_num: 4
+    jenkins_master_executors_num: 0
     jenkins_master_max_concurent_requests: 40
     jenkins_home_dir_path: /var/jenkins_home
   docker:
diff --git a/docker/swarm/stack/jenkins/slave01.yml b/docker/swarm/stack/jenkins/slave01.yml
index a9643ac..4791fe3 100644
--- a/docker/swarm/stack/jenkins/slave01.yml
+++ b/docker/swarm/stack/jenkins/slave01.yml
@@ -28,6 +28,7 @@
               image: ${_param:docker_image_jenkins_slave}
               volumes:
                 - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+                - /dev/urandom:/dev/random:ro
                 - /var/run/docker.sock:/var/run/docker.sock
                 - /usr/bin/docker:/usr/bin/docker:ro
                 - /var/lib/jenkins:/var/lib/jenkins
diff --git a/docker/swarm/stack/jenkins/slave02.yml b/docker/swarm/stack/jenkins/slave02.yml
index fb3e6cc..58b5a23 100644
--- a/docker/swarm/stack/jenkins/slave02.yml
+++ b/docker/swarm/stack/jenkins/slave02.yml
@@ -28,6 +28,7 @@
               image: ${_param:docker_image_jenkins_slave}
               volumes:
                 - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+                - /dev/urandom:/dev/random:ro
                 - /var/run/docker.sock:/var/run/docker.sock
                 - /usr/bin/docker:/usr/bin/docker:ro
                 - /var/lib/jenkins:/var/lib/jenkins
diff --git a/docker/swarm/stack/jenkins/slave03.yml b/docker/swarm/stack/jenkins/slave03.yml
index b10dc66..cc2acbd 100644
--- a/docker/swarm/stack/jenkins/slave03.yml
+++ b/docker/swarm/stack/jenkins/slave03.yml
@@ -28,6 +28,7 @@
               image: ${_param:docker_image_jenkins_slave}
               volumes:
                 - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+                - /dev/urandom:/dev/random:ro
                 - /var/run/docker.sock:/var/run/docker.sock
                 - /usr/bin/docker:/usr/bin/docker:ro
                 - /var/lib/jenkins:/var/lib/jenkins
diff --git a/glusterfs/server/volume/aptly.yml b/glusterfs/server/volume/aptly.yml
index 9c9e518..095ed8e 100644
--- a/glusterfs/server/volume/aptly.yml
+++ b/glusterfs/server/volume/aptly.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/aptly
             - ${_param:cluster_node03_address}:/srv/glusterfs/aptly
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/artifactory.yml b/glusterfs/server/volume/artifactory.yml
index f70d2f0..c903d5f 100644
--- a/glusterfs/server/volume/artifactory.yml
+++ b/glusterfs/server/volume/artifactory.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/artifactory
             - ${_param:cluster_node03_address}:/srv/glusterfs/artifactory
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/backup.yml b/glusterfs/server/volume/backup.yml
index 22e59e2..3c86bb0 100644
--- a/glusterfs/server/volume/backup.yml
+++ b/glusterfs/server/volume/backup.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/backup
             - ${_param:cluster_node03_address}:/srv/glusterfs/backup
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/decapod.yml b/glusterfs/server/volume/decapod.yml
index e8f4c99..9a39eaa 100644
--- a/glusterfs/server/volume/decapod.yml
+++ b/glusterfs/server/volume/decapod.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/decapod
             - ${_param:cluster_node03_address}:/srv/glusterfs/decapod
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/devops_portal.yml b/glusterfs/server/volume/devops_portal.yml
index a2f00ba..e2116cb 100644
--- a/glusterfs/server/volume/devops_portal.yml
+++ b/glusterfs/server/volume/devops_portal.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/devops_portal
             - ${_param:cluster_node03_address}:/srv/glusterfs/devops_portal
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/elasticsearch.yml b/glusterfs/server/volume/elasticsearch.yml
index 65cf76e..e66a388 100644
--- a/glusterfs/server/volume/elasticsearch.yml
+++ b/glusterfs/server/volume/elasticsearch.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/elasticsearch
             - ${_param:cluster_node03_address}:/srv/glusterfs/elasticsearch
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/etcd.yml b/glusterfs/server/volume/etcd.yml
index 874119e..6300593 100644
--- a/glusterfs/server/volume/etcd.yml
+++ b/glusterfs/server/volume/etcd.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/etcd
             - ${_param:cluster_node03_address}:/srv/glusterfs/etcd
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/gerrit.yml b/glusterfs/server/volume/gerrit.yml
index 3348306..b3b036a 100644
--- a/glusterfs/server/volume/gerrit.yml
+++ b/glusterfs/server/volume/gerrit.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/gerrit
             - ${_param:cluster_node03_address}:/srv/glusterfs/gerrit
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             storage.owner-gid: 1000
             storage.owner-uid: 1000
             cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/glance.yml b/glusterfs/server/volume/glance.yml
index d0dfdf1..38a571e 100644
--- a/glusterfs/server/volume/glance.yml
+++ b/glusterfs/server/volume/glance.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/glance
             - ${_param:cluster_node03_address}:/srv/glusterfs/glance
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/gnocchi.yml b/glusterfs/server/volume/gnocchi.yml
index f8f5b6a..1d4ce62 100644
--- a/glusterfs/server/volume/gnocchi.yml
+++ b/glusterfs/server/volume/gnocchi.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/gnocchi
             - ${_param:cluster_node03_address}:/srv/glusterfs/gnocchi
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/influxdb.yml b/glusterfs/server/volume/influxdb.yml
index 9a75a2f..5f56d0b 100644
--- a/glusterfs/server/volume/influxdb.yml
+++ b/glusterfs/server/volume/influxdb.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/influxdb
             - ${_param:cluster_node03_address}:/srv/glusterfs/influxdb
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/jenkins.yml b/glusterfs/server/volume/jenkins.yml
index 38a341b..e17cdb5 100644
--- a/glusterfs/server/volume/jenkins.yml
+++ b/glusterfs/server/volume/jenkins.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/jenkins
             - ${_param:cluster_node03_address}:/srv/glusterfs/jenkins
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             storage.owner-gid: 1000
             storage.owner-uid: 1000
             cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/jenkins_slave_multi.yml b/glusterfs/server/volume/jenkins_slave_multi.yml
index d926dfc..5d2e70a 100644
--- a/glusterfs/server/volume/jenkins_slave_multi.yml
+++ b/glusterfs/server/volume/jenkins_slave_multi.yml
@@ -12,6 +12,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/jenkins_slaves/slave02
             - ${_param:cluster_node03_address}:/srv/glusterfs/jenkins_slaves/slave02
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             storage.owner-gid: 10000
             storage.owner-uid: 10000
             cluster.readdir-optimize: On
@@ -28,6 +30,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/jenkins_slaves/slave03
             - ${_param:cluster_node03_address}:/srv/glusterfs/jenkins_slaves/slave03
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             storage.owner-gid: 10000
             storage.owner-uid: 10000
             cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/jenkins_slave_single.yml b/glusterfs/server/volume/jenkins_slave_single.yml
index 7056240..e9420b3 100644
--- a/glusterfs/server/volume/jenkins_slave_single.yml
+++ b/glusterfs/server/volume/jenkins_slave_single.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/jenkins_slaves/slave01
             - ${_param:cluster_node03_address}:/srv/glusterfs/jenkins_slaves/slave01
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             storage.owner-gid: 10000
             storage.owner-uid: 10000
             cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/keycloak.yml b/glusterfs/server/volume/keycloak.yml
index c8c71f0..b22d2c3 100644
--- a/glusterfs/server/volume/keycloak.yml
+++ b/glusterfs/server/volume/keycloak.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/keycloak
             - ${_param:cluster_node03_address}:/srv/glusterfs/keycloak
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/keystone.yml b/glusterfs/server/volume/keystone.yml
index 81e14be..e549180 100644
--- a/glusterfs/server/volume/keystone.yml
+++ b/glusterfs/server/volume/keystone.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/keystone-keys
             - ${_param:cluster_node03_address}:/srv/glusterfs/keystone-keys
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
@@ -24,6 +26,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/keystone-credential-keys
             - ${_param:cluster_node03_address}:/srv/glusterfs/keystone-credential-keys
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/kqueen.yml b/glusterfs/server/volume/kqueen.yml
index 0d09c51..091a93c 100644
--- a/glusterfs/server/volume/kqueen.yml
+++ b/glusterfs/server/volume/kqueen.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/kqueen
             - ${_param:cluster_node03_address}:/srv/glusterfs/kqueen
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/mongodb.yml b/glusterfs/server/volume/mongodb.yml
index f694ad7..0cb3a8e 100644
--- a/glusterfs/server/volume/mongodb.yml
+++ b/glusterfs/server/volume/mongodb.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/mongodb
             - ${_param:cluster_node03_address}:/srv/glusterfs/mongodb
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/mysql.yml b/glusterfs/server/volume/mysql.yml
index 551ae40..b67975e 100644
--- a/glusterfs/server/volume/mysql.yml
+++ b/glusterfs/server/volume/mysql.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/mysql
             - ${_param:cluster_node03_address}:/srv/glusterfs/mysql
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             storage.owner-gid: 999
             storage.owner-uid: 999
             cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/openldap.yml b/glusterfs/server/volume/openldap.yml
index 84619c0..cc1ba5f 100644
--- a/glusterfs/server/volume/openldap.yml
+++ b/glusterfs/server/volume/openldap.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/openldap
             - ${_param:cluster_node03_address}:/srv/glusterfs/openldap
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/openldap_k8s.yml b/glusterfs/server/volume/openldap_k8s.yml
index 554801d..24b2a26 100644
--- a/glusterfs/server/volume/openldap_k8s.yml
+++ b/glusterfs/server/volume/openldap_k8s.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/openldap/config
             - ${_param:cluster_node03_address}:/srv/glusterfs/openldap/config
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             storage.owner-gid: 999
             storage.owner-uid: 999
             cluster.readdir-optimize: On
@@ -26,6 +28,8 @@
           - ${_param:cluster_node02_address}:/srv/glusterfs/openldap/data
           - ${_param:cluster_node03_address}:/srv/glusterfs/openldap/data
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             storage.owner-gid: 999
             storage.owner-uid: 999
             cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/postgresql.yml b/glusterfs/server/volume/postgresql.yml
index c48d833..5376934 100644
--- a/glusterfs/server/volume/postgresql.yml
+++ b/glusterfs/server/volume/postgresql.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/postgresql
             - ${_param:cluster_node03_address}:/srv/glusterfs/postgresql
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/postgresql_k8s.yml b/glusterfs/server/volume/postgresql_k8s.yml
index f276d60..523ef59 100644
--- a/glusterfs/server/volume/postgresql_k8s.yml
+++ b/glusterfs/server/volume/postgresql_k8s.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/postgresql
             - ${_param:cluster_node03_address}:/srv/glusterfs/postgresql
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             storage.owner-gid: 999
             storage.owner-uid: 999
             cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/privatebin.yml b/glusterfs/server/volume/privatebin.yml
index e2eba2d..e78df75 100644
--- a/glusterfs/server/volume/privatebin.yml
+++ b/glusterfs/server/volume/privatebin.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/privatebin
             - ${_param:cluster_node03_address}:/srv/glusterfs/privatebin
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/pushkin.yml b/glusterfs/server/volume/pushkin.yml
index 2d6a249..14d8b16 100644
--- a/glusterfs/server/volume/pushkin.yml
+++ b/glusterfs/server/volume/pushkin.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/pushkin
             - ${_param:cluster_node03_address}:/srv/glusterfs/pushkin
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/registry.yml b/glusterfs/server/volume/registry.yml
index 474ce7b..19d0106 100644
--- a/glusterfs/server/volume/registry.yml
+++ b/glusterfs/server/volume/registry.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/registry
             - ${_param:cluster_node03_address}:/srv/glusterfs/registry
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/rundeck.yml b/glusterfs/server/volume/rundeck.yml
index c0ced5b..727496a 100644
--- a/glusterfs/server/volume/rundeck.yml
+++ b/glusterfs/server/volume/rundeck.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/rundeck
             - ${_param:cluster_node03_address}:/srv/glusterfs/rundeck
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/salt.yml b/glusterfs/server/volume/salt.yml
index e14701d..f832bce 100644
--- a/glusterfs/server/volume/salt.yml
+++ b/glusterfs/server/volume/salt.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/saltmaster
             - ${_param:cluster_node03_address}:/srv/glusterfs/saltmaster
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/salt_pki.yml b/glusterfs/server/volume/salt_pki.yml
index 9a26bdb..8135e47 100644
--- a/glusterfs/server/volume/salt_pki.yml
+++ b/glusterfs/server/volume/salt_pki.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/salt_pki
             - ${_param:cluster_node03_address}:/srv/glusterfs/salt_pki
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/glusterfs/server/volume/security_monkey.yml b/glusterfs/server/volume/security_monkey.yml
index e730c90..3fa9f57 100644
--- a/glusterfs/server/volume/security_monkey.yml
+++ b/glusterfs/server/volume/security_monkey.yml
@@ -10,6 +10,8 @@
             - ${_param:cluster_node02_address}:/srv/glusterfs/security_monkey
             - ${_param:cluster_node03_address}:/srv/glusterfs/security_monkey
           options:
+            auth.allow: ${_param:glusterfs_allow_ips}
+            auth.reject: ${_param:glusterfs_reject_ips}
             cluster.readdir-optimize: On
             nfs.disable: On
             network.remote-dio: On
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index 21313b2..ede66b1 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -250,6 +250,53 @@
               type: string
               default: "https://github.com/Mirantis/cvp-configuration"
               description: URL of repo where testing tools, scenarios, configs are located.
+        cvp-tempest:
+          type: workflow-scm
+          name: cvp-tempest
+          display_name: "CVP - Functional tests (new)"
+          discard:
+            build:
+              keep_num: 20
+            artifact:
+              keep_num: 20
+          concurrent: false
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+            branch: "${_param:jenkins_pipelines_branch}"
+            credentials: "gerrit"
+            script: cvp-tempest.groovy
+          param:
+            PREPARE_RESOURCES:
+              type: boolean
+              default: true
+              description: Prepare resources for Tempest
+            SALT_MASTER_URL:
+              type: string
+              default: "${_param:jenkins_salt_api_url}"
+              description: SALT_MASTER_URL
+            TEMPEST_TEST_PATTERN:
+              type: string
+              default: "set=smoke"
+              description: Use set=smoke, set=full or just test name (regex)
+            TEMPEST_ENDPOINT_TYPE:
+              type: choice
+              choices:
+                - internalURL
+                - adminURL
+                - publicURL
+              description: Openstack endpoint type to use during test run.
+            EXTRA_PARAMS:
+              type: text
+              default:  |
+                ---
+                  DEBUG_MODE: false
+                  GENERATE_CONFIG: true
+                  TARGET_NODE: "I@gerrit:client"
+                  SKIP_LIST_PATH: ""
+                  TEST_IMAGE: "docker-prod-virtual.docker.mirantis.net/mirantis/cicd/ci-tempest:${_param:openstack_version}"
+                  report_prefix: "cvp_"
+              description: YAML context with additional parameters
         cvp-perf:
           type: workflow-scm
           name: cvp-perf
@@ -444,3 +491,39 @@
                     SHAKER_EXTERNAL_NET='public'
                   For the more detailed description of the last two categories please refer to the shaker documentation
                   https://pyshaker.readthedocs.io/en/latest/tools.html
+        cvp-rebuild:
+          type: workflow-scm
+          name: cvp-rebuild
+          display_name: "CVP-rebuild job for images"
+          discard:
+            build:
+              keep_num: 20
+            artifact:
+              keep_num: 20
+          concurrent: false
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+            branch: "${_param:jenkins_pipelines_branch}"
+            credentials: "gerrit"
+            script: cvp-rebuild.groovy
+          param:
+            DESTINATION_IMAGE:
+              type: string
+              default: ""
+              description: "Specify address of local registry and name of the image e.g. _cid_vip_:5000/ci-tempest:v1"
+            SALT_MASTER_URL:
+              type: string
+              default: "${_param:jenkins_salt_api_url}"
+              description: Full Salt API address [e.g. https://10.10.10.2:6969]
+            SALT_MASTER_CREDENTIALS:
+              type: string
+              default: "salt"
+            REPO:
+              type: string
+              default: ""
+              description: Specify repo that will be used to rebuild image
+            BRANCH:
+              type: string
+              default: ""
+              description: Branch or version of REPO to checkout
diff --git a/jenkins/client/node.yml b/jenkins/client/node.yml
index e5e4d3b..2de0022 100644
--- a/jenkins/client/node.yml
+++ b/jenkins/client/node.yml
@@ -7,8 +7,7 @@
         master:
           node_mode: Exclusive
           remote_home: /var/lib/jenkins
-          labels:
-            - python
+          num_executors: 0
           launcher:
             type: master
         slave01:
diff --git a/kubernetes/control/services/drivetrain/jenkins_master.yml b/kubernetes/control/services/drivetrain/jenkins_master.yml
index 36d8c5a..a564318 100644
--- a/kubernetes/control/services/drivetrain/jenkins_master.yml
+++ b/kubernetes/control/services/drivetrain/jenkins_master.yml
@@ -1,7 +1,7 @@
 parameters:
   _param:
     jenkins_master_extra_opts: ""
-    jenkins_master_executors_num: 4
+    jenkins_master_executors_num: 0
     jenkins_master_max_concurent_requests: 40
     jenkins_home_dir_path: /var/jenkins_home
   kubernetes:
diff --git a/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml b/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
index e710cd2..f1617b4 100644
--- a/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
+++ b/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
@@ -41,6 +41,9 @@
                 - name: docker-sock-volume02
                   mount: /var/run/docker.sock
                   read_only: false
+                - name: entropy-volume02
+                  mount: /dev/random
+                  read_only: true
           volume:
             jenkins-slave02:
               type: glusterfs
@@ -50,6 +53,9 @@
             docker-sock-volume02:
               type: hostPath
               path: /var/run/docker.sock
+            entropy-volume02:
+              type: hostPath
+              path: /dev/urandom
         jenkins_slave03:
           create: true
           service: slave03
@@ -87,6 +93,9 @@
               - name: docker-sock-volume03
                 mount: /var/run/docker.sock
                 read_only: false
+              - name: entropy-volume03
+                mount: /dev/random
+                read_only: true
           volume:
             jenkins-slave03:
               type: glusterfs
@@ -96,3 +105,6 @@
             docker-sock-volume03:
               type: hostPath
               path: /var/run/docker.sock
+            entropy-volume03:
+              type: hostPath
+              path: /dev/urandom
diff --git a/kubernetes/control/services/drivetrain/jenkins_slave_single.yml b/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
index 5cdd32b..ee327dd 100644
--- a/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
+++ b/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
@@ -42,6 +42,9 @@
                 - name: docker-sock-volume
                   mount: /var/run/docker.sock
                   read_only: false
+                - name: entropy-volume
+                  mount: /dev/random
+                  read_only: true
           volume:
             jenkins-slave01:
               type: glusterfs
@@ -51,3 +54,6 @@
             docker-sock-volume:
               type: hostPath
               path: /var/run/docker.sock
+            entropy-volume:
+              type: hostPath
+              path: /dev/urandom
diff --git a/openssh/server/team/drivetrain.yml b/openssh/server/team/drivetrain.yml
index 1a0d574..066d543 100644
--- a/openssh/server/team/drivetrain.yml
+++ b/openssh/server/team/drivetrain.yml
@@ -4,6 +4,7 @@
 - system.openssh.server.team.members.iberezovskiy
 - system.openssh.server.team.members.mpolreich
 - system.openssh.server.team.members.sriazanov
+- system.openssh.server.team.members.efedorova
 parameters:
   _param:
     linux_system_user_sudo: true
diff --git a/openssh/server/team/members/efedorova.yml b/openssh/server/team/members/efedorova.yml
new file mode 100644
index 0000000..8f37847
--- /dev/null
+++ b/openssh/server/team/members/efedorova.yml
@@ -0,0 +1,19 @@
+parameters:
+  linux:
+    system:
+      user:
+        efedorova:
+          email: efedorova@mirantis.com
+          enabled: true
+          full_name: Ekaterina Chernova
+          home: /home/efedorova
+          name: efedorova
+          sudo: ${_param:linux_system_user_sudo}
+  openssh:
+    server:
+      user:
+        efedorova:
+          enabled: true
+          public_keys:
+          - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2WZDqD0R/6RNSx4KdR5QD/jmCWnl/4QHHZeu679gP6Sdy/Z2/Qzf9k7hBSwLFExjLCu4dIJGhdvB1HoG3S5qIqdhfKZTkJp2ackDPnegSAhgqem/tXcyQrMOe8jtCCK375kwsMV5dJkxadbv5Qb71TdwHeBsV5B3Kmi5q0WwSlzsq3AI8OvNn4KeSeEGGv2lK6Ddxwl1u5IcSf5G0zBGc8s0mwGPnsBIATfiztX61MkqyDPIuYacRpkaDLX5v/X7eYqxYxDop6OBLxR+mgivluDEyDaQ9DKHO5ypQIiAk359CxMSQ9T+y5WSL0MdgYSKxFsK8jzo6JquZC54ZUQKb efedorova
+          user: ${linux:system:user:efedorova}
\ No newline at end of file