Merge "Remove sudo limits for support team"
diff --git a/.releasenotes/config.yaml b/.releasenotes/config.yaml
index 28db76e..bf103f9 100644
--- a/.releasenotes/config.yaml
+++ b/.releasenotes/config.yaml
@@ -9,10 +9,11 @@
 prelude_section_name: summary
 show_source: False
 sections:
-  - [features, New Features]
-  - [upgrade, Upgrade Notes]
-  - [fixes, Bug Fixes]
-  - [other, Other Notes]
+  - [features, New features]
+  - [upgrades, Upgrade notes]
+  - [deprecations, Deprecation notes]
+  - [fixes, Bug fixes]
+  - [others, Other notes]
 template: |
   ---
   # Author the following sections or remove the section if it is not related.
@@ -21,38 +22,66 @@
   # If you miss a section from the list below, please first submit a review
   # adding it to .releasenotes/config.yaml.
   #
+  # Format content with reStructuredText (RST).
+  # **Formatting examples:**
+  # - |
+  #   This is a brief description of the feature. It may include a
+  #   number of components:
+  #
+  #   * List item 1
+  #   * List item 2.
+  #     This code block below will appear as part of the list item 2:
+  #
+  #     .. code-block:: yaml
+  #
+  #        classes:
+  #        - system.class.to.load
+  #
+  #   The code block below will appear on the same level as the feature
+  #   description:
+  #
+  #   .. code-block:: text
+  #
+  #      provide model/formula pillar snippets
+
+
   summary: >
     This section is not mandatory. Use it to highlight the change.
 
   features:
-    - Use list to record summary of features.
-    - |
-      Provide detailed description with examples.
-      Format with reStructuredText.
+    - Use the list to record summary of **NEW** features
+    - Provide detailed description of the feature indicating the use cases
+      when users benefit from using it
+    - Explain how the feature integrates into the overall reference
+      architecture of a deployment.
+    - Provide steps to deploy the feature (if the procedure is complicated
+      indicate during what stage of the deployment workflow it should be
+      deployed).
+    - Indicate limitations or incompatibility with other versions, if applicable.
+    - Provide a brief overview of how to use the feature after installation
+      (Day2 operations).
+    - Provide troubleshooting information, if any.
+    - Provide disaster recovery information (in case of hardware or software
+      failure.)
 
-      .. code-block:: text
+  upgrades:
+    - Use the list to record summary of an **improvement** to an existing
+      functionality/feature
+    - Document how to use a feature.
+    - Document the related upgrade instructions.
+    - Indicate limitations, if applicable.
 
-         provide model/formula pillar snippets
-
-  upgrade:
-    - |
-      Document how to use a feature and related upgrade instructions.
+  deprecations:
+    - Use the list to record deprecated features.
+    - Explain the reason of deprecation.
+    - Point to the functionality that can be used instead.
 
   fixes:
-    - Use list to record summary of fixes.
-      Quick and dirty `git log --oneline`.
+    - Use the list to record summary of a bug fix for blocker, critical,
+      and/or customer-found issues.
+    - Provide a brief summary of what has been fixed.
 
-  other:
-    - Author additional notes for the release.
-    - Format with reStructuredText.
-    - |
-        Use this section if note is not related to one of the common sections:
-        features, issues, upgrade, deprecations, security, fixes, api, cli
+  others:
+    - Author any additional notes. Use this section if note is not related to
+      any of the common sections above.
 
-        * list item 1
-        * list item 2
-
-        .. code-block:: yaml
-
-          classes:
-          - system.class.to.load
diff --git a/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml b/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml
index 733776f..45b6749 100644
--- a/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml
+++ b/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml
@@ -1,18 +1,20 @@
 ---
 summary: >
-  Use "reno", an releasenotes configuration tool to record release notes.
-  Documentation: https://docs.openstack.org/reno/latest
+  This is the test release of MCP Feature Update notes.
+  These notes are intended to detail the new functionality and
+  bug fixes released for Reclass model on a sprint basis.
 
-  Example usage:
-
-  .. code-block:: shell
-
-    # to list/create/show release notes, run following commands
-    reno -qd .releasenotes list
-    reno -qd .releasenotes new releasenote-slug-title --edit
-    reno -qd .releasenotes report --no-show-source
-
-other:
+others:
   - |
-    Added `reno <https://docs.openstack.org/reno/latest>_` configuration to track release notes
-    within the reclass-system git repository.
+    Added `Reno <https://docs.openstack.org/reno/latest>_`, a release notes
+    configuration tool, to track release notes within the ``reclass-system``
+    Git repository.
+
+    To list/create/show release notes:
+
+    .. code-block:: shell
+
+       reno -qd .releasenotes list
+       reno -qd .releasenotes new releasenote-slug-title --edit
+       reno -qd .releasenotes report --no-show-source
+
diff --git a/docker/swarm/stack/monitoring/init.yml b/docker/swarm/stack/monitoring/init.yml
index 347319a..17a3a49 100644
--- a/docker/swarm/stack/monitoring/init.yml
+++ b/docker/swarm/stack/monitoring/init.yml
@@ -95,11 +95,11 @@
                 - ${prometheus:server:dir:config}:${_param:prometheus_server_config_directory}
                 - ${prometheus:server:dir:data}:${_param:prometheus_server_data_directory}
               environment:
-                config_dir: ${_param:prometheus_server_config_directory}
-                data_dir: ${_param:prometheus_server_data_directory}
-                bind_port: ${prometheus:server:bind:port}
-                bind_address: ${prometheus:server:bind:address}
-                storage_local_engine: ${prometheus:server:storage:local:engine}
-                storage_local_retention: ${prometheus:server:storage:local:retention}
-                storage_local_target_heap_size: ${prometheus:server:storage:local:target_heap_size}
-                storage_local_num_fingerprint_mutexes: ${prometheus:server:storage:local:num_fingerprint_mutexes}
+                PROMETHEUS_CONFIG_DIR: ${_param:prometheus_server_config_directory}
+                PROMETHEUS_DATA_DIR: ${_param:prometheus_server_data_directory}
+                PROMETHEUS_BIND_PORT: ${prometheus:server:bind:port}
+                PROMETHEUS_BIND_ADDRESS: ${prometheus:server:bind:address}
+                PROMETHEUS_STORAGE_LOCAL_ENGINE: ${prometheus:server:storage:local:engine}
+                PROMETHEUS_STORAGE_LOCAL_RETENTION: ${prometheus:server:storage:local:retention}
+                PROMETHEUS_STORAGE_LOCAL_TARGET_HEAP_SIZE: ${prometheus:server:storage:local:target_heap_size}
+                PROMETHEUS_STORAGE_LOCAL_NUM_FINGERPRINT_MUTEXES: ${prometheus:server:storage:local:num_fingerprint_mutexes}
diff --git a/haproxy/proxy/listen/opencontrail/tor.yml b/haproxy/proxy/listen/opencontrail/tor.yml
new file mode 100644
index 0000000..0595ccd
--- /dev/null
+++ b/haproxy/proxy/listen/opencontrail/tor.yml
@@ -0,0 +1,19 @@
+parameters:
+  haproxy:
+    proxy:
+      listen:
+        contrail_tor01:
+          type: contrail-tor
+          service_name: contrail
+          binds:
+          - address: ${_param:cluster_vip_address}
+            port: 6631
+          servers:
+          - name: sw01
+            host: ${_param:cluster_node01_address}
+            port: 6632
+            params: check
+          - name: sw02
+            host: ${_param:cluster_node02_address}
+            port: 6632
+            params: check backup
diff --git a/helm/analytics_pipeline/hdfs.yml b/helm/analytics_pipeline/hdfs.yml
new file mode 100644
index 0000000..64e0cef
--- /dev/null
+++ b/helm/analytics_pipeline/hdfs.yml
@@ -0,0 +1,15 @@
+parameters:
+  _param:
+    analytics_hdfs_release: ${_param:analytics_release_prefix}hdfs
+    analytics_hdfs_address: hdfs-namenode-${_param:analytics_hdfs_release}-0.hdfs-namenode-${_param:analytics_hdfs_release}
+  helm:
+    client:
+      releases:
+        analytics-pipeline-hdfs:
+          enabled: ${_param:analytics_enabled}
+          name: ${_param:analytics_hdfs_release}
+          chart: ${_param:analytics_repo}/hdfs
+          values:
+            datanode:
+              replicas: 3
+              antiAffinity: soft
diff --git a/helm/analytics_pipeline/init.yml b/helm/analytics_pipeline/init.yml
new file mode 100644
index 0000000..f994efa
--- /dev/null
+++ b/helm/analytics_pipeline/init.yml
@@ -0,0 +1,19 @@
+classes:
+- system.helm.analytics_pipeline.zookeeper
+- system.helm.analytics_pipeline.kafka
+- system.helm.analytics_pipeline.spark
+- system.helm.analytics_pipeline.hdfs
+- system.helm.analytics_pipeline.tweepub
+- system.helm.analytics_pipeline.tweetics
+- system.helm.analytics_pipeline.tweeviz
+- service.helm.client
+parameters:
+  _param:
+    analytics_enabled: true
+    analytics_repo: mirantisworkloads
+    analytics_release_prefix: analytics-pipeline-
+    analytics_kafka_replicas: 3
+  helm:
+    client:
+      repos:
+        mirantisworkloads: https://mirantisworkloads.storage.googleapis.com/
diff --git a/helm/analytics_pipeline/kafka.yml b/helm/analytics_pipeline/kafka.yml
new file mode 100644
index 0000000..3c88299
--- /dev/null
+++ b/helm/analytics_pipeline/kafka.yml
@@ -0,0 +1,17 @@
+parameters:
+  _param:
+    analytics_kafka_release: ${_param:analytics_release_prefix}kafka
+    analytics_kafka_address: kafka-${_param:analytics_kafka_release}-0.kafka-${_param:analytics_kafka_release}:9092,kafka-${_param:analytics_kafka_release}-1.kafka-${_param:analytics_kafka_release}:9092,kafka-${_param:analytics_kafka_release}-2.kafka-${_param:analytics_kafka_release}:9092
+  helm:
+    client:
+      releases:
+        analytics-pipeline-kafka:
+          enabled: ${_param:analytics_enabled}
+          name: ${_param:analytics_kafka_release}
+          chart: ${_param:analytics_repo}/kafka
+          values:
+            replicas: ${_param:analytics_kafka_replicas}
+            antiAffinity: soft
+            zookeeper:
+              deployChart: false
+              externalAddress: ${_param:analytics_zookeeper_address}
diff --git a/helm/analytics_pipeline/spark.yml b/helm/analytics_pipeline/spark.yml
new file mode 100644
index 0000000..aeb2856
--- /dev/null
+++ b/helm/analytics_pipeline/spark.yml
@@ -0,0 +1,20 @@
+parameters:
+  _param:
+    analytics_spark_release: ${_param:analytics_release_prefix}spark
+    analytics_spark_address: spark-master-${_param:analytics_spark_release}-0.spark-master-${_param:analytics_spark_release}:7077,spark-master-${_param:analytics_spark_release}-1.spark-master-${_param:analytics_spark_release}:7077
+  helm:
+    client:
+      releases:
+        analytics-pipeline-spark:
+          enabled: ${_param:analytics_enabled}
+          name: ${_param:analytics_spark_release}
+          chart: ${_param:analytics_repo}/spark
+          values:
+            spark:
+              master:
+                replicas: 1
+              worker:
+                replicas: 3
+            zookeeper:
+              deployChart: false
+              externalAddress: ${_param:analytics_zookeeper_address}
diff --git a/helm/analytics_pipeline/tweepub.yml b/helm/analytics_pipeline/tweepub.yml
new file mode 100644
index 0000000..42678a3
--- /dev/null
+++ b/helm/analytics_pipeline/tweepub.yml
@@ -0,0 +1,23 @@
+parameters:
+  _param:
+    analytics_tweepub_release: ${_param:analytics_release_prefix}tweepub
+  helm:
+    client:
+      releases:
+        analytics-pipeline-tweepub:
+          enabled: ${_param:analytics_enabled}
+          name: ${_param:analytics_tweepub_release}
+          chart: ${_param:analytics_repo}/tweepub
+          values:
+            twitter:
+              appKey: ${_param:analytics_twitter_app_key}
+              appSecret: ${_param:analytics_twitter_app_secret}
+              tokenKey: ${_param:analytics_twitter_token_key}
+              tokenSecret: ${_param:analytics_twitter_token_secret}
+
+              # San Francisco, Boston, New York
+              locations: -71.4415,41.9860,-70.4747,42.9041,-122.75,36.8,-121.75,37.8,-74,40,-73,41
+            kafka:
+              deployChart: false
+              externalAddress: ${_param:analytics_kafka_address}
+              topic: twitter-stream
diff --git a/helm/analytics_pipeline/tweetics.yml b/helm/analytics_pipeline/tweetics.yml
new file mode 100644
index 0000000..de438bf
--- /dev/null
+++ b/helm/analytics_pipeline/tweetics.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    analytics_tweetics_release: ${_param:analytics_release_prefix}tweetics
+  helm:
+    client:
+      releases:
+        analytics-pipeline-tweetics:
+          enabled: ${_param:analytics_enabled}
+          name: ${_param:analytics_tweetics_release}
+          chart: ${_param:analytics_repo}/tweetics
+          values:
+            minHashtagCounts: 0
+            zookeeper:
+              deployChart: false
+              externalAddress: ${_param:analytics_zookeeper_address}
+            kafka:
+              deployChart: false
+              externalAddress: ${_param:analytics_kafka_address}
+              topic: twitter-stream
+            spark:
+              deployChart: false
+              externalAddress: ${_param:analytics_spark_address}
+            storage: hdfs
+            hdfs:
+              deployChart: false
+              externalAddress: ${_param:analytics_hdfs_address}
+              path: /twitter
diff --git a/helm/analytics_pipeline/tweeviz.yml b/helm/analytics_pipeline/tweeviz.yml
new file mode 100644
index 0000000..d8f7aef
--- /dev/null
+++ b/helm/analytics_pipeline/tweeviz.yml
@@ -0,0 +1,19 @@
+parameters:
+  _param:
+    analytics_tweeviz_release: ${_param:analytics_release_prefix}tweeviz
+  helm:
+    client:
+      releases:
+        analytics-pipeline-tweeviz:
+          enabled: ${_param:analytics_enabled}
+          name: ${_param:analytics_tweeviz_release}
+          chart: ${_param:analytics_repo}/tweeviz
+          values:
+            minPopularity: 1
+            topListSize: 25
+            storage: hdfs
+            hdfs:
+              deployChart: false
+              externalAddress: ${_param:analytics_hdfs_address}
+              path: /
+              externalPort: 8020
diff --git a/helm/analytics_pipeline/zookeeper.yml b/helm/analytics_pipeline/zookeeper.yml
new file mode 100644
index 0000000..698510d
--- /dev/null
+++ b/helm/analytics_pipeline/zookeeper.yml
@@ -0,0 +1,14 @@
+parameters:
+  _param:
+    analytics_zookeeper_release: ${_param:analytics_release_prefix}zookeeper
+    analytics_zookeeper_address: zk-${_param:analytics_zookeeper_release}-0.zk-${_param:analytics_zookeeper_release}:2181,zk-${_param:analytics_zookeeper_release}-1.zk-${_param:analytics_zookeeper_release}:2181,zk-${_param:analytics_zookeeper_release}-2.zk-${_param:analytics_zookeeper_release}:2181
+  helm:
+    client:
+      releases:
+        analytics-pipeline-zookeeper:
+          enabled: ${_param:analytics_enabled}
+          name: ${_param:analytics_zookeeper_release}
+          chart: ${_param:analytics_repo}/zookeeper
+          values:
+            replicas: 3
+            antiAffinity: soft
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 99f2492..b187e26 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -127,3 +127,5 @@
         - method java.io.File listFiles
         - method java.lang.String concat java.lang.String
         - method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses
+        - method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild
+        - method hudson.model.Actionable getAction java.lang.Class
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index b37c48f..7d87ffe 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -16,7 +16,6 @@
         username: ${_param:jenkins_client_user}
         password: ${_param:jenkins_client_password}
       plugin:
-        ansicolor: {}
         artifactory: {}
         build-blocker-plugin: {}
         build-monitor-plugin: {}
@@ -39,7 +38,6 @@
         simple-theme-plugin: {}
         slack: {}
         test-stability: {}
-        timestamper: {}
         workflow-cps: {}
         workflow-remote-loader: {}
         workflow-scm-step:
diff --git a/jenkins/client/job/deploy/lab/component/ceph.yml b/jenkins/client/job/deploy/lab/component/ceph.yml
index f8953b6..e9e3d64 100644
--- a/jenkins/client/job/deploy/lab/component/ceph.yml
+++ b/jenkins/client/job/deploy/lab/component/ceph.yml
@@ -14,4 +14,4 @@
         stack_type: aws
         stack_install: core,ceph
         stack_test: "ceph"
-        job_timer: ""
+        job_timer: "H H * * *"
diff --git a/jenkins/client/job/opencontrail/build/dpdk-extra.yml b/jenkins/client/job/opencontrail/build/dpdk-extra.yml
index 156cedb..53e1ae3 100644
--- a/jenkins/client/job/opencontrail/build/dpdk-extra.yml
+++ b/jenkins/client/job/opencontrail/build/dpdk-extra.yml
@@ -1,4 +1,6 @@
 parameters:
+  _param:
+    jenkins_contrail_dpdk_kernel_modules_dkms: "${_param:jenkins_gerrit_url}/contrail/contrail-dpdk-kernel-modules-dkms"
   jenkins:
     client:
       job_template:
@@ -84,3 +86,52 @@
                 description: "binary packages to create"
                 type: string
                 default: "{{binary}}"
+        build-opencontrail-dpdk-kernel-modules-dkms:
+          name: build-opencontrail-dpdk-kernel-modules-dkms-{{os}}-{{dist}}-{{dpdk}}
+          jobs:
+            - os: ubuntu
+              dist: xenial
+              branch: contrail_dpdk_2_1
+              dpdk: "21"
+              aptly_repo: ubuntu-xenial-mitaka
+            - os: ubuntu
+              dist: xenial
+              dpdk: "1702"
+              branch: contrail_dpdk_17_02
+              aptly_repo: ubuntu-xenial-oc40-dpdk1702
+          template:
+            discard:
+             build:
+               keep_num: 5
+             artifact:
+               keep_num: 5
+            type: workflow-scm
+            concurrent: false
+            quiet_period: 120
+            scm:
+              type: git
+              url: "${_param:jenkins_contrail_dpdk_kernel_modules_dkms}"
+              credentials: "gerrit"
+              branch: "{{branch}}"
+            param:
+              SOURCE_BRANCH:
+                type: string
+                default: "{{branch}}"
+              SOURCE_CREDENTIALS:
+                type: string
+                default: "gerrit"
+              APTLY_URL:
+                type: string
+                default: "${_param:jenkins_aptly_api_url}"
+              APTLY_REPO:
+                type: string
+                default: "{{aptly_repo}}"
+              OS:
+                type: string
+                default: "{{os}}"
+              DIST:
+                type: string
+                default: "{{dist}}"
+              ARCH:
+                type: string
+                default: "amd64"
diff --git a/linux/system/repo/aptly.yml b/linux/system/repo/aptly.yml
new file mode 100644
index 0000000..330ba03
--- /dev/null
+++ b/linux/system/repo/aptly.yml
@@ -0,0 +1,9 @@
+parameters:
+  linux:
+    system:
+      repo:
+        aptly:
+          source: "deb http://repo.aptly.info/ squeeze main"
+          architectures: amd64
+          key_id: 9E3E53F19C7DE460
+          key_server: keys.gnupg.net
diff --git a/linux/system/single.yml b/linux/system/single.yml
index e2a8502..928efda 100644
--- a/linux/system/single.yml
+++ b/linux/system/single.yml
@@ -35,6 +35,8 @@
           net.ipv4.neigh.default.gc_thresh2: 8192
           net.ipv4.neigh.default.gc_thresh3: 16384
           net.core.netdev_max_backlog: 261144
+          net.ipv4.tcp_tw_recycle: 1
+          net.ipv4.tcp_tw_reuse: 1
           kernel.panic: 60
       cpu:
         governor: performance
diff --git a/opencontrail/compute/tor/cluster.yml b/opencontrail/compute/tor/cluster.yml
new file mode 100644
index 0000000..662de03
--- /dev/null
+++ b/opencontrail/compute/tor/cluster.yml
@@ -0,0 +1,4 @@
+classes:
+- service.haproxy.proxy.single
+- service.keepalived.cluster.single
+- service.opencontrail.compute.tor.cluster
diff --git a/openssh/server/team/all.yml b/openssh/server/team/all.yml
index 4dcb121..1fea51d 100644
--- a/openssh/server/team/all.yml
+++ b/openssh/server/team/all.yml
@@ -5,7 +5,9 @@
 - system.openssh.server.team.mcp_ci
 - system.openssh.server.team.mmo_devops
 - system.openssh.server.team.presales
-- system.openssh.server.team.support
+- system.openssh.server.team.services
+# avoid teams w/sudo group restrictions, or override restrictions
+#- system.openssh.server.team.support
 - system.openssh.server.team.stacklight
 - system.openssh.server.team.networking
 - system.openssh.server.team.oss_team
diff --git a/openssh/server/team/members/chnyda.yml b/openssh/server/team/members/chnyda.yml
new file mode 100644
index 0000000..2bcecaf
--- /dev/null
+++ b/openssh/server/team/members/chnyda.yml
@@ -0,0 +1,20 @@
+parameters:
+  linux:
+    system:
+      user:
+        chnyda:
+          enabled: true
+          name: chnyda
+          sudo: true
+          full_name: Cedric Hnyda
+          home: /home/chnyda
+          email: chnyda@mirantis.com
+  openssh:
+    server:
+      enabled: true
+      user:
+        chnyda:
+          enabled: true
+          public_keys:
+            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHmLTwDSFslOUVo4ViT0bqVLhSaweuLt0QNWhnIaSPgqWhHOSkdqt3+Tg4l8Vd4O4Z44Yv/rXqhmO5X1AIytNccA6+nJe4Km3JC6QzG6npS3ghtHWDU3DOGgWd5RrULviEDSIj1w1oG8oHxdycGkbfjApAkiDR/xr7NHhTcPhEuvn/q7i1raj4vpNdIrR+cr6XA3l+I4cmaizpjuWaFrag1q24RS7PVEUmcPRSODrkdwFREsrLkIlIgtIoMIIjtEDdk1RU/loiXrNwuVRI3KTLqhheFlHedQd13uzpn66KF6UVlZAm+k2y2jLdEi5IFKD3g6mmWsNH6xSZYVn6d84/XvLjMsS/UL+WHr5xetHNSi3RtQOkCPYphq1KcRAXLwH0dgtDwfyg2F+5ezG3wMsZAqD3KiaGNmDcA6R19Fpjm0S4SXa+QnX5eZcO9DS5cYTjs8F2T9Vsaspvwc0U80M6+JvOlV1PBNJYQhSxdX1Plf2p1MrrRnYhlgMdzCiPSQHsKp3tei8I+bqCvV9iScLAbLxKaW/yWdeuh74oGitTfI4R0h0HMJ1lqK+rT5wtMXyJSvFMK6Zph0GqJf3QHBhzCfs5PIto1pyNdXbI8KzfgTgyo+3gpIPAQ2VD/pf8mOD218UPNQglYWP6wniTq/hVtC2tl3DW53qx5qv10osGmw== chnyda@mirantis.com
+          user: ${linux:system:user:chnyda}
diff --git a/openssh/server/team/tcpcloud.yml b/openssh/server/team/tcpcloud.yml
index c7b465a..bcd9327 100644
--- a/openssh/server/team/tcpcloud.yml
+++ b/openssh/server/team/tcpcloud.yml
@@ -20,6 +20,7 @@
 - system.openssh.server.team.members.tkukral
 - system.openssh.server.team.members.vmikes
 - system.openssh.server.team.members.psvimbersky
+- system.openssh.server.team.members.chnyda
 
 parameters:
   _param:
diff --git a/prometheus/server/target/kubernetes/endpoint.yml b/prometheus/server/target/kubernetes/endpoint.yml
deleted file mode 100644
index 671f037..0000000
--- a/prometheus/server/target/kubernetes/endpoint.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-parameters:
-  prometheus:
-    server:
-      target:
-        kubernetes:
-          endpoint:
-            enabled: true
diff --git a/prometheus/server/target/kubernetes/init.yml b/prometheus/server/target/kubernetes/init.yml
deleted file mode 100644
index 919c916..0000000
--- a/prometheus/server/target/kubernetes/init.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-parameters:
-  prometheus:
-    server:
-      target:
-        kubernetes:
-          enabled: true
-          api_ip: ${_param:kubernetes_control_address}
-          cert_name: prometheus-server.crt
-          key_name: prometheus-server.key
diff --git a/prometheus/server/target/kubernetes/pod.yml b/prometheus/server/target/kubernetes/pod.yml
deleted file mode 100644
index 964282f..0000000
--- a/prometheus/server/target/kubernetes/pod.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-parameters:
-  prometheus:
-    server:
-      target:
-        kubernetes:
-          pod:
-            enabled: true
diff --git a/reclass/storage/system/opencontrail_tor_cluster.yml b/reclass/storage/system/opencontrail_tor_cluster.yml
new file mode 100644
index 0000000..81d7314
--- /dev/null
+++ b/reclass/storage/system/opencontrail_tor_cluster.yml
@@ -0,0 +1,31 @@
+parameters:
+  _param:
+    opencontrail_tor01_node01_hostname: tor01
+    opencontrail_tor01_node02_hostname: tor02
+    opencontrail_tor01_node01_tenant_address: ${_param:opencontrail_tor01_node01_address}
+    opencontrail_tor01_node02_tenant_address: ${_param:opencontrail_tor01_node02_address}
+  reclass:
+    storage:
+      node:
+        opencontrail_tor01_node01:
+          name: ${_param:opencontrail_tor01_node01_hostname}
+          domain: ${_param:cluster_domain}
+          classes:
+          - cluster.${_param:cluster_name}.opencontrail.tor
+          params:
+            salt_master_host: ${_param:reclass_config_master}
+            linux_system_codename: xenial
+            single_address: ${_param:opencontrail_tor01_node01_address}
+            tenant_address: ${_param:opencontrail_tor01_node01_tenant_address}
+            keepalived_vip_priority: 103
+        opencontrail_tor01_node02:
+          name: ${_param:opencontrail_tor01_node02_hostname}
+          domain: ${_param:cluster_domain}
+          classes:
+          - cluster.${_param:cluster_name}.opencontrail.tor
+          params:
+            salt_master_host: ${_param:reclass_config_master}
+            linux_system_codename: xenial
+            single_address: ${_param:opencontrail_tor01_node02_address}
+            tenant_address: ${_param:opencontrail_tor01_node02_tenant_address}
+            keepalived_vip_priority: 102
diff --git a/reclass/storage/system/openstack_baremetal_cluster.yml b/reclass/storage/system/openstack_baremetal_cluster.yml
index 8cab119..71f6034 100644
--- a/reclass/storage/system/openstack_baremetal_cluster.yml
+++ b/reclass/storage/system/openstack_baremetal_cluster.yml
@@ -19,6 +19,7 @@
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: ${_param:linux_system_codename}
             single_address: ${_param:openstack_baremetal_node01_address}
+            keepalived_vip_priority: 101
             baremetal_address: ${_param:openstack_baremetal_node01_baremetal_address}
         openstack_baremetal_node02:
           name: ${_param:openstack_baremetal_node02_hostname}
@@ -29,6 +30,7 @@
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: ${_param:linux_system_codename}
             single_address: ${_param:openstack_baremetal_node02_address}
+            keepalived_vip_priority: 102
             baremetal_address: ${_param:openstack_baremetal_node02_baremetal_address}
         openstack_baremetal_node03:
           name: ${_param:openstack_baremetal_node03_hostname}
@@ -39,6 +41,7 @@
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: ${_param:linux_system_codename}
             single_address: ${_param:openstack_baremetal_node03_address}
+            keepalived_vip_priority: 103
             baremetal_address: ${_param:openstack_baremetal_node03_baremetal_address}
 
 
diff --git a/salt/master/formula/git/helm.yml b/salt/master/formula/git/helm.yml
new file mode 100644
index 0000000..c25358f
--- /dev/null
+++ b/salt/master/formula/git/helm.yml
@@ -0,0 +1,16 @@
+parameters:
+  salt:
+    master:
+      environment:
+        prd:
+          formula:
+            helm:
+              source: git
+              address: '${_param:salt_master_environment_repository}/salt-formula-helm.git'
+              revision: ${_param:salt_master_environment_revision}
+              module:
+                helm.py:
+                  enabled: true
+              state:
+                helm_release.py:
+                  enabled: true
diff --git a/salt/master/formula/pkg/helm.yml b/salt/master/formula/pkg/helm.yml
new file mode 100644
index 0000000..8b68bfe
--- /dev/null
+++ b/salt/master/formula/pkg/helm.yml
@@ -0,0 +1,9 @@
+parameters:
+  salt:
+    master:
+      environment:
+        prd:
+          formula:
+            helm:
+              source: pkg
+              name: salt-formula-helm
diff --git a/salt/master/git.yml b/salt/master/git.yml
index 267bdb1..4562a74 100644
--- a/salt/master/git.yml
+++ b/salt/master/git.yml
@@ -8,6 +8,7 @@
 - system.salt.master.formula.git.saltstack
 - system.salt.master.formula.git.stacklight
 - system.salt.master.formula.git.monitoring
+- system.salt.master.formula.git.helm
 parameters:
   _param:
     salt_master_environment_repository: "https://github.com/salt-formulas"
diff --git a/salt/master/pkg.yml b/salt/master/pkg.yml
index 1001d49..62854f1 100644
--- a/salt/master/pkg.yml
+++ b/salt/master/pkg.yml
@@ -8,4 +8,5 @@
 - system.salt.master.formula.pkg.saltstack
 - system.salt.master.formula.pkg.stacklight
 - system.salt.master.formula.pkg.monitoring
+- system.salt.master.formula.pkg.helm
 - system.linux.system.repo.mcp.salt
diff --git a/salt/minion/cert/etcd_client_single.yml b/salt/minion/cert/etcd_client_single.yml
new file mode 100644
index 0000000..a14e106
--- /dev/null
+++ b/salt/minion/cert/etcd_client_single.yml
@@ -0,0 +1,18 @@
+parameters:
+  salt:
+    minion:
+      cert:
+        etcd_client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: ${linux:system:name}
+          signing_policy: cert_open
+          alternative_names: DNS:${linux:system:name},DNS:${linux:network:fqdn}
+          extended_key_usage: clientAuth
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: /var/lib/etcd/etcd-client.key
+          cert_file: /var/lib/etcd/etcd-client.crt
+          all_file: /var/lib/etcd/etcd-client.pem
+          ca_file: /var/lib/etcd/ca.pem
+          user: etcd
+          group: etcd
diff --git a/salt/minion/cert/etcd_server_single.yml b/salt/minion/cert/etcd_server_single.yml
new file mode 100644
index 0000000..f9fc585
--- /dev/null
+++ b/salt/minion/cert/etcd_server_single.yml
@@ -0,0 +1,18 @@
+parameters:
+  salt:
+    minion:
+      cert:
+        etcd_server:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: ${linux:system:name}
+          signing_policy: cert_open
+          alternative_names: IP:127.0.0.1,DNS:${linux:system:name},DNS:${linux:network:fqdn}
+          extended_key_usage: serverAuth,clientAuth
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: /var/lib/etcd/etcd-server.key
+          cert_file: /var/lib/etcd/etcd-server.crt
+          all_file: /var/lib/etcd/etcd-server.pem
+          ca_file: /var/lib/etcd/ca.pem
+          user: etcd
+          group: etcd
diff --git a/salt/minion/cert/opencontrail/tor.yml b/salt/minion/cert/opencontrail/tor.yml
new file mode 100644
index 0000000..eb9c704
--- /dev/null
+++ b/salt/minion/cert/opencontrail/tor.yml
@@ -0,0 +1,14 @@
+parameters:
+  _param:
+    salt_minion_ca_authority: salt_master_ca
+  salt:
+    minion:
+      cert:
+        opencontrail_tor:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: opencontrail_tor
+          key_file: /etc/contrail/ssl/certs/tor.key
+          cert_file: /etc/contrail/ssl/certs/tor.crt
+          ca_file: /etc/contrail/ssl/certs/ca.crt
+          signing_policy: cert_open