diff --git a/config/jjb/credentials.conf b/config/jjb/credentials.conf
new file mode 100644
index 00000000..0f507994
--- /dev/null
+++ b/config/jjb/credentials.conf
@@ -0,0 +1,4 @@
+[default]
+OS_USERNAME=ci-user
+OS_TENANT_NAME=ci
+OS_PASSWORD=nova
diff --git a/config/jjb/jenkins_jobs.ini b/config/jjb/jenkins_jobs.ini
new file mode 100644
index 00000000..493f61ed
--- /dev/null
+++ b/config/jjb/jenkins_jobs.ini
@@ -0,0 +1,6 @@
+[jenkins]
+user=USER
+password=PASSWORD
+url=http://127.0.0.1/jenkins
+[job_builder]
+ignore_cache=True
diff --git a/config/nodepool/config/logging.conf b/config/nodepool/config/logging.conf
new file mode 100644
index 00000000..d70407c5
--- /dev/null
+++ b/config/nodepool/config/logging.conf
@@ -0,0 +1,56 @@
+[loggers]
+keys=root,nodepool,requests,image
+
+[handlers]
+keys=console,debug,normal,image
+
+[formatters]
+keys=simple
+
+[logger_root]
+level=WARNING
+handlers=console
+
+[logger_requests]
+level=WARNING
+handlers=debug,normal
+qualname=requests
+
+[logger_nodepool]
+level=DEBUG
+handlers=debug,normal
+qualname=nodepool
+
+[logger_image]
+level=INFO
+handlers=image
+qualname=nodepool.image.build
+propagate=0
+
+[handler_console]
+level=WARNING
+class=StreamHandler
+formatter=simple
+args=(sys.stdout,)
+
+[handler_debug]
+level=DEBUG
+class=logging.handlers.TimedRotatingFileHandler
+formatter=simple
+args=('/var/log/nodepool/debug.log', 'midnight', 1, 30,)
+
+[handler_normal]
+level=INFO
+class=logging.handlers.TimedRotatingFileHandler
+formatter=simple
+args=('/var/log/nodepool/nodepool.log', 'midnight', 1, 30,)
+
+[handler_image]
+level=INFO
+class=logging.handlers.TimedRotatingFileHandler
+formatter=simple
+args=('/var/log/nodepool/image.log', 'midnight', 1, 30,)
+
+[formatter_simple]
+format=%(asctime)s %(levelname)s %(name)s: %(message)s
+datefmt=
diff --git a/config/nodepool/sahara.yaml b/config/nodepool/config/sahara.yaml
similarity index 95%
rename from config/nodepool/sahara.yaml
rename to config/nodepool/config/sahara.yaml
index 5439df7a..39d2e0e3 100644
--- a/config/nodepool/sahara.yaml
+++ b/config/nodepool/config/sahara.yaml
@@ -1,4 +1,5 @@
script-dir: /opt/ci/files/nodepool-scripts
+images-dir: /opt/ci/files/nodepool_dib
cron:
check: '*/1 * * * *'
@@ -58,4 +59,4 @@ providers:
setup: prepare_node.sh
targets:
- - name: sahara-gate
+ - name: sahara-ci
diff --git a/config/nodepool/secure.conf b/config/nodepool/config/secure.conf
similarity index 58%
rename from config/nodepool/secure.conf
rename to config/nodepool/config/secure.conf
index aeb28e38..46c8acbd 100644
--- a/config/nodepool/secure.conf
+++ b/config/nodepool/config/secure.conf
@@ -1,7 +1,7 @@
[database]
-dburi=mysql://nodepool@localhost/nodepool
+dburi=mysql+pymysql://nodepool@localhost/nodepool
-[jenkins "sahara-gate"]
+[jenkins "sahara-ci"]
url=http://127.0.0.1/jenkins
user=admin
apikey=JENKINS_API_KEY
diff --git a/config/zuul/zuul.conf b/config/zuul/zuul.conf
index 61631add..e42831d2 100644
--- a/config/zuul/zuul.conf
+++ b/config/zuul/zuul.conf
@@ -23,7 +23,7 @@ status_url=https://sahara.mirantis.com/zuul/
[merger]
git_dir=/var/lib/zuul/git
-zuul_url=http://172.18.87.221/p
+zuul_url=http://172.18.87.222/p
log_config=/etc/zuul/logging.conf
pidfile=/var/run/zuul-merger/zuul-merger.pid
diff --git a/slave-scripts/update_config.sh b/slave-scripts/update_config.sh
index 347f601a..dd1f3a6f 100755
--- a/slave-scripts/update_config.sh
+++ b/slave-scripts/update_config.sh
@@ -7,14 +7,14 @@ sudo su - zuul -c "cat $WORKSPACE/config/zuul/gearman-logging.conf > /etc/zuul/g
sudo su - zuul -c "cat $WORKSPACE/config/zuul/layout.yaml > /etc/zuul/layout.yaml"
sudo su - zuul -c "cat $WORKSPACE/config/zuul/logging.conf > /etc/zuul/logging.conf"
sudo su - zuul -c "cat $WORKSPACE/config/zuul/openstack_functions.py > /etc/zuul/openstack_functions.py"
-sudo service zuul reload
+sudo systemctl reload zuul.service
-sed "s%- net-id: 'LAB_42_PRIVATE_NETWORK_ID'%- net-id: '$LAB_42_PRIVATE_NETWORK_ID'%g" -i $WORKSPACE/config/nodepool/sahara.yaml
-sed "s%- net-id: 'LAB_43_PRIVATE_NETWORK_ID'%- net-id: '$LAB_43_PRIVATE_NETWORK_ID'%g" -i $WORKSPACE/config/nodepool/sahara.yaml
-sed "s%apikey=JENKINS_API_KEY%apikey=$JENKINS_API_KEY%g" -i $WORKSPACE/config/nodepool/secure.conf
-sed "s%credentials=CREDENTIALS_ID%credentials=$CREDENTIALS_ID%g" -i $WORKSPACE/config/nodepool/secure.conf
-sudo su - nodepool -c "cat $WORKSPACE/config/nodepool/sahara.yaml > /etc/nodepool/nodepool.yaml"
-sudo su - nodepool -c "cat $WORKSPACE/config/nodepool/secure.conf > /etc/nodepool/secure.conf"
+sed "s%- net-id: 'LAB_42_PRIVATE_NETWORK_ID'%- net-id: '$LAB_42_PRIVATE_NETWORK_ID'%g" -i $WORKSPACE/config/nodepool/config/sahara.yaml
+sed "s%- net-id: 'LAB_43_PRIVATE_NETWORK_ID'%- net-id: '$LAB_43_PRIVATE_NETWORK_ID'%g" -i $WORKSPACE/config/nodepool/config/sahara.yaml
+sed "s%apikey=JENKINS_API_KEY%apikey=$JENKINS_API_KEY%g" -i $WORKSPACE/config/nodepool/config/secure.conf
+sed "s%credentials=CREDENTIALS_ID%credentials=$CREDENTIALS_ID%g" -i $WORKSPACE/config/nodepool/config/secure.conf
+sudo su - nodepool -c "cat $WORKSPACE/config/nodepool/config/sahara.yaml > /etc/nodepool/nodepool.yaml"
+sudo su - nodepool -c "cat $WORKSPACE/config/nodepool/config/secure.conf > /etc/nodepool/secure.conf"
sed "s%MYSQL_PASS=MYSQL_ROOT_PASSWORD%MYSQL_PASS=$MYSQL_ROOT_PASSWORD%g" -i $WORKSPACE/config/nodepool/scripts/prepare_node.sh
sed "s%JENKINS_PUBLIC_KEY%$JENKINS_PUBLIC_KEY%g" -i $WORKSPACE/config/nodepool/scripts/prepare_node.sh
diff --git a/system-configs/README.rst b/system-configs/README.rst
new file mode 100644
index 00000000..48a11ea5
--- /dev/null
+++ b/system-configs/README.rst
@@ -0,0 +1,11 @@
+After script running
+1. Setup Jenkins
+2. Run jenkins-jobs
+3. Add credentials to JENKINS_HOME DIR
+4. Trigger "update config" job
+5. Add key for zuul to /etc/zuul/gerrit
+6. Start zuul
+7. Add key for nodepool to /etc/nodepool/id_dsa
+8. Add full permissions on nodepool key
+9. Start nodepool
+10. Enable apache2 sites (start from jenkins.conf file)
diff --git a/system-configs/functions.sh b/system-configs/functions.sh
new file mode 100755
index 00000000..1b64f274
--- /dev/null
+++ b/system-configs/functions.sh
@@ -0,0 +1,17 @@
+#!/bin/bash -xe
+
+clone() {
+ local project_name=$1
+ local project_dir=$2
+
+ git clone https://review.openstack.org/"$project_name" "$project_dir"
+}
+
+install_to_venv() {
+ local project_dir=$1
+ local venv_name=${2:-"venv"}
+ local venv_path=$project_dir/$venv_name
+
+ virtualenv $venv_path
+ $venv_path/bin/pip install $project_dir
+}
diff --git a/system-configs/install_projects.sh b/system-configs/install_projects.sh
new file mode 100755
index 00000000..1b0f76ff
--- /dev/null
+++ b/system-configs/install_projects.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+set +x
+
+. /home/ubuntu/sahara-ci-config/system-configs/functions.sh
+
+default_path=/opt/ci
+projects=( "openstack-infra/nodepool" "openstack-infra/zuul" "openstack-infra/jenkins-job-builder" )
+
+mkdir -p $default_path
+
+for project_repo in "${projects[@]}"
+do
+ project=$(basename $project_repo)
+ project_dir=$default_path/$project
+ clone $project_repo $project_dir
+ install_to_venv $project_dir
+ sudo chown -R $project:$project $project_dir
+done
+
+# prepare apache
+
+sudo cp /home/ubuntu/sahara-ci-config/system-configs/sites-available/* /etc/apache2/sites-available/
+
+sudo a2enmod proxy
+sudo a2enmod proxy_http
+sudo a2enmod proxy_connect
+sudo a2enmod rewrite
+sudo a2enmod dav
+sudo a2enmod dav_fs
+sudo a2enmod cgi
+
+sudo systemctl restart apache2
+
+for host in $(/etc/apache2/sites-available/*)
+do
+ sudo a2ensite $(basename $host)
+done
+
+sudo systemctl reload apache2
+
+# prepare jenkins
+echo "jenkins ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/jenkins
+mkdir -p /opt/ci/files/nodepool-scripts /opt/ci/files/ext-files /opt/ci/logs
+sudo chown -R jenkins:jenkins /opt/ci/files/ /opt/ci/logs
+
+#prepare jenkins-jobs-builder
+mkdir /etc/jenkins_jobs
+cp /home/ubuntu/sahara-ci-config/config/jjb/* /etc/jenkins_jobs
+sed "s%user=USER%user=$JJB_USER%g" -i /etc/jenkins_jobs/jenkins_jobs.ini
+sed "s%password=PASSWORD%password=$JJB_PASSWORD%g" -i /etc/jenkins_jobs/jenkins_jobs.ini
+sudo chown -R jenkins:jenkins /etc/jenkins_jobs/ /opt/ci/jenkins-job-builder
+sudo ln -s /opt/ci/jenkins-job-builder/venv/bin/jenkins-jobs /usr/local/bin/jenkins-jobs
+
+# prepare zuul
+
+# need trigger update-config job
+sudo mkdir -p /var/www/zuul /etc/zuul /var/lib/zuul/ /var/log/zuul
+sudo touch /etc/zuul/layout.yaml /var/lib/zuul/times /var/log/zuul/gearman-server
+sudo bash /opt/ci/zuul/etc/status/fetch-dependencies.sh
+sudo cp -r /opt/ci/zuul/etc/status/public_html/* /var/www/zuul
+sudo chown -R zuul:zuul /var/www/zuul /etc/zuul /var/lib/zuul /var/log/zuul
+
+sudo ln -s /opt/ci/zuul/venv/bin/zuul /usr/sbin/zuul-client
+
+#prepare nodepool
+mkdir -p /var/log/nodepool /var/run/nodepool /etc/nodepool /opt/ci/files/nodepool_dib
+sudo cp /home/ubuntu/sahara-ci-config/config/nodepool/scripts/* /opt/ci/files/nodepool-scripts
+sudo cp /home/ubuntu/sahara-ci-config/config/nodepool/config/secure.conf /etc/nodepool/
+sudo cp /home/ubuntu/sahara-ci-config/config/nodepool/config/logging.conf /etc/nodepool/
+sudo cp /home/ubuntu/sahara-ci-config/slave-scripts/update_pool.sh /opt/ci/files
+sudo chown jenkins:jenkins /opt/ci/files/update_pool.sh
+sudo chown -R nodepool:nodepool /var/run/nodepool/ /etc/nodepool/ /var/log/nodepool /opt/ci/files/nodepool_dib
+
+sudo mysql -uroot -Bse "CREATE USER 'nodepool'@'localhost'"
+sudo mysql -uroot -Bse "GRANT ALL PRIVILEGES ON *.* TO 'nodepool'@'localhost' WITH GRANT OPTION"
+sudo mysql -uroot -Bse "FLUSH PRIVILEGES"
+sudo mysql -unodepool -Bse "create database nodepool"
+
+sudo ln -s /opt/ci/nodepool/venv/bin/nodepool /usr/sbin/nodepool-client
+
+cp /home/ubuntu/sahara-ci-config/system-configs/systemd/* /lib/systemd/system/
diff --git a/system-configs/jenkins-plugins b/system-configs/jenkins-plugins
new file mode 100644
index 00000000..da6d06b3
--- /dev/null
+++ b/system-configs/jenkins-plugins
@@ -0,0 +1,58 @@
+ansicolor.hpi
+antisamy-markup-formatter.hpi
+ant.hpi
+bazaar.hpi
+build-blocker-plugin.hpi
+build-timeout.hpi
+conditional-buildstep.hpi
+copyartifact.hpi
+credentials.hpi
+cvs.hpi
+dashboard-view.hpi
+envinject.hpi
+extended-read-permission.hpi
+external-monitor-job.hpi
+gearman-plugin.hpi
+git-client.hpi
+github-api.hpi
+github.hpi
+github-oauth.hpi
+git.jpi
+global-build-stats.hpi
+greenballs.hpi
+htmlpublisher.hpi
+javadoc.hpi
+jenkins-multijob-plugin.hpi
+jobConfigHistory.hpi
+junit.hpi
+ldap.hpi
+mailer.hpi
+mapdb-api.hpi
+matrix-auth.hpi
+matrix-project.hpi
+maven-plugin.hpi
+openid4java.hpi
+openid.hpi
+pam-auth.hpi
+parameterized-trigger.hpi
+pathignore.hpi
+postbuild-task.hpi
+project-stats-plugin.hpi
+publish-over-ftp.hpi
+publish-over-ssh.hpi
+rebuild.hpi
+ruby-runtime.hpi
+run-condition.hpi
+scm-api.hpi
+scp.hpi
+simple-theme-plugin.hpi
+ssh-agent.hpi
+ssh-credentials.hpi
+ssh-slaves.hpi
+subversion.hpi
+timestamper.hpi
+token-macro.hpi
+translation.hpi
+windows-slaves.hpi
+ws-cleanup.hpi
+zmq-event-publisher.hpi
diff --git a/system-configs/prepare_host.sh b/system-configs/prepare_host.sh
new file mode 100755
index 00000000..a850f0a7
--- /dev/null
+++ b/system-configs/prepare_host.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+set +x
+
+wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
+sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
+
+APT_PACKAGES="git python-dev gcc make jenkins python-pip apache2 unzip mysql-server libssl-dev"
+PIP_PACKAGES+=" virtualenv"
+
+sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password password '
+sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password '
+
+sudo apt update
+sudo apt install -y $APT_PACKAGES
+
+sudo pip install -U $PIP_PACKAGES
+
+mkdir -p /opt/ci/files
+
+# create users
+projects=( "nodepool" "zuul" )
+for project in "${projects[@]}"
+do
+ sudo useradd -d /home/$project -G sudo -s /bin/bash -m $project
+ sudo mkdir /home/$project/.ssh
+ sudo chown -R $project:$project /home/$project
+done
+
+bash /home/ubuntu/sahara-ci-config/system-configs/install_projects.sh
+
+# install jenkins plugins
+while read plugin
+do
+ wget http://updates.jenkins-ci.org/1.651/latest/$plugin -P /var/lib/jenkins/plugins
+done < /home/ubuntu/sahara-ci-config/system-configs/jenkins-plugins
+
+sudo systemctl restart jenkins
diff --git a/system-configs/sites-available/000-default.conf b/system-configs/sites-available/000-default.conf
new file mode 100644
index 00000000..11341e9c
--- /dev/null
+++ b/system-configs/sites-available/000-default.conf
@@ -0,0 +1,45 @@
+ProxyErrorOverride On
+ErrorDocument 404 /
+
+
+ ServerAdmin webmaster@localhost
+
+ DocumentRoot /var/www
+
+ Options FollowSymLinks
+ AllowOverride None
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Order allow,deny
+ allow from all
+
+
+ RewriteEngine on
+ RewriteRule ^/zuul/status.json$ http://127.0.0.1:8001/status.json [P]
+ SetEnv GIT_PROJECT_ROOT /var/lib/zuul/git/
+ SetEnv GIT_HTTP_EXPORT_ALL
+
+ AliasMatch ^/p/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/zuul/git/$1
+ AliasMatch ^/p/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/zuul/git/$1
+
+ ScriptAliasMatch /p/ /usr/lib/git-core/git-http-backend/
+
+ Alias /p /var/lib/zuul/git/
+
+ DAV on
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+
+ # Possible values include: debug, info, notice, warn, error, crit,
+ # alert, emerg.
+ LogLevel warn
+
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+
diff --git a/system-configs/sites-available/files.conf b/system-configs/sites-available/files.conf
new file mode 100644
index 00000000..16be198e
--- /dev/null
+++ b/system-configs/sites-available/files.conf
@@ -0,0 +1,4 @@
+Alias /files /opt/ci/files/ext-files
+
+ Require all granted
+
diff --git a/system-configs/sites-available/jenkins.conf b/system-configs/sites-available/jenkins.conf
new file mode 100644
index 00000000..2d6787a4
--- /dev/null
+++ b/system-configs/sites-available/jenkins.conf
@@ -0,0 +1,9 @@
+ProxyPass /jenkins http://localhost:8080/jenkins
+ProxyPassReverse /jenkins http://localhost:8080/jenkins
+ProxyRequests Off
+
+# Local reverse proxy authorization override
+# Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
+
+ Require all granted
+
diff --git a/system-configs/sites-available/logs.conf b/system-configs/sites-available/logs.conf
new file mode 100644
index 00000000..3c0977c8
--- /dev/null
+++ b/system-configs/sites-available/logs.conf
@@ -0,0 +1,5 @@
+Alias /logs /opt/ci/logs
+
+ Require all granted
+ Options +Indexes
+
diff --git a/system-configs/systemd/nodepool.service b/system-configs/systemd/nodepool.service
new file mode 100644
index 00000000..e74696d3
--- /dev/null
+++ b/system-configs/systemd/nodepool.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Nodepool
+
+[Service]
+ExecStart=/opt/ci/nodepool/venv/bin/nodepoold -c /etc/nodepool/nodepool.yaml -l /etc/nodepool/logging.conf
+Restart=on-failure
+RestartPreventExitStatus=255
+Type=idle
+User=nodepool
+Group=nodepool
+
+[Install]
+WantedBy=multi-user.target
+Alias=nodepool.service
diff --git a/system-configs/systemd/zuul-merger.service b/system-configs/systemd/zuul-merger.service
new file mode 100644
index 00000000..e54b55a0
--- /dev/null
+++ b/system-configs/systemd/zuul-merger.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Zuul merger
+
+[Service]
+ExecStart=/opt/ci/zuul/venv/bin/zuul-merger -d
+Restart=on-failure
+RestartPreventExitStatus=255
+Type=idle
+User=zuul
+Group=zuul
+
+[Install]
+WantedBy=multi-user.target
+Alias=zuul-merger.service
diff --git a/system-configs/systemd/zuul.service b/system-configs/systemd/zuul.service
new file mode 100644
index 00000000..1e0b3d27
--- /dev/null
+++ b/system-configs/systemd/zuul.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Zuul server
+
+[Service]
+ExecStart=/opt/ci/zuul/venv/bin/zuul-server -d
+Restart=on-failure
+RestartPreventExitStatus=255
+Type=idle
+User=zuul
+Group=zuul
+
+[Install]
+WantedBy=multi-user.target
+Alias=zuul.service