diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml
index 201483e3..229620c3 100644
--- a/global/overlay/etc/puppet/cosmos-db.yaml
+++ b/global/overlay/etc/puppet/cosmos-db.yaml
@@ -529,7 +529,7 @@ classes:
     metadatamgrs: null
     nrpe: null
     sunet::rsyslog: null
-    sunet::server: *id002
+    sunet::server: &id014 {ssh_allow_from_anywhere: true}
     sunetops: null
   jump-tug-3.komreg.net:
     autoupdate: null
@@ -542,7 +542,7 @@ classes:
     metadatamgrs: null
     nrpe: null
     sunet::rsyslog: null
-    sunet::server: *id002
+    sunet::server: *id014
     sunetops: null
   kvmdemw-fre-3a.komreg.net:
     common: null
@@ -913,7 +913,7 @@ classes:
     konsulter: null
     mailclient: *id001
     nrpe: null
-    sunet::rsyslog: &id014 {udp_client: 94.176.224.0/24, udp_port: 514}
+    sunet::rsyslog: &id015 {udp_client: 94.176.224.0/24, udp_port: 514}
     sunet::server: *id002
     sunetops: null
   log-2.sveidas.se:
@@ -927,7 +927,7 @@ classes:
     konsulter: null
     mailclient: *id001
     nrpe: null
-    sunet::rsyslog: *id014
+    sunet::rsyslog: *id015
     sunet::server: *id002
     sunetops: null
   log.qa.sveidas.se:
@@ -949,6 +949,7 @@ classes:
   md-eu1.qa.komreg.net:
     autoupdate: null
     common: null
+    eid::dockerhost: {version: '5:20.10.7~3-0~ubuntu-bionic'}
     eidas_metadata_key: null
     entropyclient: null
     infra_ca_rp: null
@@ -958,7 +959,6 @@ classes:
     md_signer: {dest_host: p2.qa.komreg.net, name: eidas-qa, version: 1.1.2-eidas}
     metadatamgrs: null
     nrpe: null
-    openstack_dockerhost: null
     sunet::rsyslog: null
     sunet::server: *id002
     sunet_iaas_cloud: null
@@ -972,6 +972,7 @@ classes:
     infra_ca_rp: null
     konsulter: null
     mailclient: *id001
+    md_repo_client: null
     md_signer: {dest_host: p1.komreg.net, name: natmd-qa, version: eidas-qa}
     metadatamgrs: null
     nrpe: null
@@ -1141,7 +1142,7 @@ classes:
     konsulter: null
     mailclient: *id001
     nrpe: null
-    prid: &id015 {clients: prid_prod_clients, mdsl: 'https://md.eidas.swedenconnect.se/mdservicelist-aggregate.xml',
+    prid: &id016 {clients: prid_prod_clients, mdsl: 'https://md.eidas.swedenconnect.se/mdservicelist-aggregate.xml',
       version: 1.0.4}
     servicemonitor: null
     sunet::rsyslog: null
@@ -1150,7 +1151,7 @@ classes:
   prid-1.test.sveidas.se:
     autoupdate: null
     common: null
-    eid::dockerhost: &id016 {version: '5:20.10.6~3-0~ubuntu-focal'}
+    eid::dockerhost: &id017 {version: '5:20.10.6~3-0~ubuntu-focal'}
     entropyclient: null
     infra_ca_rp: null
     konsulter: null
@@ -1169,7 +1170,7 @@ classes:
     konsulter: null
     mailclient: *id001
     nrpe: null
-    prid: *id015
+    prid: *id016
     servicemonitor: null
     sunet::rsyslog: null
     sunet::server: *id002
@@ -1177,7 +1178,7 @@ classes:
   prid-2.test.sveidas.se:
     autoupdate: null
     common: null
-    eid::dockerhost: *id016
+    eid::dockerhost: *id017
     entropyclient: null
     infra_ca_rp: null
     konsulter: null
@@ -1268,7 +1269,7 @@ classes:
     konsulter: null
     mailclient: *id001
     nrpe: null
-    sunet::frontend::register_sites: &id017
+    sunet::frontend::register_sites: &id018
       sites:
         validator.swedenconnect.se:
           frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
@@ -1276,7 +1277,7 @@ classes:
     sunet::rsyslog: null
     sunet::server: *id002
     sunetops: null
-    validator: &id018 {version: 3.0.10}
+    validator: &id019 {version: 3.0.10}
   validator-1.qa.komreg.net:
     autoupdate: null
     common: null
@@ -1318,11 +1319,11 @@ classes:
     konsulter: null
     mailclient: *id001
     nrpe: null
-    sunet::frontend::register_sites: *id017
+    sunet::frontend::register_sites: *id018
     sunet::rsyslog: null
     sunet::server: *id002
     sunetops: null
-    validator: *id018
+    validator: *id019
   web-1.qa.sveidas.se:
     autoupdate: null
     common: null
@@ -1375,13 +1376,13 @@ members:
     eidas-redis-fe-2.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se,
     eidastest-1.qa.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net,
     eupub-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net,
-    log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net,
-    md1.komreg.net, monitor-fre-3.komreg.net, monitor-tug-3.komreg.net, natmd-1.komreg.net,
-    natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net,
-    p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-1.test.sveidas.se,
-    prid-2.sveidas.se, prid-2.test.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se,
-    test-1.qa.sveidas.se, test-1.test.sveidas.se, validator-1.komreg.net, validator-1.qa.komreg.net,
-    validator-1.test.komreg.net, validator-2.komreg.net, web-1.qa.sveidas.se]
+    log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net,
+    monitor-fre-3.komreg.net, monitor-tug-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net,
+    natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
+    prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-1.test.sveidas.se, prid-2.sveidas.se,
+    prid-2.test.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
+    test-1.test.sveidas.se, validator-1.komreg.net, validator-1.qa.komreg.net, validator-1.test.komreg.net,
+    validator-2.komreg.net, web-1.qa.sveidas.se]
   common: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se, eidas-connector-1.sveidas.se,
     eidas-connector-1.test.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-2.test.sveidas.se,
     eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se,
@@ -1412,7 +1413,7 @@ members:
     eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
     eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eidastest-1.qa.sveidas.se, eumd-1.komreg.net,
     eumd-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, log-1.sveidas.se,
-    log-2.sveidas.se, log.qa.sveidas.se, md1.komreg.net, monitor-tug-3.komreg.net,
+    log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-tug-3.komreg.net,
     natmd-1.komreg.net, natmd-2.komreg.net, nic.komreg.net, prid-1.sveidas.se, prid-1.test.sveidas.se,
     prid-2.sveidas.se, prid-2.test.sveidas.se, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
     test-1.test.sveidas.se, validator-1.komreg.net, validator-1.qa.komreg.net, validator-1.test.komreg.net,
@@ -1483,11 +1484,11 @@ members:
     eidas-proxy-2.sveidas.se, eidas-proxy-2.test.sveidas.se, eidas-proxy-3.sveidas.se,
     eidas-proxy-4.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net,
     eumd-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net,
-    log-1.sveidas.se, log-2.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net,
-    md1.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, nic.komreg.net, prid-1.qa.sveidas.se,
-    prid-1.sveidas.se, prid-1.test.sveidas.se, prid-2.sveidas.se, prid-2.test.sveidas.se,
-    refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, test-1.test.sveidas.se, validator-1.komreg.net,
-    validator-1.qa.komreg.net, validator-1.test.komreg.net, validator-2.komreg.net]
+    log-1.sveidas.se, log-2.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net,
+    natmd-2.komreg.net, nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-1.test.sveidas.se,
+    prid-2.sveidas.se, prid-2.test.sveidas.se, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
+    test-1.test.sveidas.se, validator-1.komreg.net, validator-1.qa.komreg.net, validator-1.test.komreg.net,
+    validator-2.komreg.net]
   mailclient: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se, eidas-connector-1.sveidas.se,
     eidas-connector-1.test.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-2.test.sveidas.se,
     eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se,
@@ -1511,15 +1512,15 @@ members:
     validator-2.komreg.net, web-1.qa.sveidas.se]
   md_publisher: [eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
     p1.komreg.net, p2.qa.komreg.net]
-  md_repo_client: [eumd-1.komreg.net, eumd-2.komreg.net, md-eu1.qa.komreg.net, natmd-1.komreg.net,
-    natmd-2.komreg.net]
+  md_repo_client: [eumd-1.komreg.net, eumd-2.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net,
+    natmd-1.komreg.net, natmd-2.komreg.net]
   md_repo_server: [r1.komreg.net]
   md_signer: [eumd-1.komreg.net, eumd-2.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net,
     natmd-1.komreg.net, natmd-2.komreg.net]
   mdsl_publisher: [eupub-1.komreg.net, eupub-2.komreg.net, p2.qa.komreg.net]
   metadatamgrs: [eumd-1.komreg.net, eumd-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
-    jump-tug-3.komreg.net, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net,
-    natmd-1.komreg.net, natmd-2.komreg.net]
+    jump-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net,
+    natmd-2.komreg.net]
   nagios_monitor: [monitor-fre-3.komreg.net, monitor-tug-3.komreg.net, nic.komreg.net]
   nrpe: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se, eidas-connector-1.sveidas.se,
     eidas-connector-1.test.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-2.test.sveidas.se,
@@ -1542,8 +1543,8 @@ members:
     r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, test-1.test.sveidas.se,
     validator-1.komreg.net, validator-1.qa.komreg.net, validator-1.test.komreg.net,
     validator-2.komreg.net, web-1.qa.sveidas.se]
-  openstack_dockerhost: [eidas-node-1.qa.sveidas.se, md-eu1.qa.komreg.net, prid-1.qa.sveidas.se,
-    r1.komreg.net, web-1.qa.sveidas.se]
+  openstack_dockerhost: [eidas-node-1.qa.sveidas.se, prid-1.qa.sveidas.se, r1.komreg.net,
+    web-1.qa.sveidas.se]
   pages: [web-1.qa.sveidas.se]
   prid: [prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se]
   redis_cluster_node: [eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
@@ -1613,10 +1614,10 @@ members:
   sunet_iaas_cloud: [demw-1.qa.sveidas.se, eidas-connector-1.test.sveidas.se, eidas-connector-2.test.sveidas.se,
     eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-proxy-1.test.sveidas.se,
     eidas-proxy-2.test.sveidas.se, eidastest-1.qa.sveidas.se, jmp.komreg.net, log.qa.sveidas.se,
-    md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net,
-    p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.test.sveidas.se, prid-2.test.sveidas.se,
-    r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, test-1.test.sveidas.se,
-    validator-1.qa.komreg.net, validator-1.test.komreg.net, web-1.qa.sveidas.se]
+    md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
+    prid-1.qa.sveidas.se, prid-1.test.sveidas.se, prid-2.test.sveidas.se, r1.komreg.net,
+    refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, test-1.test.sveidas.se, validator-1.qa.komreg.net,
+    validator-1.test.komreg.net, web-1.qa.sveidas.se]
   sunetops: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se, eidas-connector-1.sveidas.se,
     eidas-connector-1.test.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-2.test.sveidas.se,
     eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se,