update Template.pm, so that the partitionfile is grabbed from the master using wget

more zone support
2014-02-19 00:26:23 +00:00 · 2014-02-18 09:06:11 -05:00 · 2014-02-18 08:49:47 -05:00 · 2014-02-18 06:20:28 -05:00 · 2014-02-17 12:23:32 +00:00 · 2014-02-13 14:27:41 -05:00
1523 changed files with 105361 additions and 11956 deletions
@@ -1,14 +0,0 @@
-xCAT - eXtreme Cloud Administration Toolkit
-
-xCAT is a toolkit for the deployment and administration of clusters.
-
-xCAT documentation is available at: http://xcat.sourceforge.net/
-
-xCAT is made available as open source software under the EPL license:
-http://www.opensource.org/licenses/eclipse-1.0.php
-
-
-
-
-
-
@@ -1 +1 @@
-2.8.2
+2.8.4
@@ -1,241 +0,0 @@
-#!/bin/sh
-# Update GSA Ubuntu Repositories or create a local repository
-#
-# Author: Leonardo Tonetto (tonetto@linux.vnet.ibm.com)
-# Revisor: Arif Ali (aali@ocf.co.uk)
-#
-# After running this script, add the following line to
-# /etc/apt/sources.list for local repository
-# deb file://<core_repo_path>/xcat-core/ maverick main
-# deb file://<dep_repo_path>/xcat-dep/ maverick main
-# 
-
-# For the purpose of getting the distribution name
-
-# Supported distributions
-dists="squeeze"
-
-a_flag=            # automatic flag - only update if repo was updated
-c_flag=            # xcat-core (trunk-delvel) path
-d_flag=            # xcat-dep (trunk) path
-local_flag=        # build the repository localy
-
-while getopts 'c:d:u:p:l:a' OPTION
-do
-    case $OPTION in
-	c)    c_flag=1
-	        xcat_core_path="$OPTARG"
-	        ;;
-	d)    d_flag=1
-	        xcat_dep_path="$OPTARG"
-	        ;;
-	l)    local_flag=1
-	        local_repo_path="$OPTARG"
-	        ;;
-	a)    a_flag=1
-	        ;;
-
-	?) printf "Usage: %s -c <core_trunk_path> [-d <dep_trunk_path>] -l <local-repo_path> [-a]\n" $(basename $0) >&2
-	    echo "-a        Automatic: update only if there's any update on repo"
-	    exit 2
-	    ;;
-    esac
-done
-shift $(($OPTIND - 1))
-
-if [ -z "$c_flag" -a -z "$d_flag" ]
-then
-    printf "Usage: %s -c <core_trunk_path> [-d <dep_trunk_path>] { -l <local-repo_path> | [-u <gsa_id> -p <gsa_passwd>] } [-a]\n" $(basename $0) >&2
-    echo "-a        Automatic: update only if there's any update on repo"
-    exit 2
-fi
-if [ ! -d $xcat_core_path ]
-then
-    printf "%s: No such directory\n" "$xcat_core_path" >&2
-    exit 2
-fi
-
-if [ "$d_flag" ]
-then
-    if [ ! -d $xcat_dep_path ]
-    then
-	printf "%s: No such directory\n" "$xcat_dep_path" >&2
-	exit 2
-    fi
-fi
-
-if [ "$local_flag" ]
-then
-    repo_xcat_core_path=$local_repo_path"/xcat-core"
-    repo_xcat_dep_path=$local_repo_path"/xcat-dep"
-else
-    printf "Usage: %s -c <core_trunk_path> [-d <dep_trunk_path>] -l <local-repo_path> [-a]\n" $(basename $0) >&2
-    echo "-a        Automatic: update only if there's any update on repo"
-    exit 2
-fi
-
-if [ "$a_flag" ]
-then
-    touch svcupdate.trace
-    SVCUP='svcupdate.trace'
-    svn update $xcat_core_path 1> $SVCUP 2>&1
-    if ! grep 'Tree is up to date' $SVCUP
-    then
-	update_core=1
-    else
-	update_core=
-    fi
-    rm -f $SVCUP
-else
-    update_core=1
-fi
-if [ "$c_flag" -a "$update_core" ]
-then
-    echo "###############################"
-    echo "# Building xcat-core packages #"
-    echo "###############################"
-
-    CMD_PATH=`pwd`
-    cd $xcat_core_path
-    ./build-debs-all "snap" "Nightly_Builds"
-
-    echo "#################################"
-    echo "# Creating xcat-core repository #"
-    echo "#################################"
-
-    if [ -d $repo_xcat_core_path ]; then
-    	rm -rf $repo_xcat_core_path
-    fi
-    mkdir -p $repo_xcat_core_path/conf
-
-    find . -iname '*.deb' -exec mv {} $repo_xcat_core_path \;
-
-    rm -rf debs/
-    cd $CMD_PATH
-
-    rm -rf $repo_xcat_core_path/conf/distributions
-
-    for dist in $dists; do
-       cat << __EOF__ >> $repo_xcat_core_path/conf/distributions
-Origin: xCAT internal repository
-Label: xcat-core bazaar repository
-Codename: $dist
-Architectures: amd64 
-Components: main
-Description: Repository automatically genereted conf 
-
-__EOF__
-     done
-
-    cat << __EOF__ > $repo_xcat_core_path/conf/options
-verbose
-basedir .
-__EOF__
-
-    for dist in $dists; do
-      for file in `ls $repo_xcat_core_path/*.deb`; do
-	reprepro -b $repo_xcat_core_path includedeb $dist $file;
-      done
-    done
-
-    mv $xcat_core_path/latest_version $repo_xcat_core_path/xcat-core_latest-build
-
-    cat << '__EOF__' > $repo_xcat_core_path/mklocalrepo.sh
-codename=`lsb_release -a 2>null | grep Codename | awk '{print $2}'`
-cd `dirname $0`
-echo deb file://"`pwd`" $codename main > /etc/apt/sources.list.d/xcat-core.list
-__EOF__
-
-    chmod 775 $repo_xcat_core_path/mklocalrepo.sh
-    rm -rf $repo_xcat_core_path/*.deb
-
-    if [ -z "$local_flag" ]
-    then
-	echo "###############################"
-	echo "# Updating GSA xcat-core repo #"
-	echo "###############################"
-	lftp -e "mirror -R --delete-first $repo_xcat_core_path /projects/i/ipl-xcat/ubuntu/; exit;" -u $gsa_id,$gsa_passwd -p 22 sftp://ausgsa.ibm.com
-    fi   ### if [ -z "$local_flag" ]
-fi    ### if [ "$a_flag" ]
-
-if [ "$a_flag" -a "$d_flag" ]
-then
-    touch svcupdate.trace
-    SVCUP='svcupdate.trace'
-    svn update $xcat_dep_path 1> $SVCUP 2>&1
-    if ! grep 'Tree is up to date' $SVCUP
-    then
-	update_dep=1
-    else
-	update_dep=
-    fi
-    rm -f $SVCUP
-else
-    update_dep=1
-fi
-if [ "$d_flag" -a "$update_dep" ]
-then
-    echo "##############################"
-    echo "# Building xcat-dep packages #"
-    echo "##############################"
-
-    CMD_PATH=`pwd`
-    cd $xcat_dep_path
-    ./build-debs-all "snap" "Nightly_Builds"
-
-    echo "################################"
-    echo "# Creating xcat-dep repository #"
-    echo "################################"
-    rm -rf $repo_xcat_dep_path
-    mkdir -p $repo_xcat_dep_path/conf
-    find $xcat_dep_path -iname '*.deb' -exec cp {} $repo_xcat_dep_path \;
-
-    rm -rf $repo_xcat_core_path/conf/distributions
-
-    for dist in $dists; do
-    cat << __EOF__ >> $repo_xcat_dep_path/conf/distributions
-Origin: xCAT internal repository
-Label: xcat-dep bazaar repository
-Codename: $dist
-Architectures: amd64 
-Components: main
-Description: Repository automatically genereted conf 
-
-__EOF__
-done
-
-    cat << __EOF__ > $repo_xcat_dep_path/conf/options
-verbose
-basedir .
-__EOF__
-
-    for dist in $dists; do
-      for file in `ls $repo_xcat_dep_path/*.deb`; do
-	reprepro -b $repo_xcat_dep_path includedeb $dist $file;
-      done
-    done
-
-    cat << '__EOF__' > $repo_xcat_dep_path/mklocalrepo.sh
-codename=`lsb_release -a 2>null | grep Codename | awk '{print $2}'`
-cd `dirname $0`
-echo deb file://"`pwd`" $codename main > /etc/apt/sources.list.d/xcat-dep.list
-__EOF__
-
-    chmod 775 $repo_xcat_dep_path/mklocalrepo.sh
-    rm -rf $repo_xcat_dep_path/*.deb
-
-    if [ -z "$local_flag" ]
-    then
-	echo "##############################"
-	echo "# Updating GSA xcat-dep repo #"
-	echo "##############################"
-	lftp -e "mirror -R --delete-first $repo_xcat_dep_path /projects/i/ipl-xcat/ubuntu/; exit;" -u $gsa_id,$gsa_passwd -p 22 sftp://ausgsa.ibm.com
-    fi   ### if [ -z "$local_flag" ]
-fi   ### if [ "$d_flag" -a "$a_flag"]
-
-if [ -z "$local_flag" ]                 # delete the temp repo after upload is done
-then
-    rm -rf ./gsa-repo_temp
-fi
-
-exit 0
@@ -41,8 +41,19 @@ printusage()
 # For the purpose of getting the distribution name
 . /etc/lsb-release

+# Process cmd line variable assignments, assigning each attr=val pair to a variable of same name
+for i in $*; do
+        echo $i | grep '='
+        if [ $? != 0 ];then
+            continue
+        fi
+        # upper case the variable name
+        varstring=`echo "$i"|cut -d '=' -f 1|tr '[a-z]' '[A-Z]'`=`echo "$i"|cut -d '=' -f 2`
+        export $varstring
+done
+
 # Supported distributions
-dists="maverick natty oneiric precise"
+dists="maverick natty oneiric precise saucy"

 c_flag=            # xcat-core (trunk-delvel) path
 d_flag=            # xcat-dep (trunk) path
@@ -122,27 +133,48 @@ then

    ver=`cat Version`
    if [ "$PROMOTE" != 1 ]; then
+        code_change=0
+        update_log=''
        #get the version
-        echo "svn --quiet update Version"
-        svn --quiet up Version
+        if [ "$REL" = "xcat-core" ];then
+            git_flag=1
+            REL=`git rev-parse --abbrev-ref HEAD`
+            if [ "$REL" = "master" ]; then
+                REL="devel"
+            fi
+            if [ -z "$GITUP" ];then
+                update_log=../coregitup
+                echo "git pull > $update_log"
+                git pull > $update_log
+            else
+                update_log=$GITUP
+            fi
+
+            if ! grep -q  'Already up-to-date' $update_log; then
+                code_change=1
+            fi
+        else
+            git_flag=0
+            if [ -z "$SVNUP" ];	then
+                update_log=../coresvnup
+                echo "svn up > $update_log"
+                svn up > $update_log
+            else
+                update_log=$SVNUP
+            fi
+
+            if ! grep -q 'At revision' $update_log;then
+                code_change=1
+            fi
+        fi
        ver=`cat Version`
        short_ver=`cat Version|cut -d. -f 1,2`
        short_short_ver=`cat Version|cut -d. -f 1`

+        package_dir_name=debs$REL
        #TODO: define the core path and tarball name
        tarball_name="core-debs-snap.tar.bz2"

-        #update the code from svn
-        svn_up_log="../coresvnup"
-        echo "svn update > $svn_up_log"
-        svn update > $svn_up_log
-
-        #makesure the code change status
-        code_change=0
-        if ! grep -q 'At revision' $svn_up_log;then
-            code_change=1
-        fi
-
        if [ $code_change == 0 -a "$UP" != 1 -a "$BUILDALL" != 1 ]; then
            echo "Nothing new detected"
            exit 0
@@ -159,18 +191,18 @@ then
        cur_date=`date +%Y%m%d`
        pkg_version="${short_ver}-${pkg_type}${cur_date}"
    
-        if [ ! -d ../../debs ];then
-            mkdir -p "../../debs"
+        if [ ! -d ../../$package_dir_name ];then
+            mkdir -p "../../$package_dir_name"
        fi
        packages="xCAT-client xCAT-genesis-scripts perl-xCAT xCAT-server xCAT-UI xCAT xCATsn xCAT-test xCAT-OpenStack"

        for file in `echo $packages`
        do
            file_low=`echo $file | tr '[A-Z]' '[a-z]'`
-            if grep -q $file $svn_up_log || [ "$BUILDALL" == 1 -o "$file" = "perl-xCAT" ]; then
-                rm -f ../../debs/${file_low}_*.deb
+            if grep -q $file $update_log || [ "$BUILDALL" == 1 -o "$file" = "perl-xCAT" ]; then
+                rm -f ../../$package_dir_name/${file_low}_*.deb
                #only for genesis package
-                rm -f ../../debs/${file_low}-amd64_*.deb
+                rm -f ../../$package_dir_name/${file_low}-amd64_*.deb
                cd $file
                dch -v $pkg_version -b -c debian/changelog $build_string
                dpkg-buildpackage -uc -us
@@ -181,11 +213,20 @@ then
                cd -
                find $file -maxdepth 3 -type d -name "${file_low}*" | grep debian | xargs rm -rf
                find $file -maxdepth 3 -type f -name "files" | grep debian | xargs rm -rf
-                mv ${file_low}* ../../debs/
+                mv ${file_low}* ../../$package_dir_name/
            fi
        done

-        find ../../debs/* ! -name *.deb | xargs rm -f
+        find ../../$package_dir_name/* ! -name *.deb | xargs rm -f
+    else
+        if [ "$REL" = "xcat-core" ];then
+            git_flag=1
+            REL=`git rev-parse --abbrev-ref HEAD`
+            if [ "$REL" = "master" ]; then
+                REL="devel"
+            fi
+        fi
+        package_dir_name=debs$REL
    fi

    if [ "$PROMOTE" = 1 ]; then
@@ -229,13 +270,13 @@ __EOF__

    #import the deb packages into the repo
    for dist in $dists; do
-      for file in `ls ../debs/*.deb`; do
+      for file in `ls ../$package_dir_name/*.deb`; do
 	reprepro -b ./ includedeb $dist $file;
      done
    done

    #create the mklocalrepo script
-    cat << __EOF__ > mklocalrepo.sh
+    cat << '__EOF__' > mklocalrepo.sh
 . /etc/lsb-release
 cd `dirname $0`
 echo deb file://"`pwd`" $DISTRIB_CODENAME main > /etc/apt/sources.list.d/xcat-core.list
@@ -372,6 +413,10 @@ __EOF__
    while [ $((i+=1)) -le 5 ] && ! rsync -urLv --delete xcat-dep ${uploader},xcat@web.sourceforge.net:${sf_dir}/ubuntu/
         do : ; done
    #upload the tarball
+    i=0
+    echo "Uploading $dep_tar_name to ${sf_dir}/xcat-dep/2.x_Ubuntu/ ..."
+    while [ $((i+=1)) -le 5 ] && ! rsync -v $dep_tar_name ${uploader},xcat@web.sourceforge.net:${sf_dir}/xcat-dep/2.x_Ubuntu/
+    do : ; done
    cd $old_pwd
 fi
 exit 0
@@ -495,6 +495,7 @@ if [ "$OSNAME" != "AIX" -a "$REL" = "devel" -a "$PROMOTE" != 1 -a -z "$EMBED" ];
 	rpm2cpio ../$XCATCORE/perl-xCAT-*.$NOARCH.rpm | cpio -id '*.html'
 	rpm2cpio ../$XCATCORE/xCAT-test-*.$NOARCH.rpm | cpio -id '*.html'
 	rpm2cpio ../$XCATCORE/xCAT-buildkit-*.$NOARCH.rpm | cpio -id '*.html'
+	rpm2cpio ../$XCATCORE/xCAT-OpenStack-*.x86_64.rpm | cpio -id '*.html'
 	i=0
 	while [ $((i+=1)) -le 5 ] && ! rsync $verboseflag -r opt/xcat/share/doc/man1 opt/xcat/share/doc/man3 opt/xcat/share/doc/man5 opt/xcat/share/doc/man7 opt/xcat/share/doc/man8 $UPLOADUSER,xcat@web.sourceforge.net:htdocs/
 	do : ; done
@@ -10,9 +10,6 @@
        <packagereq type="required">xCAT-server</packagereq>
        <packagereq type="required">xCAT-client</packagereq>
        <packagereq type="required">perl-xCAT</packagereq>
-        <packagereq type="required">xCAT-nbroot-core-x86_64</packagereq>
-        <packagereq type="required">xCAT-nbroot-core-x86</packagereq>
-        <packagereq type="optional">xCAT-nbroot-core-ppc64</packagereq>
    </packagelist>
 </group>
 </comps>
@@ -75,6 +75,7 @@ function makexcat {
 			tar --exclude .svn --exclude upflag -czf $RPMROOT/SOURCES/postscripts.tar.gz  postscripts LICENSE.html
 			tar --exclude .svn -czf $RPMROOT/SOURCES/prescripts.tar.gz  prescripts
 			tar --exclude .svn -czf $RPMROOT/SOURCES/templates.tar.gz templates
+			tar --exclude .svn -czf $RPMROOT/SOURCES/winpostscripts.tar.gz winpostscripts
 			cp xcat.conf $RPMROOT/SOURCES
 			cp xCATMN $RPMROOT/SOURCES
 			cd - >/dev/null
@@ -223,6 +223,7 @@ if (ref($request) eq 'HASH') { # the request is an array, not pure XML
    SSL_key_file => $keyfile,
    SSL_cert_file => $certfile,
    SSL_ca_file => $cafile,
+    SSL_verify_mode => SSL_VERIFY_PEER,
    SSL_use_cert => 1,
    Timeout => 0,
   );
@@ -231,6 +232,16 @@ if (ref($request) eq 'HASH') { # the request is an array, not pure XML
 		 Timeout => 0,
 		);
  }
+  unless ($client) {
+     print "Unable to open socket connection to xcatd daemon on $xcathost.\n";
+     print "Verify that the xcatd daemon is running and that your SSL setup is correct.\n";
+     if ($@ =~ /SSL Timeout/) {
+        die "Connection failure: SSL Timeout or incorrect certificates in ~/.xcat";
+     } else {
+        die "Connection failure: $@"
+     }
+  }
+
  my $msg;
  if (ref($request) eq 'HASH') { # the request is an array, not pure XML
    $msg=XMLout($request,RootName=>'xcatrequest',NoAttr=>1,KeyAttr=>[]);
@@ -618,7 +618,7 @@ sub getDBtable
    {

    	# need to get info from DB
-    	my $thistable = xCAT::Table->new($table, -create => 1, -autocommit => 0);
+    	my $thistable = xCAT::Table->new($table, -create => 1);
    	if (!$thistable)
    	{
        	return undef;
@@ -2007,7 +2007,14 @@ sub getNetwkInfo
                                        my @nodes = ("$node");
                                        my $sn = xCAT::ServiceNodeUtils->get_ServiceNode(\@nodes,"xcat","Node");
                                        my $snkey = (keys %{$sn})[0];
-                                        $nethash{$node}{'gateway'} = xCAT::NetworkUtils->getipaddr($snkey);
+                                        my $gw = xCAT::NetworkUtils->getipaddr($snkey);
+                                        # two possible cases when this code is run:
+                                        # 1. flat cluster: ip forwarding is not enabled on MN
+                                        # 2. hw ctrl in hierarchy cluster, in which HCP SN is not set
+                                        # in either case, MN itself should not be the gateway
+                                         if (xCAT::NetworkUtils->thishostisnot($gw)) {
+                                             $nethash{$node}{'gateway'} = $gw;
+                                         }
                                    }
                                
                                }
@@ -3237,6 +3237,7 @@ sub bld_resolve_nodes_hash

    # find out if we have an MN in the list, local cp and sh will be used
    # not remote shell
+    # find out the names for the Management Node
    my @MNnodeinfo   = xCAT::NetworkUtils->determinehostname;
    my $mname   = pop @MNnodeinfo;                  # hostname
    my $cmd="hostname";
@@ -3246,9 +3247,7 @@ sub bld_resolve_nodes_hash
       my $rsp = {};
       $rsp->{info}->[0] = "Command: $cmd failed. Continuing...";
       xCAT::MsgUtils->message("I", $rsp, $::CALLBACK);
-    }
-
-    
+    } 
    foreach my $target (@target_list)
    {

@@ -4096,7 +4095,7 @@ sub parse_and_run_dsh
              "You must not run -K option against the Management Node:$nodes.";
            xCAT::MsgUtils->message("E", $rsp, $::CALLBACK, 1);
            return;
-        }
+        } 
        # if devicetype=Mellanox,  xdsh does not setup ssh,  rspconfig does
        if ($switchtype =~ /Mellanox/i) {
           my $rsp = {};
@@ -4195,7 +4194,7 @@ sub parse_and_run_dsh
        #
        # setup ssh keys on the nodes or ib switch
        #
-        my $rc      = xCAT::TableUtils->setupSSH($options{'nodes'});
+        my $rc      = xCAT::TableUtils->setupSSH($options{'nodes'},$options{'timeout'});
        my @results = "return code = $rc";
        return (@results);
    }
@@ -368,11 +368,19 @@ sub fsp_api_action {
            } elsif( $parameter !=0 && $action =~ /^(on|reset)$/ ) {
                #powerinterval for lpars power on
                $cmd = "$fsp_api -a $action -i $parameter -T $tooltype -t $type:$fsp_ip:$id:$node_name:";
+            } elsif ($action =~ /^part_set_lpar_def_state$/) {
+                $cmd = "$fsp_api -a $action -T $tooltype -s $parameter -t $type:$fsp_ip:$id:$node_name:";
+            } elsif (exists($request->{opt}->{vios})) {
+                $cmd = "$fsp_api -a $action -T $tooltype -s 1 -t $type:$fsp_ip:$id:$node_name:$parameter";
            } else {
                $cmd = "$fsp_api -a $action -T $tooltype -t $type:$fsp_ip:$id:$node_name:$parameter";
            }
        } else {
-            $cmd = "$fsp_api -a $action -T $tooltype -t $type:$fsp_ip:$id:$node_name:";
+            if (exists($request->{opt}->{vios})) {
+                $cmd = "$fsp_api -a $action -T $tooltype -s 1 -t $type:$fsp_ip:$id:$node_name:";
+            } else {
+                $cmd = "$fsp_api -a $action -T $tooltype -t $type:$fsp_ip:$id:$node_name:";
+            }
        }
    }
    xCAT::MsgUtils->verbose_message($request, "fsp_api_action cmd:$cmd.");
@@ -13,6 +13,7 @@ use xCAT::GlobalDef;
 use xCAT::Usage;
 use xCAT::NetworkUtils;
 use xCAT::FSPUtils;
+require xCAT::data::ibmhwtypes;
 #use Data::Dumper;

 ##############################################
@@ -259,7 +260,8 @@ sub format_output {
        # Strip errors for results
        #######################################
        my @val = grep( !/^#.*: ERROR /, @$values );
-        xCAT::PPCdb::add_ppc( $hwtype, \@val );
+        #xCAT::PPCdb::add_ppc( $hwtype, \@val );
+        $values = xCAT::PPCdb::update_lpar( $hwtype, \@val, "write");
    }

    ###########################################
@@ -270,7 +272,8 @@ sub format_output {
        # Strip errors for results
        #######################################
        my @val = grep( !/^#.*: ERROR /, @$values );
-        $values = xCAT::PPCdb::update_ppc( $hwtype, \@val );
+        #$values = xCAT::PPCdb::update_ppc( $hwtype, \@val );
+        $values = xCAT::PPCdb::update_lpar( $hwtype, \@val );
        if ( exists( $opt->{x} ) or exists( $opt->{z} ))
        {
            unshift @$values, "hmc";
@@ -391,6 +394,7 @@ sub format_stanza {
        #################################
        # Add each attribute
        #################################
+        my $mtm = undef;
        foreach ( @attribs ) {
            my $d = $data[$i++];

@@ -401,7 +405,8 @@ sub format_stanza {
            } elsif ( /^hwtype$/ ) {        
                $d = $globalhwtype{$type};
            } elsif ( /^groups$/ ) {
-                $d = "$type,all";
+                next;
+                #$d = "$type,all";
            } elsif ( /^mgt$/ ) {
                $d = $hwtype;
            } elsif ( /^cons$/ ) {
@@ -414,7 +419,9 @@ sub format_stanza {
            } elsif ( /^(mtm|serial)$/ ) {
                if ( $type eq "lpar" ) {
                    $d = undef;                    
-                }     
+                } elsif (/^mtm$/) {
+                    $mtm = $d;
+                }  
            } elsif (/^side$/) {
                unless ( $type =~ /^fsp|bpa$/ ) {
                    next;
@@ -422,6 +429,15 @@ sub format_stanza {
            }
            $result .= "\t$_=$d\n";
        }
+        my $tmp_groups = "$type,all";
+        if (defined($mtm)) {
+            my $tmp_pre = xCAT::data::ibmhwtypes::parse_group($mtm);
+            if (defined($tmp_pre)) {
+                $tmp_groups .= ",$tmp_pre";
+            }     
+        }
+        $result .= "\tgroups=$tmp_groups\n";
+
    }
    return( $result );
 }
@@ -464,6 +480,7 @@ sub format_xml {
        #################################
        # Add each attribute 
        #################################
+        my $mtm = undef;
        foreach ( @attribs ) {
            my $d = $data[$i++];

@@ -472,7 +489,8 @@ sub format_xml {
            } elsif ( /^hwtype$/ ) {        
                $d = $globalhwtype{$type};
            } elsif ( /^groups$/ ) {
-                $d = "$type,all";
+                next;
+                #$d = "$type,all";
            } elsif ( /^mgt$/ ) {
                $d = $hwtype;
            } elsif ( /^cons$/ ) {
@@ -484,6 +502,8 @@ sub format_xml {
            } elsif ( /^(mtm|serial)$/ ) {
                if ( $type eq "lpar" ) {
                    $d = undef;
+                } elsif (/^mtm$/) {
+                    $mtm = $d;
                }
            } elsif (/^side$/) {
                unless ( $type =~ /^fsp|bpa$/ ) {
@@ -492,6 +512,15 @@ sub format_xml {
            }
            $href->{Node}->{$_} = $d;
        }
+        my $tmp_groups = "$type,all";
+        if (defined($mtm)) {
+            my $tmp_pre = xCAT::data::ibmhwtypes::parse_group($mtm);
+            if (defined($tmp_pre)) {
+                $tmp_groups .= ",$tmp_pre";
+            }     
+        }
+        $href->{Node}->{groups}=$tmp_groups;
+
        #print Dumper($href);
        #################################
        # XML encoding
@@ -56,6 +56,7 @@ $::STATUS_SHELL="shell";
 $::STATUS_DEFINED="defined";
 $::STATUS_UNKNOWN="unknown";
 $::STATUS_FAILED="failed";
+$::STATUS_BMCREADY="bmcready";
 %::VALID_STATUS_VALUES = (
 	$::STATUS_ACTIVE=>1,
 	$::STATUS_INACTIVE=>1,
@@ -72,6 +73,7 @@ $::STATUS_FAILED="failed";
 	$::STATUS_DEFINED=>1,
 	$::STATUS_UNKNOWN=>1,
        $::STATUS_FAILED=>1,
+        $::STATUS_BMCREADY=>1,

 	$::STATUS_SYNCING=>1,
 	$::STATUS_OUT_OF_SYNC=>1,
@@ -1353,6 +1353,16 @@ sub dolitesetup
 					return 1;
 				}

+				# also copy $instrootloc/.statelite contents
+				$ccmd = "/usr/bin/cp -p -r $instrootloc/.statelite $SRloc";
+				$out = xCAT::Utils->runcmd("$ccmd", -1);
+				if ($::RUNCMD_RC != 0)
+				{
+					my $rsp;
+					push @{$rsp->{data}}, "Could not copy $instrootloc/.statelite to $SRloc.";
+					xCAT::MsgUtils->message("E", $rsp, $callback);
+					return 1;
+				}
 			}
 		}
 	}
@@ -827,7 +827,7 @@ sub get_mac_addr {
    $done[0] = 0;
    $cmd[0] = "\" local-mac-address\" ". $phandle . " get-package-property\r";
    $msg[0] = "Status: return code and mac-address now on stack\n";
-    $pattern[0] = "ok";#"\s*3 >";
+    $pattern[0] = "local-mac-address.*ok";#"\s*3 >";
    $newstate[0] = 1;

    # cmd(1) is a dot (.). This is a stack manipulation command that removes one
@@ -1231,8 +1231,8 @@ sub  ping_server{
    $done[2] = 0;
    $cmd[2] = "dev /packages/net\r";
    $msg[2] = "Status: selected the /packages/net node as the active package\n";
-    #$pattern[2] = ".*dev(.*)ok(.*)0 >(.*)";
-    $pattern[2] = "ok";
+    $pattern[2] = ".*dev.*packages.*net(.*)ok(.*)0 >(.*)";
+    #$pattern[2] = "ok";
    $newstate[2]= 3;

    # state 3, ping the server
@@ -1266,6 +1266,7 @@ sub  ping_server{
    # state 5, all done
    $done[5] = 1;

+
    # for ping, only need to set speed and duplex for ethernet adapters
    #
    if ( $list_type eq "ent" ) {
@@ -1323,8 +1324,10 @@ sub  ping_server{

    $timeout = 300;
    while ( $done[$state] eq 0 ) {
+
        send_command($verbose, $rconsole, $cmd[$state]);
        @result = $rconsole->expect(
+
            $timeout,
            [qr/$pattern[$state]/s=>
            sub {
@@ -1362,7 +1365,9 @@ sub  ping_server{
                }
            ],
        );
-        return 1 if ($rc eq 1);
+
+       return 1 if ($rc eq 1);
+
        if ( $state eq 1 ) {
            $adap_conn = $adap_conn_list[$j];
            $cmd[1] = "\" ethernet,$adap_speed,$adap_conn,$adap_duplex\" encode-string \" chosen-network-type\" property\r";
@@ -2050,14 +2055,46 @@ sub multiple_open_dev {
                 ; \r";
    send_command($verbose, $rconsole, $command);

-    $command = "patch new-open-dev open-dev net-ping \r";
-    send_command($verbose, $rconsole, $command);
-
    $timeout = 30;
    $rconsole->expect(
        $timeout,
-        #[qr/patch new-open-dev(.*)>/=>
-        [qr/>/=>
+        [qr/new-open-dev(.*)ok/=>
+        #[qr/>/=>
+            sub {
+                nc_msg($verbose, "Status: at End of multiple_open_dev \n");
+                $rconsole->clear_accum();
+             }
+        ],
+        [qr/]/=>
+            sub {
+                nc_msg($verbose, "Unexpected prompt\n");
+                $rconsole->clear_accum();
+                $rc = 1;
+             }
+        ],
+        [timeout =>
+            sub {
+                send_user(2, "Timeout\n");
+                $rconsole->clear_accum();
+                $rc = 1;
+            }
+        ],
+        [eof =>
+            sub {
+                send_user(2, "Cannot connect to $node\n");
+                $rconsole->clear_accum();
+                $rc = 1;
+            }
+        ],
+    );
+
+    $command = "patch new-open-dev open-dev net-ping \r";
+    send_command($verbose, $rconsole, $command);
+
+    $rconsole->expect(
+        $timeout,
+        [qr/patch new-open-dev(.*)ok/=>
+        #[qr/>/=>
            sub {
                nc_msg($verbose, "Status: at End of multiple_open_dev \n");
                $rconsole->clear_accum();
@@ -2086,6 +2123,7 @@ sub multiple_open_dev {
            }
        ],
    );
+
    return $rc;
 }
 ###################################################################
@@ -2569,7 +2607,7 @@ sub lparnetbootexp
    ####################################
    nc_msg($verbose, "Connecting to the $node.\n");
    sleep 3;
-    $timeout = 2;
+    $timeout = 10;
    $rconsole->expect(
        $timeout,
        [ qr/Enter.* for help.*/i =>
@@ -2778,6 +2816,8 @@ sub lparnetbootexp
    $done = 0;
    $retry_count = 0;

+    $timeout = 10;
+
    while (!$done) {
        my @result = $rconsole->expect(
            $timeout,
@@ -2885,6 +2925,7 @@ sub lparnetbootexp
        }
    }

+
    ##############################
    # Call multiple_open_dev to
    # circumvent firmware OPEN-DEV
@@ -2919,6 +2960,7 @@ sub lparnetbootexp
            $match_pat = ".*";
        }

+
        if($colon) {
            nc_msg($verbose, "#Type:Location_Code:MAC_Address:Full_Path_Name:Ping_Result:Device_Type:Size_MB:OS:OS_Version:\n");
            $outputarrayindex++;  # start from 1, 0 is used to set as 0
@@ -2972,7 +3014,7 @@ sub lparnetbootexp
        } else {
            for( $i = 0; $i < $adapter_found; $i++) {
                if ($adap_type[$i] =~ /$match_pat/) {
-                    if ($adap_type[$i] eq "hfi-ent") {
+                    if (!($adap_type[$i] eq "hfi-ent")) {
                        $mac_address = get_mac_addr($phandle_array[$i], $rconsole, $node, $verbose);
                        $loc_code = get_adaptr_loc($phandle_array[$i], $rconsole, $node, $verbose);
                    }
@@ -10,7 +10,7 @@ if ($^O =~ /^aix/i) {
 }

 use strict;
-use Sys::Syslog qw (:DEFAULT setlogsock);
+use Sys::Syslog;
 use xCAT::Utils;
 #use locale;
 use Socket;
@@ -456,8 +456,7 @@ sub message

        # If they want this msg to also go to syslog, do that now
        eval {
-            openlog("xCAT", '', 'local4');
-            setlogsock(["tcp", "unix", "stream"]);
+            openlog("xCAT", "nofatal,pid", "local4");
            if ($sev eq 'SE') {
              syslog("err", $rsp);
            } else {
@@ -503,8 +502,7 @@ sub message
            {
                print $stdouterrf "Unable to open auditlog\n";
                eval {
-                    openlog("xCAT", '', 'local4');
-                    setlogsock(["tcp", "unix", "stream"]);
+                    openlog("xCAT", "nofatal,pid", "local4");
                    syslog("err", "Unable to write to auditlog");
                    closelog();
                };
@@ -521,8 +519,7 @@ sub message
        {    # error
            print $stdouterrf "Unable to open auditlog\n";
            eval {
-                openlog("xCAT", '', 'local4');
-                setlogsock(["tcp", "unix", "stream"]);
+                openlog("xCAT", "nofatal,pid", "local4");
                syslog("err", "Unable to open auditlog");
                closelog();
            };
@@ -1,5 +1,6 @@
 # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
 package xCAT::NodeRange;
+use Text::Balanced qw/extract_bracketed/;
 require xCAT::Table;
 require Exporter;
 use strict;
@@ -148,7 +149,7 @@ sub nodesbycriteria {
 	 }
 	 if ($neednewcache) {
 	   if ($nodelist) { 
-	     $nodelist->_clear_cache(); 
+	     #$nodelist->_clear_cache(); 
 	     $nodelist->_build_cache(\@cachedcolumns);
 	   }
 	  }
@@ -549,6 +550,26 @@ sub abbreviate_noderange {
    return (join ',',keys %targetelems,keys %nodesleft);
 }

+sub set_arith {
+    my $operand = shift;
+    my $op = shift;
+    my $newset = shift;
+    if ($op =~ /@/) {       # compute the intersection of the current atom and the node list we have received before this
+      foreach (keys %$operand) {
+        unless ($newset->{$_}) {
+          delete $operand->{$_};
+        }
+      }
+    } elsif ($op =~ /,-/) {        # add the nodes from this atom to the exclude list
+		foreach (keys %$newset) {
+            delete $operand->{$_}
+		}
+	} else {          # add the nodes from this atom to the total node list
+		foreach (keys %$newset) {
+			$operand->{$_}=1;
+		}
+	}
+}
 # Expand the given noderange
 # Input args:
 #  - noderange to expand
@@ -573,20 +594,45 @@ sub noderange {
  }
  my %nodes = ();
  my %delnodes = ();
+  if ($range =~ /\(/) {
+    my ($middle, $end, $start) =
+        extract_bracketed($range, '()', qr/[^()]*/);
+    unless ($middle) { die "Unbalanced parentheses in noderange" }
+    $middle = substr($middle,1,-1);
+    my $op = ",";
+    if ($start =~ m/-$/) { #subtract the parenthetical
+       $op .= "-"
+    } elsif ($start =~ m/\@$/) {
+        $op = "@"
+    }
+    $start =~ s/,-$//;
+    $start =~ s/,$//;
+    $start =~ s/\@$//;
+    %nodes = map { $_ => 1 } noderange($start,$verify,$exsitenode,%options);
+    my %innernodes = map { $_ => 1 } noderange($middle,$verify,$exsitenode,%options);
+    set_arith(\%nodes,$op,\%innernodes);
+    $range = $end;
+  }
+
  my $op = ",";
  my @elems = split(/(,(?![^[]*?])(?![^\(]*?\)))/,$range); # commas outside of [] or ()
  if (scalar(@elems)==1) {
      @elems = split(/(@(?![^\(]*?\)))/,$range);  # only split on @ when no , are present (inner recursion)
  }

-  while (my $atom = shift @elems) {
+  while (defined(my $atom = shift @elems)) {
+    if ($atom eq '') { next; }
    if ($atom eq ',') {
        next;
    }
    if ($atom =~ /^-/) {           # if this is an exclusion, strip off the minus, but remember it
      $atom = substr($atom,1);
      $op = $op."-";
+    } elsif ($atom =~ /^\@/) {           # if this is an exclusion, strip off the minus, but remember it
+      $atom = substr($atom,1);
+      $op = "@";
    }
+    if ($atom eq '') { next; }

    if ($atom =~ /^\^(.*)$/) {    # get a list of nodes from a file
      open(NRF,$1);
@@ -139,7 +139,7 @@ sub connect {
    my $timeout    = $req->{ppctimeout};
    my $verbose    = $req->{verbose};
    my $ssh;
-    my $expect_log;
+    my $expect_log = "/dev/null";
    my $errmsg;
 	
    if ($req->{command} eq 'rflash') {
@@ -170,7 +170,7 @@ sub connect {
    ##################################################
    if ( $verbose ) {
        close STDERR;
-        if ( !open( STDERR, '>', \$expect_log )) {
+        if ( !open( STDERR, '>', $expect_log )) {
             return( "Unable to redirect STDERR: $!" );
        }
    }
@@ -179,7 +179,7 @@ sub connect {
    ##################################################
    if ( $verbose ) {
        close STDOUT;
-        if ( !open( STDOUT, '>', \$expect_log )) {
+        if ( !open( STDOUT, '>', $expect_log )) {
             return( "Unable to redirect STDOUT: $!" );
        }
    }
@@ -7,6 +7,7 @@ use xCAT::GlobalDef;
 use xCAT::Utils;
 use xCAT::TableUtils;
 use xCAT::NetworkUtils;
+require xCAT::data::ibmhwtypes;

 ###########################################
 # Factory defaults
@@ -100,7 +101,6 @@ sub add_ppc {
            $parent,
            $ips,
            $mac ) = split /,/;
-         
        ###############################
        # Update nodetype table
        ###############################
@@ -168,6 +168,10 @@ sub add_ppc {
            # Update nodelist table
            ###########################
            updategroups( $name, $db{nodelist}, $type );
+            my $tmp_group = xCAT::data::ibmhwtypes::parse_group($model);
+            if (defined($tmp_group)) {
+                updategroups($name, $db{nodelist}, $tmp_group);
+            }
            if ( $type =~ /^(fsp|bpa)$/ )  {
                $db{nodelist}->setNodeAttribs( $name, {hidden => '1'});
            } else {
@@ -236,6 +240,97 @@ sub add_ppc {
    }
    return undef;
 }
+##########################################################################
+# Update lpar information in the xCAT databases
+##########################################################################
+sub update_lpar {
+    my $hwtype = shift;
+    my $values = shift;
+    my $write = shift;
+    my @tabs     = qw(ppc vpd nodehm nodelist nodetype ppcdirect hosts mac); 
+    my %db       = ();
+    my @update_list = ();
+    my @write_list = ();
+    ###################################
+    # Open database needed
+    ###################################
+    foreach ( @tabs ) {
+        $db{$_} = xCAT::Table->new( $_, -create=>1, -autocommit=>0 );
+        if ( !$db{$_} ) {
+            return( "Error opening '$_'" );
+        }
+    }
+    my @vpdlist = $db{vpd}->getAllNodeAttribs(['node','serial','mtm','side']);
+    my @ppclist = $db{ppc}->getAllNodeAttribs(['node','hcp','id',
+                                               'pprofile','parent','nodetype',
+                                               'comments', 'disable']);
+    #      'cec,cec1,,8246-L1D,100A9DA,,cec1,,cec1',
+    #      'lpar,10-0A9DA,1,8246-L1D,100A9DA,,cec1,,cec1'
+    my %ppchash = ();
+    my %vpdhash = ();
+    foreach my $ppcent (@ppclist) {
+        if ($ppcent->{id} and $ppcent->{nodetype} and $ppcent->{nodetype} eq "lpar") {
+            my $key = $ppcent->{node};
+            $ppchash{$key}{id} = $ppcent->{id};
+            $ppchash{$key}{parent} = $ppcent->{parent};
+        }
+    }
+    foreach my $vpdent (@vpdlist)
+    {
+        my $key = $vpdent->{node};
+        $vpdhash{$key}{mtm} = $vpdent->{mtm};
+        $vpdhash{$key}{serial} = $vpdent->{serial};
+    }
+    my @ppc_lpars = keys %ppchash; 
+    foreach my $value ( @$values ) {
+        my ($ttype,
+            $tname,
+            $tid,
+            $tmtm,
+            $tsn,
+            $tside,
+            $server,
+            $pprofile,
+            $parent) = split /,/, $value;
+            if ($ttype ne "lpar") {
+                push @update_list, $value;
+                next;
+            }
+            my $find_node = undef;
+            foreach my $tmp_node (@ppc_lpars) {
+                if ($ppchash{$tmp_node}{id} eq $tid) {
+                    if (exists($ppchash{$tmp_node}{parent}) and $ppchash{$tmp_node}{parent} eq $parent) {
+                        $find_node = $tmp_node;
+                        last;
+                    } elsif ($vpdhash{$tmp_node}{mtm} eq $tmtm and $vpdhash{$tmp_node}{serial} eq $tsn) {
+                        $find_node = $tmp_node;
+                        last;
+                    }
+                }
+            }
+            if (defined($find_node)) {
+                if ( update_node_attribs($hwtype, $ttype, $find_node, $tid, $tmtm, $tsn, $tside,
+                                    $server, $pprofile, $parent, "", \%db, $tname, \@ppclist))
+                {
+                    $value =~ s/^$ttype,$tname,/$ttype,$find_node,/; 
+                    push @update_list, $value;  
+                }
+            } elsif (defined($write)) {
+                push @write_list, $value;
+            }
+    }
+    if (defined($write)) {
+        &add_ppc($hwtype, \@write_list);
+        return ([@update_list,@write_list]);
+    } else {
+        foreach ( @tabs ) {
+            if ( exists( $db{$_}{commit} )) {
+               $db{$_}->commit;
+            }
+        }
+        return \@update_list;
+    }
+}

 ##########################################################################
 # Update nodes in the xCAT databases
@@ -278,7 +373,6 @@ sub update_ppc {
            $pprofile,
            $parent,
            $ips ) = split /,/, $value;
- 
        if ( $ttype eq 'cec' )
        {
            my $hostname =  get_host($tname, "FSP", $tmtm, $tsn, "", "", $tid, "","");
@@ -329,9 +423,7 @@ sub update_ppc {
            $pprofile,
            $parent,
            $ips ) = split /,/, $value;
-         
        next if ( $type ne 'cec' );
-
        my $predefined_node = undef;
        foreach my $vpdent (@vpdlist)
        {
@@ -525,6 +617,10 @@ sub update_node_attribs
    if ( $namediff)
    {
        updategroups( $name, $db->{nodelist}, $type );
+        my $tmp_group = xCAT::data::ibmhwtypes::parse_group($model);
+        if (defined($tmp_group)) {
+            updategroups($name, $db->{nodelist}, $tmp_group);
+        }
        $db->{nodelist}->setNodeAttribs( $name, {status=>$nodelisthash->{status},
                                                 appstatus=>$nodelisthash->{appstatus},
                                                 primarysn=>$nodelisthash->{primarysn},
@@ -888,6 +984,18 @@ sub get_usr_passwd {
    } else {
        ($ent) = $passwdtab->getNodeAttribs($key, qw(username password));
    }
+    if (!$ent) {
+        if ($key eq "cec") {
+            $key = "fsp";
+        } elsif ($key eq "frame") {
+            $key = "bpa";
+        }
+        if ($user) {
+            ($ent) = $passwdtab->getAttribs({key => $key, username => $user}, qw(password cryptmethod));
+        } else {
+            ($ent) = $passwdtab->getNodeAttribs($key, qw(username password));
+        }
+    }
    if (!$ent or !$ent->{password}) {
        my $hash = $default_passwd_accounts{$key};
        if (!$hash or ($user and !defined($hash->{$user}))) {
@@ -958,7 +1066,6 @@ sub get_host {
    # get the information of existed nodes to do the migration

    read_from_table() unless (%::OLD_DATA_CACHE);
-
    foreach my $oldnode ( keys %::OLD_DATA_CACHE )
    {
        my $tmpmtm    = @{$::OLD_DATA_CACHE{$oldnode}}[0];
@@ -5,6 +5,8 @@ use strict;
 use Getopt::Long;
 use xCAT::PPCcli qw(SUCCESS EXPECT_ERROR RC_ERROR NR_ERROR);
 use xCAT::Usage;
+use xCAT::TableUtils;
+require xCAT::data::ibmhwtypes;


 ##########################################
@@ -59,7 +61,7 @@ sub parse_args {
    $Getopt::Long::ignorecase = 0;
    Getopt::Long::Configure( "bundling" );

-    if ( !GetOptions( \%opt, qw(V|verbose) )) { 
+    if ( !GetOptions( \%opt, qw(V|verbose t) )) { 
        return( usage() );
    }
    ####################################
@@ -75,6 +77,9 @@ sub parse_args {
    if ( !defined( $cmd )) {
        return(usage( "Invalid command: $ARGV[0]" ));
    }
+    if (exists($opt{t}) and $cmd ne "model") {
+        return(["Option 't' can only work with 'model'."]);
+    }
    ####################################
    # Check for an extra argument
    ####################################
@@ -411,6 +416,12 @@ sub vpd {
                #############################
                # Output value 
                #############################
+                if ($_ eq 'model' and exists($request->{opt}->{t})) {
+		            my $tmp_pre = xCAT::data::ibmhwtypes::parse_args($data->{$_});
+		            if (defined($tmp_pre))  {
+			            xCAT::TableUtils->updatenodegroups($name, $tmp_pre);
+		            }
+		        }
                my $value = "@{$prefix{$_}}[0]: $data->{$_}"; 
                push @result, [$name,$value,$Rc];   
            }
@@ -11,7 +11,7 @@ use xCAT::PPCdb;
 use xCAT::GlobalDef;
 use xCAT::Usage;
 use xCAT::NetworkUtils;
-
+require xCAT::data::ibmhwtypes;

 ##############################################
 # Globals
@@ -545,6 +545,7 @@ sub format_stanza {
        #################################
        # Add each attribute
        #################################
+        my $mtm = undef;
        foreach ( @attribs ) {
            my $d = $data[$i++];

@@ -555,7 +556,8 @@ sub format_stanza {
            } elsif ( /^hwtype$/ ) {        
                $d = $globalhwtype{$type};
            } elsif ( /^groups$/ ) {
-                $d = "$type,all";
+                next;
+                #$d = "$type,all";
            } elsif ( /^mgt$/ ) {
                $d = $hwtype;
            } elsif ( /^cons$/ ) {
@@ -568,7 +570,9 @@ sub format_stanza {
            } elsif ( /^(mtm|serial)$/ ) {
                if ( $type eq "lpar" ) {
                    $d = undef;                    
-                }     
+                } elsif (/^mtm$/) {
+                    $mtm = $d;
+                }
            } elsif (/^side$/) {
                unless ( $type =~ /^fsp|bpa$/ ) {
                    next;
@@ -576,6 +580,14 @@ sub format_stanza {
            }
            $result .= "\t$_=$d\n";
        }
+        my $tmp_groups = "$type,all";
+        if (defined($mtm)) {
+            my $tmp_pre = xCAT::data::ibmhwtypes::parse_group($mtm);
+            if (defined($tmp_pre)) {
+                $tmp_groups .= ",$tmp_pre";
+            }     
+        }
+        $result .= "\tgroups=$tmp_groups\n";
    }
    return( $result );
 }
@@ -623,6 +635,7 @@ sub format_xml {
        #################################
        # Add each attribute 
        #################################
+        my $mtm = undef; 
        foreach ( @attribs ) {
            my $d = $data[$i++];

@@ -631,7 +644,8 @@ sub format_xml {
            } elsif ( /^hwtype$/ ) {        
                $d = $globalhwtype{$type};
            } elsif ( /^groups$/ ) {
-                $d = "$type,all";
+                next;
+                #$d = "$type,all";
            } elsif ( /^mgt$/ ) {
                $d = $hwtype;
            } elsif ( /^cons$/ ) {
@@ -643,6 +657,8 @@ sub format_xml {
            } elsif ( /^(mtm|serial)$/ ) {
                if ( $type eq "lpar" ) {
                    $d = undef;
+                } elsif (/^mtm$/){
+                    $mtm = $d;
                }
            } elsif (/^side$/) {
                unless ( $type =~ /^fsp|bpa$/ ) {
@@ -651,6 +667,14 @@ sub format_xml {
            }
            $href->{Node}->{$_} = $d;
        }
+        my $tmp_groups = "$type,all";
+        if (defined($mtm)) {
+            my $tmp_pre = xCAT::data::ibmhwtypes::parse_group($mtm);
+            if (defined($tmp_pre)) {
+                $tmp_groups .= ",$tmp_pre";
+            }     
+        }
+        $href->{Node}->{groups}=$tmp_groups;
        #################################
        # XML encoding
        #################################
@@ -265,6 +265,7 @@ sub rackformat_to_numricformat{
                    values are attributes of a specific nic, like:
                        type : nic type
                        hostnamesuffix: hostname suffix
+                        hostnameprefix: hostname prefix
                        customscript: custom script for this nic
                        network: network name for this nic
                        ip: ip address of this nic.
@@ -276,7 +277,7 @@ sub get_nodes_nic_attrs{
    my $nodes = shift;

    my $nicstab = xCAT::Table->new( 'nics');
-    my $entry = $nicstab->getNodesAttribs($nodes, ['nictypes', 'nichostnamesuffixes', 'niccustomscripts', 'nicnetworks', 'nicips']);
+    my $entry = $nicstab->getNodesAttribs($nodes, ['nictypes', 'nichostnamesuffixes', 'nichostnameprefixes', 'niccustomscripts', 'nicnetworks', 'nicips']);

    my %nicsattrs;
    my @nicattrslist;
@@ -308,6 +309,20 @@ sub get_nodes_nic_attrs{
            }
        }

+        if($entry->{$node}->[0]->{'nichostnameprefixes'}){
+
+            @nicattrslist = split(",", $entry->{$node}->[0]->{'nichostnameprefixes'});
+            foreach (@nicattrslist){
+                               my @nicattrs;
+                               if ($_  =~ /!/) {
+                                       @nicattrs = split("!", $_);
+                               } else {
+                                       @nicattrs = split(":", $_);
+                               }
+                $nicsattrs{$node}{$nicattrs[0]}{'hostnameprefix'} = $nicattrs[1];
+            }
+        }
+
        if($entry->{$node}->[0]->{'niccustomscripts'}){
            @nicattrslist = split(",", $entry->{$node}->[0]->{'niccustomscripts'});
            foreach (@nicattrslist){
@@ -733,6 +748,27 @@ sub get_imageprofile_prov_method

 #-------------------------------------------------------------------------------

+=head3 get_imageprofile_prov_osvers
+      Description : Get A node's provisioning os version and profile from its imageprofile attribute.
+      Arguments   : $imgprofilename - imageprofile name
+      Returns     : node's osversion and profile
+=cut
+
+#-------------------------------------------------------------------------------
+sub get_imageprofile_prov_osvers
+{
+
+    my $class = shift;
+    my $imgprofilename = shift;
+    my $osimgtab = xCAT::Table->new('osimage');
+    my $osimgentry = ($osimgtab->getAllAttribsWhere("imagename = '$imgprofilename'", 'ALL' ))[0];
+    my $osversion = $osimgentry->{'osvers'};
+    my $profile = $osimgentry->{'profile'};
+    return ($osversion, $profile);
+}
+
+#-------------------------------------------------------------------------------
+
 =head3 check_profile_consistent
      Description : Check if three profile consistent
      Arguments   : $imageprofile - image profile name
@@ -1000,6 +1036,40 @@ sub parse_nodeinfo_file
    return 1, "";
 }

+#-------------------------------------------------------
+
+=head3  update the table prodkey, in order to support windows
+        per node license key
+
+    Returns: $retcode.
+              $retcode = 1. update failed, the value is undef
+              $retcode = 0. save into db is OK..
+=cut
+#-------------------------------------------------------
+
+sub update_windows_prodkey
+{
+    my $class   = shift;
+    my $node    = shift;
+    my $product = shift;
+    my $key     = shift;
+    unless(defined($node) && defined($product) && defined($key))
+    {
+        return 1;
+    }
+    # please notice this db usage
+    my %keyhash;
+    my %updates;
+    $keyhash{'node'}             = $node;
+    $updates{'product'}          = $product;
+    $updates{'key'}              = $key;
+    my $tab = xCAT::Table->new('prodkey', -create=>1, -autocommit=>0);
+    $tab->setAttribs( \%keyhash,\%updates );
+    $tab->commit;
+    $tab->close; 
+    return 0;
+}
+
 #-------------------------------------------------------------------------------
 =head3 check_nicips
    Description: Check if the nicips defined in MAC file is correct
@@ -41,15 +41,16 @@ package xCAT::RemoteShellExp;
   [-t node list]  test ssh connection to the node 
   [-k] Generates the ssh keys needed , for the user on the MN. 
   [-s node list]  copies the ssh keys to the nodes 
-
+   optional $timeout = timeout value for the expect.  Usually from the xdsh -t flag
+   default timeout is 10 seconds
    exit 0 - good
    exit 1 - abort
    exit 2 - usage error

 Examples:
-$rc=xCAT::RemoteShellExp->remoteshellexp("k",$callback,$remoteshellcmd); 
-$rc=xCAT::RemoteShellExp->remoteshellexp("s",$callback,$remoteshellcmd,$nodes); 
-$rc=xCAT::RemoteShellExp->remoteshellexp("t",$callback,$remoteshellcmd,$nodes); 
+$rc=xCAT::RemoteShellExp->remoteshellexp("k",$callback,$remoteshellcmd,$nodes,$timeout); 
+$rc=xCAT::RemoteShellExp->remoteshellexp("s",$callback,$remoteshellcmd,$nodes,$timeout); 
+$rc=xCAT::RemoteShellExp->remoteshellexp("t",$callback,$remoteshellcmd,$nodes,$timeout); 

 =cut

@@ -70,7 +71,7 @@ use strict;
 #-----------------------------------------------------------------------------
 sub remoteshellexp 
 {
-  my ($class, $flag, $callback, $remoteshell, $nodes) = @_;
+  my ($class, $flag, $callback, $remoteshell, $nodes, $timeout) = @_;
  my $rc=0;
  $::CALLBACK = $callback;
  if (!($flag))
@@ -90,6 +91,10 @@ sub remoteshellexp
       return 2;
       
  }
+  my  $expecttimeout=10; # default
+  if (defined($timeout)) {  # value supplied
+     $expecttimeout=$timeout;
+  }

  # for -s flag must have nodes and a $to_userid password
  my $to_user_password;
@@ -180,7 +185,7 @@ sub remoteshellexp
  {
     # if the file size of the id_rsa key is 0, tell them to remove it
     # and run the command again
-     $rc=xCAT::RemoteShellExp->gensshkeys;
+     $rc=xCAT::RemoteShellExp->gensshkeys($expecttimeout);
  }
  # send ssh keys to the nodes/devices, to setup passwordless ssh 
  if ($flag eq "s")
@@ -193,15 +198,15 @@ sub remoteshellexp
         return 1;
    }
    if ($ssh_setup_cmd) { # setup ssh on devices
-     $rc=xCAT::RemoteShellExp->senddeviceskeys($remoteshell,$remotecopy,$to_userid,$to_user_password,$home,$ssh_setup_cmd,$nodes);
+     $rc=xCAT::RemoteShellExp->senddeviceskeys($remoteshell,$remotecopy,$to_userid,$to_user_password,$home,$ssh_setup_cmd,$nodes, $expecttimeout);
    } else {  #setup ssh on nodes
-     $rc=xCAT::RemoteShellExp->sendnodeskeys($remoteshell,$remotecopy,$to_userid,$to_user_password,$home,$nodes);
+     $rc=xCAT::RemoteShellExp->sendnodeskeys($remoteshell,$remotecopy,$to_userid,$to_user_password,$home,$nodes, $expecttimeout);
    } 
  }
  # test ssh setup on the node
  if ($flag eq "t")
  {
-     $rc=xCAT::RemoteShellExp->testkeys($remoteshell,$to_userid,$nodes);
+     $rc=xCAT::RemoteShellExp->testkeys($remoteshell,$to_userid,$nodes,$expecttimeout);
  }
  return $rc;
 }
@@ -220,9 +225,9 @@ sub remoteshellexp
 sub gensshkeys 

 {
-    my ($class) = @_;
+    my ($class, $expecttimeout) = @_;
    my $keygen;
-    my $timeout  = 10;    # sets Expect default timeout, 0 accepts immediately
+    my $timeout  = $expecttimeout;    # sets Expect default timeout, 0 accepts immediately
    my $keygen_sent = 0;
    my $prompt1   = 'Generating public/private rsa';
    my $prompt2   = 'Enter file.*:';
@@ -347,9 +352,9 @@ sub gensshkeys
 sub testkeys 

 {
-    my ($class,$remoteshell,$to_userid,$nodes) = @_;
+    my ($class,$remoteshell,$to_userid,$nodes, $expecttimeout) = @_;
    my $testkeys;
-    my $timeout  = 10;    # sets Expect default timeout, 0 accepts immediately
+    my $timeout  = $expecttimeout;    # sets Expect default timeout
    my $testkeys_sent = 0;
    my $prompt1   = 'Are you sure you want to continue connecting (yes/no)?';
    my $prompt2   = 'ssword:';
@@ -469,9 +474,9 @@ sub testkeys
 sub sendnodeskeys 

 {
-   my ($class,$remoteshell,$remotecopy,$to_userid,$to_userpassword,$home,$nodes) = @_;
+   my ($class,$remoteshell,$remotecopy,$to_userid,$to_userpassword,$home,$nodes, $expecttimeout) = @_;
    my $sendkeys;
-    my $timeout  = 10;    # sets Expect default timeout, 0 accepts immediately
+    my $timeout  = $expecttimeout;    # sets Expect default timeout, 0 accepts immediately
    my $sendkeys_sent = 0;
    my $prompt1   = 'Are you sure you want to continue connecting (yes/no)?';
    my $prompt2   = 'ssword:';
@@ -759,7 +764,7 @@ sub sendnodeskeys

 =head3    senddeviceskeys 
 	
-      Setup the ssh keys on the nodes 
+      Setup the ssh keys on the switches 

 =cut

@@ -768,9 +773,9 @@ sub sendnodeskeys
 sub senddeviceskeys 

 {
-   my ($class,$remoteshell,$remotecopy,$to_userid,$to_userpassword,$home,$ssh_setup_cmd,$nodes) = @_;
+   my ($class,$remoteshell,$remotecopy,$to_userid,$to_userpassword,$home,$ssh_setup_cmd,$nodes, $expecttimeout) = @_;
    my $sendkeys;
-    my $timeout  = 10;    # sets Expect default timeout, 0 accepts immediately
+    my $timeout  = $expecttimeout;    # sets Expect default timeout, 0 accepts immediately
    my $sendkeys_sent = 0;
    my $prompt1   = 'Are you sure you want to continue connecting (yes/no)?';
    my $prompt2   = 'ssword:';
@@ -202,9 +202,11 @@ sub parse_and_run_sinv
    #
    my @nodelist  = ();
    my @cmdparts  = ();
+    my $devicecommand =0;
    if ($options{'devicetype'}) {  
      # must split different because devices have commands with spaces
      @cmdparts  = split(' ', $cmd,3);
+      $devicecommand =1;
    } else {
      @cmdparts  = split(' ', $cmd);
    }
@@ -503,7 +505,7 @@ sub parse_and_run_sinv
                   );

        #  write the results to the tempfile after running through xdshcoll
-        $rc = &storeresults($callback);
+        $rc = &storeresults($callback,$devicecommand);

    }
    $processflg = "node";
@@ -534,7 +536,7 @@ sub parse_and_run_sinv


    #  write the results to the tempfile after running through xdshcoll
-    $rc = &storeresults($callback);
+    $rc = &storeresults($callback,$devicecommand);

    #  Build report and write to output file
    #  if file exist and has something in it
@@ -1451,12 +1453,11 @@ sub rinvoutput
 sub storeresults
 {
    my $callback = shift;
-
+    my $devicecommand= shift;
    # open file to write results of xdsh or rinv command
    my $newtempfile = $tempfile;
    $newtempfile .= "temp";
-    open(FILE, ">$newtempfile");
-    if ($? > 0)
+    unless (open(NEWTMPFILE, ">$newtempfile"))
    {
        my $rsp = {};
        $rsp->{data}->[0] = "Could not open $newtempfile\n";
@@ -1465,9 +1466,9 @@ sub storeresults
    }
    foreach my $line (@cmdresult)
    {
-        print FILE $line;
+        print NEWTMPFILE $line;
    }
-    close FILE;
+    close NEWTMPFILE;
    my $outputfile;
    if ($processflg eq "seednode")
    {    # cmd to seednode
@@ -1479,8 +1480,7 @@ sub storeresults
    }

    # open  file to put results of xdshcoll
-    open(FILE, ">$outputfile");
-    if ($? > 0)
+    unless (open(NEWOUTFILE, ">$outputfile"))
    {
        my $rsp = {};
        $rsp->{data}->[0] = "Could not open $outputfile\n";
@@ -1489,8 +1489,7 @@ sub storeresults
    }
    my $cmd = " $::XCATROOT/sbin/xdshcoll <$newtempfile |";

-    open(XCOLL, "$cmd");
-    if ($? > 0)
+    unless (open(XCOLL, "$cmd"))
    {
        my $rsp = {};
        $rsp->{data}->[0] = "Could not call xdshcoll \n";
@@ -1503,18 +1502,37 @@ sub storeresults
    while (<XCOLL>)
    {
        $line = $_;
-        print FILE $line
+        print NEWOUTFILE $line

    }

    close(XCOLL);
-    close FILE;
+    close NEWOUTFILE;

    system("/bin/rm  $newtempfile");
+    # is device command, we get false errors from the Switch, check for  
+    # blank error output lines and remove them.  If there is nothing left
+    # then there really were no errors
+    my @newerrresult=();
+    my $processerrors =1;
+    if ($devicecommand==1) {
+        foreach my $line (@errresult)
+        {
+          my @newline =  (split(/:/, $line));
+          if ($newline[1] !~ /^\s*$/) { # Not blank, then save it 
+            push @newerrresult,$line;  
+          } 
+          
+        } 
+        my $arraysize=@newerrresult;
+        if ($arraysize < 1) {
+            $processerrors =0;
+        }
+    }

    # capture errors
    #
-    if (@errresult)
+    if ((@errresult) && ($processerrors ==1))
    {    # if errors
        my $rsp = {};
        my $i   = 0;
@@ -667,6 +667,9 @@ sub decode_spd {
        1066 => 8500,
        1333 => 10600,
        1600 => 12800,
+        1867 => 14900,
+        2133 => 17000,
+        2134 => 17000,
    );

    my %ddr3modcap = (
@@ -707,9 +710,20 @@ sub decode_spd {
    }
    $rethash->{product}->{name}=$memtypes{$spd[2]};
    if  ($spd[2] == 11) { #DDR3 spec applies
+        my $ftbdividend = $spd[9] >> 4;
+        my $ftbdivisor = $spd[9] & 0xf;
+        my $ftb = $ftbdividend/$ftbdivisor;
+        my $fineoffset = $spd[34];
+        if ($fineoffset & 0b10000000) {
+            #negative value, twos complement
+            $fineoffset = 0-(($fineoffset ^ 0xff) + 1);
+        }
+        $fineoffset = ($ftb * $fineoffset) * 10**-3;
        my $mtb = $spd[10]/$spd[11];
-        my $speed = $speedfromclock{int(2/($mtb*$spd[12]*10**-3))};
-        $rethash->{product}->{name}="PC3-".$speed;
+        my $clock = int(2/(($mtb*$spd[12]+$fineoffset)*10**-3));
+        my $speed = $speedfromclock{$clock};
+        unless ($speed) { $speed = "UNKNOWN"; }
+        $rethash->{product}->{name}="PC3-".$speed." ($clock MT/s)";
        if ($spd[8]&0b11000) {
            $rethash->{product}->{name} .= " ECC";
        }
@@ -134,7 +134,7 @@ litetree => {
 	table_desc => 'Directory hierarchy to traverse to get the initial contents of node files.  The files that are specified in the litefile table are searched for in the directories specified in this table.',        
 	descriptions => {
 		priority => 'This number controls what order the directories are searched.  Directories are searched from smallest priority number to largest.',
-		image => "The name of the image that will use this directory, as specified in the osimage table.  If image is not supplied, the default is 'ALL'. 'ALL' means use it for all images.",
+        image => "The name of the image (as specified in the osimage table) that will use this directory. You can also specify an image group name that is listed in the osimage.groups attribute of some osimages. 'ALL' means use this row for all images.",
 		directory => 'The location (hostname:path) of a directory that contains files specified in the litefile table.  Variables are allowed.  E.g: $noderes.nfsserver://xcatmasternode/install/$node/#CMD=uname-r#/',
 		mntopts => "A comma-separated list of options to use when mounting the litetree directory.  (Ex. 'soft') The default is to do a 'hard' mount.",
 		comments => 'Any user-written notes.',
@@ -148,7 +148,7 @@ litefile => {
 	required => [qw(image file)], # default type is rw nfsroot   
 	table_desc => 'The litefile table specifies the directories and files on the statelite nodes that should be readwrite, persistent, or readonly overlay.  All other files in the statelite nodes come from the readonly statelite image.',        
 	descriptions => {
-		image => "The name of the image that will use these files, as specified in the osimage table. 'ALL' means use it for all images.",
+		image => "The name of the image (as specified in the osimage table) that will use these options on this dir/file. You can also specify an image group name that is listed in the osimage.groups attribute of some osimages. 'ALL' means use this row for all images.",
 		file => "The full pathname of the file. e.g: /etc/hosts.  If the path is a directory, then it should be terminated with a '/'. ",
 		options => "Options for the file:\n\n".
            qq{ tmpfs - It is the default option if you leave the options column blank. It provides a file or directory for the node to use when booting, its permission will be the same as the original version on the server. In most cases, it is read-write; however, on the next statelite boot, the original version of the file or directory on the server will be used, it means it is non-persistent. This option can be performed on files and directories..\n\n}.
@@ -191,7 +191,7 @@ vmmaster => {
    }
 },
 vm => {
-    cols => [qw(node mgr host migrationdest storage storagemodel cfgstore memory cpus nics nicmodel bootorder clockoffset virtflags master vncport textconsole powerstate beacon datacenter cluster guestostype othersettings vidmodel vidproto vidpassword comments disable)],
+    cols => [qw(node mgr host migrationdest storage storagemodel storagecache storageformat cfgstore memory cpus nics nicmodel bootorder clockoffset virtflags master vncport textconsole powerstate beacon datacenter cluster guestostype othersettings physlots vidmodel vidproto vidpassword comments disable)],
    keys => [qw(node)],
    tablespace =>'XCATTBS32K',
    table_desc => 'Virtualization parameters',
@@ -200,7 +200,7 @@ vm => {
        'mgr' => 'The function manager for the virtual machine',
        'host' => 'The system that currently hosts the VM',
        'migrationdest' => 'A noderange representing candidate destinations for migration (i.e. similar systems, same SAN, or other criteria that xCAT can use',
-        'storage' => 'A list of storage files or devices to be used.  i.e. /cluster/vm/<nodename> or nfs://<server>/path/to/folder/',
+        'storage' => 'A list of storage files or devices to be used.  i.e. dir:///cluster/vm/<nodename> or nfs://<server>/path/to/folder/',
        'storagemodel' => 'Model of storage devices to provide to guest',
        'cfgstore' => 'Optional location for persistant storage separate of emulated hard drives for virtualization solutions that require persistant store to place configuration data',
        'memory' => 'Megabytes of memory the VM currently should be set to.',
@@ -222,14 +222,17 @@ vm => {
        'vncport' => 'Tracks the current VNC display port (currently not meant to be set',
        'textconsole' => 'Tracks the Psuedo-TTY that maps to the serial port or console of a VM',
        'powerstate' => "This flag is used by xCAT to track the last known power state of the VM.",
-        'othersettings' => "This allows specifying a semicolon delimited list of key->value pairs to include in a vmx file of VMware.",
+        'othersettings' => "This allows specifying a semicolon delimited list of key->value pairs to include in a vmx file of VMware. For partitioning on normal power machines, this option is used to specify the hugepage and/or bsr information, the value is like:'hugepage:1,bsr=2'.",
        'guestostype' => "This allows administrator to specify an identifier for OS to pass through to virtualization stack.  Normally this should be ignored as xCAT will translate from nodetype.os rather than requiring this field be used\n",
        'beacon' => "This flag is used by xCAT to track the state of the identify LED with respect to the VM.",
        'datacenter' => "Optionally specify a datacenter for the VM to exist in (only applicable to VMWare)",
        'cluster' => 'Specify to the underlying virtualization infrastructure a cluster membership for the hypervisor.',
 	'vidproto' => "Request a specific protocol for remote video access be set up.  For example, spice in KVM.",
+    'physlots' => "Specify the physical slots drc index that will assigned to the partition, the delimiter is ',', and the drc index must started with '0x'. For more details, please reference to manpage of 'lsvm'.",
 	'vidmodel' => "Model of video adapter to provide to guest.  For example, qxl in KVM",
 	'vidpassword' => "Password to use instead of temporary random tokens for VNC and SPICE access",
+    'storagecache' => "Select caching scheme to employ.  E.g. KVM understands 'none', 'writethrough' and 'writeback'",
+    'storageformat' => "Select disk format to use by default (e.g. raw versus qcow2)",
    }
 },
 hypervisor => {
@@ -535,8 +538,8 @@ nodehm => {
    table_desc => "Settings that control how each node's hardware is managed.  Typically, an additional table that is specific to the hardware type of the node contains additional info.  E.g. the ipmi, mp, and ppc tables.",
 descriptions => {
  node => 'The node name or group name.',
-  power => 'The method to use to control the power of the node. If not set, the mgt attribute will be used.  Valid values: ipmi, blade, hmc, ivm, fsp.  If "ipmi", xCAT will search for this node in the ipmi table for more info.  If "blade", xCAT will search for this node in the mp table.  If "hmc", "ivm", or "fsp", xCAT will search for this node in the ppc table.',
-  mgt => 'The method to use to do general hardware management of the node.  This attribute is used as the default if power or getmac is not set.  Valid values: ipmi, blade, hmc, ivm, fsp, bpa.  See the power attribute for more details.',
+  power => 'The method to use to control the power of the node. If not set, the mgt attribute will be used.  Valid values: ipmi, blade, hmc, ivm, fsp, kvm, esx, rhevm.  If "ipmi", xCAT will search for this node in the ipmi table for more info.  If "blade", xCAT will search for this node in the mp table.  If "hmc", "ivm", or "fsp", xCAT will search for this node in the ppc table.',
+  mgt => 'The method to use to do general hardware management of the node.  This attribute is used as the default if power or getmac is not set.  Valid values: ipmi, blade, hmc, ivm, fsp, bpa, kvm, esx, rhevm.  See the power attribute for more details.',
  cons => 'The console method. If nodehm.serialport is set, this will default to the nodehm.mgt setting, otherwise it defaults to unused.  Valid values: cyclades, mrv, or the values valid for the mgt attribute.',
  termserver => 'The hostname of the terminal server.',
  termport => 'The port number on the terminal server that this node is connected to.',
@@ -551,7 +554,7 @@ nodehm => {
 },
  },
 nodelist => {
-    cols => [qw(node groups status statustime appstatus appstatustime primarysn hidden updatestatus updatestatustime comments disable)],
+    cols => [qw(node groups status statustime appstatus appstatustime primarysn hidden updatestatus updatestatustime zonename comments disable)],
    keys => [qw(node)],
    tablespace =>'XCATTBS32K',
    table_desc => "The list of all the nodes in the cluster, including each node's current status and what groups it is in.",
@@ -566,6 +569,7 @@ nodelist => {
     hidden => "Used to hide fsp and bpa definitions, 1 means not show them when running lsdef and nodels",
     updatestatus => "The current node update status. Valid states are synced out-of-sync,syncing,failed.",
     updatestatustime => "The date and time when the updatestatus was updated.",
+     zonename => "The name of the zone to which the node is currently assigned. If undefined, then it is not assigned to any zone. ",
     comments => 'Any user-written notes.',
     disable => "Set to 'yes' or '1' to comment out this row.",
    },
@@ -588,7 +592,7 @@ nodepos => {
 },
  },
 noderes => {
-    cols => [qw(node servicenode netboot tftpserver tftpdir nfsserver monserver nfsdir installnic primarynic discoverynics cmdinterface xcatmaster current_osimage next_osimage nimserver routenames nameservers comments disable)],
+    cols => [qw(node servicenode netboot tftpserver tftpdir nfsserver monserver nfsdir installnic primarynic discoverynics cmdinterface xcatmaster current_osimage next_osimage nimserver routenames nameservers proxydhcp comments disable)],
    keys => [qw(node)],
    tablespace =>'XCATTBS16K',
    table_desc => 'Resources and settings to use when installing nodes.',
@@ -611,6 +615,7 @@ noderes => {
  nimserver => 'Not used for now. The NIM server for this node (as known by this node).',
  routenames => 'A comma separated list of route names that refer to rows in the routes table. These are the routes that should be defined on this node when it is deployed.',
  nameservers => 'An optional node/group specific override for name server list.  Most people want to stick to site or network defined nameserver configuration.',
+  proxydhcp => 'To specify whether the node supports proxydhcp protocol. Valid values: yes or 1, no or 0. Default value is yes.',
  comments => 'Any user-written notes.',
  disable => "Set to 'yes' or '1' to comment out this row.",
 },
@@ -728,6 +733,21 @@ linuximage  => {
  disable => "Set to 'yes' or '1' to comment out this row.",
 },
  },
+winimage => {
+ cols => [qw(imagename template installto partitionfile winpepath comments disable)],
+ keys => [qw(imagename)],
+ tablespace =>'XCATTBS32K',
+ table_desc => 'Information about a Windows operating system image that can be used to deploy cluster nodes.',
+ descriptions => {
+  imagename => 'The name of this xCAT OS image definition.',
+  template => 'The fully qualified name of the template file that is used to create the windows unattend.xml file for diskful installation.',
+  installto => 'The disk and partition that the Windows will be deployed to. The valid format is <disk>:<partition>. If not set, default value is 0:1 for bios boot mode(legacy) and 0:3 for uefi boot mode; If setting to 1, it means 1:1 for bios boot and 1:3 for uefi boot',
+  partitionfile => 'The path of partition configuration file. Since the partition configuration for bios boot mode and uefi boot mode are different, this configuration file should include two parts if customer wants to support both bios and uefi mode. If customer just wants to support one of the modes, specify one of them anyway. Example of partition configuration file: [BIOS]xxxxxxx[UEFI]yyyyyyy. To simplify the setting, you also can set installto in partitionfile with section likes [INSTALLTO]0:1',
+  winpepath => 'The path of winpe which will be used to boot this image. If the real path is /tftpboot/winboot/winpe1/, the value for winpepath should be set to winboot/winpe1',
+  comments => 'Any user-written notes.',
+  disable => "Set to 'yes' or '1' to comment out this row.",
+ }
+},
 passwd => {
    cols => [qw(key username password cryptmethod authdomain comments disable)],
    keys => [qw(key username)],
@@ -817,13 +837,13 @@ ppchcp => {
 },
  },
 servicenode => {
-    cols => [qw(node nameserver dhcpserver tftpserver nfsserver conserver monserver ldapserver ntpserver ftpserver nimserver ipforward dhcpinterfaces comments disable)],
+    cols => [qw(node nameserver dhcpserver tftpserver nfsserver conserver monserver ldapserver ntpserver ftpserver nimserver ipforward dhcpinterfaces proxydhcp comments disable)],
    keys => [qw(node)],
    tablespace =>'XCATTBS16K',
    table_desc => 'List of all Service Nodes and services that will be set up on the Service Node.',
 descriptions => {
  node => 'The hostname of the service node as known by the Management Node.',
-  nameserver => 'Do we set up DNS on this service node? Valid values:yes or 1, no or 0. If yes, creates named.conf file with forwarding to the management node and starts named. If no or 0, it does not change the current state of the service. ',
+  nameserver => 'Do we set up DNS on this service node? Valid values: 2, 1, no or 0. If 2, creates named.conf as dns slave, using the management node as dns master, and starts named. If 1, creates named.conf file with forwarding to the management node and starts named. If no or 0, it does not change the current state of the service. ',
  dhcpserver => 'Do we set up DHCP on this service node? Not supported on AIX. Valid values:yes or 1, no or 0. If yes, runs makedhcp -n. If no or 0, it does not change the current state of the service. ',
  tftpserver => 'Do we set up TFTP on this service node? Not supported on AIX. Valid values:yes or 1, no or 0. If yes, configures and starts atftp. If no or 0, it does not change the current state of the service. ',
  nfsserver => 'Do we set up file services (HTTP,FTP,or NFS) on this service node? For AIX will only setup NFS, not HTTP or FTP. Valid values:yes or 1, no or 0.If no or 0, it does not change the current state of the service. ',
@@ -835,6 +855,7 @@ servicenode => {
  nimserver => 'Not used. Do we set up a NIM server on this service node? Valid values:yes or 1, no or 0. If no or 0, it does not change the current state of the service.',
  ipforward => 'Do we set up ip forwarding on this service node? Valid values:yes or 1, no or 0. If no or 0, it does not change the current state of the service.',
  dhcpinterfaces => 'The network interfaces DHCP server should listen on for the target node. This attribute can be used for management node and service nodes.  If defined, it will override the values defined in site.dhcpinterfaces. This is a comma separated list of device names. !remote! indicates a non-local network for relay DHCP. For example: !remote!,eth0,eth1',
+  proxydhcp => 'Do we set up proxydhcp service on this node? valid values: yes or 1, no or 0. If yes, the proxydhcp daemon will be enabled on this node.',

     comments => 'Any user-written notes.',
     disable => "Set to 'yes' or '1' to comment out this row.",
@@ -843,35 +864,44 @@ servicenode => {
 site => {
    cols => [qw(key value comments disable)],
    keys => [qw(key)],
-    table_desc => "Global settings for the whole cluster.  This table is different from the \nother tables in that each attribute is just named in the key column, rather \nthan having a separate column for each attribute. The following is a list of \nthe attributes currently used by xCAT.\n",
+    table_desc => "Global settings for the whole cluster.  This table is different from the \nother tables in that each attribute is just named in the key column, rather \nthan having a separate column for each attribute. The following is a list of \nattributes currently used by xCAT organized into categories.\n",
 descriptions => {
  # Do not put description text past column 88, so it displays well in a 100 char wide window.
  # ----------------------------------------------------------------------------------|----------
  key => "Attribute Name:  Description\n\n".
-   " auditskipcmds: List of commands and/or client types that will not be written to the auditlog table.\n".
+   " ------------\n".
+   "AIX ATTRIBUTES\n".
+   " ------------\n".
+   " nimprime :   The name of NIM server, if not set default is the AIX MN.
+              If Linux MN, then must be set for support of mixed cluster (TBD).\n\n".
+   " useSSHonAIX:  (yes/1 or no/0). Default is yes.  The support for rsh/rcp is deprecated.\n".
+   " useNFSv4onAIX:  (yes/1 or no/0). If yes, NFSv4 will be used with NIM. If no,\n".
+   "               NFSv3 will be used with NIM. Default is no.\n\n".
+   " -----------------\n".
+   "DATABASE ATTRIBUTES\n".
+   " -----------------\n".
+   " auditskipcmds: List of commands and/or client types that will not be\n".
+   "                written to the auditlog table.\n".
   "                'ALL' means all cmds will be skipped. If attribute is null, all\n".
   "                commands will be written.\n". 
   "                clienttype:web would skip all commands from the web client\n". 
   "                For example: tabdump,nodels,clienttype:web \n".
   "                will not log tabdump,nodels and any web client commands.\n\n".
-   " blademaxp:  The maximum number of concurrent processes for blade hardware control.\n\n".
-   " cleanupxcatpost:  (yes/1 or no/0). Set to 'yes' or '1' to clean up the /xcatpost\n".
-   "                   directory on the stateless and statelite nodes after the\n".
-   "                   postscripts are run. Default is no.\n\n".
-   " consoleondemand:  When set to 'yes', conserver connects and creates the console\n".
-   "                   output only when the user opens the console. Default is no on\n".
-   "                   Linux, yes on AIX.\n\n".
   " databaseloc:    Directory where we create the db instance directory.\n".
   "                 Default is /var/lib. Only DB2 is currently supported.\n".
   "                 Do not use the directory in the site.installloc or\n".
   "                 installdir attribute. This attribute must not be changed\n".
   "                 once db2sqlsetup script has been run and DB2 has been setup.\n\n".
-   " db2installloc:  The location which the service nodes should mount for\n".
-   "                 the db2 code to install. Format is hostname:/path.  If hostname is\n".
-   "                 omitted, it defaults to the management node. Default is /mntdb2.\n\n".
-   " defserialflow:  The default serial flow - currently only used by the mknb command.\n\n".
-   " defserialport:  The default serial port - currently only used by mknb.\n\n".
-   " defserialspeed:  The default serial speed - currently only used by mknb.\n\n".
+   " excludenodes:  A set of comma separated nodes and/or groups that would automatically\n".
+   "                be subtracted from any noderange, it can be used for excluding some\n".
+   "                failed nodes for any xCAT commands. See the 'noderange' manpage for\n".
+   "                details on supported formats.\n\n".
+   " nodestatus:  If set to 'n', the nodelist.status column will not be updated during\n".
+   "              the node deployment, node discovery and power operations. The default is to update.\n\n".
+   " skiptables:  Comma separated list of tables to be skipped by dumpxCATdb\n\n".
+   " -------------\n".
+   "DHCP ATTRIBUTES\n".
+   " -------------\n".
   " dhcpinterfaces:  The network interfaces DHCP should listen on.  If it is the same\n".
   "                  for all nodes, use a simple comma-separated list of NICs.  To\n".
   "                  specify different NICs for different nodes:\n".
@@ -884,59 +914,19 @@ site => {
   " disjointdhcps:  If set to '1', the .leases file on a service node only contains\n".
   "                 the nodes it manages. The default value is '0'.\n".
   "                 '0' value means include all the nodes in the subnet.\n\n".
+   " pruneservices:  Whether to enable service pruning when noderm is run (i.e.\n".
+   "                 removing DHCP entries when noderm is executed)\n\n".
+   " ------------\n".
+   "DNS ATTRIBUTES\n".
+   " ------------\n".
   " dnshandler:  Name of plugin that handles DNS setup for makedns.\n".
   " domain:  The DNS domain name used for the cluster.\n\n".
-   " ea_primary_hmc:  The hostname of the HMC that the Integrated Switch Network\n".
-   "                  Management Event Analysis should send hardware serviceable\n".
-   "                  events to for processing and potentially sending to IBM.\n\n".
-   " ea_backup_hmc:  The hostname of the HMC that the Integrated Switch Network\n".
-   "                  Management Event Analysis should send hardware serviceable\n".
-   "                  events to if the primary HMC is down.\n\n".
-   " enableASMI:  (yes/1 or no/0). If yes, ASMI method will be used after fsp-api. If no,\n".
-   "               when fsp-api is used, ASMI method will not be used. Default is no.\n\n".
-   " excludenodes:  A set of comma separated nodes and/or groups that would automatically\n".
-   "                be subtracted from any noderange, it can be used for excluding some\n".
-   "                failed nodes for any xCAT commands. See the 'noderange' manpage for\n".
-   "                details on supported formats.\n\n".
   " forwarders:  The DNS servers at your site that can provide names outside of the\n".
   "              cluster. The makedns command will configure the DNS on the management\n".
   "              node to forward requests it does not know to these servers.\n".
   "              Note that the DNS servers on the service nodes will ignore this value\n".
   "              and always be configured to forward requests to the management node.\n\n".
-   " fsptimeout:  The timeout, in milliseconds, to use when communicating with FSPs.\n\n".
-   " genmacprefix:  When generating mac addresses automatically, use this manufacturing\n".
-   "                prefix (e.g. 00:11:aa)\n\n".
-   " genpasswords:  Automatically generate random passwords for BMCs when configuring\n".
-   "                them.\n\n".
-   " httpport:    The port number that the booting/installing nodes should contact the\n".
-   "              http server on the MN/SN on. It is your responsibility to configure\n".
-   "              the http server to listen on that port - xCAT will not do that.\n\n".
-   " installdir:  The local directory name used to hold the node deployment packages.\n\n".
-   " installloc:  The location from which the service nodes should mount the \n".
-   "              deployment packages in the format hostname:/path.  If hostname is\n".
-   "              omitted, it defaults to the management node. The path must\n".
-   "              match the path in the installdir attribute.\n\n".
-   " ipmidispatch:  Whether or not to send ipmi hw control operations to the service\n".
-   "                node of the target compute nodes. Default is 'y'.\n\n".
-   " hwctrldispatch:  Whether or not to send hw control operations to the service\n".
-   "                  node of the target nodes. Default is 'y'.(At present, this attribute\n".
-   "                  is only used for IBM Flex System)\n\n".
-   " ipmimaxp:  The max # of processes for ipmi hw ctrl. The default is 64. Currently,\n".
-   "            this is only used for HP hw control.\n\n".
-   " ipmiretries:  The # of retries to use when communicating with BMCs. Default is 3.\n\n".
-   " ipmisdrcache:  If set to 'no', then the xCAT IPMI support will not cache locally\n".
-   "                the target node's SDR cache to improve performance.\n\n".
-   " ipmitimeout:  The timeout to use when communicating with BMCs. Default is 2.\n".
-   "               This attribute is currently not used.\n\n".
-   " iscsidir:  The path to put the iscsi disks in on the mgmt node.\n\n".
   " master:  The hostname of the xCAT management node, as known by the nodes.\n\n".
-   " maxssh:  The max # of SSH connections at any one time to the hw ctrl point for PPC\n".
-   "          This parameter doesn't take effect on the rpower command.\n".
-   "          It takes effects on other PPC hardware control command\n".
-   "          getmacs/rnetboot/rbootseq and so on. Default is 8.\n\n".
-   " mnroutenames:  The name of the routes to be setup on the management node.\n".
-   "                It is a comma separated list of route names that are defined in the\n".
-   "                routes table.\n\n".
   " nameservers:  A comma delimited list of DNS servers that each node in the cluster\n".
   "               should use. This value will end up in the nameserver settings of the\n".
   "               /etc/resolv.conf on each node. It is common (but not required) to set\n".
@@ -946,18 +936,35 @@ site => {
   "               \"<xcatmaster>\" to mean the DNS server for each node should be the\n".
   "               node that is managing it (either its service node or the management\n".
   "               node).\n\n".
-   " nimprime :   The name of NIM server, if not set default is the AIX MN.
-              If Linux MN, then must be set for support of mixed cluster (TBD).\n\n".
-   " nodestatus:  If set to 'n', the nodelist.status column will not be updated during\n".
-   "              the node deployment, node discovery and power operations. The default is to update.\n\n".
-   " ntpservers:  A comma delimited list of NTP servers for the cluster - often the\n".
-   "              xCAT management node.\n\n".
-   " runbootscripts:  If set to 'yes' the scripts listed in the postbootscripts\n".
-   "                  attribute in the osimage and postscripts tables will be run during\n".
-   "                  each reboot of stateful (diskful) nodes. This attribute has no\n".
-   "                  effect on stateless and statelite nodes. Please run the following\n" .
-   "                  command after you change the value of this attribute: \n".
-   "                  'updatenode <nodes> -P setuppostbootscripts'\n\n".
+   " -------------------------\n".
+   "HARDWARE CONTROL ATTRIBUTES\n".
+   " -------------------------\n".
+   " blademaxp:  The maximum number of concurrent processes for blade hardware control.\n\n".
+   " ea_primary_hmc:  The hostname of the HMC that the Integrated Switch Network\n".
+   "                  Management Event Analysis should send hardware serviceable\n".
+   "                  events to for processing and potentially sending to IBM.\n\n".
+   " ea_backup_hmc:  The hostname of the HMC that the Integrated Switch Network\n".
+   "                  Management Event Analysis should send hardware serviceable\n".
+   "                  events to if the primary HMC is down.\n\n".
+   " enableASMI:  (yes/1 or no/0). If yes, ASMI method will be used after fsp-api. If no,\n".
+   "               when fsp-api is used, ASMI method will not be used. Default is no.\n\n".
+   " fsptimeout:  The timeout, in milliseconds, to use when communicating with FSPs.\n\n".
+   " hwctrldispatch:  Whether or not to send hw control operations to the service\n".
+   "                  node of the target nodes. Default is 'y'.(At present, this attribute\n".
+   "                  is only used for IBM Flex System)\n\n".
+   " ipmidispatch:  Whether or not to send ipmi hw control operations to the service\n".
+   "                node of the target compute nodes. Default is 'y'.\n\n".
+   " ipmimaxp:  The max # of processes for ipmi hw ctrl. The default is 64. Currently,\n".
+   "            this is only used for HP hw control.\n\n".
+   " ipmiretries:  The # of retries to use when communicating with BMCs. Default is 3.\n\n".
+   " ipmisdrcache:  If set to 'no', then the xCAT IPMI support will not cache locally\n".
+   "                the target node's SDR cache to improve performance.\n\n".
+   " ipmitimeout:  The timeout to use when communicating with BMCs. Default is 2.\n".
+   "               This attribute is currently not used.\n\n".
+   " maxssh:  The max # of SSH connections at any one time to the hw ctrl point for PPC\n".
+   "          This parameter doesn't take effect on the rpower command.\n".
+   "          It takes effects on other PPC hardware control command\n".
+   "          getmacs/rnetboot/rbootseq and so on. Default is 8.\n\n".
   " syspowerinterval:  For system p CECs, this is the number of seconds the rpower\n".
   "                 command will wait between performing the action for each CEC.\n".
   "                 For system x IPMI servers, this is the number of seconds the\n".
@@ -984,15 +991,45 @@ site => {
   " ppctimeout:  The timeout, in milliseconds, to use when communicating with PPC hw\n".
   "              through HMC. It only takes effect on the hardware control commands\n".
   "              through HMC. Default is 0.\n\n".
+   " snmpc:  The snmp community string that xcat should use when communicating with the\n".
+   "         switches.\n\n".
+   " ---------------------------\n".
+   "INSTALL/DEPLOYMENT ATTRIBUTES\n".
+   " ---------------------------\n".
+   " cleanupxcatpost:  (yes/1 or no/0). Set to 'yes' or '1' to clean up the /xcatpost\n".
+   "                   directory on the stateless and statelite nodes after the\n".
+   "                   postscripts are run. Default is no.\n\n".
+   " db2installloc:  The location which the service nodes should mount for\n".
+   "                 the db2 code to install. Format is hostname:/path.  If hostname is\n".
+   "                 omitted, it defaults to the management node. Default is /mntdb2.\n\n".
+   " defserialflow:  The default serial flow - currently only used by the mknb command.\n\n".
+   " defserialport:  The default serial port - currently only used by mknb.\n\n".
+   " defserialspeed:  The default serial speed - currently only used by mknb.\n\n".
+   " genmacprefix:  When generating mac addresses automatically, use this manufacturing\n".
+   "                prefix (e.g. 00:11:aa)\n\n".
+   " genpasswords:  Automatically generate random passwords for BMCs when configuring\n".
+   "                them.\n\n".
+   " installdir:  The local directory name used to hold the node deployment packages.\n\n".
+   " installloc:  The location from which the service nodes should mount the \n".
+   "              deployment packages in the format hostname:/path.  If hostname is\n".
+   "              omitted, it defaults to the management node. The path must\n".
+   "              match the path in the installdir attribute.\n\n".
+   " iscsidir:  The path to put the iscsi disks in on the mgmt node.\n\n".
+   " mnroutenames:  The name of the routes to be setup on the management node.\n".
+   "                It is a comma separated list of route names that are defined in the\n".
+   "                routes table.\n\n".
+   " runbootscripts:  If set to 'yes' the scripts listed in the postbootscripts\n".
+   "                  attribute in the osimage and postscripts tables will be run during\n".
+   "                  each reboot of stateful (diskful) nodes. This attribute has no\n".
+   "                  effect on stateless and statelite nodes. Please run the following\n" .
+   "                  command after you change the value of this attribute: \n".
+   "                  'updatenode <nodes> -P setuppostbootscripts'\n\n".
   " precreatemypostscripts: (yes/1 or no/0). Default is no. If yes, it will  \n".
   "              instruct xCAT at nodeset and updatenode time to query the db once for\n".
   "              all of the nodes passed into the cmd and create the mypostscript file\n".
   "              for each node, and put them in a directory of tftpdir(such as: /tftpboot)\n".
   "              If no, it will not generate the mypostscript file in the tftpdir.\n\n".
-   " pruneservices:  Whether to enable service pruning when noderm is run (i.e.\n".
-   "                 removing DHCP entries when noderm is executed)\n\n".
-   " rsh:  This is no longer used. path to remote shell command for xdsh.\n\n".
-   " rcp:  This is no longer used. path to remote copy command for xdcp.\n\n".
+   " setinstallnic:  Set the network configuration for installnic to be static.\n\n".
   " sharedtftp:  Set to 0 or no, xCAT should not assume the directory\n".
   "              in tftpdir is mounted on all on Service Nodes. Default is 1/yes.\n". 
   "              If value is set to a hostname, the directory in tftpdir\n".
@@ -1003,18 +1040,30 @@ site => {
   "               shared filesystem is being used across all service nodes.\n".
   "               'all' means that the management as well as the service nodes\n".
   "               are all using a common shared filesystem. The default is 'no'.\n".
-   " skiptables:  Comma separated list of tables to be skipped by dumpxCATdb\n".
+   " xcatconfdir:  Where xCAT config data is (default /etc/xcat).\n\n".
+   " --------------------\n".
+   "REMOTESHELL ATTRIBUTES\n".
+   " --------------------\n".
+   " nodesyncfiledir:  The directory on the node, where xdcp will rsync the files\n".
   " SNsyncfiledir:  The directory on the Service Node, where xdcp will rsync the files\n".
   "                 from the MN that will eventually be rsync'd to the compute nodes.\n\n".
-   " nodesyncfiledir:  The directory on the node, where xdcp will rsync the files\n".
-   " snmpc:  The snmp community string that xcat should use when communicating with the\n".
-   "         switches.\n\n".
-   " sshbetweennodes:  Comma separated list of groups to enable passwordless root \n".
+   " sshbetweennodes:  Comma separated list of groups of compute nodes to enable passwordless root \n".
   "                   ssh during install, or xdsh -K. Default is ALLGROUPS.\n".
-   "                   Set to NOGROUPS,if you do not wish to enabled any groups.\n".
+   "                   Set to NOGROUPS,if you do not wish to enabled any group of compute nodes.\n".
   "                   Service Nodes are not affected by this attribute\n".
   "                   they are always setup with\n".
   "                   passwordless root access to nodes and other SN.\n\n".
+   " -----------------\n".
+   "SERVICES ATTRIBUTES\n".
+   " -----------------\n".
+   " consoleondemand:  When set to 'yes', conserver connects and creates the console\n".
+   "                   output only when the user opens the console. Default is no on\n".
+   "                   Linux, yes on AIX.\n\n".
+   " httpport:    The port number that the booting/installing nodes should contact the\n".
+   "              http server on the MN/SN on. It is your responsibility to configure\n".
+   "              the http server to listen on that port - xCAT will not do that.\n\n".
+   " ntpservers:  A comma delimited list of NTP servers for the cluster - often the\n".
+   "              xCAT management node.\n\n".
   " svloglocal:  if set to 1, syslog on the service node will not get forwarded to the\n".
   "              mgmt node.\n\n".
   " timezone:  (e.g. America/New_York)\n\n".
@@ -1024,31 +1073,44 @@ site => {
   " useNmapfromMN:  When set to yes, nodestat command should obtain the node status\n".
   "                 using nmap (if available) from the management node instead of the\n".
   "                 service node. This will improve the performance in a flat network.\n\n".
-   " useSSHonAIX:  (yes/1 or no/0). If yes, ssh/scp will be setup and used. If no, rsh/rcp.  The support for rsh/rcp is deprecated.\n".
+   " vsftp:       Default is 'n'. If set to 'y', the xcatd on the mn will automatically\n".
+   "              bring up vsftpd.  (You must manually install vsftpd before this.\n".
+   "              This setting does not apply to the service node. For sn\n".
+   "              you need to set servicenode.ftpserver=1 if you want xcatd to\n".
+   "              bring up vsftpd.\n\n".
+   " -----------------------\n".
+   "VIRTUALIZATION ATTRIBUTES\n".
+   " -----------------------\n".
   " usexhrm:  Have xCAT run its xHRM script when booting up KVM guests to set the\n".
   "           virtual network bridge up correctly. See\n".
   "           https://sourceforge.net/apps/mediawiki/xcat/index.php?title=XCAT_Virtualization_with_KVM#Setting_up_a_network_bridge\n\n".
-   "               rsh/rcp will be setup and used on AIX. Default is yes.\n\n".
-   " useNFSv4onAIX:  (yes/1 or no/0). If yes, NFSv4 will be used with NIM. If no,\n".
-   "               NFSv3 will be used with NIM. Default is no.\n\n".
   " vcenterautojoin:  When set to no, the VMWare plugin will not attempt to auto remove\n".
   "                   and add hypervisors while trying to perform operations.  If users\n".
   "                   or tasks outside of xCAT perform the joining this assures xCAT\n".
   "                   will not interfere.\n\n".
   " vmwarereconfigonpower:  When set to no, the VMWare plugin will make no effort to\n".
   "                         push vm.cpus/vm.memory updates from xCAT to VMWare.\n\n".
-   " vsftp:       Default is 'n'. If set to 'y', the xcatd on the mn will automatically\n".
-   "              bring up vsftpd.  (You must manually install vsftpd before this.\n".
-   "              This setting does not apply to the service node. For sn\n".
-   "              you need to set servicenode.ftpserver=1 if you want xcatd to\n".
-   "              bring up vsftpd.\n\n".
-   " xcatconfdir:  Where xCAT config data is (default /etc/xcat).\n\n".
+   " --------------------\n".
+   "XCAT DAEMON ATTRIBUTES\n".
+   " --------------------\n".
+   " useflowcontrol:  (yes/1 or no/0). If yes, the postscript processing on each node\n".
+   "               contacts xcatd on the MN/SN using a lightweight UDP packet to wait\n".
+   "               until xcatd is ready to handle the requests associated with\n".
+   "               postscripts.  This prevents deploying nodes from flooding xcatd and\n".
+   "               locking out admin interactive use. This value works with the\n".
+   "               xcatmaxconnections and xcatmaxbatch attributes. Is not supported on AIX.\n".
+   "               If the value is no, nodes sleep for a random time before contacting\n".
+   "               xcatd, and retry. On a new install of xcat, this value will be set to yes.\n".
+   "               See the following document for details:\n".
+   "               https://sourceforge.net/apps/mediawiki/xcat/index.php?title=Hints_and_Tips_for_Large_Scale_Clusters\n\n".
   " xcatmaxconnections:  Number of concurrent xCAT protocol requests before requests\n".
   "                      begin queueing. This applies to both client command requests\n".
   "                      and node requests, e.g. to get postscripts. Default is 64.\n\n".
+   " xcatmaxbatchconnections:  Number of concurrent xCAT connections allowed from the nodes.\n".
+   "                      Value must be less than xcatmaxconnections. Default is 50.\n\n".
   " xcatdport:  The port used by the xcatd daemon for client/server communication.\n\n".
-   " xcatiport:  The port used by xcatd to receive install status updates from nodes.\n\n",
-   " xcatsslversion:  The ssl version by xcatd. Default is SSLv3.\n\n",
+   " xcatiport:  The port used by xcatd to receive install status updates from nodes.\n\n".
+   " xcatsslversion:  The ssl version by xcatd. Default is SSLv3.\n\n".
   " xcatsslciphers:  The ssl cipher by xcatd. Default is 3DES.\n\n",
  value => 'The value of the attribute specified in the "key" column.',
     comments => 'Any user-written notes.',
@@ -1128,6 +1190,18 @@ performance => {
   disable => "Set to 'yes' or '1' to comment out this row.",
 },
  },
+zone => {
+    cols => [qw(zonename sshkeydir defaultzone comments disable)],
+    keys => [qw(zonename)],
+    table_desc => 'Defines a cluster zone for nodes that share root ssh key access to each other.',
+ descriptions => {
+   zonename => 'The name of the zone.',
+   sshkeydir => 'Directory containing the shared root ssh RSA keys.',
+   defaultzone => 'If nodes are not assigned to any other zone, they will default to this zone. If value is set to yes or 1.',
+   comments => 'Any user-provided notes.',
+   disable => "Set to 'yes' or '1' to comment out this row.",
+ },
+  },

 eventlog => {
    cols => [qw(recid  eventtime eventtype monitor monnode node application component id severity  message rawdata comments disable)], 
@@ -1264,7 +1338,7 @@ firmware => {
 },

 nics => {
-        cols => [qw(node nicips  nichostnamesuffixes nictypes niccustomscripts nicnetworks nicaliases comments disable)], 
+        cols => [qw(node nicips  nichostnamesuffixes nichostnameprefixes nictypes niccustomscripts nicnetworks nicaliases comments disable)], 
        keys => [qw(node)],
        tablespace =>'XCATTBS16K',
        table_desc => 'Stores NIC details.',
@@ -1282,6 +1356,13 @@ nics => {
                            <nic1>!<ext1>|<ext2>,<nic2>!<ext1>|<ext2>,..., for example,  eth0!-eth0|-eth0-ipv6,ib0!-ib0|-ib0-ipv6. 
                        The xCAT object definition commands support to use nichostnamesuffixes.<nicname> as the sub attributes. 
                        Note:  According to DNS rules a hostname must be a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-),and period (.). When you are specifying "nichostnamesuffixes" or "nicaliases" make sure the resulting hostnames will conform to this naming convention',
+            nichostnameprefixes  => 'Comma-separated list of hostname prefixes per NIC. 
+                        If only one ip address is associated with each NIC:
+                            <nic1>!<ext1>,<nic2>!<ext2>,..., for example, eth0!eth0-,ib0!ib-
+                        If multiple ip addresses are associcated with each NIC:
+                            <nic1>!<ext1>|<ext2>,<nic2>!<ext1>|<ext2>,..., for example,  eth0!eth0-|eth0-ipv6i-,ib0!ib-|ib-ipv6-. 
+                        The xCAT object definition commands support to use nichostnameprefixes.<nicname> as the sub attributes. 
+                        Note:  According to DNS rules a hostname must be a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-),and period (.). When you are specifying "nichostnameprefixes" or "nicaliases" make sure the resulting hostnames will conform to this naming convention',
            nictypes => 'Comma-separated list of NIC types per NIC. <nic1>!<type1>,<nic2>!<type2>, e.g. eth0!Ethernet,ib0!Infiniband. The xCAT object definition commands support to use nictypes.<nicname> as the sub attributes.', 
            niccustomscripts => 'Comma-separated list of custom scripts per NIC.  <nic1>!<script1>,<nic2>!<script2>, e.g. eth0!configeth eth0, ib0!configib ib0. The xCAT object definition commands support to use niccustomscripts.<nicname> as the sub attribute
 .',
@@ -1450,7 +1531,7 @@ cfgmgt => {
   },
 },
 mic => {
-    cols => [qw(node host id nodetype bridge onboot vlog comments disable)],
+    cols => [qw(node host id nodetype bridge onboot vlog powermgt comments disable)],
    keys => [qw(node)],
    table_desc => 'The host, slot id and configuraton of the mic (Many Integrated Core).',
    descriptions => {
@@ -1461,12 +1542,25 @@ mic => {
        bridge => 'The virtual bridge on the host node which the mic connected to.',
        onboot => 'Set mic to autoboot when mpss start. Valid values: yes|no. Default is yes.',
        vlog => 'Set the Verbose Log to console. Valid values: yes|no. Default is no.',
+        powermgt => 'Set the Power Management for mic node. This attribute is used to set the power management state that mic may get into when it is idle. Four states can be set: cpufreq, corec6, pc3 and pc6. The valid value for powermgt attribute should be [cpufreq=<on|off>]![corec6=<on|off>]![pc3=<on|off>]![pc6=<on|off>]. e.g. cpufreq=on!corec6=off!pc3=on!pc6=off. Refer to the doc of mic to get more information for power management.',
        comments => 'Any user-provided notes.',
        disable => "Do not use.  tabprune will not work if set to yes or 1",
    },
 },
-
-
+hwinv => {
+    cols => [qw(node cputype cpucount memory disksize comments disable)],
+    keys => [qw(node)],
+    table_desc => 'The hardware inventory for the node.',
+    descriptions => {
+        node => 'The node name or group name.',
+        cputype => 'The cpu model name for the node.',
+        cpucount => 'The number of cpus for the node.',
+        memory => 'The size of the memory for the node.',
+        disksize => 'The size of the disks for the node.',
+        comments => 'Any user-provided notes.',
+        disable =>  "Set to 'yes' or '1' to comment out this row.",
+    },
+},
 ); # end of tabspec definition


@@ -1544,6 +1638,7 @@ foreach my $tabname (keys(%xCAT::ExtTab::ext_tabspec)) {
  rack => { attrs => [], attrhash => {}, objkey => 'rackname' },
  osdistro=> { attrs => [], attrhash => {}, objkey => 'osdistroname' },
  osdistroupdate=> { attrs => [], attrhash => {}, objkey => 'osupdatename' },
+  zone=> { attrs => [], attrhash => {}, objkey => 'zonename' },
  
 );

@@ -1612,6 +1707,11 @@ my @nodeattrs = (
                 tabentry => 'noderes.monserver',
                 access_tabentry => 'noderes.node=attr:node',
  },
+        {attr_name => 'supportproxydhcp',
+                 tabentry => 'noderes.proxydhcp',
+                 access_tabentry => 'noderes.node=attr:node',
+  },
+
 {attr_name => 'kernel',
                 tabentry => 'bootparams.kernel',
                 access_tabentry => 'bootparams.node=attr:node',
@@ -1680,6 +1780,10 @@ my @nodeattrs = (
 	{attr_name => 'setupipforward',
                 tabentry => 'servicenode.ipforward',
                 access_tabentry => 'servicenode.node=attr:node',
+  },
+	{attr_name => 'setupproxydhcp',
+                 tabentry => 'servicenode.proxydhcp',
+                 access_tabentry => 'servicenode.node=attr:node',
  },
 # - moserver not used yet
 #	{attr_name => 'setupmonserver',
@@ -2161,6 +2265,10 @@ my @nodeattrs = (
                tabentry => 'nics.nichostnamesuffixes',
                access_tabentry => 'nics.node=attr:node',
        },
+        {attr_name => 'nichostnameprefixes',
+                tabentry => 'nics.nichostnameprefixes',
+                access_tabentry => 'nics.node=attr:node',
+        },
        {attr_name => 'nictypes',
                tabentry => 'nics.nictypes',
                access_tabentry => 'nics.node=attr:node',
@@ -2233,10 +2341,26 @@ my @nodeattrs = (
                 tabentry => 'vm.storage',
                 access_tabentry => 'vm.node=attr:node',
                },
+                {attr_name => 'vmphyslots',
+                 tabentry => 'vm.physlots',
+                 access_tabentry => 'vm.node=attr:node',
+                },
+                {attr_name => 'vmothersetting',
+                 tabentry => 'vm.othersettings',
+                 access_tabentry => 'vm.node=attr:node',
+                },
                {attr_name => 'vmstoragemodel',
                 tabentry => 'vm.storagemodel',
                 access_tabentry => 'vm.node=attr:node',
                },
+                {attr_name => 'vmstoragecache',
+                 tabentry => 'vm.storagecache',
+                 access_tabentry => 'vm.node=attr:node',
+                },
+                {attr_name => 'vmstorageformat',
+                 tabentry => 'vm.storageformat',
+                 access_tabentry => 'vm.node=attr:node',
+                },
                {attr_name => 'vmcfgstore',
                 tabentry => 'vm.cfgstore',
                 access_tabentry => 'vm.node=attr:node',
@@ -2415,6 +2539,30 @@ my @nodeattrs = (
 		tabentry => 'mic.vlog',
 		access_tabentry => 'mic.node=attr:node',
 	},
+	{attr_name => 'micpowermgt',
+		only_if => 'mgt=mic',
+		tabentry => 'mic.powermgt',
+		access_tabentry => 'mic.node=attr:node',
+	},
+#####################
+##   hwinv   table    #
+#####################
+	{attr_name => 'cputype',
+		tabentry => 'hwinv.cputype',
+		access_tabentry => 'hwinv.node=attr:node',
+	},
+	{attr_name => 'cpucount',
+		tabentry => 'hwinv.cpucount',
+		access_tabentry => 'hwinv.node=attr:node',
+	},
+	{attr_name => 'memory',
+		tabentry => 'hwinv.memory',
+		access_tabentry => 'hwinv.node=attr:node',
+	},
+	{attr_name => 'disksize',
+		tabentry => 'hwinv.disksize',
+		access_tabentry => 'hwinv.node=attr:node',
+	},
 	
  );	# end of @nodeattrs that applies to both nodes and groups

@@ -2465,6 +2613,10 @@ my @nodeattrs = (
 		{attr_name => 'updatestatustime',
                 tabentry => 'nodelist.updatestatustime',
                 access_tabentry => 'nodelist.node=attr:node',
+             },             
+		{attr_name => 'zonename',
+                 tabentry => 'nodelist.zonename',
+                 access_tabentry => 'nodelist.node=attr:node',
             },             
 		{attr_name => 'usercomment',
                 tabentry => 'nodelist.comments',
@@ -2670,6 +2822,29 @@ push(@{$defspec{node}->{'attrs'}}, @nodeattrs);
                 access_tabentry => 'linuximage.imagename=attr:imagename',
                 },
 ####################
+# winimage table#
+####################
+ {attr_name => 'template',
+                 only_if => 'imagetype=windows',
+                 tabentry => 'winimage.template',
+                 access_tabentry => 'winimage.imagename=attr:imagename',
+                }, 
+ {attr_name => 'installto',
+                 only_if => 'imagetype=windows',
+                 tabentry => 'winimage.installto',
+                 access_tabentry => 'winimage.imagename=attr:imagename',
+                },
+{attr_name => 'partitionfile',
+                 only_if => 'imagetype=windows',
+                 tabentry => 'winimage.partitionfile',
+                 access_tabentry => 'winimage.imagename=attr:imagename',
+                },
+{attr_name => 'winpepath',
+                 only_if => 'imagetype=windows',
+                 tabentry => 'winimage.winpepath',
+                 access_tabentry => 'winimage.imagename=attr:imagename',
+                },
+####################
 # nimimage table#
 ####################
 {attr_name => 'nimtype',
@@ -2896,6 +3071,32 @@ push(@{$defspec{node}->{'attrs'}}, @nodeattrs);
                 access_tabentry => 'rack.rackname=attr:rackname',
        },
   );
+####################
+#  zone table      #
+####################
+@{$defspec{zone}->{'attrs'}} = (
+        {attr_name => 'zonename',
+                tabentry => 'zone.zonename',
+                access_tabentry => 'zone.zonename=attr:zonename',
+        },
+        {attr_name => 'sshkeydir',
+                tabentry => 'zone.sshkeydir',
+                access_tabentry => 'zone.zonename=attr:zonename',
+        },
+        {attr_name => 'defaultzone',
+                tabentry => 'zone.defaultzone',
+                access_tabentry => 'zone.zonename=attr:zonename',
+        },
+        {attr_name => 'usercomment',
+                 tabentry => 'zone.comments',
+                 access_tabentry => 'zone.zonename=attr:zonename',
+        },
+   );
+#########################
+#  route data object  #
+#########################
+#     routes table    #
+#########################
 #########################
 #  route data object  #
 #########################
@@ -3222,7 +3423,7 @@ push(@{$defspec{group}->{'attrs'}}, @nodeattrs);
        access_tabentry => 'firmware.file=attr:cfgfile',
     },
     {attr_name => 'disable',
-        tabentry => 'auditlog.disable',
+        tabentry => 'firmware.disable',
        access_tabentry => 'firmware.file=attr:cfgfile',
     },
 );
@@ -30,7 +30,6 @@ use strict;
  Example:
    my $retdata = xCAT::ServiceNodeUtils->readSNInfo;
 =cut
-
 #-----------------------------------------------------------------------------
 sub readSNInfo
 {
@@ -102,13 +101,17 @@ sub isServiceReq
    require xCAT::Table;
    my ($class, $servicenodename, $serviceip) = @_;

-    # list of all services from service node table
-    # note this must be updated if more services added
-    my @services = (
-                    "nameserver", "dhcpserver", "tftpserver", "nfsserver",
-                    "conserver",  "monserver",  "ldapserver", "ntpserver",
-                    "ftpserver",  "ipforward"
-                    );
+    # get list of all services from service node table ( actually all defined attributes)
+    # read the  schema
+    my $schema = xCAT::Table->getTableSchema("servicenode");
+    my @services; #  list of only the actual service attributes from the servicenode table
+    my @servicesattrs;  # building second copy for call to getAllNodeAttribs, which modifies the array
+    foreach my $c (@{$schema->{cols}}) {
+      if (($c ne "node") && ($c ne "comments") && ($c ne "disable")) {
+       push @servicesattrs,$c;
+       push @services,$c;
+      }
+    }

    my @ips = @$serviceip;    # list of service node ip addresses and names
    my $rc  = 0;
@@ -139,10 +142,11 @@ sub isServiceReq
    }

    my $servicehash;
-    # read all the nodes from the table, for each service
-    foreach my $service (@services)
+    
+    # read all the nodes from the table, all the service attributes
+    my @snodelist= $servicenodetab->getAllNodeAttribs(\@servicesattrs); 
+    foreach my $service (@services) # check list of services
    {
-        my @snodelist = $servicenodetab->getAllNodeAttribs([$service]);

        foreach $serviceip (@ips)    # check the table for this servicenode
        {
@@ -159,6 +163,8 @@ sub isServiceReq
                        if (($value eq "1") || ($value eq "YES"))
                        {
                            $servicehash->{$service} = "1";
+                        } elsif ($value eq "2") {
+                            $servicehash->{$service} = "2";
                        } else {
                            $servicehash->{$service} = "0";
                        }
@@ -352,7 +358,7 @@ sub getSNList
    $servicenodetab->close;
    foreach my $node (@nodes)
    {
-        if ($service eq "")     # want all the service nodes
+        if  (! defined ($service) || ($service eq ""))     # want all the service nodes
        {
            push @servicenodes, $node->{node};
        }
@@ -323,6 +323,8 @@ sub handle_dbc_request {
         return $opentables{$tablename}->{$autocommit}->getAllNodeAttribs(@args);
    } elsif ($functionname eq 'getAllEntries') {
         return $opentables{$tablename}->{$autocommit}->getAllEntries(@args);
+    } elsif ($functionname eq 'getMAXMINEntries') {
+         return $opentables{$tablename}->{$autocommit}->getMAXMINEntries(@args);
    } elsif ($functionname eq 'writeAllEntries') {
         return $opentables{$tablename}->{$autocommit}->writeAllEntries(@args);
    } elsif ($functionname eq 'getAllAttribsWhere') {
@@ -3988,5 +3990,97 @@ sub output_table {
   print $fh "\n";
   return 0;
 }
+#--------------------------------------------------------------------------
+
+=head3 getMAXMINEntries
+
+    Description: Select the rows in  the Table which has the MAX and the row with the 
+                 Min value for the input attribute.
+                 Currently only the auditlog and evenlog are setup to have such an attribute (recid). 
+
+    Arguments:
+           Table handle
+           attribute name ( e.g. recid)
+
+    Returns:
+        HASH 
+            max=>  max value
+            min=>  min value 
+    Globals:
+
+    Error:
+
+    Example:
+
+	 my $tabh = xCAT::Table->new($table);
+         my $recs=$tabh->getMAXMINEntries("recid"); 
+
+    Comments:
+        none
+
+=cut
+
+#--------------------------------------------------------------------------------
+sub getMAXMINEntries
+{
+    my $self = shift;
+    if ($dbworkerpid) {
+        return dbc_call($self,'getMAXMINEntries',@_);
+    }
+    my $attr = shift;
+    my $rets;
+    my $query;
+    my $xcatcfg=get_xcatcfg();
+    # delimit the disable column based on the DB 
+    my $disable= &delimitcol("disable");	
+    my $qstring;
+    if ($xcatcfg =~ /^DB2:/) {  # for DB2 
+       $qstring = "SELECT MAX (\"$attr\") FROM " . $self->{tabname} . " WHERE " . $disable . " is NULL or " .  $disable . " in ('0','no','NO','No','nO')";
+    } else {
+       $qstring = "SELECT MAX($attr) FROM " . $self->{tabname} . " WHERE " . $disable . " is NULL or " .  $disable . " in ('0','no','NO','No','nO')";
+    }
+    $query = $self->{dbh}->prepare($qstring);
+
+    $query->execute();
+    while (my $data = $query->fetchrow_hashref())
+    {
+        foreach (keys %$data)
+        {
+            if ($data->{$_} =~ /^$/)
+            {
+                $rets->{"max"} = undef;
+            } else {
+                $rets->{"max"} = $data->{$_};
+
+            }
+            last;   # better only be one value for max
+            
+        }
+    }
+    $query->finish();
+    if ($xcatcfg =~ /^DB2:/) {  # for DB2 
+       $qstring = "SELECT MIN (\"$attr\") FROM " . $self->{tabname} . " WHERE " . $disable . " is NULL or " .  $disable . " in ('0','no','NO','No','nO')";
+    } else {
+    $qstring = "SELECT MIN($attr) FROM " . $self->{tabname} . " WHERE " . $disable . " is NULL or " .  $disable . " in ('0','no','NO','No','nO')";
+    }
+    $query = $self->{dbh}->prepare($qstring);
+
+    $query->execute();
+    while (my $data = $query->fetchrow_hashref())
+    {
+        foreach (keys %$data)
+        {
+            if ($data->{$_} =~ /^$/)
+            {
+                $rets->{"min"} = undef;
+            } else {
+                $rets->{"min"} = $data->{$_};
+            }
+            last;   # better be only one value  for min
+        }
+    }
+    return $rets;
+}
+
 1;

@@ -257,6 +257,7 @@ sub bldnonrootSSHFiles

        Arguments:
               Array of nodes
+               Timeout for expect call (optional)
        Returns:

        Env Variables: $DSH_FROM_USERID,  $DSH_TO_USERID, $DSH_REMOTE_PASSWORD
@@ -281,7 +282,7 @@ sub bldnonrootSSHFiles
 #--------------------------------------------------------------------------------
 sub setupSSH
 {
-    my ($class, $ref_nodes) = @_;
+    my ($class, $ref_nodes,$expecttimeout) = @_;
    my @nodes    = $ref_nodes;
    my @badnodes = ();
    my $n_str    = $nodes[0];
@@ -349,8 +350,9 @@ sub setupSSH
        }

        # generates new keys for root, if they do not already exist
+        # nodes not used on this option but in there to preserve the interface
        my $rc=
-     xCAT::RemoteShellExp->remoteshellexp("k",$::CALLBACK,$::REMOTE_SHELL);
+          xCAT::RemoteShellExp->remoteshellexp("k",$::CALLBACK,$::REMOTE_SHELL,$n_str,$expecttimeout);
       if ($rc != 0) {
            $rsp->{data}->[0] = "remoteshellexp failed generating keys.";
            xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
@@ -442,7 +444,7 @@ rmdir \"/tmp/$to_userid\" \n";
      if ($enablenodes) {  # node on list to setup nodetonodessh
         chop $enablenodes;  # remove last comma
         $ENV{'DSH_ENABLE_SSH'} = "YES";
-         my $rc=xCAT::RemoteShellExp->remoteshellexp("s",$::CALLBACK,"/usr/bin/ssh",$enablenodes);
+         my $rc=xCAT::RemoteShellExp->remoteshellexp("s",$::CALLBACK,"/usr/bin/ssh",$enablenodes,$expecttimeout);
         if ($rc != 0)
         {
          $rsp->{data}->[0] = "remoteshellexp failed sending keys to enablenodes.";
@@ -452,7 +454,7 @@ rmdir \"/tmp/$to_userid\" \n";
      }
      if ($disablenodes) {  # node on list to setup nodetonodessh
         chop $disablenodes;  # remove last comma
-         my $rc=xCAT::RemoteShellExp->remoteshellexp("s",$::CALLBACK,"/usr/bin/ssh",$disablenodes);
+         my $rc=xCAT::RemoteShellExp->remoteshellexp("s",$::CALLBACK,"/usr/bin/ssh",$disablenodes,$expecttimeout);
         if ($rc != 0)
         {
          $rsp->{data}->[0] = "remoteshellexp failed sending keys to disablenodes.";
@@ -462,7 +464,7 @@ rmdir \"/tmp/$to_userid\" \n";
      }
    } else { # from user is not root or it is a device , always send private key
       $ENV{'DSH_ENABLE_SSH'} = "YES";
-       my $rc=xCAT::RemoteShellExp->remoteshellexp("s",$::CALLBACK,"/usr/bin/ssh",$n_str);
+       my $rc=xCAT::RemoteShellExp->remoteshellexp("s",$::CALLBACK,"/usr/bin/ssh",$n_str,$expecttimeout);
       if ($rc != 0)
       {
           $rsp->{data}->[0] = "remoteshellexp failed sending keys.";
@@ -476,7 +478,7 @@ rmdir \"/tmp/$to_userid\" \n";
    foreach my $n (@testnodes)
    {
       my $rc=
-     xCAT::RemoteShellExp->remoteshellexp("t",$::CALLBACK,"/usr/bin/ssh",$n);
+     xCAT::RemoteShellExp->remoteshellexp("t",$::CALLBACK,"/usr/bin/ssh",$n,$expecttimeout);
        if ($rc != 0)
        {
            push @badnodes, $n;
@@ -1735,4 +1737,51 @@ sub getimagenames()
    $nodetab->close;
    return @imagenames;
 }
+#-----------------------------------------------------------------------------
+
+
+=head3 updatenodegroups
+    Update groups attribute for the specified node
+
+    Arguments:
+      node
+      tabhd: the handler of 'nodelist' table, 
+      groups: the groups attribute need to be merged.
+              Can be an array or string. 
+    Globals:
+        none
+    Error:
+    Example:
+         xCAT::TableUtils->updatenodegroups($node, $tab, $groups);
+
+=cut
+
+#-----------------------------------------------------------------------------
+
+sub updatenodegroups {
+    my ($class, $node, $tabhd, $groups) = @_;
+    if (!$groups) {
+        $groups = $tabhd;
+        $tabhd = xCAT::Table->new('nodelist');
+        unless ($tabhd)  { 
+           xCAT::MsgUtils->message("E", " Could not read the nodelist table\n");
+           return; 
+        }
+    }
+    my ($ent) = $tabhd->getNodeAttribs($node, ['groups']);
+    my @list = qw(all);
+    if (defined($ent) and $ent->{groups}) {
+        push @list, split(/,/,$ent->{groups});
+    }   
+    if (ref($groups) eq 'ARRAY') {
+        push @list, @$groups;
+    } else {
+        push @list, split(/,/,$groups);
+    }
+    my %saw;
+    @saw{@list} = ();
+    @list = keys %saw;
+    $tabhd->setNodeAttribs($node, {groups=>join(",",@list)});
+}
+
 1;
@@ -72,16 +72,16 @@ my %usage = (
       rinv <noderange> [all|model|serial] [-V|--verbose]
       rinv [-h|--help|-v|--version]
    BMC specific:
-       rinv <noderange> [vpd|mprom|deviceid|uuid|guid]
+       rinv <noderange> [mprom|deviceid|uuid|guid|vpd [-t]|all [-t]]
    MPA specific:
-       rinv <noderange> [firm|bios|diag|mprom|sprom|mparom|mac|mtm]
+       rinv <noderange> [firm|bios|diag|mprom|sprom|mparom|mac|mtm [-t]] 
    PPC specific(with HMC):
-       rinv <noderange> [bus|config|serial|model|firm|all]
+       rinv <noderange> [all|bus|config|serial|model|firm [-t]]
    PPC specific(using Direct FSP Management):
       rinv <noderange> [firm]
       rinv <noderange> [deconfig [-x]]
    Blade specific:
-       rinv <noderange> [mtm|serial|mac|bios|diag|mprom|mparom|firm|all]
+       rinv <noderange> [all|serial|mac|bios|diag|mprom|mparom|firm|mtm [-t]]
    IBM Flex System Compute Node specific:
       rinv <noderange> [firm]
    VMware specific:
@@ -199,10 +199,15 @@ my %usage = (
 "Usage:
    Common:
       mkvm [-h|--help|-v|--version]
-    For PPC(with HMC):
+    For PPC(with HMC) specific:
       mkvm noderange -i id -l singlenode [-V|--verbose]
       mkvm noderange -c destcec -p profile [-V|--verbose]
       mkvm noderange --full [-V|--verbose]
+    PPC (using Direct FSP Management) specific:
+       mkvm noderange [--full]
+       mkvm noderange [vmcpus=min/req/max] [vmmemory=min/req/max]
+                      [vmphyslots=drc_index1,drc_index2...] [vmothersetting=hugepage:N,bsr:N]
+                      [vmnics=vlan1,vlan2] [vmstorage=<N|viosnode:slotid>] [--vios]
    For KVM
       mkvm noderange -m|--master mastername -s|--size disksize -f|--force
    For zVM
@@ -216,7 +221,8 @@ my %usage = (
   PPC (with HMC) specific:
       lsvm <noderange> [-a|--all]
   PPC (using Direct FSP Management) specific:
-       lsvm <noderange> [-l|--long]
+       lsvm <noderange> [-l|--long] --p775
+       lsvm <noderange>
   zVM specific:
       lsvm noderange
       lsvm noderange --getnetworknames
@@ -231,9 +237,13 @@ my %usage = (
       chvm <noderange> [-p profile][-V|--verbose] 
       chvm <noderange> <attr>=<val> [<attr>=<val>...]
   PPC (using Direct FSP Management) specific:
-       chvm <noderange> [-p <profile>]
+       chvm <noderange> --p775 [-p <profile>]
+       chvm <noderange> --p775 -i <id> [-m <memory_interleaving>] -r <partition_rule>
       chvm <noderange> [lparname=<*|name>]
-       chvm <noderange> -i <id> [-m <memory_interleaving>] -r <partition_rule>
+       chvm <noderange> [vmcpus=min/req/max] [vmmemory=min/req/max]
+                        [vmphyslots=drc_index1,drc_index2...] [vmothersetting=hugepage:N,bsr:N]
+                        [vmnics=vlan1,vlan2] [vmstorage=<N|viosnode:slotid>] [--vios]
+       chvm <noderange> [del_vadapter=slotid]
   VMware specific:
       chvm <noderange> [-a size][-d disk][-p disk][--resize disk=size][--cpus count][--mem memory]
   zVM specific:
@@ -264,11 +274,13 @@ my %usage = (
    "rmvm" => 
 "Usage: rmvm <noderange> [--service][-V|--verbose] 
       rmvm [-h|--help|-v|--version],
-       rmvm [-p] [-f]",
+       rmvm [-p] [-f]
+       PPC (using Direct FSP Management) specific:
+       rmvm <noderange>",
    "lsslp" =>
 "Usage: lsslp [-h|--help|-v|--version]
       lsslp [<noderange>][-V|--verbose][-i ip[,ip..]][-w][-r|-x|-z][-n][-I][-s FRAME|CEC|MM|IVM|RSA|HMC|CMM|IMM2|FSP]
-             [-t tries][--vpdtable][-C counts][-T timeout]",
+             [-u] [--range IPranges][-t tries][--vpdtable][-C counts][-T timeout]",
  "rflash" =>
 "Usage: 
    rflash [ -h|--help|-v|--version]
@@ -343,11 +355,11 @@ my %usage = (
      renergy noderange [-V] { cappingstatus={on | enable | off | disable} | {cappingwatt|cappingvalue}=watt }",
  "updatenode" =>
 "Usage:
-    updatenode [-h|--help|-v|--version]
+    updatenode [-h|--help|-v|--version | -g|--genmypost]
    or
-    updatenode <noderange> [-V|--verbose] [-k|--security] [-s|--sn]
+    updatenode <noderange> [-V|--verbose] [-k|--security] [-s|--sn] [-t <timeout>]
    or
-    updatenode <noderange> [-V|--verbose] [-F|--sync | -f|--snsync] [-l|--user[username]] [--fanout=[fanout value]] [-S|--sw] 
+    updatenode <noderange> [-V|--verbose] [-F|--sync | -f|--snsync] [-l|--user[username]] [--fanout=[fanout value]] [-S|--sw] [-t <timeout>]
        [-P|--scripts [script1,script2,...]] [-s|--sn] 
        [-A|--updateallsw] [-c|--cmdlineonly] [-d alt_source_dir]
        [attr=val [attr=val...]]
@@ -368,6 +380,9 @@ Options:
    [-f|--snsync] Performs File Syncing to the service nodes that service 
        the nodes in the noderange.

+    [-g|--genmypost] Will generate a new mypostscript file for the  
+        the nodes in the noderange, if site precreatemypostscripts is 1 or YES.
+
    [-l|--user] User name to run the updatenode command.  It overrides the
        current user which is the default.

@@ -381,6 +396,9 @@ Options:

    [-s|--sn] Set the server information stored on the nodes.

+    [-t|--timeout] Time out in seconds to allow the command to run. Default is no timeout,
+        except for updatenode -k which has a 10 second default timeout.
+
    [-A|--updateallsw] Install or update all software contained in the source 
        directory. (AIX only)

@@ -21,10 +21,13 @@ use File::Path;
 use Socket;
 use strict;
 use Symbol;
-my $sha1support = eval {
-	require Digest::SHA1;
-	1;
-};
+my $sha1support;
+if ( -f "/etc/debian_version" ){
+    $sha1support = eval {require Digest::SHA; 1;};
+}
+else {
+    $sha1support = eval { require Digest::SHA1; 1;};
+}
 use IPC::Open3;
 use IO::Select;
 use xCAT::GlobalDef;
@@ -176,7 +179,13 @@ sub genUUID
        return $uuid;
    } elsif ($args{url} and $sha1support) { #generate a UUIDv5 from URL
        #6ba7b810-9dad-11d1-80b4-00c04fd430c8 is the uuid for URL namespace
-        my $sum = Digest::SHA1::sha1('6ba7b810-9dad-11d1-80b4-00c04fd430c8'.$args{url});
+        my $sum = '';
+        if ( -f "/etc/debian_version" ){
+            $sum = Digest::SHA::sha1('6ba7b810-9dad-11d1-80b4-00c04fd430c8'.$args{url});
+        }
+        else{
+            $sum = Digest::SHA1::sha1('6ba7b810-9dad-11d1-80b4-00c04fd430c8'.$args{url});
+        }
        my @data = unpack("C*",$sum);
        splice @data,16;
        $data[6] = $data[6] & 0xf;
@@ -931,18 +940,15 @@ sub runcmd
    my ($class, $cmd, $exitcode, $refoutput, $stream) = @_;
    $::RUNCMD_RC = 0;
    # redirect stderr to stdout
+   
    if (!($cmd =~ /2>&1$/)) { $cmd .= ' 2>&1'; }   
+    my $hostname = `/bin/hostname`;
+    chomp $hostname;

-	if ($::VERBOSE)
-	{
-		# get this systems name as known by xCAT management node
-		my $Sname = xCAT::InstUtils->myxCATname();
-		my $msg;
-		if ($Sname) {
-			$msg = "Running command on $Sname: $cmd";
-		} else {
-			$msg="Running command: $cmd";
-		}
+
+    if ($::VERBOSE)
+	 {
+      my $msg="Running command on $hostname: $cmd";

 		if ($::CALLBACK){
 			my $rsp    = {};
@@ -951,7 +957,7 @@ sub runcmd
 		} else {
 			xCAT::MsgUtils->message("I", "$msg\n");
 		}
-	}
+	 }

    my $outref = [];
    if (!defined($stream) || (length($stream) == 0)) { # do not stream
@@ -3125,7 +3131,7 @@ sub isSELINUX
 =head3   noderangecontainsMN 
    Returns:
       returns nothing, if ManagementNode is not the input noderange 
-       returns array of MN,  if Management Node(s) is in the input noderange 
+       returns name of MN,  if Management Node is in the input noderange 
    Globals:
        none
    Error:
@@ -3133,7 +3139,7 @@ sub isSELINUX
    Input:
      array of nodes in the noderange
    Example:
-    my @mn=xCAT::Utils->noderangecontainsMN($noderange);
+    my $mn=xCAT::Utils->noderangecontainsMN($noderange);
    Comments:
 =cut

@@ -3216,6 +3222,11 @@ sub filter_nodes{
    if ($ipmitab) {
        $ipmitabhash = $ipmitab->getNodesAttribs(\@nodes,['bmc']);
    }
+    my $nodehmhash;
+    my $nodehmtab = xCAT::Table->new("nodehm");
+    if ($nodehmtab) {
+        $nodehmhash = $nodehmtab->getNodesAttribs(\@nodes,['mgt']);
+    }

    my (@mp, @ngpfsp, @ngpbmc, @commonfsp, @commonbmc, @unknow);

@@ -3225,6 +3236,15 @@ sub filter_nodes{
    # if only in 'ipmi', a common x86 node
    foreach (@nodes) {
        if (defined ($mptabhash->{$_}->[0]) && defined ($mptabhash->{$_}->[0]->{'mpa'})) {
+            if ($mptabhash->{$_}->[0]->{'mpa'} eq $_) {
+                if (defined($nodehmhash->{$_}->[0]) && defined($nodehmhash->{$_}->[0]->{'mgt'}) && 
+                    $nodehmhash->{$_}->[0]->{'mgt'} eq "blade") {
+                    push @mp, $_;
+                } else {
+                    push @unknow, $_;
+                }
+                next;
+            } 
            if (defined ($ppctabhash->{$_}->[0]) && defined ($ppctabhash->{$_}->[0]->{'hcp'})) {
              # flex power node
              push @ngpfsp, $_;
@@ -3270,6 +3290,7 @@ sub filter_nodes{
        } else { 
          push @{$mpnodes}, @ngpfsp;
        }
+        push @{$mpnodes}, @ngpbmc;
    } elsif ($cmd eq "rvitals") {
        if (@args && (grep /^lcds$/,@args)) {
            push @{$fspnodes},@ngpfsp;
@@ -3348,6 +3369,51 @@ sub filter_nostatusupdate{
      }
    }
     
-}    
+}
+
+sub version_cmp {
+    my $ver_a = shift;
+    if ($ver_a =~ /xCAT::Utils/)
+    {
+        $ver_a = shift;
+    }
+    my $ver_b = shift;
+    my @array_a = ($ver_a =~ /([-.]|\d+|[^-.\d]+)/g);
+    my @array_b = ($ver_b =~ /([-.]|\d+|[^-.\d]+)/g);
+
+    my ($a, $b);
+    my $len_a = @array_a;
+    my $len_b = @array_b;
+    my $len = $len_a;
+    if ( $len_b < $len_a ) {
+        $len = $len_b;
+    }
+    for ( my $i = 0; $i < $len; $i++ ) {
+        $a = $array_a[$i];
+        $b = $array_b[$i];
+        if ($a eq $b) {
+            next;
+        } elsif ( $a eq '-' ) {
+            return -1;
+        } elsif ( $b eq '-') {
+            return 1;
+        } elsif ( $a eq '.' ) {
+            return -1;
+        } elsif ( $b eq '.' ) {
+            return 1;
+        } elsif ($a =~ /^\d+$/ and $b =~ /^\d+$/) {
+            if ($a =~ /^0/ || $b =~ /^0/) {
+                return ($a cmp $b);
+            } else {
+                return ($a <=> $b);
+            }
+        } else {
+            $a = uc $a;
+            $b = uc $b;
+            return ($a cmp $b);
+        }
+    }
+    return ( $len_a <=> $len_b )
+}

 1;
@@ -26,7 +26,7 @@ sub grab_table_data{ #grab table data relevent to VM guest nodes
  if ($vpdtab) {
      $cfghash->{vpd} = $vpdtab->getNodesAttribs($noderange,['uuid']);
  }
-  $cfghash->{vm} = $vmtab->getNodesAttribs($noderange,['node','host','migrationdest','cfgstore','storage','vidmodel','vidproto','vidpassword','storagemodel','memory','cpus','nics','nicmodel','bootorder','virtflags','datacenter','guestostype','othersettings','master']);
+  $cfghash->{vm} = $vmtab->getNodesAttribs($noderange,['node','host','migrationdest','cfgstore','storage','storagecache','storageformat','vidmodel','vidproto','vidpassword','storagemodel','memory','cpus','nics','nicmodel','bootorder','virtflags','datacenter','guestostype','othersettings','master']);
  my $mactab = xCAT::Table->new("mac",-create=>1);
  my $nrtab= xCAT::Table->new("noderes",-create=>1);
  $cfghash->{mac} = $mactab->getAllNodeAttribs(['mac'],1);
@@ -0,0 +1,329 @@
+#!/usr/bin/env perl
+# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
+package xCAT::Zone;
+
+BEGIN
+{
+    $::XCATROOT = $ENV{'XCATROOT'} ? $ENV{'XCATROOT'} : '/opt/xcat';
+}
+
+# if AIX - make sure we include perl 5.8.2 in INC path.
+#       Needed to find perl dependencies shipped in deps tarball.
+if ($^O =~ /^aix/i) {
+	unshift(@INC, qw(/usr/opt/perl5/lib/5.8.2/aix-thread-multi /usr/opt/perl5/lib/5.8.2 /usr/opt/perl5/lib/site_perl/5.8.2/aix-thread-multi /usr/opt/perl5/lib/site_perl/5.8.2));
+}
+
+use lib "$::XCATROOT/lib/perl";
+# do not put a use or require for  xCAT::Table here. Add to each new routine
+# needing it to avoid reprocessing of user tables ( ExtTab.pm) for each command call 
+use POSIX qw(ceil);
+use File::Path;
+use Socket;
+use strict;
+use Symbol;
+use warnings "all";
+
+#--------------------------------------------------------------------------------
+
+=head1    xCAT::Zone
+
+=head2    Package Description
+
+This program module file, is a set of Zone utilities used by xCAT *zone commands.
+
+=cut
+
+
+#--------------------------------------------------------------------------------
+
+=head3    genSSHRootKeys 
+    Arguments:
+      callback for error messages 
+      directory in which to put the ssh RSA keys 
+      zonename 
+      rsa private key to use for generation ( optional)
+    Returns:
+    Error:  1 - key generation failure.
+    Example:
+     $rc =xCAT::Zone->genSSHRootKeys($callback,$keydir,$rsakey); 
+=cut
+
+#--------------------------------------------------------------------------------
+sub  genSSHRootKeys 
+{
+    my ($class, $callback, $keydir,$zonename,$rsakey) = @_;
+    
+    #
+    # create /keydir if needed
+    #
+    if (!-d $keydir)
+    {
+        my $cmd = "/bin/mkdir -m 700 -p $keydir";
+        my $output = xCAT::Utils->runcmd("$cmd", 0);
+        if ($::RUNCMD_RC != 0)
+        {
+           my $rsp = {};
+           $rsp->{error}->[0] =
+             "Could not create $keydir directory";
+           xCAT::MsgUtils->message("E", $rsp, $callback);
+           return 1;
+
+        }
+    }
+
+    #
+    #  create /install/postscripts/_ssh/zonename if needed
+    #
+    my $installdir = xCAT::TableUtils->getInstallDir();  # get installdir
+    if (!-d "$installdir/postscripts/_ssh/$zonename")
+    {
+        my $cmd = "/bin/mkdir -m 755 -p $installdir/postscripts/_ssh/$zonename";
+        my $output = xCAT::Utils->runcmd("$cmd", 0);
+        if ($::RUNCMD_RC != 0)
+        {
+            my $rsp = {};
+            $rsp->{error}->[0] = "Could not create $installdir/postscripts/_ssh/$zonename directory.";
+            xCAT::MsgUtils->message("E", $rsp, $callback);
+           return 1;
+        }
+    }
+
+    #need to gen a new rsa key for root for the zone 
+    my $pubfile = "$keydir/id_rsa.pub";
+    my $pvtfile = "$keydir/id_rsa";
+
+    # if exists, remove the old files 
+    if (-r $pubfile)
+    {
+
+        my $cmd = "/bin/rm $keydir/id_rsa*";
+        my $output = xCAT::Utils->runcmd("$cmd", 0);
+        if ($::RUNCMD_RC != 0)
+        {
+            my $rsp = {};
+            $rsp->{error}->[0] = "Could not remove id_rsa files from $keydir directory.";
+            xCAT::MsgUtils->message("E", $rsp, $callback);
+            return 1;
+        }
+    }
+
+    # gen new RSA keys 
+    my $cmd;
+    my $output;
+    # if private key was input use it
+    if (defined ($rsakey))  {
+      $cmd="/usr/bin/ssh-keygen -y -f $rsakey > $pubfile";
+      $output = xCAT::Utils->runcmd("$cmd", 0);
+      if ($::RUNCMD_RC != 0)
+      {
+            my $rsp = {};
+            $rsp->{error}->[0] = "Could not generate $pubfile from $rsakey";
+            xCAT::MsgUtils->message("E", $rsp, $callback);
+            return 1;
+      }
+      # now copy the private key into the directory
+      $cmd="cp $rsakey  $keydir";
+      $output = xCAT::Utils->runcmd("$cmd", 0);
+      if ($::RUNCMD_RC != 0)
+      {
+            my $rsp = {};
+            $rsp->{error}->[0] = "Could not run $cmd";
+            xCAT::MsgUtils->message("E", $rsp, $callback);
+            return 1;
+      }
+    } else {  # generate all new keys
+      $cmd = "/usr/bin/ssh-keygen -t rsa -q -b 2048 -N '' -f $pvtfile";
+      $output = xCAT::Utils->runcmd("$cmd", 0);
+      if ($::RUNCMD_RC != 0)
+     {
+            my $rsp = {};
+            $rsp->{error}->[0] = "Could not generate $pubfile";
+            xCAT::MsgUtils->message("E", $rsp, $callback);
+            return 1;
+     }
+    }
+    #make sure permissions are correct
+    $cmd = "chmod 644 $pubfile;chown root $pubfile";
+    $output = xCAT::Utils->runcmd("$cmd", 0);
+    if ($::RUNCMD_RC != 0)
+    {
+            my $rsp = {};
+            $rsp->{error}->[0] = "Could set permission and owner on  $pubfile";
+            xCAT::MsgUtils->message("E", $rsp, $callback);
+            return 1;
+    }
+    # copy authorized_keys for install on node
+    if (-r $pubfile)
+    {
+        my $cmd =
+          "/bin/cp -p $pubfile $installdir/postscripts/_ssh/$zonename ";
+        my $output = xCAT::Utils->runcmd("$cmd", 0);
+        if ($::RUNCMD_RC != 0)
+        {
+            my $rsp = {};
+            $rsp->{error}->[0] = 
+           "Could not copy $pubfile to $installdir/postscripts/_ssh/$zonename";
+            xCAT::MsgUtils->message("E", $rsp, $callback);
+            return 1;
+
+        }
+    }
+    else
+    {
+            my $rsp = {};
+            $rsp->{error}->[0] = 
+           "Could not copy $pubfile to $installdir/postscripts/_ssh/$zonename, because $pubfile does not exist.";
+            xCAT::MsgUtils->message("E", $rsp, $callback);
+    }
+}
+#--------------------------------------------------------------------------------
+
+=head3    getdefaultzone 
+    Arguments:
+      None 
+    Returns:
+    Name of the current default  zone from the zone table
+    Example:
+     my $defaultzone =xCAT::Zone->getdefaultzone(); 
+=cut
+
+#--------------------------------------------------------------------------------
+sub  getdefaultzone 
+{
+ my ($class, $callback) = @_;
+ my $defaultzone;
+ # read all the zone table and find the defaultzone, if it exists
+ my $tab = xCAT::Table->new("zone");
+ if ($tab){
+   my @zones = $tab->getAllAttribs('zonename','defaultzone');
+   foreach my $zone (@zones) {
+    # Look for the  defaultzone=yes/1 entry
+    if ((defined($zone->{defaultzone})) && 
+          (($zone->{defaultzone} =~ "yes") || ($zone->{defaultzone} = "1"))) {
+       $defaultzone = $zone->{zonename};
+    }
+    $tab->close();
+   }
+ } else {
+    my $rsp = {};
+    $rsp->{error}->[0] = 
+    "Error reading the zone table. ";
+    xCAT::MsgUtils->message("E", $rsp, $callback);
+
+ }
+ return $defaultzone;
+}
+#--------------------------------------------------------------------------------
+
+=head3    iszonedefined 
+    Arguments:
+      zonename 
+    Returns:
+     1 if the zone is already in the zone table.
+    Example:
+     xCAT::Zone->iszonedefined($zonename); 
+=cut
+
+#--------------------------------------------------------------------------------
+sub iszonedefined 
+{
+ my ($class,$zonename) = @_;
+ # checks the zone table to see if input zonename already in the table 
+ my $tab = xCAT::Table->new("zone");
+ my $zone = $tab->getAttribs({zonename => $zonename},'sshkeydir');
+ $tab->close();
+ if (defined($zone)) {
+    return 1;
+ }else{
+    return 0;
+ }
+}
+#--------------------------------------------------------------------------------
+
+=head3    getzoneinfo
+    Arguments:
+     An array of nodes
+    Returns:
+     Hash array  by zonename point to the nodes in that zonename  and sshkeydir
+      zonename1 -> {nodelist} -> array of nodes in the zone
+                 -> {sshkeydir} -> directory containing ssh RSA keys
+                 -> {defaultzone} ->  is it the default zone             
+    Example:
+     my %zonehash =xCAT::Zone->getNodeZones($nodelist); 
+    Rules:
+       If the nodes nodelist.zonename attribute is a zonename, it is assigned to that zone
+       If the nodes nodelist.zonename attribute is undefined:
+          If there is a defaultzone in the zone table, the node is assigned to that zone
+          If there is no defaultzone in the zone table, the node is assigned to the ~.ssh keydir
+=cut
+
+#--------------------------------------------------------------------------------
+sub  getzoneinfo 
+{
+  my ($class, $callback,$nodes) = @_;
+ 
+ # make the list into an array
+# $nodelist=~ s/\s*//g; # remove blanks
+# my @nodes = split ',', $nodelist;
+ my $zonehash;
+ my $defaultzone;
+ # read all the zone table 
+ my $zonetab = xCAT::Table->new("zone");
+ if ($zonetab){
+    my @zones = $zonetab->getAllAttribs('zonename','sshkeydir','defaultzone');
+    $zonetab->close();
+    if (@zones) {
+       foreach  my $zone (@zones) {
+          my $zonename=$zone->{zonename};
+          $zonehash->{$zonename}->{sshkeydir}= $zone->{sshkeydir};
+          $zonehash->{$zonename}->{defaultzone}= $zone->{defaultzone};
+          # find the defaultzone
+          if ((defined($zone->{defaultzone})) && 
+             (($zone->{defaultzone} =~ "yes") || ($zone->{defaultzone} = "1"))) {
+              $defaultzone = $zone->{zonename};
+          }
+       }
+    }
+ } else {
+    my $rsp = {};
+    $rsp->{error}->[0] = 
+    "Error reading the zone table. ";
+    xCAT::MsgUtils->message("E", $rsp, $callback);
+    return;
+
+ }
+ my $nodelisttab = xCAT::Table->new("nodelist");
+ my $nodehash = $nodelisttab->getNodesAttribs(\@$nodes, ['zonename']); 
+ # for each of the nodes, look up it's zone name and assign to the zonehash
+ # if the node is a service node, it is assigned to the __xcatzone which gets its keys from
+ #    the ~/.ssh dir no matter what in the database for the zonename. 
+ # If the nodes nodelist.zonename attribute is a zonename, it is assigned to that zone
+ # If the nodes nodelist.zonename attribute is undefined:
+ #         If there is a defaultzone in the zone table, the node is assigned to that zone
+ #         If there is no defaultzone in the zone table, the node is assigned to the ~.ssh keydir
+ 
+
+ my @allSN=xCAT::ServiceNodeUtils->getAllSN("ALL");  # read all the servicenodes define 
+ my $xcatzone = "__xcatzone";  # if node is in no zones or a service node, use this one
+ $zonehash->{$xcatzone}->{sshkeydir}= "~/.ssh"; 
+ foreach my $node (@$nodes) {
+    my $zonename;
+    if (grep(/^$node$/, @allSN)) {  # this is a servicenode, treat special
+      $zonename=$xcatzone;    # always use ~/.ssh directory
+    } else { # use the nodelist.zonename attribute
+      $zonename=$nodehash->{$node}->[0]->{zonename};
+    }
+    if (defined($zonename)) {  # zonename explicitly defined in nodelist.zonename
+       push @{$zonehash->{$zonename}->{nodes}},$node;
+    } else { # no explict zonename
+      if (defined ($defaultzone)) {  # there is a default zone in the zone table, use it
+       push @{$zonehash->{$defaultzone}->{nodes}},$node;
+      } else {  # if no default then use the ~/.ssh keys as the default, put them in the __xcatzone
+          push @{$zonehash->{$xcatzone}->{nodes}},$node;
+       
+      }   
+    }   
+ }
+ return;
+}
+1;
@@ -49,6 +49,8 @@ require Exporter;
                 "1328205744.315196" => "rhels5.8", #x86_64
                 "1354216429.587870" => "rhels5.9", #x86_64
                 "1354214009.518521" => "rhels5.9", #ppc64
+                 "1378846702.129847" => "rhels5.10", #x86_64
+                 "1378845049.643372" => "rhels5.10", #ppc64
                 "1285193176.460470" => "rhels6", #x86_64
                 "1285192093.430930" => "rhels6", #ppc64
                 "1305068199.328169" => "rhels6.1", #x86_64
@@ -60,6 +62,8 @@ require Exporter;
                 "1339638991.532890" => "rhels6.3", #i386
                 "1359576752.435900" => "rhels6.4", #x86_64
                 "1359576196.686790" => "rhels6.4", #ppc64
+                 "1384196515.415715" => "rhels6.5", #x86_64
+                 "1384198011.520581" => "rhels6.5", #ppc64
 		 "1285193176.593806" => "rhelhpc6", #x86_64
 		 "1305067719.718814" => "rhelhpc6.1",#x86_64				
 		 "1321545261.599847" => "rhelhpc6.2",#x86_64				
@@ -76,7 +80,9 @@ require Exporter;
                 "1273712675.937554" => "fedora13", #x86_64 DVD ISO
                 "1287685820.403779" => "fedora14", #x86_64 DVD ISO
                 "1305315870.828212" => "fedora15", #x86_64 DVD ISO
-
+                 "1372355769.065812" => "fedora19", #x86_64 DVD ISO
+                 "1372402928.663653" => "fedora19", #ppc64 DVD ISO
+                 "1386856788.124593" => "fedora20", #x86_64 DVD ISO
                 "1194512200.047708" => "rhas4.6",
                 "1194512327.501046" => "rhas4.6",
                 "1241464993.830723" => "rhas4.8", #x86-64
@@ -0,0 +1,43 @@
+#!/usr/bin/env perl
+# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
+
+package xCAT::data::ibmhwtypes;
+require Exporter;
+@EXPORT_OK=qw(parse_group mt2group);
+use Data::Dumper;
+my %groups2mtm = (
+    "x3250" => ["2583","4251","4252"],
+    "x3550" => ["7914","7944","7946"],
+    "x3650" => ["7915","7945"],
+    "dx360" => [],
+    "x220"  => ["7906"],
+    "x240"  => ["8737","7863"],
+    "x440"  => ["7917"],
+    "p260"  => ["7895"], #789522X, 789523X
+    "p460"  => [],       #789542X
+    "p470"  => ["7954"],
+);
+
+%mt2group = ();
+foreach my $group (keys %groups2mtm) {
+    foreach my $mtm (@{$groups2mtm{$group}}) {
+        $mt2group{$mtm} = $group;
+    }
+}
+
+sub parse_group {
+    my $mtm = shift;
+    if ($mtm =~ /xCAT::data/) {
+        $mtm = shift;
+    }
+    if ($mtm =~ /^(\w{4})/) {
+        $mt = $1;
+        if ($mt eq "7895" and $mtm =~ /789542X/i) {
+            return "p460";
+        }
+        return $mt2group{$mt};
+    }
+    return undef;
+}
+
+1;
@@ -611,25 +611,39 @@ sub punch2Reader {
            
    # Punch to reader
    # VMUR located in different directories on RHEL and SLES
-    my $out;
+    my $vmur;
    if ( $os =~ m/sles10/i ) {
-        $out = `ssh -o ConnectTimeout=5 $user\@$hcp "$sudo /sbin/vmur punch $options -u $userId -r $srcFile -N $tgtFile"`;
-    } elsif ( $os =~ m/sles11/i ) {
-        $out = `ssh -o ConnectTimeout=5 $user\@$hcp "$sudo /usr/sbin/vmur punch $options -u $userId -r $srcFile -N $tgtFile"`;
-    } elsif ( $os =~ m/rhel/i ) {
-    	$out = `ssh -o ConnectTimeout=5 $user\@$hcp "$sudo /usr/sbin/vmur punch $options -u $userId -r $srcFile -N $tgtFile"`;
+        $vmur = "/sbin/vmur";
    } else {
-    	$out = `ssh -o ConnectTimeout=5 $user\@$hcp "$sudo /usr/sbin/vmur punch $options -u $userId -r $srcFile -N $tgtFile"`;
+        $vmur = "/usr/sbin/vmur";
+    }
+    my $out;
+    my $done = 0;
+    
+    until ( $done ) {
+        $out = `ssh -o ConnectTimeout=5 $user\@$hcp "$sudo $vmur punch $options -u $userId -r $srcFile -N $tgtFile" 2>&1`;
+        my $rc = $? >> 8;
+        if ( $rc == 255 ) {
+            $out = "(Error) Unable to communicate with the zHCP system: $hcp";
+            $done = 1;
+        } elsif ( $out =~ m/A concurrent instance of vmur is already active/i ) {
+            # Recoverable error: retry the command after a delay
+            xCAT::zvmUtils->printSyslog( "punch2Reader() Punch in use on $hcp, retrying in 15 seconds" );
+            sleep( 15 );
+        } else {
+            # Punch appears successful -- Look for the completion string
+            my $searchStr = "created and transferred";
+            if ( !( $out =~ m/$searchStr/i ) ) {
+                chomp( $out );
+                $out = "Failed, punch info: '$out'\n";
+                xCAT::zvmUtils->printSyslog( "punch2Reader() Failed punching $srcFile to $userId from $hcp, info: '$out'" );
+            } else {
+                $out = "Done\n";
+            }
+            $done = 1;
+        }
    }
    
-    # If punch is successful -- Look for this string
-    my $searchStr = "created and transferred";
-    if ( !( $out =~ m/$searchStr/i ) ) {
-        $out = "Failed\n";
-    } else {
-        $out = "Done\n";
-    }
-
    return $out;
 }

@@ -289,7 +289,7 @@ sub printLn {
    # Print string
    my $rsp;
    my $type = "I";
-    if ($str =~ m/error/i) {  # Set to print error if the string contains error
+    if ($str =~ m/(\(error\)|\sfailed)/i) {  # Set to print error if the string contains error
        $type = "E";
    }
    
@@ -1246,7 +1246,7 @@ sub getArch {
    }

    # Get host using VMCP
-    my $arch = `ssh $user\@$node "$sudo uname -p"`;
+    my $arch = `ssh $user\@$node "$sudo uname -m"`;

    return ( xCAT::zvmUtils->trimStr($arch) );
 }
@@ -2308,19 +2308,20 @@ sub getUsedFcpDevices {
    Arguments   : Sudoer user name
                  Sudo keyword
                  zHCP hostname
+                  Install root directory
                  Local directory to remotely mount
                  Mount access ('ro' for read only, 'rw' for read write)
                  Directory as known to zHCP (out)
    Returns     : 0 - Mounted, or zHCP and MN are on the same system
                  1 - Mount failed
-    Example     : establishMount( $callback, $::SUDOER, $::SUDO, $hcp, "$installRoot/$provMethod", "ro", \$remoteDeployDir );
+    Example     : establishMount( $callback, $::SUDOER, $::SUDO, $hcp, $installRoot, $provMethod, "ro", \$remoteDeployDir );
    
 =cut

 #-------------------------------------------------------
 sub establishMount {
    # Get inputs
-    my ($class, $callback, $sudoer, $sudo, $hcp, $localDir, $access, $mountedPt) = @_;    
+    my ($class, $callback, $sudoer, $sudo, $hcp, $installRoot, $localDir, $access, $mountedPt) = @_;    
    my $out;

    # If the target system is not on this system then establish the NFS mount point.
@@ -2338,7 +2339,7 @@ sub establishMount {
    
    if ($masterIp eq $hcpIP) {
        # xCAT MN and zHCP are on the same box and will use the same directory without the need for an NFS mount.
-        $$mountedPt = $localDir;
+        $$mountedPt = "$installRoot/$localDir";
    } else {
        # Determine the hostname for this management node
        my $masterHostname = Sys::Hostname::hostname();
@@ -2347,15 +2348,23 @@ sub establishMount {
            $masterHostname = $masterIp;
        }
        
+        $$mountedPt = "/mnt/$masterHostname$installRoot/$localDir";
+        
+        # If the mount point already exists then return because we are done.
+        my $rc = `ssh $sudoer\@$hcp "$sudo mount | grep $$mountedPt > /dev/null; echo \\\$?"`;
+        if ($rc == 0) {
+            return 0;
+        }
+        
        xCAT::zvmUtils->printSyslog( "establishMount() Preparing the NFS mount point on zHCP ($hcpIP) to xCAT MN $masterHostname($masterIp) for $localDir" );
        
        # Prepare the staging mount point on zHCP, if they need to be established
-        $$mountedPt = "/mnt/$masterHostname$localDir";
-        my $rc = `ssh $sudoer\@$hcp "$sudo mkdir -p $$mountedPt && mount -t nfs -o $access $masterIp:$localDir $$mountedPt; echo \\\$?"`;
+        $rc = `ssh $sudoer\@$hcp "$sudo mkdir -p $$mountedPt && mount -t nfs -o $access $masterIp:/$localDir $$mountedPt; echo \\\$?"`;
        
-        # Return code = 0 (mount succeeded) or 32 (mount already exists)
-        if ($rc != '0' && $rc != '32') {
+        # Return code = 0 (mount succeeded)
+        if ($rc != '0') {
            xCAT::zvmUtils->printLn( $callback, "$hcp: (Error) Unable to establish zHCP mount point: $$mountedPt" );
+            xCAT::zvmUtils->printSyslog( "establishMount() Unable to establish zHCP mount point: $$mountedPt, rc: $rc" );
            return 1;
        }
    }
@@ -2367,9 +2376,12 @@ sub establishMount {

 =head3   getFreeRepoSpace

-    Description : Get the free space of image repository under /install
+    Description : Get the free space of image repository under /install.
    Arguments   : Node
-    Returns     : The available space for /install
+    Returns     : The available space for /install (e.g. "2.1G ").  
+                  The value is returned as a perl string (e.g. "0 ") to 
+                  avoid perl returning null instead of "0" in the case
+                  of no space available.
    Example     : my $free = getFreeRepoSpace($callback, $node);
    
 =cut
@@ -2395,7 +2407,10 @@ sub getFreeRepoSpace {
        my $out = `$sudo /bin/df -h /install | sed 1d`;
        $out =~ s/\h+/ /g;
        my @results = split(' ', $out);
-        return ($results[3]);
+        if ( $results[3] eq "0" ) {
+            $results[3] = "0M";
+        }
+        return $results[3];
    } 

    return;
@@ -2475,12 +2490,12 @@ sub findAndUpdatezFcpPool {
        return \%results;
    }
    
-    # Check WWPN and LUN syntax
-    if ( $wwpn && ($wwpn =~ /[^0-9a-f;"]/i) ) {
-        xCAT::zvmUtils->printLn( $callback, "$header: (Error) Invalid world wide portname $wwpn." );
+    # Owner must be specified if status is used
+    if ($status =~ m/used/i && !$owner) {
+        xCAT::zvmUtils->printLn( $callback, "$header: (Error) Owner must be specified if status is used." );
        return \%results;
-    } if ( $lun && ($lun =~ /[^0-9a-f]/i) ) {
-        xCAT::zvmUtils->printLn( $callback, "$header: (Error) Invalid logical unit number $lun." );
+    } elsif ($status =~ m/free/i && $owner) {
+        xCAT::zvmUtils->printLn( $callback, "$header: (Error) Owner must not be specified if status is free." );
        return \%results;
    }
        
@@ -2509,6 +2524,15 @@ sub findAndUpdatezFcpPool {
        # Make sure WWPN and LUN do not have 0x prefix
        $wwpn = xCAT::zvmUtils->replaceStr($wwpn, "0x", "");
        $lun = xCAT::zvmUtils->replaceStr($lun, "0x", "");
+        
+        # Check WWPN and LUN syntax
+        if ( $wwpn && ($wwpn =~ /[^0-9a-f;"]/i) ) {
+            xCAT::zvmUtils->printLn( $callback, "$header: (Error) Invalid world wide portname $wwpn." );
+            return \%results;
+        } if ( $lun && ($lun =~ /[^0-9a-f]/i) ) {
+            xCAT::zvmUtils->printLn( $callback, "$header: (Error) Invalid logical unit number $lun." );
+            return \%results;
+        }
    }
    
    # Find disk pool (create one if non-existent)
@@ -2569,15 +2593,19 @@ sub findAndUpdatezFcpPool {
        }
        
        # Do not continue if no devices can be found
-        if (!$wwpn && !$lun) {
+        if (!$wwpn || !$lun) {
            xCAT::zvmUtils->printLn($callback, "$header: (Error) A suitable device of $size" . "M or larger could not be found");
            return \%results;
        }
    } else {
-    	# Find given WWPN and LUN. Do not continue if device is used
+        # Find given WWPN and LUN. Do not continue if device is used
        my $select = `ssh $user\@$hcp "$sudo cat $zfcpDir/$pool.conf" | grep -i "$wwpn,$lun"`;
        chomp($select);
-        
+        if (!$select) {
+            xCAT::zvmUtils->printLn($callback, "$header: (Error) zFCP device 0x$wwpn/0x$lun could not be found in zFCP pool $pool");
+            return \%results;
+        }
+
        @info = split(',', $select);
        
        if ($size) {
@@ -2585,13 +2613,11 @@ sub findAndUpdatezFcpPool {
                # Convert to MegaBytes
                $info[3] =~ s/\D//g;
                $info[3] = int($info[3]) * 1024
-            } elsif ($info[3] =~ m/M/i) {
+            } else {
                # Do nothing
                $info[3] =~ s/\D//g;
-            } else {
-                next;
            }
-                
+            
            # Do not continue if specified device does not have enough capacity
            if ($info[3] < $size) {
                xCAT::zvmUtils->printLn($callback, "$header: (Error) FCP device $wwpn/$lun is not large enough");
@@ -2602,7 +2628,7 @@ sub findAndUpdatezFcpPool {
        # Find range of the specified disk
        $range = $info[4];
    }
-       
+    
    # If there are multiple paths, take the 1st one
    # Handle multi-pathing in postscript because autoyast/kickstart does not support it.
    my $origWwpn = $wwpn;
@@ -2612,117 +2638,23 @@ sub findAndUpdatezFcpPool {
    }
        
    xCAT::zvmUtils->printLn($callback, "$header: Found FCP device 0x$wwpn/0x$lun");
-        
-    # Find a free FCP device based on the given range
-    if ($fcpDevice =~ m/^auto/i) {
-        my @ranges;
-        my $min;
-        my $max;
-        my $found = 0;
-                
-        if ($range =~ m/;/i) {
-            @ranges = split(';', $range);
-        } else {
-            push(@ranges, $range);
-        }
-                    
-        if (!$found) {
-            # If the node has an eligible FCP device, use it
-            my @deviceList = xCAT::zvmUtils->getDedicates($callback, $user, $owner);
-            foreach (@deviceList) {
-                # Check if this devide is eligible (among the range specified for disk $lun)
-                @info = split(' ', $_);
-                my $candidate = $info[2];
-                foreach (@ranges) {
-                    ($min, $max) = split('-', $_);
-                    if (hex($candidate) >= hex($min) && hex($candidate) <= hex($max)) {
-                        $found = 1;
-                        $fcpDevice = uc($candidate);
-                        
-                        last;
-                    }
-                }
-                
-                if ($found) {
-                	xCAT::zvmUtils->printLn($callback, "$header: Found eligible FCP channel $fcpDevice");
-                    last;
-                }       
-            }
-        }
-        
-        if (!$found) {
-            # If the node has no eligible FCP device, find a free one for it.
-            my %usedDevices = xCAT::zvmUtils->getUsedFcpDevices($user, $hcp);
-            
-            my $hcpUserId = xCAT::zvmCPUtils->getUserId($user, $hcp);
-            $hcpUserId =~ tr/a-z/A-Z/;
-        
-            # Find a free FCP channel
-            $out = `ssh $user\@$hcp "$sudo $dir/smcli System_WWPN_Query -T $hcpUserId" | egrep -i "FCP device number|Status"`;
-            my @devices = split( "\n", $out );
-            for (my $i = 0; $i < @devices; $i++) {
-                # Extract the device number and status
-                $fcpDevice = $devices[$i];
-                $fcpDevice =~ s/^FCP device number:(.*)/$1/;
-                $fcpDevice =~ s/^\s+//;
-                $fcpDevice =~ s/\s+$//;
-                        
-                $i++;
-                my $fcpStatus = $devices[$i];
-                $fcpStatus =~ s/^Status:(.*)/$1/;
-                $fcpStatus =~ s/^\s+//;
-                $fcpStatus =~ s/\s+$//;                    
-                        
-                # Only look at free FCP devices
-                if ($fcpStatus =~ m/free/i) {                    
-                    # If the device number is within the specified range, exit out of loop
-                    # Range: 3B00-3C00;4B00-4C00;5E12-5E12
-                    foreach (@ranges) {
-                        ($min, $max) = split('-', $_);
-                        if (hex($fcpDevice) >= hex($min) && hex($fcpDevice) <= hex($max)) {
-                            $fcpDevice = uc($fcpDevice);
-                
-                            # Used found FCP channel if not in use or allocated                        
-                            if (!$usedDevices{$fcpDevice}) {
-                                $found = 1;
-                                last;
-                            }
-                        }
-                    }
-                }
-                
-                # Break out of loop if FCP channel is found
-                if ($found) {
-                	xCAT::zvmUtils->printLn($callback, "$header: Found FCP channel within acceptable range $fcpDevice");
-                    last;
-                }
-            }
-        }
-            
-        # Do not continue if no FCP channel is found
-        if (!$found) {
-            xCAT::zvmUtils->printLn($callback, "$header: (Error) A suitable FCP channel could not be found");
+    
+    if ( ($status =~ m/used/i) && ($fcpDevice =~ /^auto/i) ) {
+        # select an eligible FCP device
+        $fcpDevice = xCAT::zvmUtils->selectFcpDevice($callback, $header, $user, $hcp, $fcpDevice, $range, $owner);
+        if (!$fcpDevice) {
            return \%results;
        }
-    }
-    
-    # If there are multiple devices (multipathing), take the 1st one
-    if ($fcpDevice) {
-        if ($fcpDevice =~ m/;/i) {
-            @info = split(';', $fcpDevice);
-            $fcpDevice = xCAT::zvmUtils->trimStr($info[0]);
-        }
-                    
-        # Make sure channel has a length of 4
-        while (length($fcpDevice) < 4) {
-            $fcpDevice = "0" . $fcpDevice;
-        }
+    } elsif ($status =~ m/free/i) {
+        # Owner and FCP channel make no sense when status is free
+        $fcpDevice = "";
+        $owner = "";
    }
            
    # Mark WWPN and LUN as used, free, or reserved and set the owner/channel appropriately
    # This config file keeps track of the owner of each device, which is useful in nodeset
    $size = $size . "M";
-    my $select = `ssh $user\@$hcp "$sudo cat $zfcpDir/$pool.conf" | grep -i "$lun" | grep -i "$wwpn"`;
+    my $select = `ssh $user\@$hcp "$sudo cat $zfcpDir/$pool.conf" | grep -i "$lun"`;
    chomp($select);
    if ($select) {
        @info = split(',', $select);
@@ -2759,6 +2691,156 @@ sub findAndUpdatezFcpPool {

 #-------------------------------------------------------

+=head3   selectFcpDevice
+
+    Description : Select an eligible FCP device for attaching a zFCP device to a node
+    Arguments   :   Message header
+                    User (root or non-root)
+                    zHCP
+                    candidate FCP devices or auto
+                    FCP device range
+                    zFCP device owner
+    Returns     : selected FCP device or empty if no one is selected
+    Example     : my $fcpDevice = xCAT::zvmUtils->selectFcpDevice($callback, $header, $user, $hcp, $fcpDevice, $range, $owner);
+    
+=cut
+
+#-------------------------------------------------------
+sub selectFcpDevice {
+    # Get inputs
+    my ($class, $callback, $header, $user, $hcp, $fcpDevice, $range, $owner) = @_;
+        
+    # Determine if sudo is used
+    my $sudo = "sudo";
+    if ($user eq "root") {
+        $sudo = "";
+    }
+    
+    # Directory where executables are on zHCP
+    my $dir = "/opt/zhcp/bin";
+        
+    # Directory where FCP disk pools are on zHCP
+    my $zfcpDir = "/var/opt/zhcp/zfcp";
+    
+    my %results = ('rc' => -1);  # Default to error
+    
+    # Check FCP device syntax
+    if ($fcpDevice && ($fcpDevice !~ /^auto/i) && ($fcpDevice =~ /[^0-9a-f]/i)) {
+        xCAT::zvmUtils->printLn($callback, "$header: (Error) Invalid FCP channel address $fcpDevice.");
+        return;
+    }
+    
+    # Find a free FCP device based on the given range
+    if ($fcpDevice =~ m/^auto/i) {
+        my @ranges;
+        my $min;
+        my $max;
+        my $found = 0;
+                
+        if ($range =~ m/;/i) {
+            @ranges = split(';', $range);
+        } else {
+            push(@ranges, $range);
+        }
+                    
+        if (!$found) {
+            # If the node has an eligible FCP device, use it
+            my @deviceList = xCAT::zvmUtils->getDedicates($callback, $user, $owner);
+            foreach (@deviceList) {
+                # Check if this devide is eligible (among the range specified for disk $lun)
+                my @info = split(' ', $_);
+                my $candidate = $info[2];
+                foreach (@ranges) {
+                    ($min, $max) = split('-', $_);
+                    if (hex($candidate) >= hex($min) && hex($candidate) <= hex($max)) {
+                        $found = 1;
+                        $fcpDevice = uc($candidate);
+                        
+                        last;
+                    }
+                }
+                
+                if ($found) {
+                    xCAT::zvmUtils->printLn($callback, "$header: Found eligible FCP channel $fcpDevice");
+                    last;
+                }       
+            }
+        }
+        
+        if (!$found) {
+            # If the node has no eligible FCP device, find a free one for it.
+            my %usedDevices = xCAT::zvmUtils->getUsedFcpDevices($user, $hcp);
+            
+            my $hcpUserId = xCAT::zvmCPUtils->getUserId($user, $hcp);
+            $hcpUserId =~ tr/a-z/A-Z/;
+        
+            # Find a free FCP channel
+            my $out = `ssh $user\@$hcp "$sudo $dir/smcli System_WWPN_Query -T $hcpUserId" | egrep -i "FCP device number|Status"`;
+            my @devices = split( "\n", $out );
+            for (my $i = 0; $i < @devices; $i++) {
+                # Extract the device number and status
+                $fcpDevice = $devices[$i];
+                $fcpDevice =~ s/^FCP device number:(.*)/$1/;
+                $fcpDevice =~ s/^\s+//;
+                $fcpDevice =~ s/\s+$//;
+                        
+                $i++;
+                my $fcpStatus = $devices[$i];
+                $fcpStatus =~ s/^Status:(.*)/$1/;
+                $fcpStatus =~ s/^\s+//;
+                $fcpStatus =~ s/\s+$//;                    
+                        
+                # Only look at free FCP devices
+                if ($fcpStatus =~ m/free/i) {                    
+                    # If the device number is within the specified range, exit out of loop
+                    # Range: 3B00-3C00;4B00-4C00;5E12-5E12
+                    foreach (@ranges) {
+                        ($min, $max) = split('-', $_);
+                        if (hex($fcpDevice) >= hex($min) && hex($fcpDevice) <= hex($max)) {
+                            $fcpDevice = uc($fcpDevice);
+                
+                            # Use found FCP channel if not in use or allocated                        
+                            if (!$usedDevices{$fcpDevice}) {
+                                $found = 1;
+                                last;
+                            }
+                        }
+                    }
+                }
+                
+                # Break out of loop if FCP channel is found
+                if ($found) {
+                    xCAT::zvmUtils->printLn($callback, "$header: Found FCP channel within acceptable range $fcpDevice");
+                    last;
+                }
+            }
+        }
+            
+        # Do not continue if no FCP channel is found
+        if (!$found) {
+            xCAT::zvmUtils->printLn($callback, "$header: (Error) A suitable FCP channel could not be found");
+            return;
+        }
+    }
+    
+    # If there are multiple devices (multipathing), take the 1st one
+    if ($fcpDevice) {
+        if ($fcpDevice =~ m/;/i) {
+            my @info = split(';', $fcpDevice);
+            $fcpDevice = xCAT::zvmUtils->trimStr($info[0]);
+        }
+                    
+        # Make sure channel has a length of 4
+        while (length($fcpDevice) < 4) {
+            $fcpDevice = "0" . $fcpDevice;
+        }
+    }
+    
+    return $fcpDevice;
+}
+
+#-------------------------------------------------------
+
 =head3   findzFcpDevicePool

    Description : Find the zFCP storage pool that contains the given zFCP device
@@ -2807,7 +2889,7 @@ sub findzFcpDevicePool {
                    WWPN
                    LUN
    Returns     : Architecture of node
-    Example     : my $deviceRef = xCAT::zvmUtils->findzFcpDeviceAttr($user, $hcp, $wwpn, $lun);
+    Example     : my $deviceRef = xCAT::zvmUtils->findzFcpDeviceAttr($user, $hcp, $pool, $wwpn, $lun);
    
 =cut

@@ -2827,7 +2909,7 @@ sub findzFcpDeviceAttr {

    # Find the SCSI/FCP device
    # Entry order: status,wwpn,lun,size,range,owner,channel,tag
-    my @info = split("\n", `ssh $user\@$hcp "$sudo grep \"$wwpn,$lun\" $zfcpDir/$pool.conf"`);
+    my @info = split("\n", `ssh $user\@$hcp "$sudo grep -i \"$wwpn,$lun\" $zfcpDir/$pool.conf"`);
    my $entry = $info[0];
    chomp($entry);
    
@@ -6,84 +6,275 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <netinet/in.h>
-int main() {
-	int serverfd,port;
-	int getpktinfo = 1;
-	struct addrinfo hint, *res;
-	char cmsg[CMSG_SPACE(sizeof(struct in_pktinfo))];
-	char clientpacket[1024];
-	struct sockaddr_in clientaddr;
-	struct msghdr msg;
-	struct cmsghdr *cmsgptr;
-	struct iovec iov[1];
-	unsigned int myip;
-	char *txtptr;
-	iov[0].iov_base = clientpacket;
-	iov[0].iov_len = 1024;
-	memset(&msg,0,sizeof(msg));
-	memset(&clientaddr,0,sizeof(clientaddr));
-	msg.msg_name=&clientaddr;
-	msg.msg_namelen = sizeof(clientaddr);
-	msg.msg_iov = iov;
-	msg.msg_iovlen = 1;
-	msg.msg_control=&cmsg;
-	msg.msg_controllen = sizeof(cmsg);
-	
-	
-	char bootpmagic[4] = {0x63,0x82,0x53,0x63};
-	int pktsize;
-	int doexit=0;
-	port = 4011;
-	memset(&hint,0,sizeof(hint));
-	hint.ai_family = PF_INET;  /* Would've done UNSPEC, but it doesn't work right and this is heavily v4 specific anyway */
-	hint.ai_socktype = SOCK_DGRAM;
-	hint.ai_flags = AI_PASSIVE;
-	getaddrinfo(NULL,"4011",&hint,&res);
-	serverfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-	if (!serverfd) { fprintf(stderr,"That's odd...\n"); }
-	setsockopt(serverfd,IPPROTO_IP,IP_PKTINFO,&getpktinfo,sizeof(getpktinfo));
-	if (bind(serverfd,res->ai_addr ,res->ai_addrlen) < 0) {
-		fprintf(stderr,"Unable to bind 4011");
-		exit(1);
-	}
-	while (!doexit) {
-		pktsize = recvmsg(serverfd,&msg,0);
-		if (pktsize < 320) {
-			continue;
-		}
-		if (clientpacket[0] != 1 || memcmp(clientpacket+0xec,bootpmagic,4)) {
-			continue;
-		}
-		for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL; cmsgptr = CMSG_NXTHDR(&msg,cmsgptr)) {
-			if (cmsgptr->cmsg_level == IPPROTO_IP && cmsgptr->cmsg_type == IP_PKTINFO) {
-				myip = ((struct in_pktinfo*)(CMSG_DATA(cmsgptr)))->ipi_addr.s_addr;
-			}
-		}
-		clientpacket[0] = 2; //change to a reply
-		myip = htonl(myip); //endian neutral change
-		clientpacket[0x14] = (myip>>24)&0xff; //maybe don't need to do this, maybe assigning the whole int would be better
-		clientpacket[0x15] = (myip>>16)&0xff;
-		clientpacket[0x16] = (myip>>8)&0xff;
-		clientpacket[0x17] = (myip)&0xff;
-		txtptr = clientpacket+0x6c;
-		strncpy(txtptr,"Boot/bootmgfw.efi",128); // keeping 128 in there just in case someone changes the string
-		clientpacket[0xf0]=0x35; //DHCP MSG type 
-		clientpacket[0xf1]=0x1; // LEN of 1
-		clientpacket[0xf2]=0x5; //DHCP ACK
-		clientpacket[0xf3]=0x36; //DHCP server identifier
-		clientpacket[0xf4]=0x4; //DHCP server identifier length
-		clientpacket[0xf5] = (myip>>24)&0xff; //maybe don't need to do this, maybe assigning the whole int would be better
-		clientpacket[0xf6] = (myip>>16)&0xff;
-		clientpacket[0xf7] = (myip>>8)&0xff;
-		clientpacket[0xf8] = (myip)&0xff;
-		clientpacket[0xf9] = 0xfc; // dhcp 252 'proxy', but coopeted by bootmgfw, it's actually suggesting the boot config file
-		clientpacket[0xfa] = 9; //length of 9
-		txtptr = clientpacket+0xfb;
-		strncpy(txtptr,"Boot/BCD",8);
-		clientpacket[0x103]=0;
-		clientpacket[0x104]=0xff;
-		sendto(serverfd,clientpacket,pktsize,0,(struct sockaddr*)&clientaddr,sizeof(clientaddr));
-	}
+#include <signal.h>
+#include <syslog.h>
+
+// the chunk size for each alloc 
+int chunknum = 200;
+int doreload = 0;
+int verbose = 0;
+char logmsg[50];
+
+// the struct to store the winpe configuration for each node
+struct nodecfg {
+    char node[50];
+    char data[150];
+};
+
+char *data = NULL; // the ptr to the array of all node config
+int nodenum = 0;
+
+// trigger the main program to reload configuration file
+void reload(int sig) {
+    doreload = 1;
+}
+// the subroutine which is used to load configuration from 
+// /var/lib/xcat/proxydhcp.cfg to *data
+void loadcfg () {
+    nodenum = 0;
+    free(data);
+    data = NULL;
+    doreload = 0;
+
+    char *dp = NULL;
+
+    FILE *fp;
+    fp = fopen("/var/lib/xcat/proxydhcp.cfg", "r");
+    if (fp) {
+        int num = chunknum;
+        int rtime = 1;
+        while (num == chunknum) {
+            // realloc the chunknum size of memory each to save memory usage
+            data = realloc(data, sizeof(struct nodecfg) * chunknum * rtime);
+            if (NULL == data) {
+                fprintf (stderr, "Cannot get enough memory.\n");
+                free (data);
+                return;
+            }
+            dp = data + sizeof(struct nodecfg) * chunknum * (rtime - 1);
+            memset(dp, 0, sizeof(struct nodecfg) * chunknum);
+            num = fread(dp, sizeof (struct nodecfg), chunknum, fp);
+            nodenum += num;
+            rtime++;
+        }
+        fclose(fp);
+    }
+}
+
+// get the path of winpe from configuration file which is stored in *data
+char *getwinpepath(char *node) {
+    int i;
+    struct nodecfg *nc = (struct nodecfg *)data;
+    for (i=0; i<nodenum;i++) {
+        if (0 == strcmp(nc->node, node)) {
+            return nc->data;
+        }
+        nc++;
+    }
+
+    return NULL;
+}
+
+    
+int main(int argc, char *argv[]) {
+    int i;
+    for(i = 0; i < argc; i++)
+    {
+        if (strcmp(argv[i], "-V") == 0) {
+            verbose = 1;
+            setlogmask(LOG_UPTO(LOG_DEBUG));
+            openlog("proxydhcp", LOG_NDELAY, LOG_LOCAL0);
+        }
+    }
+
+    // regist my pid to /var/run/xcat/proxydhcp.pid
+    int pid = getpid();
+    FILE *pidf = fopen ("/var/run/xcat/proxydhcp.pid", "w");
+    if (pidf) {
+        fprintf(pidf, "%d", pid);
+        fclose (pidf);
+    } else {
+        fprintf (stderr, "Cannot open /var/run/xcat/proxydhcp.pid\n");
+        return 1;
+    }
+
+    // load configuration at first start
+    loadcfg();
+
+    // regist signal SIGUSR1 for triggering reload configuration from outside
+    struct sigaction sigact;
+    sigact.sa_handler = &reload;
+    sigaction(SIGUSR1, &sigact, NULL);
+
+    int serverfd,port;
+    int getpktinfo = 1;
+    struct addrinfo hint, *res;
+    char cmsg[CMSG_SPACE(sizeof(struct in_pktinfo))];
+    char clientpacket[1024];
+    struct sockaddr_in clientaddr;
+    struct msghdr msg;
+    struct cmsghdr *cmsgptr;
+    struct iovec iov[1];
+    unsigned int myip, clientip;
+    char *txtptr;
+    iov[0].iov_base = clientpacket;
+    iov[0].iov_len = 1024;
+    memset(&msg,0,sizeof(msg));
+    memset(&clientaddr,0,sizeof(clientaddr));
+    msg.msg_name=&clientaddr;
+    msg.msg_namelen = sizeof(clientaddr);
+    msg.msg_iov = iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control=&cmsg;
+    msg.msg_controllen = sizeof(cmsg);
+
+    char defaultwinpe[20] = "Boot/bootmgfw.efi";	
+    char bootpmagic[4] = {0x63,0x82,0x53,0x63};
+    int pktsize;
+    int doexit=0;
+    port = 4011;
+    memset(&hint,0,sizeof(hint));
+    hint.ai_family = PF_INET;  /* Would've done UNSPEC, but it doesn't work right and this is heavily v4 specific anyway */
+    hint.ai_socktype = SOCK_DGRAM;
+    hint.ai_flags = AI_PASSIVE;
+    getaddrinfo(NULL,"4011",&hint,&res);
+    serverfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+    if (!serverfd) { fprintf(stderr,"That's odd...\n"); }
+    setsockopt(serverfd,IPPROTO_IP,IP_PKTINFO,&getpktinfo,sizeof(getpktinfo));
+    if (bind(serverfd,res->ai_addr ,res->ai_addrlen) < 0) {
+        fprintf(stderr,"Unable to bind 4011");
+        exit(1);
+    }
+
+
+    while (!doexit) {
+        // use select to wait for the 4011 request packages coming
+        fd_set fds;
+        FD_ZERO(&fds);
+        FD_SET(serverfd, &fds); 
+        struct timeval timeout;
+        timeout.tv_sec = 30;
+        timeout.tv_usec = 0;
+        
+        int rc;
+        if ((rc = select(serverfd+1,&fds,0,0, &timeout)) <= 0) {
+            if (doreload) {
+                loadcfg();
+                fprintf(stderr, "load in select\n");
+            }
+            if (verbose) {syslog(LOG_DEBUG, "reload /var/lib/xcat/proxydhcp.cfg\n");}
+            continue;
+        }
+        
+        if (doreload) {
+            loadcfg();
+            if (verbose) {syslog(LOG_DEBUG, "reload /var/lib/xcat/proxydhcp.cfg\n");}
+        }
+        
+        pktsize = recvmsg(serverfd,&msg,0);
+        if (pktsize < 320) {
+            continue;
+        }
+        if (clientpacket[0] != 1 || memcmp(clientpacket+0xec,bootpmagic,4)) {
+            continue;
+        }
+        for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL; cmsgptr = CMSG_NXTHDR(&msg,cmsgptr)) {
+            if (cmsgptr->cmsg_level == IPPROTO_IP && cmsgptr->cmsg_type == IP_PKTINFO) {
+                myip = ((struct in_pktinfo*)(CMSG_DATA(cmsgptr)))->ipi_addr.s_addr;
+            }
+        }
+        
+        // get the ip of dhcp client
+        clientip = 0;
+        int i;
+        for (i = 0; i< 4; i++) {
+            clientip = clientip << 8;
+            clientip += (unsigned char)clientpacket[15-i];
+        }
+        // get the winpe path
+        struct hostent *host = gethostbyaddr(&clientip, sizeof(clientip), AF_INET);
+        char *winpepath = defaultwinpe;
+        if (host) {
+            if (host->h_name) {
+                // remove the domain part from hostname
+                char *place = strstr(host->h_name, ".");
+                if (place) {
+                    *place = '\0';
+                }
+                
+                winpepath = getwinpepath(host->h_name);
+                if (winpepath == NULL) {
+                    winpepath = defaultwinpe;
+                }
+                if (verbose) {
+                    sprintf(logmsg, "Received proxydhcp request from %s\n", host->h_name);
+                    syslog(LOG_DEBUG, logmsg); 
+                }
+            }
+        } else {
+            winpepath = defaultwinpe;
+        }
+        
+        // get the Vendor class identifier
+        char *arch = NULL;
+        unsigned char *p = clientpacket + 0xf0;
+        while (*p != 0xff && p < (unsigned char *)clientpacket + pktsize) {
+            if (*p == 60) {
+                arch = p + 0x11;
+                break;
+            } else {
+                p += *(p+1) + 2;
+            }
+        }
+        
+        char winboot[50]; // the bootload of winpe
+        memset(winboot, 0, 50);
+        if (0 == memcmp(arch, "00000", 5)) {  // bios boot mode
+            strcpy(winboot, winpepath);
+            strcat(winboot, "Boot/pxeboot.0");
+        } else if (0 == memcmp(arch, "00007", 5)) {  // uefi boot mode
+            strcpy(winboot, winpepath);
+            strcat(winboot, "Boot/bootmgfw.efi");
+        }
+
+        clientpacket[0] = 2; //change to a reply
+        myip = htonl(myip); //endian neutral change
+        clientpacket[0x14] = (myip>>24)&0xff; //maybe don't need to do this, maybe assigning the whole int would be better
+        clientpacket[0x15] = (myip>>16)&0xff;
+        clientpacket[0x16] = (myip>>8)&0xff;
+        clientpacket[0x17] = (myip)&0xff;
+        txtptr = clientpacket+0x6c;
+        strncpy(txtptr, winboot ,128); // keeping 128 in there just in case someone changes the string
+        //strncpy(txtptr,"winboot/new/Boot/bootmgfw.efi",128); // keeping 128 in there just in case someone changes the string
+        //strncpy(txtptr,"Boot/pxeboot.0",128); // keeping 128 in there just in case someone changes the string
+        clientpacket[0xf0]=0x35; //DHCP MSG type 
+        clientpacket[0xf1]=0x1; // LEN of 1
+        clientpacket[0xf2]=0x5; //DHCP ACK
+        clientpacket[0xf3]=0x36; //DHCP server identifier
+        clientpacket[0xf4]=0x4; //DHCP server identifier length
+        clientpacket[0xf5] = (myip>>24)&0xff; //maybe don't need to do this, maybe assigning the whole int would be better
+        clientpacket[0xf6] = (myip>>16)&0xff;
+        clientpacket[0xf7] = (myip>>8)&0xff;
+        clientpacket[0xf8] = (myip)&0xff;
+        
+        char winBCD[50];
+        strcpy(winBCD, winpepath);
+        strcat(winBCD, "Boot/BCD");
+        clientpacket[0xf9] = 0xfc; // dhcp 252 'proxy', but coopeted by bootmgfw, it's actually suggesting the boot config file
+        clientpacket[0xfa] = strlen(winBCD) + 1; //length of 9
+        txtptr = clientpacket+0xfb;
+        strncpy(txtptr, winBCD, strlen(winBCD));
+        clientpacket[0xfa + strlen(winBCD) + 1] = 0;
+        clientpacket[0xfa + strlen(winBCD) + 2] = 0xff;
+        sendto(serverfd,clientpacket,pktsize,0,(struct sockaddr*)&clientaddr,sizeof(clientaddr));
+
+        if (verbose) {
+            sprintf(logmsg, "Path of bootloader:%s. Path of BCD:%s\n", winboot, winBCD);
+            syslog(LOG_DEBUG, logmsg);
+        }
+    }
+
+    if (verbose) { closelog();}
 }


@@ -14,7 +14,7 @@
 #    postscript (stateful install) or with the otherpkgs processing of
 #    genimage (stateless/statelite install).  This script will install any
 #    gpfs update rpms that exist on the xCAT management node in the 
-#    /install/post/gpfs_updates directory.
+#    /install/post/otherpkgs/gpfs_updates directory.
 #    This is necessary because the GPFS updates can ONLY be installed
 #    after the base rpms have been installed, and the update rpms cannot
 #    exist in any rpm repositories used by xCAT otherpkgs processing
@@ -0,0 +1,15 @@
+AllCops:
+  Excludes:
+    - test/**
+    - vendor/**
+
+AlignParameters:
+  Enabled: false
+Encoding:
+  Enabled: false
+HashSyntax:
+  Enabled: false
+LineLength:
+  Enabled: false
+MethodLength:
+  Max: 30
@@ -0,0 +1,9 @@
+rvm:
+  - 1.9.3
+  - 2.0.0
+before_script:
+  - bundle exec berks install
+script:
+  - bundle exec foodcritic -f any . --tags ~FC007 --tags ~FC015 --tags ~FC023
+  # - bundle exec rspec --color --format progress
+  - bundle exec rubocop
@@ -0,0 +1,7 @@
+site :opscode
+metadata
+
+group :integration do
+  cookbook 'apt', '~> 2.0'
+  cookbook 'yum', '~> 2.0'
+end
@@ -0,0 +1,198 @@
+apache2 Cookbook Changelog
+==========================
+This file is used to list changes made in each version of the apache2 cookbook.
+
+v1.8.4
+------
+### Bug
+- **[COOK-3769](https://tickets.opscode.com/browse/COOK-3769)** - Fix a critical bug where the `apache_module` could not enable modules
+
+
+v1.8.2
+------
+### Bug
+- **[COOK-3766](https://tickets.opscode.com/browse/COOK-3766)** - Fix an issue where the `mod_ssl` recipe fails due to a missing attribute
+
+
+v1.8.0
+------
+### Bug
+- **[COOK-3680](https://tickets.opscode.com/browse/COOK-3680)** - Update template paths
+- **[COOK-3570](https://tickets.opscode.com/browse/COOK-3570)** - Apache cookbook breaks on RHEL / CentOS 6
+- **[COOK-2944](https://tickets.opscode.com/browse/COOK-2944)** - Fix foodcritic failures
+- **[COOK-2893](https://tickets.opscode.com/browse/COOK-2893)** - Improve mod_auth_openid recipe with guards and idempotency
+- **[COOK-2758](https://tickets.opscode.com/browse/COOK-2758)** - Fix use of non-existent attribute
+
+### New Feature
+- **[COOK-3665](https://tickets.opscode.com/browse/COOK-3665)** - Add recipe for mod_userdir
+- **[COOK-3646](https://tickets.opscode.com/browse/COOK-3646)** - Add recipe for mod_cloudflare
+- **[COOK-3213](https://tickets.opscode.com/browse/COOK-3213)** - Add recipe for mod_info
+
+### Improvement
+- **[COOK-3656](https://tickets.opscode.com/browse/COOK-3656)** - Parameterize apache2 binary
+- **[COOK-3562](https://tickets.opscode.com/browse/COOK-3562)** - Allow mod_proxy settings to be configured as attributes
+- **[COOK-3326](https://tickets.opscode.com/browse/COOK-3326)** - Fix default_test to use ServerTokens attribute
+- **[COOK-2635](https://tickets.opscode.com/browse/COOK-2635)** - Add support for SVG mime types
+- **[COOK-2598](https://tickets.opscode.com/browse/COOK-2598)** - FastCGI Module only works on Debian-based platforms
+- **[COOK-1984](https://tickets.opscode.com/browse/COOK-1984)** - Add option to configure the address apache listens to
+
+
+v1.7.0
+------
+### Improvement
+
+- [COOK-3073]: make access.log location configurable per-platform
+- [COOK-3074]: don't hardcode the error.log location in the default site config
+- [COOK-3268]: don't hardcode DocumentRoot and cgi-bin locations in `default_site`
+
+### New Feature
+
+- [COOK-3184]: Add `mod_filter` recipe to Apache2-cookbook
+- [COOK-3236]: Add `mod_action` recipe to Apache2-cookbook
+
+v1.6.6
+------
+1.6.4 had a missed step in the automated release, long live 1.6.6.
+
+### Bug
+
+- [COOK-3018]: apache2_module does duplicate delayed restart of apache2 service when conf = true
+- [COOK-3027]: Default site enable true, then false, does not disable default site
+- [COOK-3109]: fix apache lib_dir arch attribute regexp
+
+v1.6.2
+------
+- [COOK-2535] - `mod_auth_openid` requires libtool to run autogen.sh
+- [COOK-2667] - Typo in usage documentation
+- [COOK-2461] - `apache2::mod_auth_openid` fails on some ubuntu systems
+- [COOK-2720] - Apache2 minitest helper function `ran_recipe` is not portable
+
+v1.6.0
+------
+- [COOK-2372] - apache2 mpm_worker: add ServerLimit attribute (default to 16)
+
+v1.5.0
+------
+The `mod_auth_openid` attributes are changed. The upstream maintainer deprecated the older release versions, and the source repository has releases available at specific SHA1SUM references. The new attribute, `node['apache']['mod_auth_openid']['ref']` is used to set this.
+
+- [COOK-2198] - `apache::mod_auth_openid` compiles from source, but does not install make on debian/ubuntu
+- [COOK-2224] - version conflict between cucumber and other gems
+- [COOK-2248] - `apache2::mod_php5` uses `not_if` "which php" without ensuring package 'which' is installed
+- [COOK-2269] - Set allow list for mod_status incase external monitor scripts need
+- [COOK-2276] - cookbook apache2 documentation regarding listening ports doesn't match default attributes
+- [COOK-2296] - `mod_auth_openid` doesn't have tags/releases for the version I need for features and fixes
+- [COOK-2323] - Add Oracle linux support
+
+v1.4.2
+------
+- [COOK-1721] - fix logrotate recipe
+
+v1.4.0
+------
+- [COOK-1456] - iptables enhancements
+- [COOK-1473] - apache2 does not disable default site when setting "`default_site_enabled`" back to false
+- [COOK-1824] - the apache2 cookbook needs to specify which binary is used on rhel platform
+- [COOK-1916] - Download location wrong for apache2 `mod_auth_openid` >= 0.7
+- [COOK-1917] - Improve `mod_auth_openid` recipe to handle module upgrade more gracefully
+- [COOK-2029] - apache2 restarts on every run on RHEL and friends, generate-module-list on every run.
+- [COOK-2036] - apache2: Cookbook style
+
+v1.3.2
+------
+- [COOK-1804] - fix `web_app` definition parameter so site can be disabled.
+
+v1.3.0
+------
+- [COOK-1738] - Better configuration for `mod_include` and some overrides in `web_app` definition
+- [COOK-1470] - Change SSL Ciphers to Mitigate BEAST attack
+
+v1.2.0
+------
+- [COOK-692] - delete package conf.d files in module recipes, for EL
+- [COOK-1693] - Foodcritic finding for unnecessary string interpolation
+- [COOK-1757] - platform_family and better style / usage practices
+
+v1.1.16
+-------
+re-releasing as .16 due to error on tag 1.1.14
+
+- [COOK-1466] - add `mod_auth_cas` recipe
+- [COOK-1609] - apache2 changes ports.conf twice per run when using apache2::mod_ssl
+
+v1.1.12
+-------
+- [COOK-1436] - restore apache2 web_app definition
+- [COOK-1356] - allow ExtendedStatus via attribute
+- [COOK-1403] - add mod_fastcgi recipe
+
+v1.1.10
+-------
+- [COOK-1315] - allow the default site to not be enabled
+- [COOK-1328] - cookbook tests (minitest, cucumber)
+
+v1.1.8
+------
+- Some platforms with minimal installations that don't have perl won't have a `node['languages']['perl']` attribute, so remove the conditional and rely on the power of idempotence in the package resource.
+- [COOK-1214] - address foodcritic warnings
+- [COOK-1180] - add `mod_logio` and fix `mod_proxy`
+
+v1.1.6
+------
+FreeBSD users: This release requires the `freebsd` cookbook. See README.md.
+
+- [COOK-1025] - freebsd support in mod_php5 recipe
+
+v1.1.4
+------
+- [COOK-1100] - support amazon linux
+
+v1.1.2
+------
+- [COOK-996] - apache2::mod_php5 can cause PHP and module API mismatches
+- [COOK-1083] - return string for v_f_p and use correct value for default
+
+v1.1.0
+------
+- [COOK-861] - Add `mod_perl` and apreq2
+- [COOK-941] - fix `mod_auth_openid` on FreeBSD
+- [COOK-1021] - add a commented-out LoadModule directive to keep apxs happy
+- [COOK-1022] - consistency for icondir attribute
+- [COOK-1023] - fix platform test for attributes
+- [COOK-1024] - fix a2enmod script so it runs cleanly on !bash
+- [COOK-1026] - fix `error_log` location on FreeBSD
+
+v1.0.8
+------
+- COOK-548 - directory resource doesn't have backup parameter
+
+v1.0.6
+------
+- COOK-915 - update to `mod_auth_openid` version 0.6, see __Recipes/mod_auth_openid__ below.
+- COOK-548 - Add support for FreeBSD.
+
+v1.0.4
+------
+- COOK-859 - don't hardcode module paths
+
+v1.0.2
+------
+- Tickets resolved in this release: COOK-788, COOK-782, COOK-780
+
+v1.0.0
+------
+- Red Hat family support is greatly improved, all recipes except `god_monitor` converge.
+- Recipe `mod_auth_openid` now works on RHEL family distros
+- Recipe `mod_php5` will now remove config from package on RHEL family so it doesn't conflict with the cookbook's.
+- Added `php5.conf.erb` template for `mod_php5` recipe.
+- Create the run state directory for `mod_fcgid` to prevent a startup error on RHEL version 6.
+- New attribute `node['apache']['lib_dir']` to handle lib vs lib64 on RHEL family distributions.
+- New attribute `node['apache']['group']`.
+- Scientific Linux support added.
+- Use a file resource instead of the generate-module-list executed perl script on RHEL family.
+- "default" site can now be disabled.
+- web_app now has an "enable" parameter.
+- Support for dav_fs apache module.
+- Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518
+- Fix node references in template for a2dissite
+- Use proper user and group attributes on files and templates.
+- Replace the anemic README.rdoc with this new and improved superpowered README.md :).
@@ -0,0 +1,257 @@
+# Contributing to Opscode Cookbooks
+
+We are glad you want to contribute to Opscode Cookbooks! The first
+step is the desire to improve the project.
+
+You can find the answers to additional frequently asked questions
+[on the wiki](http://wiki.opscode.com/display/chef/How+to+Contribute).
+
+You can find additional information about
+[contributing to cookbooks](http://wiki.opscode.com/display/chef/How+to+Contribute+to+Opscode+Cookbooks)
+on the wiki as well.
+
+## Quick-contribute
+
+* Create an account on our [bug tracker](http://tickets.opscode.com)
+* Sign our contributor agreement (CLA)
+[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L)
+(keep reading if you're contributing on behalf of your employer)
+* Create a ticket for your change on the
+  [bug tracker](http://tickets.opscode.com)
+* Link to your patch as a rebased git branch or pull request from the
+  ticket
+* Resolve the ticket as fixed
+
+We regularly review contributions and will get back to you if we have
+any suggestions or concerns.
+
+## The Apache License and the CLA/CCLA
+
+Licensing is very important to open source projects, it helps ensure
+the software continues to be available under the terms that the author
+desired. Chef uses the Apache 2.0 license to strike a balance between
+open contribution and allowing you to use the software however you
+would like to.
+
+The license tells you what rights you have that are provided by the
+copyright holder. It is important that the contributor fully
+understands what rights they are licensing and agrees to them.
+Sometimes the copyright holder isn't the contributor, most often when
+the contributor is doing work for a company.
+
+To make a good faith effort to ensure these criteria are met, Opscode
+requires a Contributor License Agreement (CLA) or a Corporate
+Contributor License Agreement (CCLA) for all contributions. This is
+without exception due to some matters not being related to copyright
+and to avoid having to continually check with our lawyers about small
+patches.
+
+It only takes a few minutes to complete a CLA, and you retain the
+copyright to your contribution.
+
+You can complete our contributor agreement (CLA)
+[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L).
+If you're contributing on behalf of your employer, have your employer
+fill out our
+[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856)
+instead.
+
+## Ticket Tracker (JIRA)
+
+The [ticket tracker](http://tickets.opscode.com) is the most important
+documentation for the code base. It provides significant historical
+information, such as:
+
+* Which release a bug fix is included in
+* Discussion regarding the design and merits of features
+* Error output to aid in finding similar bugs
+
+Each ticket should aim to fix one bug or add one feature.
+
+## Using git
+
+You can get a quick copy of the repository for this cookbook by
+running `git clone
+git://github.com/opscode-coobkooks/COOKBOOKNAME.git`.
+
+For collaboration purposes, it is best if you create a Github account
+and fork the repository to your own account. Once you do this you will
+be able to push your changes to your Github repository for others to
+see and use.
+
+If you have another repository in your GitHub account named the same
+as the cookbook, we suggest you suffix the repository with -cookbook.
+
+### Branches and Commits
+
+You should submit your patch as a git branch named after the ticket,
+such as COOK-1337. This is called a _topic branch_ and allows users to
+associate a branch of code with the ticket.
+
+It is a best practice to have your commit message have a _summary
+line_ that includes the ticket number, followed by an empty line and
+then a brief description of the commit. This also helps other
+contributors understand the purpose of changes to the code.
+
+    [COOK-1757] - platform_family and style
+
+    * use platform_family for platform checking
+    * update notifies syntax to "resource_type[resource_name]" instead of
+      resources() lookup
+    * COOK-692 - delete config files dropped off by packages in conf.d
+    * dropped debian 4 support because all other platforms have the same
+      values, and it is older than "old stable" debian release
+
+Remember that not all users use Chef in the same way or on the same
+operating systems as you, so it is helpful to be clear about your use
+case and change so they can understand it even when it doesn't apply
+to them.
+
+### Github and Pull Requests
+
+All of Opscode's open source cookbook projects are available on
+[Github](http://www.github.com/opscode-cookbooks).
+
+We don't require you to use Github, and we will even take patch diffs
+attached to tickets on the tracker. However Github has a lot of
+convenient features, such as being able to see a diff of changes
+between a pull request and the main repository quickly without
+downloading the branch.
+
+If you do choose to use a pull request, please provide a link to the
+pull request from the ticket __and__ a link to the ticket from the
+pull request. Because pull requests only have two states, open and
+closed, we can't easily filter pull requests that are waiting for a
+reply from the author for various reasons.
+
+### More information
+
+Additional help with git is available on the
+[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git)
+wiki page.
+
+## Functional and Unit Tests
+
+This cookbook is set up to run tests under
+[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It
+uses minitest-chef to run integration tests after the node has been
+converged to verify that the state of the node.
+
+Test kitchen should run completely without exception using the default
+[baseboxes provided by Opscode](https://github.com/opscode/bento).
+Because Test Kitchen creates VirtualBox machines and runs through
+every configuration in the Kitchenfile, it may take some time for
+these tests to complete.
+
+If your changes are only for a specific recipe, run only its
+configuration with Test Kitchen. If you are adding a new recipe, or
+other functionality such as a LWRP or definition, please add
+appropriate tests and ensure they run with Test Kitchen.
+
+If any don't pass, investigate them before submitting your patch.
+
+Any new feature should have unit tests included with the patch with
+good code coverage to help protect it from future changes. Similarly,
+patches that fix a bug or regression should have a _regression test_.
+Simply put, this is a test that would fail without your patch but
+passes with it. The goal is to ensure this bug doesn't regress in the
+future. Consider a regular expression that doesn't match a certain
+pattern that it should, so you provide a patch and a test to ensure
+that the part of the code that uses this regular expression works as
+expected. Later another contributor may modify this regular expression
+in a way that breaks your use cases. The test you wrote will fail,
+signalling to them to research your ticket and use case and accounting
+for it.
+
+If you need help writing tests, please ask on the Chef Developer's
+mailing list, or the #chef-hacking IRC channel.
+
+## Code Review
+
+Opscode regularly reviews code contributions and provides suggestions
+for improvement in the code itself or the implementation.
+
+We find contributions by searching the ticket tracker for _resolved_
+tickets with a status of _fixed_. If we have feedback we will reopen
+the ticket and you should resolve it again when you've made the
+changes or have a response to our feedback. When we believe the patch
+is ready to be merged, we will tag the _Code Reviewed_ field with
+_Reviewed_.
+
+Depending on the project, these tickets are then merged within a week
+or two, depending on the current release cycle.
+
+## Release Cycle
+
+The versioning for Opscode Cookbook projects is X.Y.Z.
+
+* X is a major release, which may not be fully compatible with prior
+  major releases
+* Y is a minor release, which adds both new features and bug fixes
+* Z is a patch release, which adds just bug fixes
+
+A released version of a cookbook will end in an even number, e.g.
+"1.2.4" or "0.8.0". When development for the next version of the
+cookbook begins, the "Z" patch number is incremented to the next odd
+number, however the next release of the cookbook may be a major or
+minor incrementing version.
+
+Releases of Opscode's cookbooks are usually announced on the Chef user
+mailing list. Releases of several cookbooks may be batched together
+and announced on the [Opscode Blog](http://www.opscode.com/blog).
+
+## Working with the community
+
+These resources will help you learn more about Chef and connect to
+other members of the Chef community:
+
+* [chef](http://lists.opscode.com/sympa/info/chef) and
+  [chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing
+  lists
+* #chef and #chef-hacking IRC channels on irc.freenode.net
+* [Community Cookbook site](http://community.opscode.com)
+* [Chef wiki](http://wiki.opscode.com/display/chef)
+* Opscode Chef [product page](http://www.opscode.com/chef)
+
+
+## Cookbook Contribution Do's and Don't's
+
+Please do include tests for your contribution. If you need help, ask
+on the
+[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev)
+or the
+[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking).
+Not all platforms that a cookbook supports may be supported by Test
+Kitchen. Please provide evidence of testing your contribution if it
+isn't trivial so we don't have to duplicate effort in testing. Chef
+10.14+ "doc" formatted output is sufficient.
+
+Please do indicate new platform (families) or platform versions in the
+commit message, and update the relevant ticket.
+
+If a contribution adds new platforms or platform versions, indicate
+such in the body of the commit message(s), and update the relevant
+COOK ticket. When writing commit messages, it is helpful for others if
+you indicate the COOK ticket. For example:
+
+    git commit -m '[COOK-1041] - Updated pool resource to correctly
+    delete.'
+
+Please do use [foodcritic](http://acrmp.github.com/foodcritic) to
+lint-check the cookbook. Except FC007, it should pass all correctness
+rules. FC007 is okay as long as the dependent cookbooks are *required*
+for the default behavior of the cookbook, such as to support an
+uncommon platform, secondary recipe, etc.
+
+Please do ensure that your changes do not break or modify behavior for
+other platforms supported by the cookbook. For example if your changes
+are for Debian, make sure that they do not break on CentOS.
+
+Please do not modify the version number in the metadata.rb, Opscode
+will select the appropriate version based on the release cycle
+information above.
+
+Please do not update the CHANGELOG.md for a new version. Not all
+changes to a cookbook may be merged and released in the same versions.
+Opscode will update the CHANGELOG.md when releasing a new version of
+the cookbook.
@@ -0,0 +1,23 @@
+# source "https://rubygems.org"
+
+# gem 'cucumber', '~> 1.2.0'
+# gem 'httparty', '~> 0.8.3'
+# gem 'minitest', '~> 3.0.0'
+# gem 'nokogiri', '~> 1.5.0'
+
+# group :kitchen  do
+#   gem 'test-kitchen', '< 1.0'
+# end
+
+
+source 'https://rubygems.org'
+
+gem 'berkshelf',  '~> 2.0'
+gem 'chefspec',   '~> 2.0'
+gem 'foodcritic', '~> 3.0'
+gem 'rubocop',    '~> 0.12'
+
+group :integration do
+  gem 'test-kitchen',    '~> 1.0.0.beta'
+  gem 'kitchen-vagrant', '~> 0.11'
+end
@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
@@ -0,0 +1,586 @@
+apache2 Cookbook
+================
+[![Build Status](https://secure.travis-ci.org/opscode-cookbooks/apache2.png?branch=master)](http://travis-ci.org/opscode-cookbooks/apache2)
+
+
+This cookbook provides a complete Debian/Ubuntu style Apache HTTPD
+configuration. Non-Debian based distributions such as Red Hat/CentOS,
+ArchLinux and others supported by this cookbook will have a
+configuration that mimics Debian/Ubuntu style as it is easier to
+manage with Chef.
+
+Debian-style Apache configuration uses scripts to manage modules and
+sites (vhosts). The scripts are:
+
+* a2ensite
+* a2dissite
+* a2enmod
+* a2dismod
+
+This cookbook ships with templates of these scripts for non
+Debian/Ubuntu platforms. The scripts are used in the __Definitions__
+below.
+
+Requirements
+============
+
+## Ohai and Chef:
+
+* Ohai: 0.6.12+
+* Chef: 0.10.10+
+
+As of v1.2.0, this cookbook makes use of `node['platform_family']` to
+simplify platform selection logic. This attribute was introduced in
+Ohai v0.6.12. The recipe methods were introduced in Chef v0.10.10. If
+you must run an older version of Chef or Ohai, use [version 1.1.16 of
+this cookbook](http://community.opscode.com/cookbooks/apache2/versions/1_1_16/downloads).
+
+## Cookbooks:
+
+This cookbook doesn't have direct dependencies on other cookbooks, as
+none are needed for the default recipe or the general use cases.
+
+Depending on your OS configuration and security policy, you may need
+additional recipes or cookbooks for this cookbook's recipes to
+converge on the node. In particular, the following Operating System
+settings may affect the behavior of this cookbook:
+
+* apt cache outdated
+* SELinux enabled
+* IPtables
+* Compile tools
+* 3rd party repositories
+
+On Ubuntu/Debian, use Opscode's `apt` cookbook to ensure the package
+cache is updated so Chef can install packages, or consider putting
+apt-get in your bootstrap process or
+[knife bootstrap template](http://wiki.opscode.com/display/chef/Knife+Bootstrap).
+
+On RHEL, SELinux is enabled by default. The `selinux` cookbook
+contains a `permissive` recipe that can be used to set SELinux to
+"Permissive" state. Otherwise, additional recipes need to be created
+by the user to address SELinux permissions.
+
+The easiest but **certainly not ideal way** to deal with IPtables is
+to flush all rules. Opscode does provide an `iptables` cookbook but is
+migrating from the approach used there to a more robust solution
+utilizing a general "firewall" LWRP that would have an "iptables"
+provider. Alternately, you can use ufw, with Opscode's `ufw` and
+`firewall` cookbooks to set up rules. See those cookbooks' READMEs for
+documentation.
+
+Build/compile tools may not be installed on the system by default.
+Some recipes (e.g., `apache2::mod_auth_openid`) build the module from
+source. Use Opscode's `build-essential` cookbook to get essential
+build packages installed.
+
+On ArchLinux, if you are using the `apache2::mod_auth_openid` recipe,
+you also need the `pacman` cookbook for the `pacman_aur` LWRP. Put
+`recipe[pacman]` on the node's expanded run list (on the node or in a
+role). This is not an explicit dependency because it is only required
+for this single recipe and platform; the pacman default recipe
+performs `pacman -Sy` to keep pacman's package cache updated.
+
+The `apache2::god_monitor` recipe uses a definition from the `god`
+cookbook. Include `recipe[god]` in the node's expanded run list to
+ensure that the cookbook is available to the node, and to set up `god`.
+
+## Platforms:
+
+The following platforms and versions are tested and supported using
+Opscode's [test-kitchen](http://github.com/opscode/test-kitchen).
+
+* Ubuntu 10.04, 12.04
+* CentOS 5.8, 6.3
+
+The following platform families are supported in the code, and are
+assumed to work based on the successful testing on Ubuntu and CentOS.
+
+* Debian
+* Red Hat (rhel)
+* Fedora
+* Amazon Linux
+
+The following platforms are also supported in the code, have been
+tested manually but are not tested under test-kitchen.
+
+* SUSE/OpenSUSE
+* ArchLinux
+* FreeBSD
+
+### Notes for RHEL Family:
+
+On Red Hat Enterprise Linux and derivatives, the EPEL repository may
+be necessary to install packages used in certain recipes. The
+`apache2::default` recipe, however, does not require any additional
+repositories. Opscode's `yum` cookbook contains a recipe to add the
+EPEL repository. See __Examples__ for more information.
+
+### Notes for FreeBSD:
+
+The `apache2::mod_php5` recipe depends on the `freebsd` cookbook,
+which it uses to set the correct options for compiling the `php5` port
+from sources. You need to ensure the `freebsd` is in the expanded run
+list, or this recipe will fail. We don't set an explicit dependency
+because we feel the `freebsd` cookbook is something users would want
+on their nodes, and due to the generality of this cookbook we don't
+want additional specific dependencies.
+
+Tests
+=====
+
+This cookbook in the
+[source repository](https://github.com/opscode-cookbooks/apache2)
+contains minitest and cucumber tests. This is an initial proof of
+concept that will be fleshed out with more supporting infrastructure
+at a future time.
+
+Please see the CONTRIBUTING file for information on how to add tests
+for your contributions.
+
+Attributes
+==========
+
+This cookbook uses many attributes, broken up into a few different
+kinds.
+
+Platform specific
+-----------------
+
+In order to support the broadest number of platforms, several
+attributes are determined based on the node's platform. See the
+attributes/default.rb file for default values in the case statement at
+the top of the file.
+
+* `node['apache']['dir']` - Location for the Apache configuration
+* `node['apache']['log_dir']` - Location for Apache logs
+* `node['apache']['error_log']` - Location for the default error log
+* `node['apache']['access_log']` - Location for the default access log
+* `node['apache']['user']` - User Apache runs as
+* `node['apache']['group']` - Group Apache runs as
+* `node['apache']['binary']` - Apache httpd server daemon
+* `node['apache']['icondir']` - Location for icons
+* `node['apache']['cache_dir']` - Location for cached files used by Apache itself or recipes
+* `node['apache']['pid_file']` - Location of the PID file for Apache httpd
+* `node['apache']['lib_dir']` - Location for shared libraries
+* `node['apache']['default_site_enabled']` - Default site enabled. Default is false.
+* `node['apache']['ext_status']` - if true, enables ExtendedStatus for `mod_status`
+
+General settings
+----------------
+
+These are general settings used in recipes and templates. Default
+values are noted.
+
+* `node['apache']['listen_addresses']` - Addresses that httpd should listen on. Default is any ("*").
+* `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is port 80.
+* `node['apache']['contact']` - Value for ServerAdmin directive. Default "ops@example.com".
+* `node['apache']['timeout']` - Value for the Timeout directive. Default is 300.
+* `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On.
+* `node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100.
+* `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5.
+* `node['apache']['default_modules']` - Array of module names. Can take "mod_FOO" or "FOO" as names, where FOO is the apache module, e.g. "`mod_status`" or "`status`".
+
+The modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`.
+
+Prefork attributes
+------------------
+
+Prefork attributes are used for tuning the Apache HTTPD prefork MPM
+configuration.
+
+* `node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16.
+* `node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16.
+* `node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32.
+* `node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 400.
+* `node['apache']['prefork']['maxclients']` - Maximum number of simultaneous connections.
+* `node['apache']['prefork']['maxrequestsperchild']` - Maximum number of request a child process will handle. Default 10000.
+
+Worker attributes
+-----------------
+
+Worker attributes are used for tuning the Apache HTTPD worker MPM
+configuration.
+
+* `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4
+* `node['apache']['worker']['serverlimit']` - upper limit on configurable server processes. Default 16.
+* `node['apache']['worker']['maxclients']` - Maximum number of simultaneous connections. Default 1024.
+* `node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64
+* `node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.
+* `node['apache']['worker']['maxrequestsperchild']` - Maximum number of requests a child process will handle.
+
+mod\_auth\_openid attributes
+----------------------------
+
+The following attributes are in the `attributes/mod_auth_openid.rb`
+file. Like all Chef attributes files, they are loaded as well, but
+they're logistically unrelated to the others, being specific to the
+`mod_auth_openid` recipe.
+
+* `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source.
+* `node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid
+* `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource.
+* `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default.
+* `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module.
+
+mod\_ssl attributes
+-------------------
+
+* `node['apache']['mod_ssl']['cipher_suite']` - sets the
+  SSLCiphersuite value to the specified string. The default is
+  considered "sane" but you may need to change it for your local
+  security policy, e.g. if you have PCI-DSS requirements. Additional
+  commentary on the
+  [original pull request](https://github.com/opscode-cookbooks/apache2/pull/15#commitcomment-1605406).
+
+Recipes
+=======
+
+Most of the recipes in the cookbook are for enabling Apache modules.
+Where additional configuration or behavior is used, it is documented
+below in more detail.
+
+The following recipes merely enable the specified module: `mod_alias`,
+`mod_basic`, `mod_digest`, `mod_authn_file`, `mod_authnz_ldap`,
+`mod_authz_default`, `mod_authz_groupfile`, `mod_authz_host`,
+`mod_authz_user`, `mod_autoindex`, `mod_cgi`, `mod_dav_fs`,
+`mod_dav_svn`, `mod_deflate`, `mod_dir`, `mod_env`, `mod_expires`,
+`mod_headers`, `mod_ldap`, `mod_log_config`, `mod_mime`,
+`mod_negotiation`, `mod_proxy`, `mod_proxy_ajp`, `mod_proxy_balancer`,
+`mod_proxy_connect`, `mod_proxy_http`, `mod_python`, `mod_rewrite`,
+`mod_setenvif`, `mod_status`, `mod_wsgi`, `mod_xsendfile`.
+
+On RHEL Family distributions, certain modules ship with a config file
+with the package. The recipes here may delete those configuration
+files to ensure they don't conflict with the settings from the
+cookbook, which will use per-module configuration in
+`/etc/httpd/mods-enabled`.
+
+default
+-------
+
+The default recipe does a number of things to set up Apache HTTPd. It
+also includes a number of modules based on the attribute
+`node['apache']['default_modules']` as recipes.
+
+logrotate
+---------
+
+Logrotate adds a logrotate entry for your apache2 logs. This recipe
+requires the `logrotate` cookbook; ensure that `recipe[logrotate]` is
+in the node's expanded run list.
+
+mod\_auth\_cas
+--------------
+
+This recipe installs the proper package and enables the `auth_cas`
+module. It can install from source or package. Package is the default,
+set the attribute `node['apache']['mod_auth_cas']['from_source']` to
+true to enable source installation. Modify the version to install by
+changing the attribute
+`node['apache']['mod_auth_cas']['source_revision']`. It is a version
+tag by default, but could be master, or another tag, or branch.
+
+The module configuration is written out with the `CASCookiePath` set,
+otherwise an error loading the module may cause Apache to not start.
+
+**Note**: This recipe does not work on EL 6 platforms unless
+epel-testing repository is enabled (outside the scope of this
+cookbook), or the package version 1.0.8.1-3.el6 or higher is otherwise
+available to the system due to this bug:
+
+https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=708550
+
+mod\_auth\_openid
+-----------------
+
+**Changed via COOK-915**
+
+This recipe compiles the module from source. In addition to
+`build-essential`, some other packages are included for installation
+like the GNU C++ compiler and development headers.
+
+To use the module in your own cookbooks to authenticate systems using
+OpenIDs, specify an array of OpenIDs that are allowed to authenticate
+with the attribute `node['apache']['allowed_openids']`. Use the
+following in a vhost to protect with OpenID authentication:
+
+    AuthType OpenID require user <%= node['apache']['allowed_openids'].join(' ') %>
+    AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %>
+
+Change the DBLocation with the attribute as required; this file is in
+a different location than previous versions, see below. It should be a
+sane default for most platforms, though, see
+`attributes/mod_auth_openid.rb`.
+
+### Changes from COOK-915:
+
+* `AuthType OpenID` instead of `AuthOpenIDEnabled On`.
+* `require user` instead of `AuthOpenIDUserProgram`.
+* A bug(?) in `mod_auth_openid` causes it to segfault when attempting
+  to update the database file if the containing directory is not
+  writable by the HTTPD process owner (e.g., www-data), even if the
+  file is writable. In order to not interfere with other settings from
+  the default recipe in this cookbook, the db file is moved.
+
+mod\_fastcgi
+------------
+
+Install the fastcgi package and enable the module.
+
+Only work on Debian/Ubuntu
+
+mod\_fcgid
+----------
+
+Installs the fcgi package and enables the module. Requires EPEL on
+RHEL family.
+
+On RHEL family, this recipe will delete the fcgid.conf and on version
+6+, create the /var/run/httpd/mod_fcgid` directory, which prevents the
+emergency error:
+
+    [emerg] (2)No such file or directory: mod_fcgid: Can't create shared memory for size XX bytes
+
+mod\_php5
+--------
+
+Simply installs the appropriate package on Debian, Ubuntu and
+ArchLinux.
+
+On Red Hat family distributions including Fedora, the php.conf that
+comes with the package is removed. On RHEL platforms less than v6, the
+`php53` package is used.
+
+mod\_ssl
+--------
+
+Besides installing and enabling `mod_ssl`, this recipe will append
+port 443 to the `node['apache']['listen_ports']` attribute array and
+update the ports.conf.
+
+god\_monitor
+------------
+
+Sets up a `god` monitor for Apache. External requirements are the
+`god` and `runit` cookbooks from Opscode. When using this recipe,
+include `recipe[god]` in the node's expanded run list to ensure the
+client downloads it; `god` depends on runit so that will also be
+downloaded.
+
+**Note** This recipe is not tested under test-kitchen yet and is
+  pending fix in COOK-744.
+
+Definitions
+===========
+
+The cookbook provides a few definitions. At some point in the future
+these definitions may be refactored into lightweight resources and
+providers as suggested by
+[foodcritic rule FC015](http://acrmp.github.com/foodcritic/#FC015).
+
+apache\_conf
+------------
+
+Sets up configuration file for an Apache module from a template. The
+template should be in the same cookbook where the definition is used.
+This is used by the `apache_module` definition and is not often used
+directly.
+
+This will use a template resource to write the module's configuration
+file in the `mods-available` under the Apache configuration directory
+(`node['apache']['dir']`). This is a platform-dependent location. See
+__apache\_module__.
+
+### Parameters:
+
+* `name` - Name of the template. When used from the `apache_module`,
+  it will use the same name as the module.
+
+### Examples:
+
+Create `#{node['apache']['dir']}/mods-available/alias.conf`.
+
+    apache_conf "alias"
+
+apache\_module
+--------------
+
+Enable or disable an Apache module in
+`#{node['apache']['dir']}/mods-available` by calling `a2enmod` or
+`a2dismod` to manage the symbolic link in
+`#{node['apache']['dir']}/mods-enabled`. If the module has a
+configuration file, a template should be created in the cookbook where
+the definition is used. See __Examples__.
+
+### Parameters:
+
+* `name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts.
+* `enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`.
+* `conf` - Default false. Set to true if the module has a config file, which will use `apache_conf` for the file.
+* `filename` - specify the full name of the file, e.g.
+
+### Examples:
+
+Enable the ssl module, which also has a configuration template in `templates/default/mods/ssl.conf.erb`.
+
+    apache_module "ssl" do
+      conf true
+    end
+
+Enable the php5 module, which has a different filename than the module default:
+
+    apache_module "php5" do
+      filename "libphp5.so"
+    end
+
+Disable a module:
+
+    apache_module "disabled_module" do
+      enable false
+    end
+
+See the recipes directory for many more examples of `apache_module`.
+
+apache\_site
+------------
+
+Enable or disable a VirtualHost in
+`#{node['apache']['dir']}/sites-available` by calling a2ensite or
+a2dissite to manage the symbolic link in
+`#{node['apache']['dir']}/sites-enabled`.
+
+The template for the site must be managed as a separate resource. To
+combine the template with enabling a site, see `web_app`.
+
+### Parameters:
+
+* `name` - Name of the site.
+* `enable` - Default true, which uses `a2ensite` to enable the site. If false, the site will be disabled with `a2dissite`.
+
+web\_app
+--------
+
+Manage a template resource for a VirtualHost site, and enable it with
+`apache_site`. This is commonly done for managing web applications
+such as Ruby on Rails, PHP or Django, and the default behavior
+reflects that. However it is flexible.
+
+This definition includes some recipes to make sure the system is
+configured to have Apache and some sane default modules:
+
+* `apache2`
+* `apache2::mod_rewrite`
+* `apache2::mod_deflate`
+* `apache2::mod_headers`
+
+It will then configure the template (see __Parameters__ and
+__Examples__ below), and enable or disable the site per the `enable`
+parameter.
+
+### Parameters:
+
+Current parameters used by the definition:
+
+* `name` - The name of the site. The template will be written to
+  `#{node['apache']['dir']}/sites-available/#{params['name']}.conf`
+* `cookbook` - Optional. Cookbook where the source template is. If
+  this is not defined, Chef will use the named template in the
+  cookbook where the definition is used.
+* `template` - Default `web_app.conf.erb`, source template file.
+* `enable` - Default true. Passed to the `apache_site` definition.
+
+Additional parameters can be defined when the definition is called in
+a recipe, see __Examples__.
+
+### Examples:
+
+All parameters are passed into the template. You can use whatever you
+like. The apache2 cookbook comes with a `web_app.conf.erb` template as
+an example. The following parameters are used in the template:
+
+* `server_name` - ServerName directive.
+* `server_aliases` - ServerAlias directive. Must be an array of aliases.
+* `docroot` - DocumentRoot directive.
+* `application_name` - Used in RewriteLog directive. Will be set to the `name` parameter.
+* `directory_index` - Allow overriding the default DirectoryIndex setting, optional
+* `directory_options` - Override Options on the docroot, for example to add parameters like Includes or Indexes, optional.
+* `allow_override` - Modify the AllowOverride directive on the docroot to support apps that need .htaccess to modify configuration or require authentication.
+
+To use the default web_app, for example:
+
+    web_app "my_site" do
+      server_name node['hostname']
+      server_aliases [node['fqdn'], "my-site.example.com"]
+      docroot "/srv/www/my_site"
+    end
+
+The parameters specified will be used as:
+
+* `@params[:server_name]`
+* `@params[:server_aliases]`
+* `@params[:docroot]`
+
+In the template. When you write your own, the `@` is significant.
+
+For more information about Definitions and parameters, see the
+[Chef Wiki](http://wiki.opscode.com/display/chef/Definitions)
+
+Usage
+=====
+
+Using this cookbook is relatively straightforward. Add the desired
+recipes to the run list of a node, or create a role. Depending on your
+environment, you may have multiple roles that use different recipes
+from this cookbook. Adjust any attributes as desired. For example, to
+create a basic role for web servers that provide both HTTP and HTTPS:
+
+    % cat roles/webserver.rb
+    name "webserver"
+    description "Systems that serve HTTP and HTTPS"
+    run_list(
+      "recipe[apache2]",
+      "recipe[apache2::mod_ssl]"
+    )
+    default_attributes(
+      "apache" => {
+        "listen_ports" => ["80", "443"]
+      }
+    )
+
+For examples of using the definitions in your own recipes, see their
+respective sections above.
+
+License and Authors
+===================
+
+* Author:: Adam Jacob <adam@opscode.com>
+* Author:: Joshua Timberman <joshua@opscode.com>
+* Author:: Bryan McLellan <bryanm@widemile.com>
+* Author:: Dave Esposito <esposito@espolinux.corpnet.local>
+* Author:: David Abdemoulaie <github@hobodave.com>
+* Author:: Edmund Haselwanter <edmund@haselwanter.com>
+* Author:: Eric Rochester <err8n@virginia.edu>
+* Author:: Jim Browne <jbrowne@42lines.net>
+* Author:: Matthew Kent <mkent@magoazul.com>
+* Author:: Nathen Harvey <nharvey@customink.com>
+* Author:: Ringo De Smet <ringo.de.smet@amplidata.com>
+* Author:: Sean OMeara <someara@opscode.com>
+* Author:: Seth Chisamore <schisamo@opscode.com>
+* Author:: Gilles Devaux <gilles@peerpong.com>
+
+* Copyright:: 2009-2012, Opscode, Inc
+* Copyright:: 2011, Atriso
+* Copyright:: 2011, CustomInk, LLC.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
@@ -0,0 +1,53 @@
+This cookbook uses a variety of testing components:
+
+- Unit tests: [ChefSpec](https://github.com/acrmp/chefspec)
+- Integration tests: [Test Kitchen](https://github.com/opscode/test-kitchen)
+- Chef Style lints: [Foodcritic](https://github.com/acrmp/foodcritic)
+- Ruby Style lints: [Rubocop](https://github.com/bbatsov/rubocop)
+
+
+Prerequisites
+-------------
+To develop on this cookbook, you must have a sane Ruby 1.9+ environment. Given the nature of this installation process (and it's variance across multiple operating systems), we will leave this installation process to the user.
+
+You must also have `bundler` installed:
+
+    $ gem install bundler
+
+You must also have Vagrant and VirtualBox installed:
+
+- [Vagrant](https://vagrantup.com)
+- [VirtualBox](https://virtualbox.org)
+
+Once installed, you must install the `vagrant-berkshelf` plugin:
+
+    $ vagrant plugin install vagrant-berkshelf
+
+
+Development
+-----------
+1. Clone the git repository from GitHub:
+
+        $ git clone git@github.com:opscode-cookbooks/COOKBOOK.git
+
+2. Install the dependencies using bundler:
+
+        $ bundle install
+
+3. Create a branch for your changes:
+
+        $ git checkout -b my_bug_fix
+
+4. Make any changes
+5. Write tests to support those changes. It is highly recommended you write both unit and integration tests.
+6. Run the tests:
+    - `bundle exec rspec`
+    - `bundle exec foodcritic .`
+    - `bundle exec rubocop`
+    - `bundle exec kitchen test`
+
+7. Assuming the tests pass, open a Pull Request on GitHub
+8. Open a JIRA ticket for this compontent, linking the JIRA ticket to the Pull Request and visa versa.
+9. Mark the JIRA ticket as "Fix Provided"
+
+For more information, see [Opscode's Contribution Guidelines](https://wiki.opscode.com/display/chef/How+to+Contribute).
@@ -0,0 +1,177 @@
+#
+# Cookbook Name:: apache2
+# Attributes:: apache
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apache']['root_group'] = 'root'
+
+# Where the various parts of apache are
+case node['platform']
+when 'redhat', 'centos', 'scientific', 'fedora', 'suse', 'amazon', 'oracle'
+  default['apache']['package']     = 'httpd'
+  default['apache']['dir']         = '/etc/httpd'
+  default['apache']['log_dir']     = '/var/log/httpd'
+  default['apache']['error_log']   = 'error.log'
+  default['apache']['access_log']  = 'access.log'
+  default['apache']['user']        = 'apache'
+  default['apache']['group']       = 'apache'
+  default['apache']['binary']      = '/usr/sbin/httpd'
+  default['apache']['docroot_dir'] = '/var/www/html'
+  default['apache']['cgibin_dir']  = '/var/www/cgi-bin'
+  default['apache']['icondir']     = '/var/www/icons'
+  default['apache']['cache_dir']   = '/var/cache/httpd'
+  default['apache']['pid_file']    = if node['platform_version'].to_f >= 6
+                                       '/var/run/httpd/httpd.pid'
+                                     else
+                                       '/var/run/httpd.pid'
+                                     end
+  default['apache']['lib_dir']     = node['kernel']['machine'] =~ /^i[36]86$/ ? '/usr/lib/httpd' : '/usr/lib64/httpd'
+  default['apache']['libexecdir']  = "#{node['apache']['lib_dir']}/modules"
+  default['apache']['default_site_enabled'] = false
+when 'debian', 'ubuntu'
+  default['apache']['package']     = 'apache2'
+  default['apache']['dir']         = '/etc/apache2'
+  default['apache']['log_dir']     = '/var/log/apache2'
+  default['apache']['error_log']   = 'error.log'
+  default['apache']['access_log']  = 'access.log'
+  default['apache']['user']        = 'www-data'
+  default['apache']['group']       = 'www-data'
+  default['apache']['binary']      = '/usr/sbin/apache2'
+  default['apache']['docroot_dir'] = '/var/www'
+  default['apache']['cgibin_dir']  = '/usr/lib/cgi-bin'
+  default['apache']['icondir']     = '/usr/share/apache2/icons'
+  default['apache']['cache_dir']   = '/var/cache/apache2'
+  default['apache']['pid_file']    = '/var/run/apache2.pid'
+  default['apache']['lib_dir']     = '/usr/lib/apache2'
+  default['apache']['libexecdir']  = "#{node['apache']['lib_dir']}/modules"
+  default['apache']['default_site_enabled'] = false
+when 'arch'
+  default['apache']['package']     = 'apache'
+  default['apache']['dir']         = '/etc/httpd'
+  default['apache']['log_dir']     = '/var/log/httpd'
+  default['apache']['error_log']   = 'error.log'
+  default['apache']['access_log']  = 'access.log'
+  default['apache']['user']        = 'http'
+  default['apache']['group']       = 'http'
+  default['apache']['binary']      = '/usr/sbin/httpd'
+  default['apache']['docroot_dir'] = '/srv/http'
+  default['apache']['cgibin_dir']  = '/usr/share/httpd/cgi-bin'
+  default['apache']['icondir']     = '/usr/share/httpd/icons'
+  default['apache']['cache_dir']   = '/var/cache/httpd'
+  default['apache']['pid_file']    = '/var/run/httpd/httpd.pid'
+  default['apache']['lib_dir']     = '/usr/lib/httpd'
+  default['apache']['libexecdir']  = "#{node['apache']['lib_dir']}/modules"
+  default['apache']['default_site_enabled'] = false
+when 'freebsd'
+  default['apache']['package']     = 'apache22'
+  default['apache']['dir']         = '/usr/local/etc/apache22'
+  default['apache']['log_dir']     = '/var/log'
+  default['apache']['error_log']   = 'httpd-error.log'
+  default['apache']['access_log']  = 'httpd-access.log'
+  default['apache']['root_group']  = 'wheel'
+  default['apache']['user']        = 'www'
+  default['apache']['group']       = 'www'
+  default['apache']['binary']      = '/usr/local/sbin/httpd'
+  default['apache']['docroot_dir'] = '/usr/local/www/apache22/data'
+  default['apache']['cgibin_dir']  = '/usr/local/www/apache22/cgi-bin'
+  default['apache']['icondir']     = '/usr/local/www/apache22/icons'
+  default['apache']['cache_dir']   = '/var/run/apache22'
+  default['apache']['pid_file']    = '/var/run/httpd.pid'
+  default['apache']['lib_dir']     = '/usr/local/libexec/apache22'
+  default['apache']['libexecdir']  = node['apache']['lib_dir']
+  default['apache']['default_site_enabled'] = false
+else
+  default['apache']['dir']         = '/etc/apache2'
+  default['apache']['log_dir']     = '/var/log/apache2'
+  default['apache']['error_log']   = 'error.log'
+  default['apache']['access_log']  = 'access.log'
+  default['apache']['user']        = 'www-data'
+  default['apache']['group']       = 'www-data'
+  default['apache']['binary']      = '/usr/sbin/apache2'
+  default['apache']['docroot_dir'] = '/var/www'
+  default['apache']['cgibin_dir']  = '/usr/lib/cgi-bin'
+  default['apache']['icondir']     = '/usr/share/apache2/icons'
+  default['apache']['cache_dir']   = '/var/cache/apache2'
+  default['apache']['pid_file']    = 'logs/httpd.pid'
+  default['apache']['lib_dir']     = '/usr/lib/apache2'
+  default['apache']['libexecdir']  = "#{node['apache']['lib_dir']}/modules"
+  default['apache']['default_site_enabled'] = false
+end
+
+###
+# These settings need the unless, since we want them to be tunable,
+# and we don't want to override the tunings.
+###
+
+# General settings
+default['apache']['listen_addresses']  = %w[*]
+default['apache']['listen_ports']      = %w[80]
+default['apache']['contact']           = 'ops@example.com'
+default['apache']['timeout']           = 300
+default['apache']['keepalive']         = 'On'
+default['apache']['keepaliverequests'] = 100
+default['apache']['keepalivetimeout']  = 5
+
+# Security
+default['apache']['servertokens']    = 'Prod'
+default['apache']['serversignature'] = 'On'
+default['apache']['traceenable']     = 'On'
+
+# mod_auth_openids
+default['apache']['allowed_openids'] = []
+
+# mod_status Allow list, space seprated list of allowed entries.
+default['apache']['status_allow_list'] = 'localhost ip6-localhost'
+
+# mod_status ExtendedStatus, set to 'true' to enable
+default['apache']['ext_status'] = false
+
+# mod_info Allow list, space seprated list of allowed entries.
+default['apache']['info_allow_list'] = 'localhost ip6-localhost'
+
+# Prefork Attributes
+default['apache']['prefork']['startservers']        = 16
+default['apache']['prefork']['minspareservers']     = 16
+default['apache']['prefork']['maxspareservers']     = 32
+default['apache']['prefork']['serverlimit']         = 400
+default['apache']['prefork']['maxclients']          = 400
+default['apache']['prefork']['maxrequestsperchild'] = 10_000
+
+# Worker Attributes
+default['apache']['worker']['startservers']        = 4
+default['apache']['worker']['serverlimit']         = 16
+default['apache']['worker']['maxclients']          = 1024
+default['apache']['worker']['minsparethreads']     = 64
+default['apache']['worker']['maxsparethreads']     = 192
+default['apache']['worker']['threadsperchild']     = 64
+default['apache']['worker']['maxrequestsperchild'] = 0
+
+# mod_proxy settings
+default['apache']['proxy']['order']      = 'deny,allow'
+default['apache']['proxy']['deny_from']  = 'all'
+default['apache']['proxy']['allow_from'] = 'none'
+
+# Default modules to enable via include_recipe
+
+default['apache']['default_modules'] = %w[
+  status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex
+  dir env mime negotiation setenvif
+]
+
+%w[log_config logio].each do |log_mod|
+  default['apache']['default_modules'] << log_mod if %w[rhel fedora suse arch freebsd].include?(node['platform_family'])
+end
@@ -0,0 +1,21 @@
+#
+# Cookbook Name:: apache2
+# Attributes:: mod_auth_cas
+#
+# Copyright 2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apache']['mod_auth_cas']['from_source']     = false
+default['apache']['mod_auth_cas']['source_revision'] = 'v1.0.8.1'
@@ -0,0 +1,33 @@
+#
+# Cookbook Name:: apache2
+# Attributes:: mod_auth_cas
+#
+# Copyright 2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apache']['mod_auth_openid']['ref']        = '95043901eab868400937642d9bc55d17e9dd069f'
+default['apache']['mod_auth_openid']['source_url'] = "https://github.com/bmuller/mod_auth_openid/archive/#{node['apache']['mod_auth_openid']['ref']}.tar.gz"
+default['apache']['mod_auth_openid']['cache_dir']  = '/var/cache/mod_auth_openid'
+default['apache']['mod_auth_openid']['dblocation'] = "#{node['apache']['mod_auth_openid']['cache_dir']}/mod_auth_openid.db"
+
+case node['platform_family']
+when 'freebsd'
+  default['apache']['mod_auth_openid']['configure_flags'] = [
+    'CPPFLAGS=-I/usr/local/include',
+    'LDFLAGS=-I/usr/local/lib -lsqlite3'
+  ]
+else
+  default['apache']['mod_auth_openid']['configure_flags'] = []
+end
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Attributes:: mod_fastcgi
+#
+# Copyright 2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apache']['mod_fastcgi']['download_url'] = 'http://www.fastcgi.com/dist/mod_fastcgi-current.tar.gz'
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Attributes:: mod_ssl
+#
+# Copyright 2012-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apache']['mod_ssl']['cipher_suite'] = 'RC4-SHA:HIGH:!ADH'
@@ -0,0 +1,26 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_conf
+#
+# Copyright 2008-20013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_conf do
+  template "#{node['apache']['dir']}/mods-available/#{params[:name]}.conf" do
+    source   "mods/#{params[:name]}.conf.erb"
+    mode     '0644'
+    notifies :restart, 'service[apache2]'
+  end
+end
@@ -0,0 +1,51 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_module
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_module, :enable => true, :conf => false do
+  include_recipe 'apache2::default'
+
+  params[:filename]    = params[:filename] || "mod_#{params[:name]}.so"
+  params[:module_path] = params[:module_path] || "#{node['apache']['libexecdir']}/#{params[:filename]}"
+
+  apache_conf params[:name] if params[:conf]
+
+  if platform_family?('rhel', 'fedora', 'arch', 'suse', 'freebsd')
+    file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do
+      content "LoadModule #{params[:name]}_module #{params[:module_path]}\n"
+      mode    '0644'
+    end
+  end
+
+  if params[:enable]
+    execute "a2enmod #{params[:name]}" do
+      command "/usr/sbin/a2enmod #{params[:name]}"
+      notifies :restart, 'service[apache2]'
+      not_if do
+        ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") &&
+        (::File.exists?("#{node['apache']['dir']}/mods-available/#{params[:name]}.conf") ? ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.conf") : true)
+      end
+    end
+  else
+    execute "a2dismod #{params[:name]}" do
+      command "/usr/sbin/a2dismod #{params[:name]}"
+      notifies :restart, 'service[apache2]'
+      only_if { ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") }
+    end
+  end
+end
@@ -0,0 +1,43 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_site
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_site, :enable => true do
+  include_recipe 'apache2::default'
+
+  if params[:enable]
+    execute "a2ensite #{params[:name]}" do
+      command "/usr/sbin/a2ensite #{params[:name]}"
+      notifies :restart, 'service[apache2]'
+      not_if do
+        ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") ||
+        ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{params[:name]}")
+      end
+      only_if { ::File.exists?("#{node['apache']['dir']}/sites-available/#{params[:name]}") }
+    end
+  else
+    execute "a2dissite #{params[:name]}" do
+      command "/usr/sbin/a2dissite #{params[:name]}"
+      notifies :restart, 'service[apache2]'
+      only_if do
+        ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") ||
+        ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{params[:name]}")
+      end
+    end
+  end
+end
@@ -0,0 +1,48 @@
+#
+# Cookbook Name:: apache2
+# Definition:: web_app
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :web_app, :template => 'web_app.conf.erb', :enable => true do
+
+  application_name = params[:name]
+
+  include_recipe 'apache2::default'
+  include_recipe 'apache2::mod_rewrite'
+  include_recipe 'apache2::mod_deflate'
+  include_recipe 'apache2::mod_headers'
+
+  template "#{node['apache']['dir']}/sites-available/#{application_name}.conf" do
+    source   params[:template]
+    owner    'root'
+    group    node['apache']['root_group']
+    mode     '0644'
+    cookbook params[:cookbook] if params[:cookbook]
+    variables(
+      :application_name => application_name,
+      :params           => params
+    )
+    if ::File.exists?("#{node['apache']['dir']}/sites-enabled/#{application_name}.conf")
+      notifies :reload, 'service[apache2]'
+    end
+  end
+
+  site_enabled = params[:enable]
+  apache_site "#{params[:name]}.conf" do
+    enable site_enabled
+  end
+end
@@ -0,0 +1,41 @@
+#!/usr/bin/perl
+
+=begin
+
+Generates Ubuntu style module.load files.
+
+./apache2_module_conf_generate.pl /usr/lib64/httpd/modules /etc/httpd/mods-available
+
+ARGV[0] is the apache modules directory, ARGV[1] is where you want 'em.
+
+=cut
+
+use File::Find;
+
+use strict;
+use warnings;
+
+die "Must have '/path/to/modules' and '/path/to/modules.load'"
+  unless $ARGV[0] && $ARGV[1];
+
+find(
+  {
+    wanted => sub {
+      return 1 if $File::Find::name !~ /\.so$/;
+      my $modfile = $_;
+      $modfile =~ /(lib|mod_)(.+)\.so$/;
+      my $modname  = $2;
+      my $filename = "$ARGV[1]/$modname.load";
+      unless ( -f $filename ) {
+        open( FILE, ">", $filename ) or die "Cannot open $filename";
+        print FILE "LoadModule " . $modname . "_module $File::Find::name\n";
+        close(FILE);
+      }
+    },
+    follow => 1,
+  },
+  $ARGV[0]
+);
+
+exit 0;
+
@@ -0,0 +1,76 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::default' do
+  include Helpers::Apache
+
+  it 'installs apache' do
+    package(node['apache']['package']).must_be_installed
+  end
+
+  it 'starts apache' do
+    apache_service.must_be_running
+  end
+
+  it 'enables apache' do
+    apache_service.must_be_enabled
+  end
+
+  it 'creates the conf.d directory' do
+    directory("#{node['apache']['dir']}/conf.d").must_exist.with(:mode, '755')
+  end
+
+  it 'creates the logs directory' do
+    directory(node['apache']['log_dir']).must_exist
+  end
+
+  it 'enables the default site unless it is disabled' do
+    skip unless node['apache']['default_site_enabled']
+    file("#{node['apache']['dir']}/sites-enabled/000-default").must_exist
+    file("#{node['apache']['dir']}/sites-available/default").must_exist
+  end
+
+  it 'ensures the debian-style apache module scripts are present' do
+    %w{a2ensite a2dissite a2enmod a2dismod}.each do |mod_script|
+      file("/usr/sbin/#{mod_script}").must_exist
+    end
+  end
+
+  it 'reports server name only, not detailed version info' do
+    assert_match(/^ServerTokens #{node['apache']['servertokens']} *$/, File.read("#{node['apache']['dir']}/conf.d/security"))
+  end
+
+  it 'listens on port 80' do
+    apache_configured_ports.must_include(80)
+  end
+
+  it 'only listens on port 443 when SSL is enabled' do
+    unless ran_recipe?('apache2::mod_ssl')
+      apache_configured_ports.wont_include(443)
+    end
+  end
+
+  it 'reports server name only, not detailed version info' do
+    file("#{node['apache']['dir']}/conf.d/security").must_match(/^ServerTokens #{node['apache']['servertokens']} *$/)
+  end
+
+  it 'enables default_modules' do
+    node['apache']['default_modules'].each do |a2mod|
+      apache_enabled_modules.must_include "#{a2mod}_module"
+    end
+  end
+
+  describe 'centos' do
+    it 'ensures no modules are loaded in conf.d' do
+      Dir["#{node['apache']['dir']}/conf.d/*"].each do |f|
+        file(f).wont_include 'LoadModule'
+      end
+    end
+  end
+
+  describe 'configuration' do
+    it { config.must_include '# Generated by Chef' }
+    it { config.must_include %Q{ServerRoot "#{node['apache']['dir']}"} }
+    it { config.must_include "Include #{node['apache']['dir']}/conf.d/" }
+    it { apache_config_parses? }
+  end
+end
@@ -0,0 +1,34 @@
+#
+# Author:: Joshua Timberman <joshua@opscode.com>
+# Copyright:: Copyright (c) 2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::god_monitor' do
+  include Helpers::Apache
+
+  it 'starts god service to supervise apache2' do
+    service('god').must_be_running
+  end
+
+  it 'creates the god service template for apache' do
+    file('/etc/god/conf.d/apache2.god').must_exist
+  end
+
+  it 'starts an apache2 service that works like a regular service' do
+    # to be implemented when COOK-744 is fixed
+  end
+end
@@ -0,0 +1,19 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::mod_apreq2' do
+  include Helpers::Apache
+
+  it 'enables apreq_module' do
+    apache_enabled_modules.must_include 'apreq_module'
+  end
+
+  it 'symlinks the module on EL' do
+    skip unless %w[rhel fedora].include?(node['platform_family'])
+    libdir = node['kernel']['machine'] == 'x86_64' ? 'lib64' : 'lib'
+    link(
+      "/usr/#{libdir}/httpd/modules/mod_apreq.so"
+    ).must_exist.with(
+        :link_type, :symbolic).and(:to, "/usr/#{libdir}/httpd/modules/mod_apreq2.so"
+        )
+  end
+end
@@ -0,0 +1,10 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::mod_auth_cas' do
+  include Helpers::Apache
+
+  it 'enables auth_cas_module' do
+    skip if %w[rhel fedora].include?(node['platform_family']) && node['platform_version'].to_f > 6.0
+    apache_enabled_modules.must_include 'auth_cas_module'
+  end
+end
@@ -0,0 +1,36 @@
+require File.expand_path('../support/helpers', __FILE__)
+require 'pathname'
+
+describe 'apache2::mod_auth_openid' do
+  include Helpers::Apache
+
+  it 'installs the opekele library' do
+    lib_dir = Pathname.new(node['apache']['lib_dir']).dirname.to_s
+    file("#{lib_dir}/libopkele.so").must_exist
+  end
+
+  it 'does not add the module to httpd.conf' do
+    conffile = case node['platform']
+               when 'debian', 'ubuntu'
+                 'apache2.conf'
+               when 'redhat', 'centos', 'scientific', 'fedora', 'arch', 'amazon'
+                 'conf/httpd.conf'
+               when 'freebsd'
+                 'httpd.conf'
+               end
+    httpd_config = File.read(File.join(node['apache']['dir'], conffile))
+    refute_match /^LoadModule authopenid_module /, httpd_config
+  end
+
+  it 'creates a cache directory for the module' do
+    directory(node['apache']['mod_auth_openid']['cache_dir']).must_exist.with(:owner, node['apache']['user'])
+  end
+
+  it 'ensures the db file is writable by apache' do
+    file(node['apache']['mod_auth_openid']['dblocation']).must_exist.with(:owner, node['apache']['user']).and(:mode, '644')
+  end
+
+  it 'enables authopenid_module' do
+    apache_enabled_modules.must_include 'authopenid_module'
+  end
+end
@@ -0,0 +1,12 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::mod_cgi' do
+  include Helpers::Apache
+
+  # the cgi module can be either cgi or cgid
+  it 'enables cgi or cgid_module' do
+    assert(apache_enabled_modules.include?('cgi_module') ||
+      apache_enabled_modules.include?('cgid_module')
+    )
+  end
+end
@@ -0,0 +1,13 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::mod_dav_svn' do
+  include Helpers::Apache
+
+  it 'enables dav_svn_module' do
+    apache_enabled_modules.must_include('dav_svn_module')
+  end
+
+  it 'enables dav_module' do
+    apache_enabled_modules.must_include('dav_module')
+  end
+end
@@ -0,0 +1,10 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::mod_fastcgi' do
+  include Helpers::Apache
+
+  it 'enables fastcgi_module' do
+    skip if %w{rhel fedora}.include?(node['platform_family'])
+    apache_enabled_modules.must_include 'fastcgi_module'
+  end
+end
@@ -0,0 +1,14 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::mod_include' do
+  include Helpers::Apache
+
+  it 'enables include_module' do
+    apache_enabled_modules.must_include 'include_module'
+  end
+
+  it 'drops off the include module configuration' do
+    assert_match(/AddType text\/html .shtml/, File.read("#{node['apache']['dir']}/mods-enabled/include.conf"))
+    assert_match(/AddOutputFilter INCLUDES .shtml/, File.read("#{node['apache']['dir']}/mods-enabled/include.conf"))
+  end
+end
@@ -0,0 +1,17 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::mod_perl' do
+  include Helpers::Apache
+
+  it 'enables perl_module' do
+    apache_enabled_modules.must_include('perl_module')
+  end
+
+  it 'installs the apache request library' do
+    req_pkg = case node['platform']
+              when 'debian', 'ubuntu' then 'libapache2-request-perl'
+              else 'perl-libapreq2'
+              end
+    package(req_pkg).must_be_installed
+  end
+end
@@ -0,0 +1,13 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::mod_php5' do
+  include Helpers::Apache
+
+  it 'enables php5_module' do
+    apache_enabled_modules.must_include('php5_module')
+  end
+
+  it 'deletes the packaged php config if any' do
+    file("#{node['apache']['dir']}/conf.d/php.conf").wont_exist
+  end
+end
@@ -0,0 +1,9 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::mod_python' do
+  include Helpers::Apache
+
+  it 'enables python_module' do
+    apache_enabled_modules.must_include('python_module')
+  end
+end
@@ -0,0 +1,27 @@
+require File.expand_path('../support/helpers', __FILE__)
+
+describe 'apache2::mod_ssl' do
+  include Helpers::Apache
+
+  it 'installs the mod_ssl package on RHEL distributions' do
+    skip unless %w[rhel fedora].include?(node['platform_family'])
+    package('mod_ssl').must_be_installed
+  end
+
+  it 'enables ssl_module' do
+    apache_enabled_modules.must_include 'ssl_module'
+  end
+
+  it 'does not store SSL config in conf.d' do
+    file("#{node['apache']['dir']}/conf.d/ssl.conf").wont_exist
+  end
+
+  it 'is configured to listen on port 443' do
+    apache_configured_ports.must_include(443)
+  end
+
+  it 'configures SSLCiphersuit from an attribute' do
+    assert_match(/^SSLCipherSuite #{node['apache']['mod_ssl']['cipher_suite']}$/,
+      File.read("#{node['apache']['dir']}/mods-enabled/ssl.conf"))
+  end
+end
@@ -0,0 +1,66 @@
+module Helpers
+  # MiniTest helpers
+  module Apache
+    require 'chef/mixin/shell_out'
+    include Chef::Mixin::ShellOut
+    include MiniTest::Chef::Assertions
+    include MiniTest::Chef::Context
+    include MiniTest::Chef::Resources
+
+    def apache_config_parses?
+      acp = shell_out("#{node['apache']['binary']} -t")
+      acp.exitstatus == 0
+    end
+
+    def apache_configured_ports
+      port_config = File.read("#{node['apache']['dir']}/ports.conf")
+      port_config.scan(/^Listen ([0-9]+)/).flatten.map { |p| p.to_i }
+    end
+
+    def apache_enabled_modules
+      apache_modules = shell_out("#{node['apache']['binary']} -M")
+      apache_modules.send(
+        if node['platform_family'] == 'rhel' && node['platform_version'].to_f < 6.0
+          :stderr
+        else
+          :stdout
+        end
+      ).split.select! { |i| i =~ /_module$/ }
+    end
+
+    def apache_service
+      service(
+        case node['platform']
+        when 'debian', 'ubuntu' then 'apache2'
+        when 'freebsd' then 'apache22'
+        else 'httpd'
+        end
+      )
+    end
+
+    def config
+      file(
+        case node['platform']
+        when 'debian', 'ubuntu' then "#{node['apache']['dir']}/apache2.conf"
+        when 'freebsd' then "#{node['apache']['dir']}/httpd.conf"
+        else "#{node['apache']['dir']}/conf/httpd.conf"
+        end
+      )
+    end
+
+    def ran_recipe?(recipe)
+      if Chef::VERSION < '11.0'
+        seen_recipes = node.run_state[:seen_recipes]
+        recipes = seen_recipes.keys.each { |i| i }
+      else
+        recipes = run_context.loaded_recipes
+      end
+      if recipes.empty? && Chef::Config[:solo]
+        # If you have roles listed in your run list they are NOT expanded
+        recipes = node.run_list.map { |item| item.name if item.type == :recipe }
+      end
+      recipes.include?(recipe)
+    end
+
+  end
+end
@@ -0,0 +1,225 @@
+name              'apache2'
+maintainer        'Opscode, Inc.'
+maintainer_email  'cookbooks@opscode.com'
+license           'Apache 2.0'
+description       'Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions'
+long_description  IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version           '1.8.5'
+recipe            'apache2', 'Main Apache configuration'
+recipe            'apache2::logrotate', 'Rotate apache2 logs. Requires logrotate cookbook'
+recipe            'apache2::mod_alias', 'Apache module "alias" with config file'
+recipe            'apache2::mod_apreq2', 'Apache module "apreq"'
+recipe            'apache2::mod_auth_basic', 'Apache module "auth_basic"'
+recipe            'apache2::mod_auth_digest', 'Apache module "auth_digest"'
+recipe            'apache2::mod_auth_openid', 'Apache module "authopenid"'
+recipe            'apache2::mod_authn_file', 'Apache module "authn_file"'
+recipe            'apache2::mod_authnz_ldap', 'Apache module "authnz_ldap"'
+recipe            'apache2::mod_authz_default', 'Apache module "authz_default"'
+recipe            'apache2::mod_authz_groupfile', 'Apache module "authz_groupfile"'
+recipe            'apache2::mod_authz_host', 'Apache module "authz_host"'
+recipe            'apache2::mod_authz_user', 'Apache module "authz_user"'
+recipe            'apache2::mod_autoindex', 'Apache module "autoindex" with config file'
+recipe            'apache2::mod_cgi', 'Apache module "cgi"'
+recipe            'apache2::mod_dav', 'Apache module "dav"'
+recipe            'apache2::mod_dav_svn', 'Apache module "dav_svn"'
+recipe            'apache2::mod_deflate', 'Apache module "deflate" with config file'
+recipe            'apache2::mod_dir', 'Apache module "dir" with config file'
+recipe            'apache2::mod_env', 'Apache module "env"'
+recipe            'apache2::mod_expires', 'Apache module "expires"'
+recipe            'apache2::mod_fcgid', 'Apache module "fcgid", package on ubuntu/debian, rhel/centos, compile source on suse; with config file'
+recipe            'apache2::mod_headers', 'Apache module "headers"'
+recipe            'apache2::mod_include', 'Apache module "include"'
+recipe            'apache2::mod_ldap', 'Apache module "ldap"'
+recipe            'apache2::mod_log_config', 'Apache module "log_config"'
+recipe            'apache2::mod_mime', 'Apache module "mime" with config file'
+recipe            'apache2::mod_negotiation', 'Apache module "negotiation" with config file'
+recipe            'apache2::mod_perl', 'Apache module "perl"'
+recipe            'apache2::mod_php5', 'Apache module "php5"'
+recipe            'apache2::mod_proxy', 'Apache module "proxy" with config file'
+recipe            'apache2::mod_proxy_ajp', 'Apache module "proxy_ajp"'
+recipe            'apache2::mod_proxy_balancer', 'Apache module "proxy_balancer"'
+recipe            'apache2::mod_proxy_connect', 'Apache module "proxy_connect"'
+recipe            'apache2::mod_proxy_http', 'Apache module "proxy_http"'
+recipe            'apache2::mod_python', 'Apache module "python"'
+recipe            'apache2::mod_rewrite', 'Apache module "rewrite"'
+recipe            'apache2::mod_setenvif', 'Apache module "setenvif" with config file'
+recipe            'apache2::mod_ssl', 'Apache module "ssl" with config file, adds port 443 to listen_ports'
+recipe            'apache2::mod_status', 'Apache module "status" with config file'
+recipe            'apache2::mod_xsendfile', 'Apache module "xsendfile"'
+
+supports 'amazon'
+supports 'arch'
+supports 'centos'
+supports 'debian'
+supports 'fedora'
+supports 'freebsd'
+supports 'redhat'
+supports 'scientific'
+supports 'ubuntu'
+
+attribute 'apache',
+          :display_name => 'Apache Hash',
+          :description  => 'Hash of Apache attributes',
+          :type         => 'hash'
+
+attribute 'apache/dir',
+          :display_name => 'Apache Directory',
+          :description  => 'Location for Apache configuration',
+          :default      => '/etc/apache2'
+
+attribute 'apache/log_dir',
+          :display_name => 'Apache Log Directory',
+          :description  => 'Location for Apache logs',
+          :default      => '/etc/apache2'
+
+attribute 'apache/user',
+          :display_name => 'Apache User',
+          :description  => 'User Apache runs as',
+          :default      => 'www-data'
+
+attribute 'apache/binary',
+          :display_name => 'Apache Binary',
+          :description  => 'Apache server daemon program',
+          :default      => '/usr/sbin/apache2'
+
+attribute 'apache/icondir',
+          :display_name => 'Apache Icondir',
+          :description  => 'Directory location for icons',
+          :default      => '/usr/share/apache2/icons'
+
+attribute 'apache/listen_addresses',
+          :display_name => 'Apache Listen Addresses',
+          :description  => 'Addresses that Apache should listen on',
+          :type         => 'array',
+          :default      => %w[*]
+
+attribute 'apache/listen_ports',
+          :display_name => 'Apache Listen Ports',
+          :description  => 'Ports that Apache should listen on',
+          :type         => 'array',
+          :default      => %w[80 443]
+
+attribute 'apache/contact',
+          :display_name => 'Apache Contact',
+          :description  => 'Email address of webmaster',
+          :default      => 'ops@example.com'
+
+attribute 'apache/timeout',
+          :display_name => 'Apache Timeout',
+          :description  => 'Connection timeout value',
+          :default      => '300'
+
+attribute 'apache/keepalive',
+          :display_name => 'Apache Keepalive',
+          :description  => 'HTTP persistent connections',
+          :default      => 'On'
+
+attribute 'apache/keepaliverequests',
+          :display_name => 'Apache Keepalive Requests',
+          :description  => 'Number of requests allowed on a persistent connection',
+          :default      => '100'
+
+attribute 'apache/keepalivetimeout',
+          :display_name => 'Apache Keepalive Timeout',
+          :description  => 'Time to wait for requests on persistent connection',
+          :default      => '5'
+
+attribute 'apache/servertokens',
+          :display_name => 'Apache Server Tokens',
+          :description  => 'Server response header',
+          :default      => 'Prod'
+
+attribute 'apache/serversignature',
+          :display_name => 'Apache Server Signature',
+          :description  => 'Configure footer on server-generated documents',
+          :default      => 'On'
+
+attribute 'apache/traceenable',
+          :display_name => 'Apache Trace Enable',
+          :description  => 'Determine behavior of TRACE requests',
+          :default      => 'On'
+
+attribute 'apache/allowed_openids',
+          :display_name => 'Apache Allowed OpenIDs',
+          :description  => 'Array of OpenIDs allowed to authenticate',
+          :default      => ''
+
+attribute 'apache/prefork',
+          :display_name => 'Apache Prefork',
+          :description  => 'Hash of Apache prefork tuning attributes.',
+          :type         => 'hash'
+
+attribute 'apache/prefork/startservers',
+          :display_name => 'Apache Prefork MPM StartServers',
+          :description  => 'Number of MPM servers to start',
+          :default      => '16'
+
+attribute 'apache/prefork/minspareservers',
+          :display_name => 'Apache Prefork MPM MinSpareServers',
+          :description  => 'Minimum number of spare server processes',
+          :default      => '16'
+
+attribute 'apache/prefork/maxspareservers',
+          :display_name => 'Apache Prefork MPM MaxSpareServers',
+          :description  => 'Maximum number of spare server processes',
+          :default      => '32'
+
+attribute 'apache/prefork/serverlimit',
+          :display_name => 'Apache Prefork MPM ServerLimit',
+          :description  => 'Upper limit on configurable server processes',
+          :default      => '400'
+
+attribute 'apache/prefork/maxclients',
+          :display_name => 'Apache Prefork MPM MaxClients',
+          :description  => 'Maximum number of simultaneous connections',
+          :default      => '400'
+
+attribute 'apache/prefork/maxrequestsperchild',
+          :display_name => 'Apache Prefork MPM MaxRequestsPerChild',
+          :description  => 'Maximum number of request a child process will handle',
+          :default      => '10000'
+
+attribute 'apache/worker',
+          :display_name => 'Apache Worker',
+          :description  => 'Hash of Apache prefork tuning attributes.',
+          :type         => 'hash'
+
+attribute 'apache/worker/startservers',
+          :display_name => 'Apache Worker MPM StartServers',
+          :description  => 'Initial number of server processes to start',
+          :default      => '4'
+
+attribute 'apache/worker/maxclients',
+          :display_name => 'Apache Worker MPM MaxClients',
+          :description  => 'Maximum number of simultaneous connections',
+          :default      => '1024'
+
+attribute 'apache/worker/minsparethreads',
+          :display_name => 'Apache Worker MPM MinSpareThreads',
+          :description  => 'Minimum number of spare worker threads',
+          :default      => '64'
+
+attribute 'apache/worker/maxsparethreads',
+          :display_name => 'Apache Worker MPM MaxSpareThreads',
+          :description  => 'Maximum number of spare worker threads',
+          :default      => '192'
+
+attribute 'apache/worker/threadsperchild',
+          :display_name => 'Apache Worker MPM ThreadsPerChild',
+          :description  => 'Constant number of worker threads in each server process',
+          :default      => '64'
+
+attribute 'apache/worker/maxrequestsperchild',
+          :display_name => 'Apache Worker MPM MaxRequestsPerChild',
+          :description  => 'Maximum number of request a child process will handle',
+          :default      => '0'
+
+attribute 'apache/default_modules',
+          :display_name => 'Apache Default Modules',
+          :description  => 'Default modules to enable via recipes',
+          :default      => 'status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex dir env mime negotiation setenvif'
+
+attribute 'apache/mod_ssl/cipher_suite',
+          :display_name => 'Apache mod_ssl Cipher Suite',
+          :description  => 'String of SSL ciphers to use for SSLCipherSuite',
+          :default      => 'RC4-SHA:HIGH:!ADH'
@@ -0,0 +1,212 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: default
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package 'apache2' do
+  package_name node['apache']['package']
+end
+
+service 'apache2' do
+  case node['platform_family']
+  when 'rhel', 'fedora', 'suse'
+    service_name 'httpd'
+    # If restarted/reloaded too quickly httpd has a habit of failing.
+    # This may happen with multiple recipes notifying apache to restart - like
+    # during the initial bootstrap.
+    restart_command '/sbin/service httpd restart && sleep 1'
+    reload_command '/sbin/service httpd reload && sleep 1'
+  when 'debian'
+    service_name 'apache2'
+    restart_command '/usr/sbin/invoke-rc.d apache2 restart && sleep 1'
+    reload_command '/usr/sbin/invoke-rc.d apache2 reload && sleep 1'
+  when 'arch'
+    service_name 'httpd'
+  when 'freebsd'
+    service_name 'apache22'
+  end
+  supports [:restart, :reload, :status]
+  action :enable
+end
+
+if platform_family?('rhel', 'fedora', 'arch', 'suse', 'freebsd')
+  directory node['apache']['log_dir'] do
+    mode '0755'
+  end
+
+  package 'perl'
+
+  cookbook_file '/usr/local/bin/apache2_module_conf_generate.pl' do
+    source 'apache2_module_conf_generate.pl'
+    mode   '0755'
+    owner  'root'
+    group  node['apache']['root_group']
+  end
+
+  %w[sites-available sites-enabled mods-available mods-enabled].each do |dir|
+    directory "#{node['apache']['dir']}/#{dir}" do
+      mode  '0755'
+      owner 'root'
+      group node['apache']['root_group']
+    end
+  end
+
+  execute 'generate-module-list' do
+    command "/usr/local/bin/apache2_module_conf_generate.pl #{node['apache']['lib_dir']} #{node['apache']['dir']}/mods-available"
+    action  :nothing
+  end
+
+  %w[a2ensite a2dissite a2enmod a2dismod].each do |modscript|
+    template "/usr/sbin/#{modscript}" do
+      source "#{modscript}.erb"
+      mode  '0700'
+      owner 'root'
+      group node['apache']['root_group']
+    end
+  end
+
+  # installed by default on centos/rhel, remove in favour of mods-enabled
+  %w[proxy_ajp auth_pam authz_ldap webalizer ssl welcome].each do |f|
+    file "#{node['apache']['dir']}/conf.d/#{f}.conf" do
+      action :delete
+      backup false
+    end
+  end
+
+  # installed by default on centos/rhel, remove in favour of mods-enabled
+  file "#{node['apache']['dir']}/conf.d/README" do
+    action :delete
+    backup false
+  end
+
+  # enable mod_deflate for consistency across distributions
+  include_recipe 'apache2::mod_deflate'
+end
+
+if platform_family?('freebsd')
+  file "#{node['apache']['dir']}/Includes/no-accf.conf" do
+    action :delete
+    backup false
+  end
+
+  directory "#{node['apache']['dir']}/Includes" do
+    action :delete
+  end
+
+  %w[
+      httpd-autoindex.conf httpd-dav.conf httpd-default.conf httpd-info.conf
+      httpd-languages.conf httpd-manual.conf httpd-mpm.conf
+      httpd-multilang-errordoc.conf httpd-ssl.conf httpd-userdir.conf
+      httpd-vhosts.conf
+  ].each do |f|
+    file "#{node['apache']['dir']}/extra/#{f}" do
+      action :delete
+      backup false
+    end
+  end
+
+  directory "#{node['apache']['dir']}/extra" do
+    action :delete
+  end
+end
+
+%W[
+  #{node['apache']['dir']}/ssl
+  #{node['apache']['dir']}/conf.d
+  #{node['apache']['cache_dir']}
+].each do |path|
+  directory path do
+    mode  '0755'
+    owner 'root'
+    group node['apache']['root_group']
+  end
+end
+
+# Set the preferred execution binary - prefork or worker
+template '/etc/sysconfig/httpd' do
+  source   'etc-sysconfig-httpd.erb'
+  owner    'root'
+  group    node['apache']['root_group']
+  mode     '0644'
+  notifies :restart, 'service[apache2]'
+  only_if  { platform_family?('rhel', 'fedora') }
+end
+
+template 'apache2.conf' do
+  case node['platform_family']
+  when 'rhel', 'fedora', 'arch'
+    path "#{node['apache']['dir']}/conf/httpd.conf"
+  when 'debian'
+    path "#{node['apache']['dir']}/apache2.conf"
+  when 'freebsd'
+    path "#{node['apache']['dir']}/httpd.conf"
+  end
+  source   'apache2.conf.erb'
+  owner    'root'
+  group    node['apache']['root_group']
+  mode     '0644'
+  notifies :restart, 'service[apache2]'
+end
+
+template 'apache2-conf-security' do
+  path     "#{node['apache']['dir']}/conf.d/security.conf"
+  source   'security.erb'
+  owner    'root'
+  group    node['apache']['root_group']
+  mode     '0644'
+  backup   false
+  notifies :restart, 'service[apache2]'
+end
+
+template 'apache2-conf-charset' do
+  path      "#{node['apache']['dir']}/conf.d/charset.conf"
+  source   'charset.erb'
+  owner    'root'
+  group    node['apache']['root_group']
+  mode     '0644'
+  backup   false
+  notifies :restart, 'service[apache2]'
+end
+
+template "#{node['apache']['dir']}/ports.conf" do
+  source   'ports.conf.erb'
+  owner    'root'
+  group    node['apache']['root_group']
+  mode     '0644'
+  notifies :restart, 'service[apache2]'
+end
+
+template "#{node['apache']['dir']}/sites-available/default" do
+  source   'default-site.erb'
+  owner    'root'
+  group    node['apache']['root_group']
+  mode     '0644'
+  notifies :restart, 'service[apache2]'
+end
+
+node['apache']['default_modules'].each do |mod|
+  module_recipe_name = mod =~ /^mod_/ ? mod : "mod_#{mod}"
+  include_recipe "apache2::#{module_recipe_name}"
+end
+
+apache_site 'default' do
+  enable node['apache']['default_site_enabled']
+end
+
+service 'apache2' do
+  action :start
+end
@@ -0,0 +1,33 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: god_monitor
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_service = service 'apache2' do
+  action :nothing
+end
+
+start_command   = apache_service.start_command
+stop_command    = apache_service.stop_command
+restart_command = apache_service.restart_command
+
+god_monitor 'apache2' do
+  config 'apache2.god.erb'
+  start   start_command   || "/etc/init.d/#{apache_service.service_name} start"
+  restart restart_command || "/etc/init.d/#{apache_service.service_name} restart"
+  stop    stop_command    || "/etc/init.d/#{apache_service.service_name} stop"
+end
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: iptables
+#
+# Copyright 2012-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+iptables_rule 'port_apache'
@@ -0,0 +1,31 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: logrotate
+#
+# Copyright 2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_service = service 'apache2' do
+  action :nothing
+end
+
+begin
+  include_recipe 'logrotate'
+rescue
+  Chef::Log.warn('The apache::logrotate recipe requires the logrotate cookbook. Install the cookbook with `knife cookbook site install logrotate`.')
+end
+logrotate_app apache_service.service_name do
+  path node['apache']['log_dir']
+end
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: actions
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'actions'
@@ -0,0 +1,22 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: alias
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'alias' do
+  conf true
+end
@@ -0,0 +1,51 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: apreq2
+#
+# modified from the python recipe by Jeremy Bingham
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'apache2::default'
+
+case node['platform_family']
+when 'debian'
+  package 'libapache2-mod-apreq2'
+when 'rhel', 'fedora'
+  package 'libapreq2' do
+    notifies :run, 'execute[generate-module-list]', :immediately
+  end
+
+  # seems that the apreq lib is weirdly broken or something - it needs to be
+  # loaded as 'apreq', but on RHEL & derivitatives the file needs a symbolic
+  # link to mod_apreq.so.
+  link '/usr/lib64/httpd/modules/mod_apreq.so' do
+    to      '/usr/lib64/httpd/modules/mod_apreq2.so'
+    only_if 'test -f /usr/lib64/httpd/modules/mod_apreq2.so'
+  end
+
+  link '/usr/lib/httpd/modules/mod_apreq.so' do
+    to      '/usr/lib/httpd/modules/mod_apreq2.so'
+    only_if 'test -f /usr/lib/httpd/modules/mod_apreq2.so'
+  end
+end
+
+file "#{node['apache']['dir']}/conf.d/apreq.conf" do
+  action :delete
+  backup false
+end
+
+apache_module 'apreq'
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: auth_basic
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'auth_basic'
@@ -0,0 +1,73 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: auth_basic
+#
+# Copyright 2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'apache2::default'
+
+if node['apache']['mod_auth_cas']['from_source']
+  package 'httpd-devel' do
+    package_name value_for_platform_family(
+      %w[rhel fedora suse] => 'httpd-devel',
+      'debian' => 'apache2-dev'
+    )
+  end
+
+  git '/tmp/mod_auth_cas' do
+    repository 'git://github.com/Jasig/mod_auth_cas.git'
+    revision   node['apache']['mod_auth_cas']['source_revision']
+    notifies   :run, 'execute[compile mod_auth_cas]', :immediately
+  end
+
+  execute 'compile mod_auth_cas' do
+    command './configure && make && make install'
+    cwd     '/tmp/mod_auth_cas'
+    not_if  "test -f #{node['apache']['libexecdir']}/mod_auth_cas.so"
+  end
+
+  template "#{node['apache']['dir']}/mods-available/auth_cas.load" do
+    source 'mods/auth_cas.load.erb'
+    owner  'root'
+    group  node['apache']['root_group']
+    mode   '0644'
+  end
+else
+  case node['platform_family']
+  when 'debian'
+    package 'libapache2-mod-auth-cas'
+
+  when 'rhel', 'fedora'
+    yum_package 'mod_auth_cas' do
+      notifies :run, 'execute[generate-module-list]', :immediately
+    end
+
+    file "#{node['apache']['dir']}/conf.d/auth_cas.conf" do
+      action :delete
+      backup false
+    end
+  end
+end
+
+apache_module 'auth_cas' do
+  conf true
+end
+
+directory "#{node['apache']['cache_dir']}/mod_auth_cas" do
+  owner node['apache']['user']
+  group node['apache']['group']
+  mode  '0700'
+end
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: auth_digest
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'auth_digest'
@@ -0,0 +1,123 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: mod_auth_openid
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+openid_dev_pkgs = value_for_platform_family(
+  'debian'        => %w[automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool],
+  %w[rhel fedora] => %w[gcc-c++ httpd-devel curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make libtool],
+  'arch'          => %w[libopkele],
+  'freebsd'       => %w[libopkele pcre sqlite3]
+)
+
+make_cmd = value_for_platform_family(
+  'freebsd' => { 'default' => 'gmake' },
+  'default' => 'make'
+)
+
+case node['platform_family']
+when 'arch'
+  include_recipe 'pacman::default'
+
+  package 'tidyhtml'
+
+  pacman_aur openid_dev_pkgs.first do
+    action [:build, :install]
+  end
+else
+  openid_dev_pkgs.each do |pkg|
+    package pkg
+  end
+end
+
+case node['platform_family']
+when 'rhel', 'fedora'
+  remote_file "#{Chef::Config['file_cache_path']}/libopkele-2.0.4.tar.gz" do
+    source   'http://kin.klever.net/dist/libopkele-2.0.4.tar.gz'
+    mode     '0644'
+    checksum '57a5bc753b7e80c5ece1e5968b2051b0ce7ed9ce4329d17122c61575a9ea7648'
+  end
+
+  bash 'install libopkele' do
+    cwd Chef::Config['file_cache_path']
+    # Ruby 1.8.6 does not have rpartition, unfortunately
+    syslibdir = node['apache']['lib_dir'][0..node['apache']['lib_dir'].rindex('/')]
+    code <<-EOH
+    tar zxvf libopkele-2.0.4.tar.gz
+    cd libopkele-2.0.4 && ./configure --prefix=/usr --libdir=#{syslibdir}
+    #{make_cmd} && #{make_cmd} install
+    EOH
+    creates "#{syslibdir}/libopkele.a"
+  end
+end
+
+version = node['apache']['mod_auth_openid']['ref']
+configure_flags = node['apache']['mod_auth_openid']['configure_flags']
+
+remote_file "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}.tar.gz" do
+  source node['apache']['mod_auth_openid']['source_url']
+  mode   '0644'
+  action :create_if_missing
+end
+
+directory node['apache']['mod_auth_openid']['cache_dir'] do
+  owner node['apache']['user']
+  group node['apache']['group']
+  mode  '0700'
+end
+
+bash 'untar mod_auth_openid' do
+  cwd Chef::Config['file_cache_path']
+  code <<-EOH
+  tar zxvf mod_auth_openid-#{version}.tar.gz
+  EOH
+  creates "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/types.h"
+end
+
+bash 'compile mod_auth_openid' do
+  cwd "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}"
+  code <<-EOH
+  ./autogen.sh
+  ./configure #{configure_flags.join(' ')}
+  perl -pi -e "s/-i -a -n 'authopenid'/-i -n 'authopenid'/g" Makefile
+  #{make_cmd}
+  EOH
+  creates "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/.libs/mod_auth_openid.so"
+  notifies :run, 'bash[install-mod_auth_openid]', :immediately
+  not_if "test -f #{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/.libs/mod_auth_openid.so"
+end
+
+bash 'install-mod_auth_openid' do
+  cwd "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}"
+  code <<-EOH
+  #{make_cmd} install
+  EOH
+  creates "#{node['apache']['libexecdir']}/mod_auth_openid.so"
+  notifies :restart, 'service[apache2]'
+  not_if "test -f #{node['apache']['libexecdir']}/mod_auth_openid.so"
+end
+
+template "#{node['apache']['dir']}/mods-available/authopenid.load" do
+  source 'mods/authopenid.load.erb'
+  owner  'root'
+  group  node['apache']['root_group']
+  mode   '0644'
+end
+
+apache_module 'authopenid' do
+  filename 'mod_auth_openid.so'
+end
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: authn_file
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authn_file'
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: authnz_ldap
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authnz_ldap'
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: authz_default
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authz_default'
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: authz_groupfile
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authz_groupfile'
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: authz_host
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authz_host'
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: authz_user
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authz_user'
@@ -0,0 +1,22 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: autoindex
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'autoindex' do
+  conf true
+end
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: cgi
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'cgi'
@@ -0,0 +1,30 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: cloudflare
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apt_repository 'cloudflare' do
+  uri          'http://pkg.cloudflare.com'
+  distribution node['lsb']['codename']
+  components   ['main']
+  key          'http://pkg.cloudflare.com/pubkey.gpg'
+  action       :add
+end
+
+package 'libapache2-mod-cloudflare' do
+  notifies :restart, 'service[apache2]'
+end
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: dav
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'dav'
@@ -0,0 +1,21 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: dav_fs
+#
+# Copyright 2011-2013, Atriso
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'apache2::mod_dav'
+apache_module 'dav_fs'
@@ -0,0 +1,39 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: dav_svn
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'apache2::mod_dav'
+
+package 'libapache2-svn' do
+  case node['platform_family']
+  when 'rhel', 'fedora', 'suse'
+    package_name 'mod_dav_svn'
+  else
+    package_name 'libapache2-svn'
+  end
+end
+
+case node['platform_family']
+when 'rhel', 'fedora', 'suse'
+  file "#{node['apache']['dir']}/conf.d/subversion.conf" do
+    action :delete
+    backup false
+  end
+end
+
+apache_module 'dav_svn'
@@ -0,0 +1,22 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: deflate
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'deflate' do
+  conf true
+end
@@ -0,0 +1,22 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: dir
+#
+# Copyright 2008-2013, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'dir' do
+  conf true
+end
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .8.2
 .8.4