diff --git a/slapos/recipe/pulse2/__init__.py b/slapos/recipe/pulse2/__init__.py
index b7f12028c92176fe06dc1ba9ac37b029828b4b43..62e05a4ba85d042692d42082d32188b93d1c9d36 100644
--- a/slapos/recipe/pulse2/__init__.py
+++ b/slapos/recipe/pulse2/__init__.py
@@ -38,27 +38,37 @@ class Recipe(BaseSlapRecipe):
'template/%s' % template_name)
def _install(self):
- # LDAP
- # MYSQL
# Apache
- # mmc (+pulse)
+ # TODO add in apache conf location of mmc.ini
+ document_root = self.createDataDirectory('htdocs')
+ self.createHtdocs(self.options['source'].strip(), document_root)
+ url = self.installApache(document_root)
+
+ # MySQL
+ mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
+
+ # LDAP
+ ldap_port = dict()
+
+ # Pulse
+ mmc_core_conf = self.installPulse2(ip=self.getLocalIPv4Address(),
+ port=11000, ldap_host=ldap_conf['host'], ldap_port=ldap_conf['port'])
+
+ ca_conf = self.installCertificateAuthority()
+ key, certificate = self.requestCertificate('Pulse')
+
+ stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
+ self.getLocalIPv4Address(), 12345, pulse_conf['inventory_port'],
+ certificate, key, ca_conf['ca_crl'],
+ ca_conf['certificate_authority_path'])
- #pulse2_conf = self.installPulse2(ip=self.getLocalIPv4Address(),
- # port=11000)
- #
- #ca_conf = self.installCertificateAuthority()
- #key, certificate = self.requestCertificate('Memcached')
- #
- #stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
- # self.getLocalIPv4Address(), 12345, memcached_conf['memcached_port'],
- # certificate, key, ca_conf['ca_crl'],
- # ca_conf['certificate_authority_path'])
- #
- #self.linkBinary()
- #self.setConnectionDict(dict(
- # stunnel_ip = stunnel_conf['public_ip'],
- # stunnel_port = stunnel_conf['public_port'],
- #))
+ self.linkBinary()
+ self.setConnectionDict(dict(
+ stunnel_inventory_ip = stunnel_conf['public_ip'],
+ stunnel_inventory_port = stunnel_conf['public_port'],
+ url=url,
+ **mysql_conf
+ ))
return self.path_list
def linkBinary(self):
@@ -228,16 +238,194 @@ class Recipe(BaseSlapRecipe):
self.path_list.append(wrapper)
return stunnel_conf
- def installMemcached(self, ip, port):
+ def installPulse2(self, ip, port, ldap_host, ldap_port):
+ """Installs both mmc_core and pulse2"""
config = dict(
- memcached_binary=self.options['memcached_binary'],
- memcached_ip=ip,
+ ldap_host=ldap_host,
+ ldap_port=ldap_port,
memcached_port=port,
+ ldap_logfile_path= os.path.join(self.log_directory, 'ldap.log'),
+ mmc_core_binary=self.options['mmc_core_binary']
)
- self.path_list.append(self.createRunningWrapper('memcached',
- self.substituteTemplate(self.getTemplateFilename('memcached.in'),
+
+ #TODO write function that takes all templates in subdir and creates conf
+ # files, keeping same dir structure.
+ mmc_conf_path = self.createConfigurationFile(os.path.join("mmc",
+ "agent", "config.ini"), self.substituteTemplate(
+ self.getTemplateFilename(os.path.join("mmc_conf",
+ "agent", "config.ini.in")), config))
+ config['mmc_core_config_file'] = mysql_conf_path
+
+ self.path_list.append(self.createRunningWrapper('mmc-core',
+ self.substituteTemplate(self.getTemplateFilename('mmc-core.in'),
config)))
+
+
+
return dict(memcached_url='%s:%s' %
(config['memcached_ip'], config['memcached_port']),
memcached_ip=config['memcached_ip'],
memcached_port=config['memcached_port'])
+
+ def createHtdocs(self, source, document_root):
+ source = self.options['source'].strip()
+ document_root = self.createDataDirectory('htdocs')
+ for p in os.listdir(document_root):
+ path = os.path.join(document_root, p)
+ if os.path.isdir(path):
+ shutil.rmtree(path)
+ else:
+ os.unlink(path)
+ for p in os.listdir(source):
+ path = os.path.join(source, p)
+ if os.path.isdir(path):
+ shutil.copytree(path, os.path.join(document_root, p))
+ else:
+ shutil.copy2(path, os.path.join(document_root, p))
+
+ def installApache(self, document_root, ip=None, port=None):
+ if ip is None:
+ ip=self.getGlobalIPv6Address()
+ if port is None:
+ port = '9080'
+ apache_config = dict(
+ pid_file=os.path.join(self.run_directory, 'httpd.pid'),
+ lock_file=os.path.join(self.run_directory, 'httpd.lock'),
+ ip=ip,
+ port=port,
+ error_log=os.path.join(self.log_directory, 'httpd-error.log'),
+ access_log=os.path.join(self.log_directory, 'httpd-access.log'),
+ document_root=document_root,
+ php_ini_dir=self.etc_directory
+ )
+ config_file = self.createConfigurationFile('httpd.conf',
+ self.substituteTemplate(pkg_resources.resource_filename(__name__,
+ 'template/apache.in'), apache_config))
+ self.path_list.append(config_file)
+ self.path_list.append(self.createConfigurationFile('php.ini',
+ self.substituteTemplate(pkg_resources.resource_filename(__name__,
+ 'template/php.ini.in'), {})))
+ self.path_list.extend(zc.buildout.easy_install.scripts([(
+ 'httpd',
+ __name__ + '.apache', 'runApache')], self.ws,
+ sys.executable, self.wrapper_directory, arguments=[
+ dict(
+ required_path_list=[],
+ binary=self.options['httpd_binary'],
+ config=config_file
+ )
+ ]))
+ return 'http://[%s]:%s' % (ip, port)
+
+ def installMysqlServer(self, ip, port, database='erp5', user='user',
+ test_database='test_erp5', test_user='test_user', template_filename=None,
+ parallel_test_database_amount=100, mysql_conf=None):
+ if mysql_conf is None:
+ mysql_conf = {}
+ backup_directory = self.createBackupDirectory('mysql')
+ if template_filename is None:
+ template_filename = self.getTemplateFilename('my.cnf.in')
+ error_log = os.path.join(self.log_directory, 'mysqld.log')
+ slow_query_log = os.path.join(self.log_directory, 'mysql-slow.log')
+ mysql_conf.update(
+ ip=ip,
+ data_directory=os.path.join(self.data_root_directory,
+ 'mysql'),
+ tcp_port=port,
+ pid_file=os.path.join(self.run_directory, 'mysqld.pid'),
+ socket=os.path.join(self.run_directory, 'mysqld.sock'),
+ error_log=error_log,
+ slow_query_log=slow_query_log,
+ mysql_database=database,
+ mysql_user=user,
+ mysql_password=self.generatePassword(),
+ mysql_test_password=self.generatePassword(),
+ mysql_test_database=test_database,
+ mysql_test_user=test_user,
+ mysql_parallel_test_dict=[
+ ('test_%i' % x,)*2 + (self.generatePassword(),) \
+ for x in xrange(0,parallel_test_database_amount)],
+ )
+ self.registerLogRotation('mysql', [error_log, slow_query_log],
+ '%(mysql_binary)s --no-defaults -B --user=root '
+ '--socket=%(mysql_socket)s -e "FLUSH LOGS"' % dict(
+ mysql_binary=self.options['mysql_binary'],
+ mysql_socket=mysql_conf['socket']))
+ self._createDirectory(mysql_conf['data_directory'])
+
+ mysql_conf_path = self.createConfigurationFile("my.cnf",
+ self.substituteTemplate(template_filename,
+ mysql_conf))
+
+ mysql_script_list = []
+ for x_database, x_user, x_password in \
+ [(mysql_conf['mysql_database'],
+ mysql_conf['mysql_user'],
+ mysql_conf['mysql_password']),
+ (mysql_conf['mysql_test_database'],
+ mysql_conf['mysql_test_user'],
+ mysql_conf['mysql_test_password']),
+ ] + mysql_conf['mysql_parallel_test_dict']:
+ mysql_script_list.append(pkg_resources.resource_string(__name__,
+ 'template/initmysql.sql.in') % {
+ 'mysql_database': x_database,
+ 'mysql_user': x_user,
+ 'mysql_password': x_password})
+ mysql_script_list.append('EXIT')
+ mysql_script = '\n'.join(mysql_script_list)
+ self.path_list.extend(zc.buildout.easy_install.scripts([('mysql_update',
+ __name__ + '.mysql', 'updateMysql')], self.ws,
+ sys.executable, self.wrapper_directory, arguments=[dict(
+ mysql_script=mysql_script,
+ mysql_binary=self.options['mysql_binary'].strip(),
+ mysql_upgrade_binary=self.options['mysql_upgrade_binary'].strip(),
+ socket=mysql_conf['socket'],
+ )]))
+ self.path_list.extend(zc.buildout.easy_install.scripts([('mysqld',
+ __name__ + '.mysql', 'runMysql')], self.ws,
+ sys.executable, self.wrapper_directory, arguments=[dict(
+ mysql_install_binary=self.options['mysql_install_binary'].strip(),
+ mysqld_binary=self.options['mysqld_binary'].strip(),
+ data_directory=mysql_conf['data_directory'].strip(),
+ mysql_binary=self.options['mysql_binary'].strip(),
+ socket=mysql_conf['socket'].strip(),
+ configuration_file=mysql_conf_path,
+ )]))
+ self.path_list.extend([mysql_conf_path])
+
+ # backup configuration
+ backup_directory = self.createBackupDirectory('mysql')
+ full_backup = os.path.join(backup_directory, 'full')
+ incremental_backup = os.path.join(backup_directory, 'incremental')
+ self._createDirectory(full_backup)
+ self._createDirectory(incremental_backup)
+ innobackupex_argument_list = [self.options['perl_binary'],
+ self.options['innobackupex_binary'],
+ '--defaults-file=%s' % mysql_conf_path,
+ '--socket=%s' %mysql_conf['socket'].strip(), '--user=root',
+ '--ibbackup=%s'% self.options['xtrabackup_binary']]
+ environment = dict(PATH='%s' % self.bin_directory)
+ innobackupex_incremental = zc.buildout.easy_install.scripts([(
+ 'innobackupex_incremental','slapos.recipe.librecipe.execute', 'executee')],
+ self.ws, sys.executable, self.bin_directory, arguments=[
+ innobackupex_argument_list + ['--incremental'],
+ environment])[0]
+ self.path_list.append(innobackupex_incremental)
+ innobackupex_full = zc.buildout.easy_install.scripts([('innobackupex_full',
+ 'slapos.recipe.librecipe.execute', 'executee')], self.ws,
+ sys.executable, self.bin_directory, arguments=[
+ innobackupex_argument_list,
+ environment])[0]
+ self.path_list.append(innobackupex_full)
+ backup_controller = zc.buildout.easy_install.scripts([
+ ('innobackupex_controller', __name__ + '.innobackupex', 'controller')],
+ self.ws, sys.executable, self.bin_directory,
+ arguments=[innobackupex_incremental, innobackupex_full, full_backup,
+ incremental_backup])[0]
+ self.path_list.append(backup_controller)
+ mysql_backup_cron = os.path.join(self.cron_d, 'mysql_backup')
+ open(mysql_backup_cron, 'w').write('0 0 * * * ' + backup_controller)
+ self.path_list.append(mysql_backup_cron)
+ # The return could be more explicit database, user ...
+ return mysql_conf
+
diff --git a/slapos/recipe/pulse2/apache.py b/slapos/recipe/pulse2/apache.py
new file mode 100644
index 0000000000000000000000000000000000000000..861f787d09fed9c80b38f561528fbd86b5c7ad44
--- /dev/null
+++ b/slapos/recipe/pulse2/apache.py
@@ -0,0 +1,22 @@
+import os
+import sys
+import time
+
+
+def runApache(args):
+ sleep = 60
+ conf = args[0]
+ while True:
+ ready = True
+ for f in conf.get('required_path_list', []):
+ if not os.path.exists(f):
+ print 'File %r does not exists, sleeping for %s' % (f, sleep)
+ ready = False
+ if ready:
+ break
+ time.sleep(sleep)
+ apache_wrapper_list = [conf['binary'], '-f', conf['config'], '-DFOREGROUND']
+ apache_wrapper_list.extend(sys.argv[1:])
+ sys.stdout.flush()
+ sys.stderr.flush()
+ os.execl(apache_wrapper_list[0], *apache_wrapper_list)
diff --git a/slapos/recipe/pulse2/innobackupex.py b/slapos/recipe/pulse2/innobackupex.py
new file mode 100644
index 0000000000000000000000000000000000000000..246f4174b35fe7ab4451b35052841ebdd67e4019
--- /dev/null
+++ b/slapos/recipe/pulse2/innobackupex.py
@@ -0,0 +1,25 @@
+import os
+import glob
+def controller(args):
+ """Creates full or incremental backup
+
+ If no full backup is done, it is created
+
+ If full backup exists incremental backup is done starting with base
+
+ base is the newest (according to date) full or incremental backup
+ """
+ innobackupex_incremental, innobackupex_full, full_backup, incremental_backup \
+ = args
+ if len(os.listdir(full_backup)) == 0:
+ print 'Doing full backup in %r' % full_backup
+ os.execv(innobackupex_full, [innobackupex_full, full_backup])
+ else:
+ backup_list = filter(os.path.isdir, glob.glob(full_backup + "/*") +
+ glob.glob(incremental_backup + "/*"))
+ backup_list.sort(key=lambda x: os.path.getmtime(x), reverse=True)
+ base = backup_list[0]
+ print 'Doing incremental backup in %r using %r as a base' % (
+ incremental_backup, base)
+ os.execv(innobackupex_incremental, [innobackupex_incremental,
+ '--incremental-basedir=%s'%base, incremental_backup])
diff --git a/slapos/recipe/pulse2/mysql.py b/slapos/recipe/pulse2/mysql.py
new file mode 100644
index 0000000000000000000000000000000000000000..e2036076a611cd308755a93f77c763ba91e3fb73
--- /dev/null
+++ b/slapos/recipe/pulse2/mysql.py
@@ -0,0 +1,71 @@
+import os
+import subprocess
+import time
+import sys
+
+
+def runMysql(args):
+ sleep = 60
+ conf = args[0]
+ mysqld_wrapper_list = [conf['mysqld_binary'], '--defaults-file=%s' %
+ conf['configuration_file']]
+ # we trust mysql_install that if mysql directory is available mysql was
+ # correctly initalised
+ if not os.path.isdir(os.path.join(conf['data_directory'], 'mysql')):
+ while True:
+ # XXX: Protect with proper root password
+ # XXX: Follow http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
+ popen = subprocess.Popen([conf['mysql_install_binary'],
+ '--skip-name-resolve', '--no-defaults', '--datadir=%s' %
+ conf['data_directory']],
+ stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ result = popen.communicate()[0]
+ if popen.returncode is None or popen.returncode != 0:
+ print "Failed to initialise server.\nThe error was: %s" % result
+ print "Waiting for %ss and retrying" % sleep
+ time.sleep(sleep)
+ else:
+ print "Mysql properly initialised"
+ break
+ else:
+ print "MySQL already initialised"
+ print "Starting %r" % mysqld_wrapper_list[0]
+ sys.stdout.flush()
+ sys.stderr.flush()
+ os.execl(mysqld_wrapper_list[0], *mysqld_wrapper_list)
+
+
+def updateMysql(args):
+ conf = args[0]
+ sleep = 30
+ is_succeed = False
+ while True:
+ if not is_succeed:
+ mysql_upgrade_list = [conf['mysql_upgrade_binary'], '--no-defaults', '--user=root', '--socket=%s' % conf['socket']]
+ mysql_upgrade = subprocess.Popen(mysql_upgrade_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ result = mysql_upgrade.communicate()[0]
+ if mysql_upgrade.returncode is None:
+ mysql_upgrade.kill()
+ if mysql_upgrade.returncode != 0 and not 'is already upgraded' in result:
+ print "Command %r failed with result:\n%s" % (mysql_upgrade_list, result)
+ print 'Sleeping for %ss and retrying' % sleep
+ else:
+ if mysql_upgrade.returncode == 0:
+ print "MySQL database upgraded with result:\n%s" % result
+ else:
+ print "No need to upgrade MySQL database"
+ mysql_list = [conf['mysql_binary'].strip(), '--no-defaults', '-B', '--user=root', '--socket=%s' % conf['socket']]
+ mysql = subprocess.Popen(mysql_list, stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ result = mysql.communicate(conf['mysql_script'])[0]
+ if mysql.returncode is None:
+ mysql.kill()
+ if mysql.returncode != 0:
+ print 'Command %r failed with:\n%s' % (mysql_list, result)
+ print 'Sleeping for %ss and retrying' % sleep
+ else:
+ is_succeed = True
+ print 'SlapOS initialisation script succesfully applied on database.'
+ sys.stdout.flush()
+ sys.stderr.flush()
+ time.sleep(sleep)
diff --git a/slapos/recipe/pulse2/template/apache.in.in b/slapos/recipe/pulse2/template/apache.in.in
new file mode 100644
index 0000000000000000000000000000000000000000..3a8a8c7f6b1dfbef5f6617ffaed3305351db6585
--- /dev/null
+++ b/slapos/recipe/pulse2/template/apache.in.in
@@ -0,0 +1,58 @@
+# Apache static configuration
+# Automatically generated
+
+# Basic server configuration
+PidFile "%(pid_file)s"
+LockFile "%(lock_file)s"
+Listen %(ip)s:%(port)s
+PHPINIDir %(php_ini_dir)s
+ServerAdmin someone@email
+DefaultType text/plain
+TypesConfig conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType application/x-httpd-php .php .phtml .php5 .php4
+AddType application/x-httpd-php-source .phps
+
+# Log configuration
+ErrorLog "%(error_log)s"
+LogLevel warn
+LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
+LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
+CustomLog "%(access_log)s" common
+
+# Directory protection
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Order deny,allow
+ Deny from all
+</Directory>
+
+Alias /mmc %(document_root)s
+### Allow access to lmc web directory to everyone
+<Directory %(document_root)s>
+ AllowOverride None
+ Order allow,deny
+ allow from all
+ php_flag short_open_tag on
+ php_flag magic_quotes_gpc on
+</Directory>
+DocumentRoot %(document_root)s
+DirectoryIndex index.html index.php
+
+# List of modules
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule php5_module modules/libphp5.so
diff --git a/slapos/recipe/pulse2/template/logrotate_entry.in b/slapos/recipe/pulse2/template/logrotate_entry.in
new file mode 100644
index 0000000000000000000000000000000000000000..bfa2abf0970af28f8cab98793db9b09db85d1847
--- /dev/null
+++ b/slapos/recipe/pulse2/template/logrotate_entry.in
@@ -0,0 +1,13 @@
+%(file_list)s {
+ daily
+ dateext
+ rotate 30
+ compress
+ notifempty
+ sharedscripts
+ create
+ postrotate
+ %(postrotate)s
+ endscript
+ olddir %(olddir)s
+}
diff --git a/slapos/recipe/pulse2/template/mmc-core.in b/slapos/recipe/pulse2/template/mmc-core.in
new file mode 100644
index 0000000000000000000000000000000000000000..2d29b6a828f75bf792c99e2ac89678241d1e472f
--- /dev/null
+++ b/slapos/recipe/pulse2/template/mmc-core.in
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec %(mmc_core_binary)s -f %(mmc_core_config_file)s
diff --git a/slapos/recipe/pulse2/template/mmc_conf/agent/config.ini b/slapos/recipe/pulse2/template/mmc_conf/agent/config.ini
new file mode 100644
index 0000000000000000000000000000000000000000..65d4535d886c26e984f6f7eebcd4773db77f18c9
--- /dev/null
+++ b/slapos/recipe/pulse2/template/mmc_conf/agent/config.ini
@@ -0,0 +1,59 @@
+[main]
+host = %(mmc_host)s
+port = %(mmc_port)s
+# Credentials for HTTP basic authentication
+login = mmc
+password = s3cr3t
+# RPC Session timeout in seconds.
+# If unset default to Twisted hardcoded 900 seconds.
+#sessiontimeout = 900
+# Multi-threading support (enabled by default)
+#multithreading = 1
+#maxthreads = 20
+# SSL support
+enablessl = 1
+localcert = %(ssl_localcert)s
+cacert = %(ssl_cacert)s
+# Certificate check
+# verifypeer = 0
+# Path to the file containing the Certificate Authority (PEM format)
+# cacert =
+# Path to the file containing the local key and certificate (PEM format)
+# localcert =
+
+[daemon]
+user = %(daemon_user)s
+group = %(daemon_user)s
+umask = 0077
+pidfile= %(daemon_pidfile)s
+# user = mmc
+# group = mmc
+# umask = 0007
+# pidfile= /var/run/mmc-agent.pid
+
+[loggers]
+keys=root
+
+[handlers]
+keys=hand01,hand02
+
+[formatters]
+keys=form01
+
+[logger_root]
+level=NOTSET
+handlers=hand01
+
+[handler_hand01]
+class=FileHandler
+level=INFO
+formatter=form01
+args=("%s" % %(mmc_log)s,)
+
+[handler_hand02]
+class=StreamHandler
+level=DEBUG
+args=(sys.stderr,)
+
+[formatter_form01]
+format=%(asctime)s #%(thread)d %(levelname)s %(message)s
diff --git a/slapos/recipe/pulse2/template/mmc_conf/agent/config.ini.in b/slapos/recipe/pulse2/template/mmc_conf/agent/config.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..65d4535d886c26e984f6f7eebcd4773db77f18c9
--- /dev/null
+++ b/slapos/recipe/pulse2/template/mmc_conf/agent/config.ini.in
@@ -0,0 +1,59 @@
+[main]
+host = %(mmc_host)s
+port = %(mmc_port)s
+# Credentials for HTTP basic authentication
+login = mmc
+password = s3cr3t
+# RPC Session timeout in seconds.
+# If unset default to Twisted hardcoded 900 seconds.
+#sessiontimeout = 900
+# Multi-threading support (enabled by default)
+#multithreading = 1
+#maxthreads = 20
+# SSL support
+enablessl = 1
+localcert = %(ssl_localcert)s
+cacert = %(ssl_cacert)s
+# Certificate check
+# verifypeer = 0
+# Path to the file containing the Certificate Authority (PEM format)
+# cacert =
+# Path to the file containing the local key and certificate (PEM format)
+# localcert =
+
+[daemon]
+user = %(daemon_user)s
+group = %(daemon_user)s
+umask = 0077
+pidfile= %(daemon_pidfile)s
+# user = mmc
+# group = mmc
+# umask = 0007
+# pidfile= /var/run/mmc-agent.pid
+
+[loggers]
+keys=root
+
+[handlers]
+keys=hand01,hand02
+
+[formatters]
+keys=form01
+
+[logger_root]
+level=NOTSET
+handlers=hand01
+
+[handler_hand01]
+class=FileHandler
+level=INFO
+formatter=form01
+args=("%s" % %(mmc_log)s,)
+
+[handler_hand02]
+class=StreamHandler
+level=DEBUG
+args=(sys.stderr,)
+
+[formatter_form01]
+format=%(asctime)s #%(thread)d %(levelname)s %(message)s
diff --git a/slapos/recipe/pulse2/template/mmc_conf/agent/keys/cacert.pem b/slapos/recipe/pulse2/template/mmc_conf/agent/keys/cacert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..11791e682caeaccdabc55812d2cf220e72928b69
--- /dev/null
+++ b/slapos/recipe/pulse2/template/mmc_conf/agent/keys/cacert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmjCCAkSgAwIBAgIJALq48auj/cmmMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNV
+BAYTAkZSMQswCQYDVQQIEwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGlu
+Ym94MQ0wCwYDVQQDEwRjZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5j
+b20wHhcNMDUwODAyMTI1NjA1WhcNMDgwNDI4MTI1NjA1WjBpMQswCQYDVQQGEwJG
+UjELMAkGA1UECBMCTkExDTALBgNVBAcTBE1ldHoxDzANBgNVBAoTBkxpbmJveDEN
+MAsGA1UEAxMEY2VydDEeMBwGCSqGSIb3DQEJARYPaW5mb0BsaW5ib3guY29tMFww
+DQYJKoZIhvcNAQEBBQADSwAwSAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvM
+LYWiaqQe5XK5n08F9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAaOBzjCB
+yzAdBgNVHQ4EFgQUJ8QwuXYP+uu6tWjtl4y6j/6CiR0wgZsGA1UdIwSBkzCBkIAU
+J8QwuXYP+uu6tWjtl4y6j/6CiR2hbaRrMGkxCzAJBgNVBAYTAkZSMQswCQYDVQQI
+EwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGluYm94MQ0wCwYDVQQDEwRj
+ZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5jb22CCQC6uPGro/3JpjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAfKZ53wZqWetaf6XN06PdUUyb
+orjbJtFQJQYBoXpqfrTH78Sna+uaCRlC+4BBAPx6Tz7ZoWqHt84GBf1WIXOscA==
+-----END CERTIFICATE-----
diff --git a/slapos/recipe/pulse2/template/mmc_conf/agent/keys/localcert.pem b/slapos/recipe/pulse2/template/mmc_conf/agent/keys/localcert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..aaa698fa09d901d5b914454d1c004f04dd5ac7a1
--- /dev/null
+++ b/slapos/recipe/pulse2/template/mmc_conf/agent/keys/localcert.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvMLYWiaqQe5XK5n08F
+9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAQJAC+eSufYB1qL4M1LR2wtq
+moC8xT9tLxJt2Vm662zQ628PhbzdaJBFGlHpC5jdsw/J1r56D+eVTOiVrMKKd3Lk
+gQIhAPjir/qwx0ssVfiW1xioj33tR3Dxpd8pYPTKZBWuknXZAiEAwIlhZ1sSFulo
+eOTJgvhga3PClKI7qcRlUEVAkfzoQ2cCIGKWKO88pzT30vYtifaSjoRrQSlUD0he
+s7FDmnGcPRfBAiEAp39co4PQ6unHn1S6EhxuFUyxvIieiwR2dyyoDdkNXoUCIQCD
+KeWLYFVEXcNqdgC2tjIzbBR03UQXt3eFrovjeox1pA==
+-----END RSA PRIVATE KEY-----
diff --git a/slapos/recipe/pulse2/template/mmc_conf/mmc.ini.in b/slapos/recipe/pulse2/template/mmc_conf/mmc.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..31fb453381171248087a02165da8bbafe22bf047
--- /dev/null
+++ b/slapos/recipe/pulse2/template/mmc_conf/mmc.ini.in
@@ -0,0 +1,53 @@
+[global]
+; RPC backend to use
+backend = xmlrpc
+
+; HTTP basic authentication credentials to use for XMLRPC communication
+login = mmc
+password = s3cr3t
+
+; Root URL where the MMC web pages are installed
+; root= /mmc/ for http://127.0.0.1/mmc/
+root = /mmc/
+
+; Filesystem path where the MMC web modules are installed
+rootfsmodules = %(mmc_location)s/modules/
+
+; Available pagination steps
+pagination = 10 20 50 100
+
+; Number of items to display in lists
+maxperpage = 10
+
+; Declare if this installation is a community version or not
+; community can be yes or no
+community = yes
+
+; Debug section
+[debug]
+; 0 : no information
+; 1 : XMLRPC calls and results are displayed by the web interface
+level = 0
+
+; Login page title
+; UTF-8 strings must be used
+[logintitle]
+; Default page title for English and non-translated languages
+C =
+; French title
+fr_FR =
+; Spanish title
+es_ES =
+
+[server_01]
+description = localhost
+url = https://127.0.0.1:7080
+; Timeout in seconds for all socket I/O operations
+; Beware that timeout on a SSL socket only works with PHP >= 5.2.1
+; timeout = 300
+; SSL certificate check support
+; verifypeer = 0
+; Path to the file containing the Certificate Authority (PEM format)
+; cacert =
+; Path to the file containing the local key and certificate (PEM format)
+; localcert =
diff --git a/slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini b/slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini
new file mode 100644
index 0000000000000000000000000000000000000000..ef41ad69049d1b07f56ea75723f072223a70dec5
--- /dev/null
+++ b/slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini
@@ -0,0 +1,190 @@
+[ldap]
+# LDAP we are connected to
+# If ldapurl starts with "ldaps://", use LDAP over SSL on the LDAPS port.
+# LDAPS is deprecated, and you should use StartTLS.
+# If ldapverifypeer = demand, always use the server hostname instead of its IP
+# address in the LDAP URL. This hostname must match the CN field of the server
+# certificate.
+ldapurl = ldap://%(ldap_host)s:%(ldap_port)s
+# Network timeout in seconds for LDAP operations. No default timeout set.
+#network_timeout =
+# TLS connection parameters when LDAPS is not used:
+# off - never use TLS (default value)
+# start_tls - Use the LDAPv3 StartTLS extended operation (better)
+#start_tls = off
+# If start_tls != off or LDAPS, specify check to perform on server certificate:
+# never - don't ask certificate
+# demand - request certificate. If none or bad certificate provided, stop the
+# connection (recommended)
+#ldapverifypeer = demand
+# Client certicates to use (default are empty) for LDAPS or TLS connections:
+# For example: /etc/ssl/certs
+#cacertdir =
+# For example: /etc/mmc/certs/demoCA/cacert.pem
+#cacert =
+# For example: /etc/mmc/certs/client.cert
+#localcert =
+# For example: /etc/mmc/certs/client.key
+#localkey =
+# Accepted ciphers
+# Use this for more security: TLSv1+SHA1+AES+DH:CAMELLIA:!NULL:!ADH
+#ciphersuites = TLSv1:!NULL
+# LDAP debug level - set this to 255 to debug LDAP connection problems
+#ldapdebuglevel = 0
+# LDAP base DN
+baseDN = dc=mandriva, dc=com
+# Users location in the LDAP
+baseUsersDN = ou=Users, %%(basedn)s
+# Groups location in the LDAP
+baseGroupsDN = ou=Groups, %%(basedn)s
+# LDAP manager
+rootName = cn=admin, %%(basedn)s
+password = secret
+# If enabled, the MMC will create/move/delete the home of the users
+# Else will do nothing, but only write user informations into LDAP
+userHomeAction = 1
+# Skeleton directory to populate a new home directory
+skelDir = /etc/skel
+# If set, all new users will belong to this group when created
+defaultUserGroup = Domain Users
+# Default home directory for users
+defaultHomeDir = /home
+# user uid number start
+uidStart = 10000
+# group gid number start
+gidStart = 10000
+# LDAP log file path
+logfile = %(ldap_logfile_path)s
+# FDS log file path
+# logfile = /opt/fedora-ds/slapd-hostname/logs/access
+
+# you can specify here where you can authorized creation of your homedir
+# default is your defaultHomeDir
+# example:
+# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
+
+# LDAP user password scheme to use
+# Possible values are "ssha", "crypt" and "passmod"
+# "passmod" uses the LDAP Password Modify Extended Operations to change
+# password. The password encryption is done by the LDAP server.
+passwordscheme = passmod
+
+#[backup-tools]
+## Path of the backup tools
+#path = /usr/lib/mmc/backup-tools
+## Where are put the archives
+#destpath = /home/archives
+
+# Computer inventory plugin to use (Pulse 2 related option)
+# [computers]
+# method = glpi
+# method = inventory
+
+# Audit system configuration
+# If commented, the audit module will be disabled
+# [audit]
+# method = database
+# dbhost = localhost
+# MySQL and PostgreSQL backends are available
+# dbdriver = postgres
+# dbport = 5432
+# dbdriver = mysql
+# dbport = 3306
+# dbuser = audit
+# dbpassword = audit
+# dbname = audit
+
+# User authentication configuration
+#[authentication]
+# Authenticators chain
+#method = baseldap externalldap
+
+# baseldap authenticator configuration
+#[authentication_baseldap]
+# Set a list of login that will only be authentified using this authenticator
+#authonly = root
+
+# Externalldap authenticator configuration
+#[authentication_externalldap]
+# Login list that won't be authenticated with this authenticator.
+#exclude =
+# If set, only the speficied logins will be authenticated with this
+# authenticator.
+#authonly =
+# Set whether this authenticator is mandatory. If it is mandatory and can't be
+# validated during the mmc-agent activation phase, the mmc-agent exits with an
+# error.
+#mandatory = True
+# LDAP server URLs. The LDAP server are selected in the given order when
+# authenticating a user.
+#ldapurl = ldap://192.168.0.1:389 ldap://192.168.0.2:389
+# LDAP connection timeout in seconds. If the LDAP connection failed after this
+# timeout, we try the next LDAP server in the list or give up if it the last.
+#network_timeout =
+# LDAP suffix where to search for user
+#suffix = cn=Users,dc=mandriva,dc=com
+# How to bind to the LDAP. Empty if anonymous
+#bindname = cn=account, cn=Users, dc=linboxad, dc=com
+#bindpasswd = s3cr3t
+#bindname =
+#bindpasswd =
+# User filter
+#filter = objectClass=*
+# User attribute containing her/his login
+#attr = cn
+
+# User provisioning configuration
+#[provisioning]
+#method = externalldap
+
+# externalldap provisioner configuration
+#[provisioning_externalldap]
+# Login list that won't be provisioned with this provisioner
+#exclude = root
+# These attributes are mandatory to create a user
+#ldap_uid = cn
+#ldap_givenName = sn
+#ldap_sn = sn
+# Other attributes to fill in
+#ldap_mail = mail
+#...
+# We are able to fill the ACL fields the user logs in according to the value of
+# an attribute from the external LDAP.
+# What is the field name ?
+#profile_attr =
+# Here we define two profiles: profile1 and profile2
+# profile1 allows the user to log in and change her/his password in the web
+# interface
+#profile_acl_profile1= :base#users#passwd/
+# profile2 disallows the user to do anything (no ACL defined)
+#profile_acl_profile2 =
+# ... You can define as much profile_acl_* options as you need
+# For each profile, we can create a group of user, and put users with a given
+# profile in the corresponding group automatically when they log in.
+# Set the next line to True to activate profile to group mapping
+#profile_group_mapping = False
+# A prefix for the created group can be set
+#profile_group_prefix =
+
+# Example userdefault settings to support Kerberos
+# [userdefault]
+# objectClass = +krb5KDCEntry,krb5Principal
+# krb5KeyVersionNumber = 1
+# krb5KDCFlags = 126
+# krb5PrincipalName = %uid%@DOMAIN
+
+# Subscription informations
+# [subscription]
+# product_name = MDS
+# vendor_name = Mandriva
+# vendor_mail = sales@mandriva.com
+# customer_name =
+# customer_mail =
+# comment =
+# users = 0
+# computers = 0
+# # Support informations
+# support_mail = customer@customercare.mandriva.com
+# support_phone = 0810 LINBOX
+# support_comment =
+
diff --git a/slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini.in b/slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..ef41ad69049d1b07f56ea75723f072223a70dec5
--- /dev/null
+++ b/slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini.in
@@ -0,0 +1,190 @@
+[ldap]
+# LDAP we are connected to
+# If ldapurl starts with "ldaps://", use LDAP over SSL on the LDAPS port.
+# LDAPS is deprecated, and you should use StartTLS.
+# If ldapverifypeer = demand, always use the server hostname instead of its IP
+# address in the LDAP URL. This hostname must match the CN field of the server
+# certificate.
+ldapurl = ldap://%(ldap_host)s:%(ldap_port)s
+# Network timeout in seconds for LDAP operations. No default timeout set.
+#network_timeout =
+# TLS connection parameters when LDAPS is not used:
+# off - never use TLS (default value)
+# start_tls - Use the LDAPv3 StartTLS extended operation (better)
+#start_tls = off
+# If start_tls != off or LDAPS, specify check to perform on server certificate:
+# never - don't ask certificate
+# demand - request certificate. If none or bad certificate provided, stop the
+# connection (recommended)
+#ldapverifypeer = demand
+# Client certicates to use (default are empty) for LDAPS or TLS connections:
+# For example: /etc/ssl/certs
+#cacertdir =
+# For example: /etc/mmc/certs/demoCA/cacert.pem
+#cacert =
+# For example: /etc/mmc/certs/client.cert
+#localcert =
+# For example: /etc/mmc/certs/client.key
+#localkey =
+# Accepted ciphers
+# Use this for more security: TLSv1+SHA1+AES+DH:CAMELLIA:!NULL:!ADH
+#ciphersuites = TLSv1:!NULL
+# LDAP debug level - set this to 255 to debug LDAP connection problems
+#ldapdebuglevel = 0
+# LDAP base DN
+baseDN = dc=mandriva, dc=com
+# Users location in the LDAP
+baseUsersDN = ou=Users, %%(basedn)s
+# Groups location in the LDAP
+baseGroupsDN = ou=Groups, %%(basedn)s
+# LDAP manager
+rootName = cn=admin, %%(basedn)s
+password = secret
+# If enabled, the MMC will create/move/delete the home of the users
+# Else will do nothing, but only write user informations into LDAP
+userHomeAction = 1
+# Skeleton directory to populate a new home directory
+skelDir = /etc/skel
+# If set, all new users will belong to this group when created
+defaultUserGroup = Domain Users
+# Default home directory for users
+defaultHomeDir = /home
+# user uid number start
+uidStart = 10000
+# group gid number start
+gidStart = 10000
+# LDAP log file path
+logfile = %(ldap_logfile_path)s
+# FDS log file path
+# logfile = /opt/fedora-ds/slapd-hostname/logs/access
+
+# you can specify here where you can authorized creation of your homedir
+# default is your defaultHomeDir
+# example:
+# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
+
+# LDAP user password scheme to use
+# Possible values are "ssha", "crypt" and "passmod"
+# "passmod" uses the LDAP Password Modify Extended Operations to change
+# password. The password encryption is done by the LDAP server.
+passwordscheme = passmod
+
+#[backup-tools]
+## Path of the backup tools
+#path = /usr/lib/mmc/backup-tools
+## Where are put the archives
+#destpath = /home/archives
+
+# Computer inventory plugin to use (Pulse 2 related option)
+# [computers]
+# method = glpi
+# method = inventory
+
+# Audit system configuration
+# If commented, the audit module will be disabled
+# [audit]
+# method = database
+# dbhost = localhost
+# MySQL and PostgreSQL backends are available
+# dbdriver = postgres
+# dbport = 5432
+# dbdriver = mysql
+# dbport = 3306
+# dbuser = audit
+# dbpassword = audit
+# dbname = audit
+
+# User authentication configuration
+#[authentication]
+# Authenticators chain
+#method = baseldap externalldap
+
+# baseldap authenticator configuration
+#[authentication_baseldap]
+# Set a list of login that will only be authentified using this authenticator
+#authonly = root
+
+# Externalldap authenticator configuration
+#[authentication_externalldap]
+# Login list that won't be authenticated with this authenticator.
+#exclude =
+# If set, only the speficied logins will be authenticated with this
+# authenticator.
+#authonly =
+# Set whether this authenticator is mandatory. If it is mandatory and can't be
+# validated during the mmc-agent activation phase, the mmc-agent exits with an
+# error.
+#mandatory = True
+# LDAP server URLs. The LDAP server are selected in the given order when
+# authenticating a user.
+#ldapurl = ldap://192.168.0.1:389 ldap://192.168.0.2:389
+# LDAP connection timeout in seconds. If the LDAP connection failed after this
+# timeout, we try the next LDAP server in the list or give up if it the last.
+#network_timeout =
+# LDAP suffix where to search for user
+#suffix = cn=Users,dc=mandriva,dc=com
+# How to bind to the LDAP. Empty if anonymous
+#bindname = cn=account, cn=Users, dc=linboxad, dc=com
+#bindpasswd = s3cr3t
+#bindname =
+#bindpasswd =
+# User filter
+#filter = objectClass=*
+# User attribute containing her/his login
+#attr = cn
+
+# User provisioning configuration
+#[provisioning]
+#method = externalldap
+
+# externalldap provisioner configuration
+#[provisioning_externalldap]
+# Login list that won't be provisioned with this provisioner
+#exclude = root
+# These attributes are mandatory to create a user
+#ldap_uid = cn
+#ldap_givenName = sn
+#ldap_sn = sn
+# Other attributes to fill in
+#ldap_mail = mail
+#...
+# We are able to fill the ACL fields the user logs in according to the value of
+# an attribute from the external LDAP.
+# What is the field name ?
+#profile_attr =
+# Here we define two profiles: profile1 and profile2
+# profile1 allows the user to log in and change her/his password in the web
+# interface
+#profile_acl_profile1= :base#users#passwd/
+# profile2 disallows the user to do anything (no ACL defined)
+#profile_acl_profile2 =
+# ... You can define as much profile_acl_* options as you need
+# For each profile, we can create a group of user, and put users with a given
+# profile in the corresponding group automatically when they log in.
+# Set the next line to True to activate profile to group mapping
+#profile_group_mapping = False
+# A prefix for the created group can be set
+#profile_group_prefix =
+
+# Example userdefault settings to support Kerberos
+# [userdefault]
+# objectClass = +krb5KDCEntry,krb5Principal
+# krb5KeyVersionNumber = 1
+# krb5KDCFlags = 126
+# krb5PrincipalName = %uid%@DOMAIN
+
+# Subscription informations
+# [subscription]
+# product_name = MDS
+# vendor_name = Mandriva
+# vendor_mail = sales@mandriva.com
+# customer_name =
+# customer_mail =
+# comment =
+# users = 0
+# computers = 0
+# # Support informations
+# support_mail = customer@customercare.mandriva.com
+# support_phone = 0810 LINBOX
+# support_comment =
+
diff --git a/slapos/recipe/pulse2/template/mmc_conf/plugins/ppolicy.ini.in b/slapos/recipe/pulse2/template/mmc_conf/plugins/ppolicy.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..ea4a9f8f6900d4876bdbe579af72286b963de62d
--- /dev/null
+++ b/slapos/recipe/pulse2/template/mmc_conf/plugins/ppolicy.ini.in
@@ -0,0 +1,26 @@
+[main]
+disable = 1
+
+[ppolicy]
+# Branch where the password policies are stored
+ppolicyDN = ou=Password Policies, %(baseDN)s
+# Name of the default password policy
+ppolicyDefault = default
+
+# This options are used only once to create the default password policy entry
+# into the LDAP
+[ppolicyattributes]
+pwdAttribute = userPassword
+pwdLockout = True
+pwdMaxFailure = 5
+pwdLockoutDuration = 900
+# Password can't be change if it not 7 days old
+pwdMinAge = 25200
+# Password expiration is 42 days
+pwdMaxAge = 3628800
+pwdMinLength = 8
+pwdInHistory = 5
+pwdMustChange = True
+# To check password quality
+pwdCheckModule = mmc-check-password.so
+pwdCheckQuality = 2
diff --git a/slapos/recipe/pulse2/template/my.cnf.in b/slapos/recipe/pulse2/template/my.cnf.in
new file mode 100644
index 0000000000000000000000000000000000000000..043fb3ad56bbea3b3e35766a9b019cd8dbf7cc77
--- /dev/null
+++ b/slapos/recipe/pulse2/template/my.cnf.in
@@ -0,0 +1,52 @@
+# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
+# The MySQL server
+[mysqld]
+# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
+# different engine, like MyISAM. Such behaviour generates problems only, when
+# tables requested as InnoDB are silently created with MyISAM engine.
+#
+# Loud fail is really required in such case.
+sql-mode="NO_ENGINE_SUBSTITUTION"
+
+skip-show-database
+port = %(tcp_port)s
+bind-address = %(ip)s
+socket = %(socket)s
+datadir = %(data_directory)s
+pid-file = %(pid_file)s
+log-error = %(error_log)s
+log-slow-file = %(slow_query_log)s
+long_query_time = 5
+max_allowed_packet = 128M
+query_cache_size = 32M
+
+plugin-load = ha_innodb_plugin.so
+
+# The following are important to configure and depend a lot on to the size of
+# your database and the available resources.
+#innodb_buffer_pool_size = 4G
+#innodb_log_file_size = 256M
+#innodb_log_buffer_size = 8M
+
+# Some dangerous settings you may want to uncomment if you only want
+# performance or less disk access. Useful for unit tests.
+#innodb_flush_log_at_trx_commit = 0
+#innodb_flush_method = nosync
+#innodb_doublewrite = 0
+#sync_frm = 0
+
+# Uncomment the following if you need binary logging, which is recommended
+# on production instances (either for replication or incremental backups).
+#log-bin=mysql-bin
+
+# Force utf8 usage
+collation_server = utf8_unicode_ci
+character_set_server = utf8
+skip-character-set-client-handshake
+
+[mysql]
+no-auto-rehash
+socket = %(socket)s
+
+[mysqlhotcopy]
+interactive-timeout
diff --git a/slapos/recipe/pulse2/template/mysqlinit.sql.in b/slapos/recipe/pulse2/template/mysqlinit.sql.in
new file mode 100644
index 0000000000000000000000000000000000000000..9189d8d13005b57f36817409f9f873eaec5ef189
--- /dev/null
+++ b/slapos/recipe/pulse2/template/mysqlinit.sql.in
@@ -0,0 +1,7 @@
+CREATE DATABASE IF NOT EXISTS %(database)s;
+GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
+GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
+GRANT SHOW DATABASES ON *.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
+GRANT SHOW DATABASES ON *.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
+FLUSH PRIVILEGES;
+EXIT
diff --git a/slapos/recipe/pulse2/template/php.ini.in b/slapos/recipe/pulse2/template/php.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..926ae32262a030d73a9883e8b91b1b41f49d6de6
--- /dev/null
+++ b/slapos/recipe/pulse2/template/php.ini.in
@@ -0,0 +1,11 @@
+[PHP]
+engine = On
+safe_mode = Off
+expose_php = On
+error_reporting = E_ALL | E_STRICT
+display_errors = On
+display_startup_errors = On
+log_errors = On
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/plugins/dyngroup.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/plugins/dyngroup.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..2d962546a164d05abd6da5f9817ba61079c872cc
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/plugins/dyngroup.ini.in
@@ -0,0 +1,34 @@
+[main]
+# Is the plugin disable ?
+disable = 0
+# Are dynamic group enable ?
+dynamic_enable = 1
+# Are profiles enable ?
+# profiles_enable = 0
+
+# Preselected module in the dynamic group creation page
+# default_module =
+
+# Maximum number of elements in the static group creation list
+# max_elements_for_static_list = 2000
+
+[database]
+dbdriver = mysql
+dbhost = %(mysql_host)s
+dbport = %(mysql_port)s
+dbuser = %(mysql_user)s
+dbpasswd = %(mysql_password)s
+dbname = dyngroup
+# dbsslenable = 0
+# dbsslca =
+# dbsslcert =
+# dbsslkey =
+# Database connection lifetime
+# dbpoolrecycle = 60
+# Database connection pool size
+# dbpoolsize = 5
+
+[querymanager]
+# can we query on group names ?
+activate = 0
+
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/plugins/glpi.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/plugins/glpi.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..0e05605608bf1aaa80728bdb6dcd1ec801b4b9c1
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/plugins/glpi.ini.in
@@ -0,0 +1,53 @@
+[main]
+disable = 0
+dbdriver = mysql
+dbhost = %(mysql_host)s
+dbport = %(mysql_port)s
+dbuser = %(mysql_user)s
+dbpasswd = %(mysql_password)s
+dbname = glpi
+# dbsslenable = 0
+# dbsslca =
+# dbsslcert =
+# dbsslkey =
+# Database connection lifetime
+# dbpoolrecycle = 60
+# Database connection pool size
+# dbpoolsize = 5
+
+# Allow users to filter computers list using an entity selector
+localisation = True
+# Accepted GLPI profiles. A user must have her/his GLPI profile in this list
+# else she/he can't display any computers from the GLPI inventory
+# active_profiles = profile1 profile2 profile3
+# Only display computers with the specified state
+# filter_on = state=3
+
+# Give the uri to link to for a computer inventory
+# glpi_computer_uri =
+# should be something like that :
+# glpi_computer_uri = http://localhost/glpi/front/computer.form.php?ID=
+
+# Tell whether the query manager of the dyngroup plugin can use this module
+[querymanager]
+activate = True
+
+#Â GLPI authentication configuration
+#[authentication_glpi]
+# URL to connect to the GLPI HTTP interface ?
+#baseurl = http://glpi-server/glpi/
+
+#Â GLPI provisioning configuration
+#[provisioning_glpi]
+# Users that will never be provisioned
+#exclude = root
+#Â Before provisioning, should we perform a GLPI authentication to create or
+# update the user informations in the GLPI database ?
+#doauth = 1
+#Â MMC web interface ACLs definition according to the user GLPI profile
+#profile_acl_profile1 = :##:base#main#default
+#profile_acl_profile2 =
+#profile_acl_profile3 =
+#Â If the user belong to more than one profile, the first profile of this list
+#Â will be used
+#profiles_order = profile1 profile2 profile3
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/plugins/imaging.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/plugins/imaging.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..bd48e36e4a98369e15fc9a20c2d26d29fb6ec1d1
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/plugins/imaging.ini.in
@@ -0,0 +1,35 @@
+[main]
+disable = 0
+
+[database]
+# dbdriver = mysql
+# dbhost = localhost
+# dbport = 3306
+# dbname = imaging
+# dbuser = mmc
+# dbpasswd = mmc
+# dbsslenable = 0
+# dbsslca = /etc/mmc/pulse2/imaging/cacert.pem
+# dbsslcert = /etc/mmc/pulse2/imaging/cert.pem
+# dbsslkey = /etc/mmc/pulse2/imaging/key.pem
+# Database connection lifetime
+# dbpoolrecycle = 60
+# Database connection pool size
+# dbpoolsize = 5
+
+# [web]
+# ##### Interface customization #####
+# user may want to override the way dates are displayed (see http://www.php.net/date for more informations)
+# web_def_date_fmt = "%Y-%m-%d %H:%M:%S"
+# web_def_default_protocol = nfs
+# Menu settings
+# web_def_default_menu_name = Menu
+# web_def_default_timeout = 60
+# web_def_default_background_uri =
+# web_def_default_message = Warning ! Your PC is being backed up or restored. Do not reboot !
+# start options
+# web_def_kernel_parameters = quiet
+# backup/restore options
+# web_def_image_parameters =
+
+
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/plugins/inventory.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/plugins/inventory.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..0e90816de565095e6b8471920019f8afe4dc7977
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/plugins/inventory.ini.in
@@ -0,0 +1,73 @@
+[main]
+disable = 0
+displayLocalisationBar = 0
+# Example of software filter when querying a computer inventory.
+# All softwares containing the KB string will be excluded
+# software_filter = %KB%
+
+[inventory]
+dbdriver = mysql
+dbhost = %(mysql_host)s
+dbport = %(mysql_port)s
+dbuser = %(mysql_user)s
+dbpasswd = %(mysql_password)s
+dbname = inventory
+dbsslenable = 0
+dbsslca = %(inventory_ssl_cacert)s
+dbsslcert = %(inventory_ssl_cert)s
+dbsslkey = %(inventory_ssl_key)s
+# Database connection lifetime
+# dbpoolrecycle = 60
+# Database connection pool size
+# dbpoolsize = 5
+
+[computers]
+# display = cn::Computer Name||displayName::Description
+# content =
+
+[expert_mode]
+Bios = BiosVersion|ChipSerial|BiosVendor|SmbManufacturer|SmbProduct|SmbVersion|SmbSerial|SmbUUID|SmbType|DateFirstSwitchOn
+Network = CardType|MIB|Bandwidth|NetworkType|SubnetMask|State
+Hardware = Build|Version|ProcessorCount|SwapSpace|User|Date|Workgroup|RegisteredName|RegisteredCompany|OSSerialNumber|Type|OsSerialKey|ProcessorFrequency|Host
+Software = ProductPath|Type|Icon|UninstallPath|ExecutableSize|Application
+Controller = ExpandedType|HardwareVersion|StandardType
+Drive = DriveType|FileCount|FileSystem
+Input = StandardDescription|ExpandedDescription|Connector
+Memory = ExtendedDescription|SlotCount
+Monitor = Stamp|Type|Serial|Manuf
+Pci =
+Port = Stamp
+Printer =
+Slot =
+Sound = Description
+Storage = ExtendedType|VolumeName|Media
+VideoCard =
+
+[graph]
+Network = Gateway
+Hardware = OperatingSystem|ProcessorType
+Memory = Size
+
+# [querymanager]
+# list = Entity/Label||Software/ProductName||Hardware/ProcessorType||Hardware/OperatingSystem||Drive/TotalSpace||Inventory/Date
+# double = Software/Products::Software/ProductName##Software/ProductVersion
+# halfstatic = Registry/Value/display name::Path##DisplayName
+# extended = Inventory/Date||Drive/TotalSpace
+
+# [provisioning_inventory]
+# Users that will never be provisioned
+# exclude = root
+# A user can be automatically linked to a list of entities according to his
+# profile.
+# What is the LDAP field name that defines its profile name ?
+# profile_attr =
+# Here are the possible notations for profile to entities mapping:
+# A simple list of the entities names
+# profile_entity_profile1 = entityA entityB
+# The dot char is the root entity
+# profile_entity_profile2 = .
+# In this example the content of the multi-valued 'pulse2entity' LDAP attribute
+# will be used
+# profile_entity_profile3 = %pulse2entity%
+# Here the provisioning plugin 'network_to_entity' will be used
+# profile_entity_profile4 = plugin:network_to_entity
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/plugins/msc.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/plugins/msc.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..cdb2ed9a257f31ccbc2c9cf08ecc77d4e3621520
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/plugins/msc.ini.in
@@ -0,0 +1,143 @@
+[main]
+disable = 0
+
+[msc]
+# repopath = /var/lib/pulse2/packages
+# qactionspath = /var/lib/pulse2/qactions
+# download_directory_path = /var/lib/pulse2/downloads
+# dbdriver = mysql
+# dbhost = localhost
+# dbport = 3306
+# dbname = msc
+# dbuser = mmc
+# dbpasswd = mmc
+# dbdebug = ERROR
+# Database connection lifetime
+# dbpoolrecycle = 60
+# Database connection pool size
+# dbpoolsize = 5
+# SSL support
+# dbsslenable = 0
+# dbsslca =
+# dbsslcert =
+# dbsslkey =
+# Computer's IP addresses filtering
+# ignore_non_rfc2780 = 1
+# ignore_non_rfc1918 = 0
+# Comma separated values of excluded or included IP addresses or ranges
+# For example: exclude_ipaddr = 192.168.0.1,10.0.0.0/10.255.255.255
+# Included addresses are never filtered.
+# exclude_ipaddr =
+# include_ipaddr =
+# Computer's host name filtering
+# ignore_non_fqdn = 0
+# ignore_invalid_hostname = 0
+# Space separated list regexp for rejected or accepted host name
+# Host name matching the regexp in include_hostname are always accepted
+# For example: exclude_hostname = ^computer[0-9]*$ ^server[0-9]*$
+# exclude_hostname =
+# include_hostname =
+# Computer's MAC addresses filtering
+# wol_macaddr_blacklist =
+# default scheduler used by the msc
+default_scheduler = scheduler_01
+
+[scheduler_api]
+host = %(ipv4)s
+port = 9990
+username =
+password =
+enablessl = 1
+# verifypeer = 0
+# cacert =
+# localcert =
+
+[scheduler_01]
+host = %(ipv4)s
+port = 8000
+username = username
+password = password
+enablessl = 1
+# verifypeer = 0
+# cacert =
+# localcert =
+
+[web]
+# ##### Interface customization #####
+# user may want to override the way dates are displayed (see http://www.php.net/date for more informations)
+# web_def_date_fmt = "%Y-%m-%d %H:%M:%S"
+#
+# ##### Deployment default settings #####
+# pre-check the "awake" checkbox in 'standard' deploy mode
+# web_def_awake = 1
+# pre-check the "do inventory" checkbox in 'standard' deploy mode
+# web_def_inventory = 1
+# hidden option
+# web_show_reboot = 0
+# pre-select the following mode in 'advanced' deploy mode
+
+# the two available modes are push and push_pull
+# web_def_mode = push
+# if set to False, the following setting allow the user to toggle between push and push/pull mode in advanced mode
+# web_force_mode = True
+# web_def_maxbw = 0
+# web_def_delay = 60
+# web_def_attempts = 3
+# web_def_deployment_intervals =
+# web_dlpath =
+# Max bandwidth for file download in Kbit/s
+# web_def_dlmaxbw = 0
+#
+# ##### Proxy default settings ####
+# May the local proxy system be used ?
+# web_allow_local_proxy = False
+# default proxy mode, defaut "multiple", other possible value "single"
+# web_def_local_proxy_mode = multiple
+# Max number of clients per proxy in proxy mode
+# web_def_max_clients_per_proxy = 10
+# Number of auto-selected proxy in semi-auto mode
+# web_def_proxy_number = 2
+# default mode (semi_auto / manual)
+# web_def_proxy_selection_mode = semi_auto
+#
+# ##### VNC Applet default settings ####
+# Here we may define the VNC applet behavior (in some way)
+# may the VNC applet used ? (this setting simply (en/dis)able the display of the VNC action button)
+# vnc_show_icon = True
+# allow user to interact with remote desktop ?
+# vnc_view_only = True
+# use the following VNC client pre-defined rules,
+# currently available profiles:
+# fiber: for high speed local networks (low latency, 10 Mb/s per connection)
+# lan: for 100 Mb local networks (low latency, 3 Mb/s per connection)
+# cable: for high-end broadband links (high latency, 400 kb/s per connection)
+# dsl: for low-end broadband links (high latency, 120 kb/s per connection)
+# isdn: (high latency, 75 kb/s)
+# vnc_network_connectivity = lan
+# display applet control to user
+# vnc_allow_user_control = False
+# the port to use to connect to a VNC
+# vnc_port = 5900
+
+#
+# ##### Client probing behavior ####
+# the LED which represents the client status can take four colors:
+# black => no probe done
+# red => all probe failed
+# orange => minimal probe succedeed (ping), maximal probe failed (ssh)
+# green => all probe succedeed
+# available probes are: none (field is empty), ping, ssh, ping_ssh (ie. both)
+# for networks where icmp is not allowed, ping may be disabled: probe_order=ssh
+# to speed-up display, ssh may be disabled: probe_order=ping
+# to fully disable probe: probe_order=
+# default conf: ping_ssh, in other terms: ping = orange, ssh = green
+# probe_order=ping_ssh
+
+[package_api]
+# mserver = 127.0.0.1
+# mport = 9990
+# mmountpoint = /rpc
+# enablessl = 1
+# verifypeer = 0
+# localcert =
+# cacert =
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/plugins/pkgs.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/plugins/pkgs.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..70f2f44d9b18bb5a3c979ca2bbd607044e769691
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/plugins/pkgs.ini.in
@@ -0,0 +1,15 @@
+[main]
+disable = 0
+
+[user_package_api]
+server = localhost
+port = 9990
+mountpoint = /upaa
+username =
+password =
+enablessl = 1
+# verifypeer = 0
+# cacert =
+# localcert =
+
+
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/plugins/pulse2.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/plugins/pulse2.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..8be42c1a96ff6625cab287c500bd1349d5dbecc3
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/plugins/pulse2.ini.in
@@ -0,0 +1,16 @@
+[main]
+disable = 0
+
+# [database]
+# dbdriver = mysql
+# dbhost = localhost
+# dbport = 3306
+# dbname = pulse2
+# dbuser = mmc
+# dbpasswd = mmc
+# dbsslenable = 0
+# dbsslca =
+# dbsslcert =
+# dbsslkey =
+
+
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/atftpd/pcre.conf.in b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/atftpd/pcre.conf.in
new file mode 100644
index 0000000000000000000000000000000000000000..8065552c848c79b31139b660a0c1c444159b9f7e
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/atftpd/pcre.conf.in
@@ -0,0 +1,14 @@
+^/tftpboot/revoboot/bin/revoboot.pxe$ bootloader/pxe_boot
+^/bootloader/pxe_boot$ bootloader/pxe_boot
+^/bootloader/bootsplash.xpm$ bootloader/bootsplash.xpm
+^/bootmenus/default bootmenus/default
+^/bootmenus/([0-9A-F]{12}) bootmenus/$1
+^/bootmenus/([0-9A-F]{8}) bootmenus/$1
+^/custom/(.+) custom/$1
+^/diskless/kernel$ diskless/kernel
+^/diskless/initrd$ diskless/initrd
+^/diskless/memtest$ diskless/memtest
+^/tools/memtest$ diskless/memtest
+^/masters/(.+) masters/$1
+^/(.*)$ ?
+.* ?
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/imaging-server/imaging-server.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/imaging-server/imaging-server.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..e4b2c379b6f3e6d6dbc866064e511a883ea2bbc5
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/imaging-server/imaging-server.ini.in
@@ -0,0 +1,116 @@
+[main]
+# We will bind on this address ...
+# host = 0.0.0.0
+# ... and this UDP port
+# port = 1001
+# required password to record a client, not checked if empty
+# adminpass =
+
+[daemon]
+# as we are a service, we need some info to be run, such as:
+# - the identity we will run into
+# user = root
+# group = root
+# - our umask
+# umask = 0077
+# and where to record our PID
+# pidfile= /var/run/pulse2-imaging-server.pid
+
+[package-server]
+# here are described how to talk to our referent package server
+#
+# host = 127.0.0.1
+# port = 9990
+# mount_point = /imaging_api
+# enablessl = True
+# username = username
+# password = password
+# cacert = /etc/mmc/pulse2/imaging-server/keys/cacert.pem
+# localcert = /etc/mmc/pulse2/imaging-server/keys/privkey.pem
+# verifypeer = False
+
+[hooks]
+# hooks_dir = /usr/lib/pulse2/imaging-server/hooks
+#
+# 0xAD => "I'm new" action : menu creation request, triggered by the bootloader
+# arg[1] = source MAC (short)
+# arg[2] = given ID (short)
+# arg[3] = given PASSWORD (optionnal)
+# exit 0 on success
+# create_client_path = create_client
+#
+# 0xAA => "I just booted" action : menu update request + inventory processing request, triggered by the bootloader
+# arg[1] = source MAC (short)
+# boot_client_path = boot_client
+# arg[1] = source MAC (short)
+# arg[2] = where the inventory is temporaly stored
+# process_inventory_path = process_inventory
+#
+# 0xEC => "I just started a backup" : start a backup request, triggered by revoinc
+# arg[1] = source MAC (short)
+# arg[2] = kind of backup (L = image, B = Master)
+# exit 0 on success
+# start_image_path = start_image
+#
+# 0xED => "I just finished a backup" : end a backup request, triggered by revodoneimage
+# end_image_path = end_image
+#
+# 0xCD => "Change my default menu" => change default menu request, triggered by revodefault
+# arg[1] = source MAC (short)
+# arg[2] = item to use
+# exit 0 on success
+# change_default_path = change_default
+#
+# 0x4C => log stuff
+# arg[1] = source MAC (short)
+# arg[2] = action :
+# 0 => booted
+# 1 => took item arg[3]
+# 2 => starting restoration (more info in arg[3])
+# 3 => finished restoration (more info in arg[3])
+# 4 => starting backup (more info in arg[3])
+# 5 => finished backup (more info in arg[3])
+# 6 => started postinst
+# 7 => finished postinst
+# 8 => critical error
+# arg[3] = optional, see upper
+# exit 0 on success
+# log_action_path = log_action
+#
+# 0x1A => asks for its UUID
+# arg[1] = source MAC (short)
+# exit 0 on success, UUID is the last line on stdout
+# get_uuid_path = get_uuid
+#
+# 0x1B => asks for its Hostname
+# arg[1] = source MAC (short)
+# exit 0 on success, hostname is the last line on stdout
+# get_hostname_path = get_hostname
+#
+# 0x54 => ask for time sync (for mtftp)
+# arg[1] = source MAC (short)
+# arg[2] = computed sync
+# exit 0 on success
+# mtftp_sync_path = mtftp_sync
+
+[loggers]
+keys = root
+
+[handlers]
+keys = hand01
+
+[formatters]
+keys = form01
+
+[logger_root]
+level = NOTSET
+handlers = hand01
+
+[handler_hand01]
+class = FileHandler
+level = INFO
+formatter = form01
+args = ("/var/log/mmc/pulse2-imaging-server.log",)
+
+[formatter_form01]
+format = %(asctime)s %(levelname)s %(message)s
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/inventory-server.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/inventory-server.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..0f36a78fb00df93c2f5e07b4d7bdff35e0d16046
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/inventory-server.ini.in
@@ -0,0 +1,68 @@
+[main]
+# host =
+# port = 9999
+# ocsmapping = /etc/mmc/pulse2/inventory-server/OcsNGMap.xml
+# enablessl = False
+# verifypeer = False
+# cacert = /etc/mmc/pulse2/inventory-server/keys/cacert.pem
+# localcert = /etc/mmc/pulse2/inventory-server/keys/privkey.pem
+# to put the data from the registry as hostname
+# hostname = Hardware/Host # by default
+# default_entity = .
+# entities_rules_file =
+
+[database]
+# dbdriver = mysql
+# dbhost = localhost
+# dbport = 3306
+# dbname = inventory
+# dbuser = mmc
+# dbpasswd = mmc
+# dbpoolrecycle = 60
+# dbsslenable = 0
+# dbsslca = /etc/mmc/pulse2/inventory/cacert.pem
+# dbsslcert = /etc/mmc/pulse2/inventory/cert.pem
+# dbsslkey = /etc/mmc/pulse2/inventory/key.pem
+
+[daemon]
+# pidfile = /var/run/pulse2-inventory-server.pid
+# user = root
+# group = root
+# umask = 0077
+# Example of non-root execution settings:
+# user = mmc
+# group = mmc
+# umask = 0007
+
+# [option_01]
+# NAME = REGISTRY
+# PARAM_01 = NAME::srvcomment||REGKEY::SYSTEM\CurrentControlSet\Services\lanmanserver\parameters||REGTREE::2##srvcomment
+# PARAM_02 = NAME::DisplayName||REGKEY::SYSTEM\CurrentControlSet\Services\lanmanserver||REGTREE::2##DisplayName
+
+[loggers]
+keys=root
+
+[handlers]
+keys=hand01,hand02
+
+[formatters]
+keys=form01
+
+[logger_root]
+level=NOTSET
+handlers=hand01
+
+[handler_hand01]
+class=FileHandler
+level=INFO
+formatter=form01
+args=("/var/log/mmc/pulse2-inventory-server.log",)
+
+[handler_hand02]
+class=StreamHandler
+level=DEBUG
+args=(sys.stderr,)
+
+[formatter_form01]
+format=%(asctime)s %(levelname)s %(message)s
+
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/keys/cacert.pem b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/keys/cacert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..11791e682caeaccdabc55812d2cf220e72928b69
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/keys/cacert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmjCCAkSgAwIBAgIJALq48auj/cmmMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNV
+BAYTAkZSMQswCQYDVQQIEwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGlu
+Ym94MQ0wCwYDVQQDEwRjZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5j
+b20wHhcNMDUwODAyMTI1NjA1WhcNMDgwNDI4MTI1NjA1WjBpMQswCQYDVQQGEwJG
+UjELMAkGA1UECBMCTkExDTALBgNVBAcTBE1ldHoxDzANBgNVBAoTBkxpbmJveDEN
+MAsGA1UEAxMEY2VydDEeMBwGCSqGSIb3DQEJARYPaW5mb0BsaW5ib3guY29tMFww
+DQYJKoZIhvcNAQEBBQADSwAwSAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvM
+LYWiaqQe5XK5n08F9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAaOBzjCB
+yzAdBgNVHQ4EFgQUJ8QwuXYP+uu6tWjtl4y6j/6CiR0wgZsGA1UdIwSBkzCBkIAU
+J8QwuXYP+uu6tWjtl4y6j/6CiR2hbaRrMGkxCzAJBgNVBAYTAkZSMQswCQYDVQQI
+EwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGluYm94MQ0wCwYDVQQDEwRj
+ZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5jb22CCQC6uPGro/3JpjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAfKZ53wZqWetaf6XN06PdUUyb
+orjbJtFQJQYBoXpqfrTH78Sna+uaCRlC+4BBAPx6Tz7ZoWqHt84GBf1WIXOscA==
+-----END CERTIFICATE-----
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/keys/privkey.pem b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/keys/privkey.pem
new file mode 100644
index 0000000000000000000000000000000000000000..aaa698fa09d901d5b914454d1c004f04dd5ac7a1
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/keys/privkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvMLYWiaqQe5XK5n08F
+9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAQJAC+eSufYB1qL4M1LR2wtq
+moC8xT9tLxJt2Vm662zQ628PhbzdaJBFGlHpC5jdsw/J1r56D+eVTOiVrMKKd3Lk
+gQIhAPjir/qwx0ssVfiW1xioj33tR3Dxpd8pYPTKZBWuknXZAiEAwIlhZ1sSFulo
+eOTJgvhga3PClKI7qcRlUEVAkfzoQ2cCIGKWKO88pzT30vYtifaSjoRrQSlUD0he
+s7FDmnGcPRfBAiEAp39co4PQ6unHn1S6EhxuFUyxvIieiwR2dyyoDdkNXoUCIQCD
+KeWLYFVEXcNqdgC2tjIzbBR03UQXt3eFrovjeox1pA==
+-----END RSA PRIVATE KEY-----
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/keys/cacert.pem b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/keys/cacert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..11791e682caeaccdabc55812d2cf220e72928b69
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/keys/cacert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmjCCAkSgAwIBAgIJALq48auj/cmmMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNV
+BAYTAkZSMQswCQYDVQQIEwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGlu
+Ym94MQ0wCwYDVQQDEwRjZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5j
+b20wHhcNMDUwODAyMTI1NjA1WhcNMDgwNDI4MTI1NjA1WjBpMQswCQYDVQQGEwJG
+UjELMAkGA1UECBMCTkExDTALBgNVBAcTBE1ldHoxDzANBgNVBAoTBkxpbmJveDEN
+MAsGA1UEAxMEY2VydDEeMBwGCSqGSIb3DQEJARYPaW5mb0BsaW5ib3guY29tMFww
+DQYJKoZIhvcNAQEBBQADSwAwSAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvM
+LYWiaqQe5XK5n08F9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAaOBzjCB
+yzAdBgNVHQ4EFgQUJ8QwuXYP+uu6tWjtl4y6j/6CiR0wgZsGA1UdIwSBkzCBkIAU
+J8QwuXYP+uu6tWjtl4y6j/6CiR2hbaRrMGkxCzAJBgNVBAYTAkZSMQswCQYDVQQI
+EwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGluYm94MQ0wCwYDVQQDEwRj
+ZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5jb22CCQC6uPGro/3JpjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAfKZ53wZqWetaf6XN06PdUUyb
+orjbJtFQJQYBoXpqfrTH78Sna+uaCRlC+4BBAPx6Tz7ZoWqHt84GBf1WIXOscA==
+-----END CERTIFICATE-----
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/keys/privkey.pem b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/keys/privkey.pem
new file mode 100644
index 0000000000000000000000000000000000000000..aaa698fa09d901d5b914454d1c004f04dd5ac7a1
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/keys/privkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvMLYWiaqQe5XK5n08F
+9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAQJAC+eSufYB1qL4M1LR2wtq
+moC8xT9tLxJt2Vm662zQ628PhbzdaJBFGlHpC5jdsw/J1r56D+eVTOiVrMKKd3Lk
+gQIhAPjir/qwx0ssVfiW1xioj33tR3Dxpd8pYPTKZBWuknXZAiEAwIlhZ1sSFulo
+eOTJgvhga3PClKI7qcRlUEVAkfzoQ2cCIGKWKO88pzT30vYtifaSjoRrQSlUD0he
+s7FDmnGcPRfBAiEAp39co4PQ6unHn1S6EhxuFUyxvIieiwR2dyyoDdkNXoUCIQCD
+KeWLYFVEXcNqdgC2tjIzbBR03UQXt3eFrovjeox1pA==
+-----END RSA PRIVATE KEY-----
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/launchers.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/launchers.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..71590fec4155a365f4bce793553a7e1a15061b97
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/launchers.ini.in
@@ -0,0 +1,160 @@
+[launchers]
+# Pulse2 Launcher path
+# launcher_path = /usr/sbin/pulse2-launcher
+
+## Misc locations ##
+# Source directory for push mode
+# source_path = /var/lib/pulse2/packages
+
+## Workflow-related commands ##
+# global ping command
+# ping_path = /usr/sbin/pulse2-ping
+# global inventory command
+# inventory_command = export P2SRV=`echo $SSH_CONNECTION | cut -f1 -d\ `; export P2PORT=9999; export http_proxy=""; export ftp_proxy=""; ( [ -x /cygdrive/c/Program\ Files/OCS\ Inventory\ Agent/OCSInventory.exe ] && /cygdrive/c/Program\ Files/OCS\ Inventory\ Agent/OCSInventory.exe /np /server:$P2SRV /pnum:$P2PORT ) || ( [ -x /usr/bin/ocsinventory-agent ] && /usr/bin/ocsinventory-agent --server=http://$P2SRV:$P2PORT ) || ( [ -x /usr/sbin/ocsinventory-agent ] && /usr/sbin/ocsinventory-agent --server=http://$P2SRV:$P2PORT ) || ( [ -x /usr/local/sbin/ocs_mac_agent.php ] && /usr/local/sbin/ocs_mac_agent.php )
+# global reboot command
+# reboot_command = /bin/shutdown.exe -f -r 1 || shutdown -r now
+# global halt command
+# halt_command = /bin/shutdown.exe -f -s 1 || shutdown -h now
+
+## Target on client ##
+# target directory on client
+# target_path = /tmp
+# temp folder name prefix on client
+# temp_folder_prefix = MDVPLS
+
+## Foll-proofing ##
+# Above this amount of seconds the command will automatically be killed.
+# max_command_age = 86400
+# Above this amount of seconds a computer will be considered as
+# unreachable.
+# max_ping_time = 4
+# Above this amount of seconds a computer will be considered as without
+# ssh installed
+# max_probe_time = 20
+
+[daemon]
+# the place were we put the daemons's PID files
+# pidfile = /var/run/pulse2
+# user = root
+# group = root
+# umask = 0077
+# Example of non-root execution settings:
+# user = mmc
+# group = mmc
+# umask = 0007
+
+[wrapper]
+# wrapper path
+# path = /usr/sbin/pulse2-output-wrapper
+# cap the amount of logs a wrapper can generate (in bytes)
+# max_log_size = 512000
+# wrapper will quit it process takes longer to complete (in seconds)
+# max_exec_time = 21600
+
+[ssh]
+# defaultkey is the name of the default SSH key
+# default_key = default
+# openssl binaries path
+# scp_path = /usr/bin/scp
+# ssh_path = /usr/bin/ssh
+# ssh_agent_path = /usr/bin/ssh-agent
+# sshkey_default = /root/.ssh/id_dsa
+# sshkey_mysecondkey = /somewhere/my_second_key
+# options passed to SSH via "-o"
+# ssh_options = LogLevel=ERROR UserKnownHostsFile=/dev/null StrictHostKeyChecking=no Batchmode=yes PasswordAuthentication=no ServerAliveInterval=10 CheckHostIP=no ConnectTimeout=10
+# ssh's keyforwarding control: never, always, or let (aka 'let the scheduler decide')
+# forward_key = let
+
+[wget]
+# wget binary path (on client)
+# wget_path = /usr/bin/wget
+# wget_options =
+# check_certs = False
+# resume = True
+
+[rsync]
+# rsync_path = /usr/bin/rsync
+# resume = True
+# set_executable can be yes, no or keep
+# set_executable = yes
+# set_access can be private, restricted or public
+# set_access = private
+
+[wol]
+# Pulse2 WOL Path
+# wol_path = /usr/sbin/pulse2-wol
+# wol_port = 40000
+# wol_bcast = 255.255.255.255
+
+[tcp_sproxy]
+# Pulse2 SSH Proxy path
+# tcp_sproxy_path = /usr/sbin/pulse2-tcp-sproxy
+# The "external" VNC IP adress
+# tcp_sproxy_host =
+# The TCP range to attribue to the proxy
+# tcp_sproxy_port_range = 8100-8200
+# the initial ssh connection to the client timeout
+# tcp_sproxy_establish_delay = 20
+# the initial VNC connection to the proxy timeout
+# tcp_sproxy_connect_delay = 60
+# the number of seconds a connection will stay open after the initial handshake
+# tcp_sproxy_session_lenght = 3600
+
+[smart_cleaner]
+# Pulse2 Smart Cleaner path (on the target); if empty we do not use it
+# smart_cleaner_path = /usr/bin/pulse2-smart-cleaner.sh
+# cleaner options, space separated, see doc
+# smart_cleaner_options =
+
+[scheduler_01]
+# host = 127.0.0.1
+# port = 8000
+# enablessl = True
+# username = username
+# password = password
+# periodicaly talk to our referent scheduler
+# awake_time = 600
+# add some randomness in our wake-ups
+# awake_incertitude_factor = .2
+# if set to yes, do no send results directly after a command completion
+# defer_results = no
+
+# Launchers sections, one per launcher
+[launcher_01]
+# bind = 127.0.0.1
+port = 8001
+# slots = 300
+# username = username
+# password = password
+# scheduler = scheduler_01
+enablessl = True
+cacert = /etc/mmc/pulse2/launchers/keys/cacert.pem
+localcert = /etc/mmc/pulse2/launchers/keys/privkey.pem
+verifypeer = False
+# You can override the logger configuration of this launcher with the
+# loggconffile option, else the logger configuration from the current file will
+# be used.
+# logconffile = /etc/mmc/pulse2/launchers/log_launcher_01.ini
+
+[loggers]
+keys = root
+
+[handlers]
+keys = hand01
+
+[formatters]
+keys = form01
+
+[logger_root]
+level = NOTSET
+handlers = hand01
+
+[handler_hand01]
+class = FileHandler
+level = INFO
+formatter = form01
+args = ("/var/log/mmc/pulse2-launchers.log",)
+
+[formatter_form01]
+format = %(asctime)s %(levelname)s %(message)s
+
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/log_launcher_01.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/log_launcher_01.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..032f43c21f53c7708d6b82d10906cf0dab52ca4b
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/log_launcher_01.ini.in
@@ -0,0 +1,21 @@
+[loggers]
+keys = root
+
+[handlers]
+keys = hand01
+
+[formatters]
+keys = form01
+
+[logger_root]
+level = NOTSET
+handlers = hand01
+
+[handler_hand01]
+class = FileHandler
+level = INFO
+formatter = form01
+args = ("/var/log/mmc/pulse2-launcher-01.log",)
+
+[formatter_form01]
+format = %(asctime)s %(levelname)s %(message)s
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc-windows.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc-windows.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..f8affcdef01526f89d3ae1f9fd6680e5adb096a0
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc-windows.ini.in
@@ -0,0 +1,58 @@
+[main]
+server =
+port = 9999
+command_name = C:\Program Files\OCS Inventory Agent\OCSInventory.exe
+command_attr = /SERVER:127.0.0.1 /PNUM:9999
+enablessl = True
+verifypeer = False
+cacert = cacert.pem
+localcert = privkey.pem
+
+# [polling]
+# activate = 0
+# type = reg
+# time = 600
+# path = HKEY_LOCAL_MACHINE\Software\Mandriva\Inventory\Client\do_inventory
+
+[loggers]
+keys = root
+
+[handlers]
+keys = hand01
+
+[formatters]
+keys = form01
+
+[logger_root]
+level = NOTSET
+handlers = hand01
+
+[handler_hand01]
+class = handlers.NTEventLogHandler
+level = INFO
+formatter = form01
+args = ("Pulse 2 Proxy SSL",)
+
+# [handler_hand01]
+# class = handlers.RotatingFileHandler
+# level = DEBUG
+# formatter = form01
+# args = ("C:\\Program Files\\Mandriva\\Pulse2 Inventory SSL Proxy\\log.txt", "a", 100*1024, 5)
+
+[formatter_form01]
+format = %(asctime)s %(levelname)s %(message)s
+
+# Xml update add extra information to OCS XML output
+[xmlupdate]
+# execute the update
+enable = False
+# keep a local copy of the updated XML
+keepxmlupdate = False
+# notify software updates
+updatedetection = False
+# add software icons to XML output
+addicon = False
+
+# add OCS execution debug to OCS XML output
+[ocsdebug]
+enable = False
\ No newline at end of file
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..fbc3139e84210f2e39acf71a8aa5cb0b72f260af
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc.ini.in
@@ -0,0 +1,11 @@
+[main]
+# server =
+# port = 9999
+# path = /
+# tmpdirname = /tmp/Pulse2InventoryProxy
+# command_name = /usr/local/bin/ocsinventory-agent
+# command_attr = -l /tmp/Pulse2InventoryProxy
+# enablessl = True
+# key_file = conf/key/privkey.pem
+# cert_file = conf/key/cacert.pem
+
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/keys/cacert.pem b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/keys/cacert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..11791e682caeaccdabc55812d2cf220e72928b69
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/keys/cacert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmjCCAkSgAwIBAgIJALq48auj/cmmMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNV
+BAYTAkZSMQswCQYDVQQIEwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGlu
+Ym94MQ0wCwYDVQQDEwRjZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5j
+b20wHhcNMDUwODAyMTI1NjA1WhcNMDgwNDI4MTI1NjA1WjBpMQswCQYDVQQGEwJG
+UjELMAkGA1UECBMCTkExDTALBgNVBAcTBE1ldHoxDzANBgNVBAoTBkxpbmJveDEN
+MAsGA1UEAxMEY2VydDEeMBwGCSqGSIb3DQEJARYPaW5mb0BsaW5ib3guY29tMFww
+DQYJKoZIhvcNAQEBBQADSwAwSAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvM
+LYWiaqQe5XK5n08F9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAaOBzjCB
+yzAdBgNVHQ4EFgQUJ8QwuXYP+uu6tWjtl4y6j/6CiR0wgZsGA1UdIwSBkzCBkIAU
+J8QwuXYP+uu6tWjtl4y6j/6CiR2hbaRrMGkxCzAJBgNVBAYTAkZSMQswCQYDVQQI
+EwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGluYm94MQ0wCwYDVQQDEwRj
+ZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5jb22CCQC6uPGro/3JpjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAfKZ53wZqWetaf6XN06PdUUyb
+orjbJtFQJQYBoXpqfrTH78Sna+uaCRlC+4BBAPx6Tz7ZoWqHt84GBf1WIXOscA==
+-----END CERTIFICATE-----
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/keys/privkey.pem b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/keys/privkey.pem
new file mode 100644
index 0000000000000000000000000000000000000000..aaa698fa09d901d5b914454d1c004f04dd5ac7a1
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/keys/privkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvMLYWiaqQe5XK5n08F
+9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAQJAC+eSufYB1qL4M1LR2wtq
+moC8xT9tLxJt2Vm662zQ628PhbzdaJBFGlHpC5jdsw/J1r56D+eVTOiVrMKKd3Lk
+gQIhAPjir/qwx0ssVfiW1xioj33tR3Dxpd8pYPTKZBWuknXZAiEAwIlhZ1sSFulo
+eOTJgvhga3PClKI7qcRlUEVAkfzoQ2cCIGKWKO88pzT30vYtifaSjoRrQSlUD0he
+s7FDmnGcPRfBAiEAp39co4PQ6unHn1S6EhxuFUyxvIieiwR2dyyoDdkNXoUCIQCD
+KeWLYFVEXcNqdgC2tjIzbBR03UQXt3eFrovjeox1pA==
+-----END RSA PRIVATE KEY-----
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/package-server.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/package-server.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..39e6a109eeb42f884e9e7092593670ed3dab0c21
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/package-server.ini.in
@@ -0,0 +1,200 @@
+[main]
+# ----------
+# NETWORKING
+# ----------
+# port = 9990
+# host =
+# The public IP send when a client agent is wondering how to reach this package server, set to the "host" parameter value if not defined
+# public_ip =
+#
+# --------
+# PACKAGES
+# --------
+# Is package autodetection activated ?
+# package_detect_activate = 0
+# Time between two loops of detection
+# package_detect_loop = 60
+# methods in none, last_time_modification, check_size
+# for more than 1 method, separate with ","
+# package_detect_smart_method = none
+# package_detect_smart_time = 60
+# Package api can synhronise package data to others servers
+# package_mirror_loop = 5
+# package synchronisation targets
+# package_mirror_target =
+# package synchronisation state file. used only if package_mirror_target is defined
+# File where pending sync are written so that they can be finished on package server restart.
+# package_mirror_status_file = /var/data/mmc/status
+# package synchronisation command to use
+# package_mirror_command = /usr/bin/rsync
+# package synchronisation command options
+# package_mirror_command_options = -ar --delete
+# package synchronisation command on only one level options
+# package_mirror_level0_command_options = -d --delete
+# options passed to SSH via "-o" if specified --rsh is automatically added to package_mirror_command_options
+# package_mirror_command_options_ssh_options =
+# for example
+# package_mirror_command_options_ssh_options = IdentityFile=/root/.ssh/id_dsa StrictHostKeyChecking=no Batchmode=yes PasswordAuthentication=no ServerAliveInterval=10 CheckHostIP=no ConnectTimeout=10
+# loop for the sync of the whole package directory
+# can only be activated when package_mirror_target is given
+# package_global_mirror_activate = 1
+# package_global_mirror_loop = 3600
+# package_global_mirror_command_options = -ar --delete
+# real package deletion
+# real_package_deletion = 0
+#
+# ----------
+# MISC STUFF
+# ----------
+# machine/mirror assign algo
+# mm_assign_algo = default
+# user/packageput assign algo
+# up_assign_algo = default
+# tmp_input_dir = /tmp/packages/default
+
+[daemon]
+# the place were we put the daemons's PID files
+# pidfile = /var/run/pulse2-package-server.pid
+# user = root
+# group = root
+# umask = 0022
+# Example of non-root execution settings:
+# user = mmc
+# group = mmc
+# umask = 0002
+
+[ssl]
+# enablessl = 1
+# username =
+# password =
+# certfile = /etc/mmc/pulse2/package-server/keys/cacert.pem
+# privkey = /etc/mmc/pulse2/package-server/keys/privkey.pem
+# verifypeer = 0
+
+[mmc_agent]
+# We sometimes need to talk to our referent agent
+# here are some key to speak with it
+# host = 127.0.0.1
+# port = 7080
+# username = mmc
+# password = s3cr3t
+# enablessl = True
+# verifypeer = False
+# cacert = /etc/mmc/pulse2/package-server/keys/cacert.pem
+# localcert = /etc/mmc/pulse2/package-server/keys/privkey.pem
+
+[mirror_api]
+# mount_point = /rpc
+
+[user_packageapi_api]
+# mount_point = /upaa
+
+[scheduler_api]
+# mount_point = /scheduler_api
+# schedulers = scheduler_01
+
+# [imaging_api]
+# mount_point = /imaging_api
+# uuid = PLEASE_PUT_A_UUID_FOR_THAT_SERVER
+##################
+# Some locations #
+##################
+### main tree
+# base_folder = /var/lib/pulse2/imaging
+### Bootloaders
+# Where bootloader (and bootsplash) is stored, relative to "base_folder"
+# bootloader_folder = bootloader # Where bootloader (and bootsplash) is stored, relative to "base_folder"
+# pxe_bootloader = pxe_boot # the network bootloader
+# cd_bootloader = cd_boot # the cdrom bootloader
+# bootsplash_file = bootsplash.xpm # the bootloader splashscreen
+### Bootmenus
+# Where boot menus are generated / being served, relative to "base_folder"
+# bootmenus_folder = bootmenus
+### Diskless
+# Where kernel, initrd and other official diskless tools are stored, relative to "base_folder"
+# diskless_folder = diskless # Where kernel, initrd and other official diskless tools are stored, relative to "base_folder"
+# diskless_kernel = kernel # Name of the diskless kernel to run
+# diskless_initrd = initrd # Name of the diskless initrd to boot (core)
+# diskless_initrdcd = initrdcd # Name of the diskless initrd to boot (addon to boot on CD)
+# diskless_memtest = memtest # diskless memtest tool
+### Inventories
+# Where inventories are stored / retrieved, relative to "base_folder"
+# inventories_folder = inventories
+### NFS
+# Where additionnal material (hdmap, exclude) are stored / retrieved, relative to "base_folder"
+# (a.k.a. /revoinfo client side)
+# computers_folder = computers
+# Where images are stored, relative to "base_folder"
+# (a.k.a. /revoinfo client side)
+# masters_folder = masters
+# Where postinst tools are stored, relative to "base_folder"
+# (a.k.a. /opt client side)
+# postinst_folder = postinst
+# will contain archived computer imaging data
+# archives_folder = archives
+### ISO images generation
+# isos_folder = /var/lib/pulse2/imaging/isos # will contain generated ISO images
+# isogen_tool = /usr/bin/mkisofs # tool used to generate ISO file
+### RPC offline mode
+# RPC replay file name, relative to "base_folder"
+# rpc_replay_file = rpc-replay.pck
+# RPC replay loop timer in seconds
+# rpc_loop_timer = 60
+# RPC to replay at each loop
+# rpc_count = 10
+# Interval in seconds between two RPCs
+# rpc_interval = 2
+# Our UUID cache *inside* base_folder
+# uuid_cache_file = uuid-cache.txt
+# Our UUID cache lifetime
+# uuid_cache_lifetime = 300
+
+[mirror:01]
+mount_point = /mirror1
+src = /var/lib/pulse2/packages
+
+[package_api_put:01]
+mount_point = /package_api_get1
+src = /var/lib/pulse2/packages
+tmp_input_dir = /tmp/package_tmp/put1
+
+# Logger configuration
+
+[loggers]
+keys = root,imaging
+
+[handlers]
+keys = hand01,hand_imaging
+
+[formatters]
+keys = form01,form_imaging
+
+[logger_root]
+level = NOTSET
+handlers = hand01
+
+[handler_hand01]
+class = FileHandler
+level = INFO
+formatter = form01
+args = ("%s" % %(pulse2_log_file_package_server)s,)
+
+[formatter_form01]
+format = %%(asctime)s %%(levelname)s %%(message)s
+
+# Imaging API logger configuration
+
+[logger_imaging]
+level = NOTSET
+handlers = hand_imaging
+propagate = 0
+qualname = imaging
+
+[handler_hand_imaging]
+class = FileHandler
+level = INFO
+formatter = form_imaging
+args = ("%s" % %(pulse2_log_file_package_server)s,)
+
+[formatter_form_imaging]
+format = %%(asctime)s %%(levelname)s Imaging: %%(message)s
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/plugin_terminal_type.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/plugin_terminal_type.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..bb3d957cb57823697bda509ef03d7ef6ee8619cb
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/plugin_terminal_type.ini.in
@@ -0,0 +1,21 @@
+#[main]
+#dbdriver = mysql
+#dbhost = localhost
+#dbname = inventory
+#dbuser = mmc
+#dbpasswd = mmc
+#dbpoolrecycle =
+#dbport =
+#dbsslenable = 0
+#dbsslca =
+#dbsslcert =
+#dbsslkey =
+
+#[associations:XX]
+# the mirror url you want to declare
+#mirror = MIRROR_URL
+# the type of terminal (SAGEM or )
+#terminal_types = TERMINAL_TYPE
+# the type of api it is (package_api or mirror)
+#kind = KIND
+
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/keys/cacert.pem b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/keys/cacert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..11791e682caeaccdabc55812d2cf220e72928b69
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/keys/cacert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmjCCAkSgAwIBAgIJALq48auj/cmmMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNV
+BAYTAkZSMQswCQYDVQQIEwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGlu
+Ym94MQ0wCwYDVQQDEwRjZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5j
+b20wHhcNMDUwODAyMTI1NjA1WhcNMDgwNDI4MTI1NjA1WjBpMQswCQYDVQQGEwJG
+UjELMAkGA1UECBMCTkExDTALBgNVBAcTBE1ldHoxDzANBgNVBAoTBkxpbmJveDEN
+MAsGA1UEAxMEY2VydDEeMBwGCSqGSIb3DQEJARYPaW5mb0BsaW5ib3guY29tMFww
+DQYJKoZIhvcNAQEBBQADSwAwSAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvM
+LYWiaqQe5XK5n08F9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAaOBzjCB
+yzAdBgNVHQ4EFgQUJ8QwuXYP+uu6tWjtl4y6j/6CiR0wgZsGA1UdIwSBkzCBkIAU
+J8QwuXYP+uu6tWjtl4y6j/6CiR2hbaRrMGkxCzAJBgNVBAYTAkZSMQswCQYDVQQI
+EwJOQTENMAsGA1UEBxMETWV0ejEPMA0GA1UEChMGTGluYm94MQ0wCwYDVQQDEwRj
+ZXJ0MR4wHAYJKoZIhvcNAQkBFg9pbmZvQGxpbmJveC5jb22CCQC6uPGro/3JpjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAfKZ53wZqWetaf6XN06PdUUyb
+orjbJtFQJQYBoXpqfrTH78Sna+uaCRlC+4BBAPx6Tz7ZoWqHt84GBf1WIXOscA==
+-----END CERTIFICATE-----
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/keys/privkey.pem b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/keys/privkey.pem
new file mode 100644
index 0000000000000000000000000000000000000000..aaa698fa09d901d5b914454d1c004f04dd5ac7a1
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/keys/privkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALsvk/6SKwimAloa2gitTn2AsUIZs0FT1XvMLYWiaqQe5XK5n08F
+9C3ClLU79UxEuh47su3mxKjakwZSDvptNU8CAwEAAQJAC+eSufYB1qL4M1LR2wtq
+moC8xT9tLxJt2Vm662zQ628PhbzdaJBFGlHpC5jdsw/J1r56D+eVTOiVrMKKd3Lk
+gQIhAPjir/qwx0ssVfiW1xioj33tR3Dxpd8pYPTKZBWuknXZAiEAwIlhZ1sSFulo
+eOTJgvhga3PClKI7qcRlUEVAkfzoQ2cCIGKWKO88pzT30vYtifaSjoRrQSlUD0he
+s7FDmnGcPRfBAiEAp39co4PQ6unHn1S6EhxuFUyxvIieiwR2dyyoDdkNXoUCIQCD
+KeWLYFVEXcNqdgC2tjIzbBR03UQXt3eFrovjeox1pA==
+-----END RSA PRIVATE KEY-----
diff --git a/slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/scheduler.ini.in b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/scheduler.ini.in
new file mode 100644
index 0000000000000000000000000000000000000000..f3dfb65a0107a1f1535821fa71ae643fbc32a608
--- /dev/null
+++ b/slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/scheduler.ini.in
@@ -0,0 +1,178 @@
+[scheduler]
+# This scheduler name
+id = scheduler_01
+
+## MANAGING ##
+# scheduler_path = /usr/sbin/pulse2-scheduler
+
+## NETWORK ##
+# port = 8000
+# host = 127.0.0.1
+# username = username
+# password = password
+# enablessl = True
+# If verifypeer is set, the scheduler will also connect to all the launchers
+# using the following certificates.
+# verifypeer = False
+# cacert = /etc/mmc/pulse2/scheduler/keys/cacert.pem
+# localcert = /etc/mmc/pulse2/scheduler/keys/privkey.pem
+
+## SCHEDULING ##
+# for some functions below, we add this factor, to prevent load peaks
+# incertitude_factor = .2
+#
+# initial wait time, in seconds, to make stuff stabilize
+# initial_wait = 2
+#
+# attempt to start (and stop) commands every n seconds
+# awake_time = 600
+#
+# preemption settings : preempting every N second, run M commands
+# preempt_amount = 50
+# preempt_period = 1
+#
+# status settings : check every N second, +/- incertitude_factor %
+# checkstatus_period = 900
+#
+# health logging : log some stats every N seconds, +/- incertitude_factor %
+# loghealth_period = 60
+#
+# once per day, hour specified below (HH:MM:SS), the scheduler will
+# analyse the database, looking to weird / broken commands;
+# you should enable this if you see stalled commands in logs
+# in this case, please specify an hour when the scheduler is
+# not very used (8 pm can be a good choice: analyse_hour = 20:00:00)
+# set to empty by default to disable analysis
+# analyse_hour =
+#
+# attempt to clean states in commands every n seconds
+# clean_states_time = 3600
+# clean state that are going to be clean
+# (from the launcher point of view, ie :
+# * stop -> the command is not running on the launcher but it's state in the db say it is)
+# * run -> the command
+# possible states : run, stop
+# active_clean_states =
+#
+# default database encoding (used to inject log files)
+# dbencoding = utf-8
+#
+# scheduler mode, see doc !
+# mode = async
+#
+# max number of slots to uses, for all launchers
+# max_slots = 300
+#
+# locking system
+# please use with caution: the only reason to activate this feature
+# is for systems under heavy load; risk of double-preemption is
+# drastically reduce using this, but your system will be even more slow
+# lock_processed_commands = False
+
+## Commands life ##
+# Command max default authorized time (for each stage)
+# max_command_time = 3600
+#
+# Command max upload time (aka 'upload' stage), override the previous one for looooong uploads
+# max_upload_time = 21600
+#
+# Command max WOL wait-for-completion time: wait this ammount of second before going futher
+# max_wol_time = 300
+
+## NETWORKING ##
+# prefered method to reach a client
+# available:
+# - fqdn: attempt to perform a DNS query on FQDN
+# - hosts: same, no DNS query
+# - ip: just try IP address
+# - netbios: attempt to do a nmblookup on IP adress
+# tests are performed using ping
+# resolv_order = fqdn hosts netbios ip
+
+## CHECKING ##
+# in some situations itn may be useful to do some pre-checks on clients
+# checks can be done against every information recorded into the "target" table
+# the following informations are available:
+# target_name => contain the target Hostname
+# target_uuid => contain the target UUID
+# target_ipaddr => contain the target IP addresses, only the first one is used
+# target_macaddr => contain the target MAC adresses, only the first one is used
+# The two following options are formated as follow:
+# *_check = <data-to-ask>=<expected-value>,...
+# for exemple:
+# server_check = IP=ipaddr
+# client_check = UUID=uuid,HOSTNAME=name
+# => will ask to client if its UUID is 'target_uuid', HOSTNAME is 'target_name',
+# and tell it to give us it's IP and check the IP's value is 'target_ipaddr'
+# While checking things, we may also want to announce what we are currently try to
+# do on client, for each stage, for example TRANFERT while transfering something:
+# announce_check = transfert=TRANFERT (comma-separated list as for previous options)
+# currently available keywords: transfert, execute, delete, inventory
+# announce_check =
+# server_check =
+# client_check =
+
+## Computer / Group assignment ##
+# mg_assign_algo = default
+
+
+[database]
+# dbdriver = mysql
+# dbhost = localhost
+# dbport = 3306
+# dbname = msc
+# dbuser = mmc
+# dbpasswd = mmc
+# dbdebug = ERROR
+# dbpoolrecycle = 60
+# dbpooltimeout = 30
+# SSL support
+# dbsslenable = 0
+# dbsslca =
+# dbsslcert =
+# dbsslkey =
+
+[daemon]
+# pidfile = /var/run/pulse2
+# user = root
+# group = root
+# umask = 0077
+# Example of non-root execution settings:
+# user = mmc
+# group = mmc
+# umask = 0007
+# setrlimit option allows to set process system resources usage. Syntax is:
+# setrlimit = limit1 soft1 hard1 limit2 soft2 hard2 ...
+# For example:
+# setrlimit = RLIMIT_NOFILE 2048 2048 RLIMIT_CORE 0 0
+# setrlimit =
+
+# Our launchers
+[launcher_01]
+host=%(ipv4)s
+port=8001
+username = username
+password = password
+enablessl = True
+
+[loggers]
+keys=root
+
+[handlers]
+keys=hand01
+
+[formatters]
+keys=form01
+
+[logger_root]
+level=NOTSET
+handlers=hand01
+
+[handler_hand01]
+class=FileHandler
+level=INFO
+formatter=form01
+args=("%s" % %(pulse2_log_file_scheduler)s,)
+
+[formatter_form01]
+format=%%(asctime)s %%(levelname)s %%(message)s