diff --git a/CHANGES.txt b/CHANGES.txt
index ef1ade22b76132b5d575f32a6249aa0c0e97c207..bb60daf9fdb5e9b27bee21182767e71acec45a21 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,6 +1,11 @@
 Changes
 =======
 
+0.84.2 (2013-10-04)
+-------------------
+
+ * sshkeys_authority: don't allow to return None as parameter. [9e340a0]
+
 0.84.1 (2013-10-03)
 -------------------
 
diff --git a/component/nano/buildout.cfg b/component/nano/buildout.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..a7f12f213d4e58acd938fd8b5abb75b968ec8a2d
--- /dev/null
+++ b/component/nano/buildout.cfg
@@ -0,0 +1,15 @@
+[buildout]
+parts =
+  nano
+  
+extends = 
+  ../ncurses/buildout.cfg
+
+[nano]
+recipe = slapos.recipe.cmmi
+version = 2.2.6
+url = http://www.nano-editor.org/dist/v2.2/nano-2.2.6.tar.gz
+md5sum = 03233ae480689a008eb98feb1b599807
+environment=
+    CFLAGS=-I${ncurses:location}/include
+    LDFLAGS=-L${ncurses:location}/lib/ -Wl,-rpath=${ncurses:location}/lib/
\ No newline at end of file
diff --git a/component/percona-toolkit/buildout.cfg b/component/percona-toolkit/buildout.cfg
index 0d7dad0cb257e3d2bf25d5c3a0f454f88e533330..5a809d69cbc39dce956c619466aac1540c3c43cd 100644
--- a/component/percona-toolkit/buildout.cfg
+++ b/component/percona-toolkit/buildout.cfg
@@ -10,8 +10,8 @@ parts =
 recipe = slapos.recipe.cmmi
 depends =
   ${perl:version}
-version = 2.1.9
+version = 2.2.5
 url = http://www.percona.com/redir/downloads/percona-toolkit/${:version}/percona-toolkit-${:version}.tar.gz
-md5sum = 94545d0fe6a4893dcad8a3411531107d
+md5sum = 56bc17bd7ba8b9af8461ba93cfb53d25
 configure-command =
   ${perl:location}/bin/perl Makefile.PL
diff --git a/component/sqlite3/buildout.cfg b/component/sqlite3/buildout.cfg
index eb2818ba8298a9828c3c734d33805327707aa7cd..67d4d5eedf2239fde58e6236747133519403152c 100644
--- a/component/sqlite3/buildout.cfg
+++ b/component/sqlite3/buildout.cfg
@@ -5,8 +5,8 @@ parts =
 
 [sqlite3]
 recipe = slapos.recipe.cmmi
-url = http://www.sqlite.org/2013/sqlite-autoconf-3080002.tar.gz
-md5sum = 6d6cc639a4da04fbbdda7b1a1a01b386
+url = http://www.sqlite.org/2013/sqlite-autoconf-3080100.tar.gz
+md5sum = 8b5a0a02dfcb0c7daf90856a5cfd485a
 configure-options =
   --disable-static
   --enable-readline
diff --git a/setup.py b/setup.py
index fe4a9ab348fab34395426726ae3244a9d8caa9bc..f6f7facfbf818b4f9bb439c6a661e0d1471bbd0c 100755
--- a/setup.py
+++ b/setup.py
@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '0.84.1'
+version = '0.84.2'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"
diff --git a/slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in b/slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in
index 6627807adc9ecaa605a26a3822bd557162abd303..b7a36bf328d99048d8c5a8f25a3ab01bed8369be 100644
--- a/slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in
+++ b/slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in
@@ -12,7 +12,8 @@ erp5_catalog_storage = 'erp5_mysql_innodb_catalog'
 mysql_url = "%(sql_connection_string)s"
 
 header_dict = {'Authorization': 'Basic %%s' %% \
-  base64.encodestring('%%s:%%s' %% (user, password)).strip()}
+  base64.encodestring('%%s:%%s' %% (user, password)).strip(),
+               'Referer':'http://%%s/manage_addProduct/ERP5/addERP5Site' %% host}
 zope_connection = httplib.HTTPConnection(host)
 
 # Check if an ERP5 site is already created, as ERP5 does support having
diff --git a/slapos/recipe/erp5_update/erp5.py b/slapos/recipe/erp5_update/erp5.py
index 80e942191e504b8db01a0d4ce9b9f6686d2f2458..1ac9c02c6627a187360e9499fffa11354ae303b1 100644
--- a/slapos/recipe/erp5_update/erp5.py
+++ b/slapos/recipe/erp5_update/erp5.py
@@ -50,6 +50,7 @@ class ERP5Updater(object):
     base64string = base64.encodestring(authentication_string).strip()
 
     self.header_dict['Authorization'] = 'Basic %s' % base64string
+    self.header_dict['Referer'] = 'http://%s/manage_addProduct/ERP5/addERP5Site' % host
 
     self.host = host
     self.site_id = site_id
diff --git a/slapos/recipe/kvm/template/kvm_controller_run.in b/slapos/recipe/kvm/template/kvm_controller_run.in
index 6d426a5019c27118d2490e050127141b5db7994a..8282b8587d3efcc1abc28054cf18e82f121b3357 100644
--- a/slapos/recipe/kvm/template/kvm_controller_run.in
+++ b/slapos/recipe/kvm/template/kvm_controller_run.in
@@ -6,6 +6,8 @@
 import socket
 import time
 
+# XXX: to be factored with slapos.toolbox qemu qmp wrapper.
+
 socket_path = '%(socket-path)s'
 vnc_password = '%(vnc-passwd)s'
 
diff --git a/software/kvm/common.cfg b/software/kvm/common.cfg
index a433527a871c640fddbdf2cc0aaafbf65e630143..45a117b7e25938442115bc196f517feb5e8f4381 100644
--- a/software/kvm/common.cfg
+++ b/software/kvm/common.cfg
@@ -21,6 +21,7 @@ parts =
 
 # XXX: we have to manually add this for resilience
   rdiff-backup
+  collective.recipe.template-egg
 
 #XXX-Cedric : Currently, one can only access to KVM using noVNC.
 #             Ideally one should be able to access KVM by using either NoVNC or VNC.
@@ -79,7 +80,7 @@ command =
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg.in
-#md5sum = bdd0495ef729e7272ec9c97aca919c09
+md5sum = 8617a8cc345a55688c5449528daef4d1
 output = ${buildout:directory}/template.cfg
 mode = 0644
 
@@ -94,14 +95,14 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm-resilient.cfg.jinja2
 mode = 644
-#md5sum = 6753004b582c0470bd028253ce1964ad
+md5sum = 45a846378215eded6c001d0dd729a1ec
 download-only = true
 on-update = true
 
 [template-kvm-resilient-test]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm-resilient-test.cfg.jinja2
-#md5sum = 027d68d9decbc6aec59365fa723975d7
+md5sum = b58427f93d5fcca94bdc90661fe6080b
 mode = 0644
 download-only = true
 on-update = true
@@ -132,7 +133,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/template/kvm-export.sh.in
 filename = kvm-export.sh.in
-md5sum = 3e878b3343c76f0d6950986fffcb6a8c
+md5sum = bf03a90f6960b37cba812ee936a13342
 download-only = true
 mode = 0755
 
diff --git a/software/kvm/instance-kvm-resilient-input-schema.json b/software/kvm/instance-kvm-resilient-input-schema.json
index b9e44ebe1c54de66db1230103c7a438c96f261d5..c46cb4f7d42bd0c9ad84fee29024394077de304f 100644
--- a/software/kvm/instance-kvm-resilient-input-schema.json
+++ b/software/kvm/instance-kvm-resilient-input-schema.json
@@ -29,5 +29,11 @@
       "description": "Periodicity of backup, in cron format.",
       "type": "string"
     }
+    "remove-backup-older-than": {
+      "title": "Remove backups older than...",
+      "description": "Remove all the backups in PBS that are older than specified value. It should be rdiff-backup-compatible."
+      "type": "string",
+      "default": "3B"
+    }
   }
 }
diff --git a/software/kvm/instance-kvm-resilient-test.cfg.jinja2 b/software/kvm/instance-kvm-resilient-test.cfg.jinja2
index 002b0aef0a2fc8e0297d4074479da0c89720e9cf..6d2ecc899150d747a2a646064ccb8d05c479dc59 100644
--- a/software/kvm/instance-kvm-resilient-test.cfg.jinja2
+++ b/software/kvm/instance-kvm-resilient-test.cfg.jinja2
@@ -50,12 +50,10 @@ config-{{ key }} = {{ dumps(value) }}
 config-virtual-hard-drive-url = ${slap-parameter:virtual-hard-drive-url}
 config-virtual-hard-drive-md5sum = ${slap-parameter:virtual-hard-drive-md5sum}
 config-resiliency-backup-periodicity = */5
-# We don't use url parameter, but we want it to be there to make sure root instance is ready.
-return = url
 # XXX What to do?
 sla = computer_guid
 sla-computer_guid = ${slap-connection:computer-id}
 
 [slap-parameter]
 virtual-hard-drive-url = https://softinst43236.host.vifib.net/data/public/8e2138.php?dl=true
-virtual-hard-drive-md5sum = de0f10c7c6538e9928879332afd9be7a
+virtual-hard-drive-md5sum = 465e1024447997e7b86ee2e5151e031b
diff --git a/software/kvm/instance-kvm-resilient.cfg.jinja2 b/software/kvm/instance-kvm-resilient.cfg.jinja2
index b100bc6a7e3726f4116f282cc38160e554e0c64b..88c3be0e4aa2700ad807434768587a21cd110db8 100644
--- a/software/kvm/instance-kvm-resilient.cfg.jinja2
+++ b/software/kvm/instance-kvm-resilient.cfg.jinja2
@@ -12,6 +12,8 @@ offline = true
 parts +=
   {{ parts.replicate("kvm", "3") }}
   publish-connection-informations
+  kvm-frontend-url-promise
+  kvm-backend-url-promise
 
 {{ replicated.replicate("kvm", "3", "kvm-export", "kvm-import", slapparameter_dict=slapparameter_dict) }}
 
@@ -29,3 +31,22 @@ recipe = slapos.cookbook:publish
 backend-url = ${request-kvm:connection-backend-url}
 url = ${request-kvm:connection-url}
 ipv6 = ${request-kvm:connection-ipv6}
+
+[kvm-frontend-url-promise]
+# Check that url parameter is complete
+recipe = collective.recipe.template
+input = inline:#!/bin/sh
+  URL="${request-kvm:connection-url}"
+  if [[ ! "$URL" == https://* ]]; then
+    exit 1
+  fi
+output = ${resilient-directory:promise}/kvm-frontend-url
+mode = 700
+
+[kvm-backend-url-promise]
+# Check that backend url is reachable
+recipe = slapos.cookbook:check_url_available
+path = ${directory:promises}/frontend_promise
+url = ${publish-connection-information:url}
+dash_path = /bin/sh
+curl_path = {{ curl_executable_location }}
diff --git a/software/kvm/instance.cfg.in b/software/kvm/instance.cfg.in
index 79e5c4325a7d88887e2e27b559d569e4544fbfe9..1c37f60992e5df93297ac80cdf6bae0c7fee5cec 100644
--- a/software/kvm/instance.cfg.in
+++ b/software/kvm/instance.cfg.in
@@ -49,10 +49,10 @@ mode = 0644
 recipe = slapos.recipe.template:jinja2
 template = ${template-kvm-resilient-test:location}/instance-kvm-resilient-test.cfg.jinja2
 rendered = $${buildout:directory}/template-kvm-resilient-test.cfg
-bin-directory = ${buildout:bin-directory}
 context =
-    key bin_directory dynamic-template-kvm-resilient-test:bin-directory
     key develop_eggs_directory buildout:develop-eggs-directory
     key eggs_directory buildout:eggs-directory
     key slapparameter_dict slap-configuration:configuration
+    raw bin_directory ${buildout:bin-directory}
+    raw curl-executable-location ${curl:location}/bin/curl
 mode = 0644
diff --git a/software/kvm/software.cfg b/software/kvm/software.cfg
index b60f14b8d83cd7e9c9eb284660ddc811dc4861bb..b0c4b17cbde266108f5b0cde1009552680c8479f 100644
--- a/software/kvm/software.cfg
+++ b/software/kvm/software.cfg
@@ -122,34 +122,35 @@ Werkzeug = 0.9.4
 apache-libcloud = 0.13.2
 async = 0.6.1
 buildout-versions = 1.7
+collective.recipe.template = 1.10
 erp5.util = 0.4.36
 gitdb = 0.5.4
 itsdangerous = 0.23
 lxml = 3.2.3
 meld3 = 0.6.10
 plone.recipe.command = 1.1
-psutil = 1.1.0
+psutil = 1.1.1
 pycrypto = 2.6
 rdiff-backup = 1.0.5
-slapos.cookbook = 0.84.1
+slapos.cookbook = 0.84.2
 slapos.recipe.cmmi = 0.2
 slapos.recipe.download = 1.0.dev-r4053
-slapos.toolbox = 0.37.1
+slapos.toolbox = 0.37.2
 smmap = 0.8.2
 websockify = 0.5.1
 z3c.recipe.scripts = 1.0.1
 
 # Required by:
 # slapos.core==0.35.1
-# slapos.toolbox==0.37.1
+# slapos.toolbox==0.37.2
 Flask = 0.10.1
 
 # Required by:
-# slapos.toolbox==0.37.1
+# slapos.toolbox==0.37.2
 GitPython = 0.3.2.RC1
 
 # Required by:
-# slapos.toolbox==0.37.1
+# slapos.toolbox==0.37.2
 atomize = 0.1.1
 
 # Required by:
@@ -157,19 +158,19 @@ atomize = 0.1.1
 ecdsa = 0.9
 
 # Required by:
-# slapos.toolbox==0.37.1
+# slapos.toolbox==0.37.2
 feedparser = 5.1.3
 
 # Required by:
-# slapos.cookbook==0.84.1
+# slapos.cookbook==0.84.2
 inotifyx = 0.2.0-1
 
 # Required by:
-# slapos.cookbook==0.84.1
+# slapos.cookbook==0.84.2
 lock-file = 2.0
 
 # Required by:
-# slapos.cookbook==0.84.1
+# slapos.cookbook==0.84.2
 netaddr = 0.7.10
 
 # Required by:
@@ -180,9 +181,8 @@ netifaces = 0.8-1
 # websockify==0.5.1
 numpy = 1.7.1
 
-
 # Required by:
-# slapos.toolbox==0.37.1
+# slapos.toolbox==0.37.2
 paramiko = 1.12.0
 
 # Required by:
@@ -190,12 +190,12 @@ paramiko = 1.12.0
 pyflakes = 0.7.3
 
 # Required by:
-# slapos.cookbook==0.84.1
+# slapos.cookbook==0.84.2
 pytz = 2013.7
 
 # Required by:
-# slapos.cookbook==0.84.1
-# slapos.toolbox==0.37.1
+# slapos.cookbook==0.84.2
+# slapos.toolbox==0.37.2
 slapos.core = 0.35.1
 
 # Required by:
@@ -207,11 +207,10 @@ supervisor = 3.0
 unittest2 = 0.5.1
 
 # Required by:
-# slapos.cookbook==0.84.1
-# slapos.toolbox==0.37.1
+# slapos.cookbook==0.84.2
+# slapos.toolbox==0.37.2
 xml-marshaller = 0.9.7
 
 # Required by:
 # slapos.core==0.35.1
 zope.interface = 4.0.5
-
diff --git a/software/kvm/template/kvm-export.sh.in b/software/kvm/template/kvm-export.sh.in
index b51fa611932fcc153b9eb092c7950a563a74798e..50f4e632d7c96112c506ab0bc2c39deeba9b3129 100644
--- a/software/kvm/template/kvm-export.sh.in
+++ b/software/kvm/template/kvm-export.sh.in
@@ -4,13 +4,17 @@ QEMU_IMG=${kvm-instance:qemu-img-path}
 SNAPSHOT_NAME=$(date +%s)
 DISK_PATH=${kvm-instance:disk-path}
 BACKUP_PATH=${:backup-disk-path}
+QMP_CLIENT=${buildout:directory}/software_release/bin/qemu-qmp-client
 
 if [ ! -f $DISK_PATH ]; then
   echo "Nothing to backup, disk image doesn't exist yet."
   exit 0;
 fi
 
+$QMP_CLIENT ${kvm-instance:socket-path} suspend && \
 $QEMU_IMG snapshot -c $SNAPSHOT_NAME $DISK_PATH
+$QMP_CLIENT ${kvm-instance:socket-path} resume
+
 if [ -f $BACKUP_PATH ]; then
   rm $BACKUP_PATH
 fi
diff --git a/software/slaprunner/common.cfg b/software/slaprunner/common.cfg
index b93650fac56c32a6f4b26588b335c4dabfc78fc0..30b7ffb04978aaf4515c0e45caa8ac4e932355a3 100644
--- a/software/slaprunner/common.cfg
+++ b/software/slaprunner/common.cfg
@@ -15,7 +15,6 @@ extends =
   ../../stack/slapos.cfg
 
 parts =
-  rdiff-backup
   template
   eggs
   nginx
@@ -27,6 +26,10 @@ parts =
   instance-runner-export
   slapos-cookbook
 
+# XXX: we have to manually add this for resilience
+  rdiff-backup
+  collective.recipe.template-egg
+
 ####################
 ## Node JS proxy
 ####################
diff --git a/stack/erp5/buildout.cfg b/stack/erp5/buildout.cfg
index 2d02ca28c3dde55c512b83df97456c8bbcb003a2..e0eb3e8ea3e858f207f7793443102741918ec424 100644
--- a/stack/erp5/buildout.cfg
+++ b/stack/erp5/buildout.cfg
@@ -189,7 +189,7 @@ mode = 640
 [template-kumofs]
 < = template-jinja2-base
 filename = instance-kumofs.cfg
-md5sum = 90a321be12ee977800d590bf941021ef
+md5sum = 40817014a41497bceb696e512436e670
 extra-context =
     key dash_location dash:location
     key dcron_location dcron:location
diff --git a/stack/erp5/instance-kumofs.cfg.in b/stack/erp5/instance-kumofs.cfg.in
index 5609b0248e515623944bc51e6fa76196eff83111..31a26a42851f1be69f147174741dc7f9f9e14c97 100644
--- a/stack/erp5/instance-kumofs.cfg.in
+++ b/stack/erp5/instance-kumofs.cfg.in
@@ -34,8 +34,8 @@ gateway-wrapper = ${basedirectory:services}/kumofs_gateway
 manager-wrapper = ${basedirectory:services}/kumofs_manager
 server-wrapper = ${basedirectory:services}/kumofs_server
 
-# Paths: Data
-data-directory = ${directory:kumofs-data}
+# Paths: Data (with 10M buckets and HDBTLARGE option)
+data-path = ${directory:kumofs-data}/kumodb.tch#bnum=10485760#opts=l
 
 # Paths: Logs
 kumo-gateway-log = ${basedirectory:log}/kumo-gateway.log
diff --git a/stack/resilient/buildout.cfg b/stack/resilient/buildout.cfg
index 8bbb7d45ed46d1f3964d8b4ab1c69888dc117f86..8d310de91f991deaf289acd5d6b38156e2aa1574 100644
--- a/stack/resilient/buildout.cfg
+++ b/stack/resilient/buildout.cfg
@@ -1,12 +1,13 @@
 [buildout]
 extends =
+  ../../component/dash/buildout.cfg
   ../../component/dropbear/buildout.cfg
   ../../component/gzip/buildout.cfg
   ../../component/rdiff-backup/buildout.cfg
   ../../component/rsync/buildout.cfg
 
 parts =
-  rdiff-backup
+  collective.recipe.template-egg
   pbsready
   pbsready-import
   pbsready-export
@@ -16,7 +17,12 @@ parts =
 
   # needed tools for resiliency
   gzip
+  rdiff-backup
+  dash
 
+[collective.recipe.template-egg]
+recipe = zc.recipe.egg
+eggs = collective.recipe.template
 
 #----------------
 #--
@@ -30,7 +36,7 @@ parts =
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready.cfg.in
 output = ${buildout:directory}/pbsready.cfg
-md5sum = 570e0b54c97d510befa2ea981c1e90e0
+#md5sum = 46f9d33e642467a72c599c8dc767e6c3
 mode = 0644
 
 [pbsready-import]
@@ -39,7 +45,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready-import.cfg.in
 output = ${buildout:directory}/pbsready-import.cfg
-md5sum = cc9c776500ccd07cb51969beb68ffcda
+md5sum = cb562bd954b9e809c8748d0f96de4116
 mode = 0644
 
 [pbsready-export]
@@ -48,7 +54,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/pbsready-export.cfg.in
 output = ${buildout:directory}/pbsready-export.cfg
-md5sum = 25d05b3929fb4c6cf275866bad678d6a
+md5sum = 8fb619622a08aff2321497895e04df16
 mode = 0644
 
 [template-pull-backup]
@@ -61,14 +67,14 @@ mode = 0644
 [template-replicated]
 recipe = slapos.recipe.download
 url = ${:_profile_base_location_}/template-replicated.cfg.in
-md5sum = c762a625f65193bc8a570b4d56a0d08c
+md5sum = 9e236726678d89a5359e1571a91e59e8
 mode = 0644
 destination = ${buildout:directory}/template-replicated.cfg.in
 
 [template-parts]
 recipe = slapos.recipe.download
 url = ${:_profile_base_location_}/template-parts.cfg.in
-md5sum = c942f82552fcb42fc74a5f896e0cd5f3
+md5sum = a3f55a20881c3f1ec4416662146c06f7
 mode = 0644
 destination = ${buildout:directory}/template-parts.cfg.in
 
diff --git a/stack/resilient/pbsready-export.cfg.in b/stack/resilient/pbsready-export.cfg.in
index 85b9eb8aa281529b88decb6e41ba6c3452967f06..2bdc81f2d8caf236d0f9414b463f427d1ef80347 100644
--- a/stack/resilient/pbsready-export.cfg.in
+++ b/stack/resilient/pbsready-export.cfg.in
@@ -14,6 +14,7 @@ parts =
   sshkeys-authority
   dropbear-server
   sshkeys-dropbear
+  resilient-sshkeys-dropbear-promise
   dropbear-server-pbs-authorized-key
   notifier
 
diff --git a/stack/resilient/pbsready-import.cfg.in b/stack/resilient/pbsready-import.cfg.in
index 5028c05ae82890a8530ca8c9735f18bbc38a4331..e3e3de14a32e2aa684fd7e778aa6a5867ad67c99 100644
--- a/stack/resilient/pbsready-import.cfg.in
+++ b/stack/resilient/pbsready-import.cfg.in
@@ -14,6 +14,7 @@ parts =
   sshkeys-authority
   dropbear-server
   sshkeys-dropbear
+  resilient-sshkeys-dropbear-promise
   dropbear-server-pbs-authorized-key
   notifier
 
diff --git a/stack/resilient/pbsready.cfg.in b/stack/resilient/pbsready.cfg.in
index 59dc441363e8e9862f77127e408bad3bac95dfc1..1c38634b4526e6a91b1847582c5499b72c159ef8 100644
--- a/stack/resilient/pbsready.cfg.in
+++ b/stack/resilient/pbsready.cfg.in
@@ -10,6 +10,7 @@ parts =
   sshkeys-authority
   dropbear-server
   sshkeys-dropbear
+  resilient-sshkeys-dropbear-promise
   dropbear-server-pbs-authorized-key
   notifier
 
@@ -179,6 +180,27 @@ server-binary = ${buildout:bin-directory}/pubsubserver
 notifier-binary = ${buildout:bin-directory}/pubsubnotifier
 
 
+#----------------
+#--
+#-- Dropbear.
+
+[dropbear-server]
+recipe = slapos.cookbook:dropbear
+host = $${slap-network-information:global-ipv6}
+# Explicitely excludes to define "port" argument. It will be defined in
+# pbs-ready-import.cfg.in and pbs-ready-export.cfg.in
+home = $${directory:ssh}
+wrapper = $${rootdirectory:bin}/raw_sshd
+shell = $${rdiff-backup-server:wrapper}
+rsa-keyfile = $${directory:ssh}/server_key.rsa
+dropbear-binary = ${dropbear:location}/sbin/dropbear
+
+[dropbear-server-pbs-authorized-key]
+<= dropbear-server
+recipe = slapos.cookbook:dropbear.add_authorized_key
+key = $${slap-parameter:authorized-key}
+
+
 #----------------
 #--
 #-- sshkeys
@@ -205,31 +227,21 @@ public-key = $${dropbear-server:rsa-keyfile}.pub
 private-key = $${dropbear-server:rsa-keyfile}
 wrapper = $${basedirectory:services}/sshd
 
-
-#----------------
-#--
-#-- Dropbear.
-
-[dropbear-server]
-recipe = slapos.cookbook:dropbear
-host = $${slap-network-information:global-ipv6}
-# Explicitely excludes to define "port" argument. It will be defined in
-# pbs-ready-import.cfg.in and pbs-ready-export.cfg.in
-home = $${directory:ssh}
-wrapper = $${rootdirectory:bin}/raw_sshd
-shell = $${rdiff-backup-server:wrapper}
-rsa-keyfile = $${directory:ssh}/server_key.rsa
-dropbear-binary = ${dropbear:location}/sbin/dropbear
-
-[dropbear-server-pbs-authorized-key]
-<= dropbear-server
-recipe = slapos.cookbook:dropbear.add_authorized_key
-key = $${slap-parameter:authorized-key}
+[resilient-sshkeys-dropbear-promise]
+# Check that public key file exists and is not empty
+recipe = collective.recipe.template
+input = inline:#!${dash:location}/bin/dash
+  PUBLIC_KEY_CONTENT="$${sshkeys-dropbear:public-key-value}"
+  if [ ! -n "$PUBLIC_KEY_CONTENT" ]; then
+    exit 1
+  fi
+output = $${basedirectory:promises}/public-key-existence
+mode = 700
 
 
 #----------------
 #--
-#-- Conncetion informations to re-use.
+#-- Connection informations to re-use.
 # XXX-Cedric: when "aggregation" system is done in libslap, directly publish.
 [resilient-publish-connection-parameter]
 recipe = slapos.cookbook:publish
diff --git a/stack/resilient/template-parts.cfg.in b/stack/resilient/template-parts.cfg.in
index 5f1837ee578dfcfd90b251bf80153af082e8171a..72db7458e8bf679c7670602d9dd60ed701714eb9 100644
--- a/stack/resilient/template-parts.cfg.in
+++ b/stack/resilient/template-parts.cfg.in
@@ -4,18 +4,21 @@
 
   request-{{namebase}}
   request-{{namebase}}-2
+  resilient-request-{{namebase}}-public-key-promise
   
-  {% for i in range(1,nbbackup|int) %}
-  request-{{namebase}}-pseudo-replicating-{{i}}
-  request-{{namebase}}-pseudo-replicating-{{i}}-2
+  {% for id in range(1,nbbackup|int) %}
+  request-{{namebase}}-pseudo-replicating-{{id}}
+  request-{{namebase}}-pseudo-replicating-{{id}}-2
+  resilient-request-{{namebase}}-pseudo-replicating-{{id}}-public-key-promise
   {% endfor %}
   
-  {% for i in range(1,nbbackup|int) %}
-  request-pbs-{{namebase}}-{{i}}
-  request-pull-backup-server-{{namebase}}-{{i}}
-  request-pull-backup-server-{{namebase}}-backup-{{i}}
+  {% for id in range(1,nbbackup|int) %}
+  request-pbs-{{namebase}}-{{id}}
+  resilient-request-pbs-{{namebase}}-{{id}}-public-key-promise
+  request-pull-backup-server-{{namebase}}-{{id}}
+  request-pull-backup-server-{{namebase}}-backup-{{id}}
   {% endfor %}
-  
+
 
 
   {% endmacro %}
diff --git a/stack/resilient/template-replicated.cfg.in b/stack/resilient/template-replicated.cfg.in
index e977505c131a08dfb6b51ff11a3304478ad4c731..be8ac2cdde031c35ada3de2884d6c8acabed0745 100644
--- a/stack/resilient/template-replicated.cfg.in
+++ b/stack/resilient/template-replicated.cfg.in
@@ -11,6 +11,13 @@
 {% endif -%}
 
 
+[resilient-directory]
+recipe = slapos.cookbook:mkdirectory
+home = ${buildout:directory}
+etc = ${:home}/etc
+promise = ${:etc}/promise
+
+
 ## Tells the Backupable recipe that we want a backup
 [resilient]
 recipe = slapos.cookbook:request
@@ -28,7 +35,6 @@ software-url = ${slap-connection:software-release-url}
 software-type = {{typeexport}}
 name = {{namebase}}0
 return = ssh-public-key ssh-url notification-id ip
-
 config =
 # Resilient related parameters
   number authorized-key notify ip-list namebase
@@ -66,6 +72,7 @@ sla-{{ key }} = {{ value }}
 {%   endif -%}
 {% endif -%}
 
+
 {% for id in range(1,nbbackup|int) %}
 
 [request-{{namebase}}-pseudo-replicating-{{id}}]
@@ -107,9 +114,9 @@ sla-{{ key }} = {{ value }}
 {%   endif %}
 {% endif %}
 
-
 {% endfor -%}
 
+
 [iplist]
 config-ip-list = ${request-{{namebase}}:connection-ip}{% for j in range(1,nbbackup|int) %} ${request-{{namebase}}-pseudo-replicating-{{j}}:connection-ip}{% endfor %}
 
@@ -117,11 +124,37 @@ config-ip-list = ${request-{{namebase}}:connection-ip}{% for j in range(1,nbback
 <= request-{{namebase}}
    iplist
 
+[resilient-request-{{namebase}}-public-key-promise]
+# Check that public-key-value parameter exists and is not empty
+# XXX: maybe we should consider empty values to be non-nexistent.
+recipe = collective.recipe.template
+# XXX: don't use system executable
+input = inline:#!/bin/sh
+  PUBLIC_KEY_CONTENT="${request-{{namebase}}-2:connection-ssh-public-key})"
+  if [[ ! -n "$PUBLIC_KEY_CONTENT" -o "$PUBLIC_KEY_CONTENT" == None ]]; then
+    exit 1
+  fi
+output = ${resilient-directory:promise}/resilient-request-{{namebase}}-public-key
+mode = 700
+
 {% for id in range(1,nbbackup|int) %}
 [request-{{namebase}}-pseudo-replicating-{{id}}-2]
 <= request-{{namebase}}-pseudo-replicating-{{id}}
    iplist
 
+[resilient-request-{{namebase}}-pseudo-replicating-{{id}}-public-key-promise]
+# Check that public-key-value parameter exists and is not empty
+# XXX: maybe we should consider empty values to be non-nexistent.
+recipe = collective.recipe.template
+# XXX: don't use system executable
+input = inline:#!/bin/sh
+  PUBLIC_KEY_CONTENT="${request-{{namebase}}-pseudo-replicating-{{id}}-2:connection-ssh-public-key})"
+  if [ ! -n "$PUBLIC_KEY_CONTENT" -a  "$PUBLIC_KEY_CONTENT" == None ]; then
+    exit 1
+  fi
+output = ${resilient-directory:promise}/resilient-request-{{namebase}}-pseudo-replicating-{{id}}-public-key
+mode = 700
+
 {% endfor %}
 
 
@@ -167,6 +200,19 @@ sla-{{ key }} = {{ value }}
 {%   endif %}
 {% endif %}
 
+[resilient-request-pbs-{{namebase}}-{{id}}-public-key-promise]
+# Check that public-key-value parameter exists and is not empty
+# XXX: maybe we should consider empty values to be non-nexistent.
+recipe = collective.recipe.template
+# XXX: don't use system executable
+input = inline:#!/bin/sh
+  PUBLIC_KEY_CONTENT="${request-pbs-{{namebase}}-{{id}}:connection-ssh-key}:connection-ssh-key})"
+  if [ ! -n "$PUBLIC_KEY_CONTENT" -a  "$PUBLIC_KEY_CONTENT" == None ]; then
+    exit 1
+  fi
+output = ${resilient-directory:promise}/resilient-request-{{namebase}}-pseudo-replicating-{{id}}-public-key
+mode = 700
+
 
 [request-pull-backup-server-{{namebase}}-{{id}}]
 <= request-pbs-common