diff --git a/CHANGES.txt b/CHANGES.txt
index 14894785e32a8834ce9888f5db6f640e96f802ed..7c7a38458e224a4f4c423db31c427649ee1cfc25 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,10 +1,49 @@
 Changes
 =======
 
-0.40 (Unreleased)
+0.46 (Unreleased)
 -----------------
 
- * seleniumrunner initial release. [Cedric de Saint Martin]
+  * No change yet.
+
+0.45 (2012-03-29)
+-----------------
+
+  * slaprunner: change number of available partitions to 7 [Alain Takoudjou]
+
+0.44 (2012-03-28)
+-----------------
+
+  * minor: apachephp: update apache configuration to work with Apache2.4
+
+0.43 (2012-03-28)
+-----------------
+
+  * minor: erp5: add missing .zcml files into egg. [Cedric de Saint Martin]
+
+0.42 (2012-03-26)
+-----------------
+
+ * erp5: Add web_checker recipe. [Tatuya Kamada]
+ * erp5: Add generic_varnish recipe. [Tatuya Kamada]
+ * erp5: Simplify erp5_update to only create the ERP5 site. [Romain Courteaud]
+ * erp5: Allow to pass CA parameters from section. [艁ukasz Nowak]
+
+0.41 (2012-03-21)
+-----------------
+
+ * Release new "generic" version of KVM, includes frontend.
+   [Cedric de Saint Martin]
+
+0.40.1 (2012-03-01)
+-----------------
+
+ * Fix manifest to include files needed for apache. [Cedric de Saint Martin]
+
+0.40 (2012-03-01)
+-----------------
+
+ * apache_frontend initial release. [Cedric de Saint Martin]
  
 0.39 (2012-02-20)
 -----------------
@@ -195,9 +234,10 @@ Changes
 -----------------
 
  * Add PHPMyAdmin software release used in SlapOS tutorials
-   [Cedric de Saint Martin]
+ [Cedric de Saint Martin]
  * Add slaprunner software release [Cedric de Saint Martin]
 
+
 0.9 (2011-06-24)
 ----------------
 
diff --git a/MANIFEST.in b/MANIFEST.in
index b539622c6ba87c997b61b624d0c9e8b6745785ad..baa42c13a7d5241c999f964b98c679ceaa9b02cb 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,5 +1,7 @@
 include CHANGES.txt
-include slapos/recipe/generic_zope/template/site.zcml
+include slapos/recipe/apache_frontend/template/notfound.html
 recursive-include slapos/recipe *.in
 recursive-include slapos/recipe *.bin
 recursive-include slapos/recipe README.*.txt
+recursive-include slapos/recipe *.js
+recursive-include slapos/recipe *.zcml
diff --git a/component/alsa/buildout.cfg b/component/alsa/buildout.cfg
index 3c91b1fdfd3e392dc589c33b54bf42eaad54cf81..452bb71207ad6caa76e781c837974ca44ffafdeb 100644
--- a/component/alsa/buildout.cfg
+++ b/component/alsa/buildout.cfg
@@ -6,7 +6,7 @@ parts =
 # Contains libasound
 recipe = hexagonit.recipe.cmmi
 url = ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.0.24.1.tar.bz2
-#md5sum = d55a9d7d2a79d738a1b7a511cffda4b6
+md5sum = 7cc05f25e1d5b65da8fb3fdcd540f226
 configure-options =
   --disable-static
   --disable-aload
@@ -18,4 +18,4 @@ configure-options =
   --disable-ucm
   --disable-alisp
   --disable-old-symbols
-  --disable-python
\ No newline at end of file
+  --disable-python
diff --git a/component/apache-php/buildout.cfg b/component/apache-php/buildout.cfg
index 71ea1daa372e2eb23dec0e51d0c22c3a006b7624..dcf667fa68463892ceee1eb0e6b76f4cc874597f 100644
--- a/component/apache-php/buildout.cfg
+++ b/component/apache-php/buildout.cfg
@@ -1,10 +1,11 @@
 [buildout]
 parts = apache-php
 
-extends = 
+extends =
   ../apache/buildout.cfg
+  ../bzip2/buildout.cfg
   ../cclient/buildout.cfg
-  ../curl/buildout.cfg  
+  ../curl/buildout.cfg
   ../freetype/buildout.cfg
   ../gettext/buildout.cfg
   ../libiconv/buildout.cfg
@@ -19,13 +20,14 @@ extends =
 [apache-php]
 # Note: Shall react on each build of apache and reinstall itself
 recipe = hexagonit.recipe.cmmi
-url = http://fr2.php.net/distributions/php-5.3.8.tar.gz
-md5sum = f4ce40d5d156ca66a996dbb8a0e7666a
+url = http://fr2.php.net/distributions/php-5.3.10.tar.gz
+md5sum = 2b3d2d0ff22175685978fb6a5cbcdc13
 configure-options =
   --with-apxs2=${apache:location}/bin/apxs
   --with-libxml-dir=${libxml2:location}
   --with-mysql=${mariadb:location}
   --with-zlib-dir=${zlib:location}
+  --with-bz2-dir=${bzip2:location}
   --with-mcrypt=${libmcrypt:location}
   --with-gd
   --with-jpeg-dir=${libjpeg:location}
@@ -37,7 +39,7 @@ configure-options =
   --with-mysqli=mysqlnd
   --with-curl=${curl:location}
   --with-zip-dir=${zip:location}
-  --with-imap=${cclient:location}  
+  --with-imap=${cclient:location}
   --with-iconv-dir=${libiconv:location}
   --with-gettext=${gettext:location}
   --with-ldap=${openldap:location}
@@ -48,12 +50,13 @@ configure-options =
   --enable-session
   --enable-exif
   --enable-zip
+  --enable-bz2
   --enable-ftp
 
 environment =
   PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig
-  PATH=${pkgconfig:location}/bin:${libxml2:location}/bin:%(PATH)s
-  LDFLAGS =-L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid
+  PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:${libxml2:location}/bin:%(PATH)s
+  LDFLAGS =-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid
 
 
 [libmcrypt]
@@ -64,4 +67,4 @@ md5sum = c4f491dd411a09e9de3b8702ea6f73eb
 [xml-rpc]
 recipe = hexagonit.recipe.cmmi
 url = http://downloads.sourceforge.net/project/phpxmlrpc/phpxmlrpc/2.2.2/xmlrpc-2.2.2.tar.gz
-md5sum = 59a644c636c6d98267d0c99b406ae9e8
\ No newline at end of file
+md5sum = 59a644c636c6d98267d0c99b406ae9e8
diff --git a/component/apache/buildout.cfg b/component/apache/buildout.cfg
index 42d1c7162ba8b1965e77a6ba9a1ba43bc045771f..dcf21258e9172cbc5346aec8c64d85fc965a4a07 100644
--- a/component/apache/buildout.cfg
+++ b/component/apache/buildout.cfg
@@ -13,24 +13,30 @@ extends =
   ../sqlite3/buildout.cfg
   ../zlib/buildout.cfg
 
-[apache-CVE-2011-3368.patch]
+[apr]
 recipe = hexagonit.recipe.download
-md5sum = 1ad598213480ddfc239ce6359b7b2c0b
-url = http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/CVE-2011-3368.patch
-filename = ${:_buildout_section_name_}
-download-only = true
+version = 1.4.6
+url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-${:version}.tar.bz2
+md5sum = ffee70a111fd07372982b0550bbb14b7
+
+[apr-util]
+recipe = hexagonit.recipe.download
+version = 1.4.1
+url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-util-${:version}.tar.bz2
+md5sum = 52b31b33fb1aa16e65ddaefc76e41151
 
 [apache]
 # inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
 recipe = hexagonit.recipe.cmmi
 depends =
   ${gdbm:version}
-url = http://mir2.ovh.net/ftp.apache.org/dist//httpd/httpd-2.2.21.tar.bz2
-md5sum = 1696ae62cd879ab1d4dd9ff021a470f2
-patches =
-  ${apache-CVE-2011-3368.patch:location}/${apache-CVE-2011-3368.patch:filename}
-patch-options = -p1
-configure-options = --disable-static
+version = 2.4.1
+revision = 1
+url = http://mir2.ovh.net/ftp.apache.org/dist/httpd/httpd-${:version}.tar.bz2
+md5sum = 7d3001c7a26b985d17caa367a868f11c
+configure-command = cp -ar ${apr:location}/apr-${apr:version} srclib/apr/; cp -ar ${apr-util:location}/apr-util-${apr-util:version} srclib/apr-util; ./configure
+configure-options = --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
+                    --disable-static
                     --enable-authn-alias
                     --enable-bucketeer
                     --enable-cache
@@ -57,6 +63,7 @@ configure-options = --disable-static
                     --enable-dav-fs
                     --enable-so
                     --enable-ssl
+                    --disable-lua
                     --with-included-apr
                     --with-ssl=${openssl:location}
                     --with-z=${zlib:location}
@@ -82,11 +89,27 @@ environment =
   CPPFLAGS =-I${libuuid:location}/include
   LDFLAGS =-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${gdbm:location}/lib
 
+[mod_antiloris-apache-2.4.patch]
+# http://www.apachelounge.com/viewtopic.php?p=19139
+# http://www.apachelounge.com/viewtopic.php?p=20551
+recipe = hexagonit.recipe.download
+url =${:_profile_base_location_}/${:filename}
+filename = mod_antiloris-apache-2.4.patch
+download-only = true
+md5sum = 4f074f035d3b37f3f3e71cd9616440f3
+
 [apache-antiloris]
 # Note: Shall react on each build of apache and reinstall itself
 recipe = hexagonit.recipe.cmmi
 url = http://sourceforge.net/projects/mod-antiloris/files/mod_antiloris-0.4.tar.bz2/download
 md5sum = 66862bf10e9be3a023e475604a28a0b4
+patch-options = -p0
+patches =
+  ${mod_antiloris-apache-2.4.patch:location}/${mod_antiloris-apache-2.4.patch:filename}
+depends =
+  ${apache:version}
+  ${apache:revision}
+  ${mod_antiloris-apache-2.4.patch:md5sum}
 configure-command = ${apache:location}/bin/apxs
 configure-options = -c mod_antiloris.c
 make-binary = ${:configure-command}
diff --git a/component/apache/mod_antiloris-apache-2.4.patch b/component/apache/mod_antiloris-apache-2.4.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a5150b37fd39836ce23a424c0d6e03e33cd13fcf
--- /dev/null
+++ b/component/apache/mod_antiloris-apache-2.4.patch
@@ -0,0 +1,127 @@
+--- mod_antiloris.c.orig	2009-07-28 15:27:42.000000000 +0200
++++ mod_antiloris.c	2012-03-06 11:05:50.167576066 +0100
+@@ -1,5 +1,5 @@
+ /*
+-   mod_antiloris 0.2
++   mod_antiloris 0.5
+    Copyright (C) 2008 Monshouwer Internet Diensten
+ 
+    Author: Kees Monshouwer
+@@ -22,11 +22,16 @@
+ #include "http_connection.h"
+ #include "http_log.h"
+ #include "ap_mpm.h"
++#include "ap_release.h" 
+ #include "apr_strings.h"
+ #include "scoreboard.h"
+ 
+ #define MODULE_NAME "mod_antiloris"
+-#define MODULE_VERSION "0.4"
++#define MODULE_VERSION "0.5.1"
++
++#ifdef APLOG_USE_MODULE 
++APLOG_USE_MODULE(antiloris); 
++#endif 
+ 
+ module AP_MODULE_DECLARE_DATA antiloris_module;
+ 
+@@ -58,6 +63,8 @@
+ /* Parse the IPReadLimit directive */
+ static const char *ipreadlimit_config_cmd(cmd_parms *parms, void *mconfig, const char *arg)
+ {
++    signed long int limit;
++
+     antiloris_config *conf = ap_get_module_config(parms->server->module_config, &antiloris_module);
+     const char *err = ap_check_cmd_context (parms, GLOBAL_ONLY);
+     
+@@ -65,7 +72,7 @@
+ 	return err;
+     }
+     
+-    signed long int limit = strtol(arg, (char **) NULL, 10);
++    limit = strtol(arg, (char **) NULL, 10);
+ 
+     /* No reasonable person would want more than 2^16. Better would be
+        to use LONG_MAX but that causes portability problems on win32 */
+@@ -80,7 +87,7 @@
+ 
+ /* Array describing structure of configuration directives */
+ static command_rec antiloris_cmds[] = {
+-    AP_INIT_TAKE1("IPReadLimit", ipreadlimit_config_cmd, NULL, RSRC_CONF, "Maximum simultaneous connections in READ state per IP address"),
++    AP_INIT_TAKE1("IPReadLimit", ipreadlimit_config_cmd, NULL, RSRC_CONF, "Maximum simultaneous connections per IP address"),
+     {NULL}
+ };
+ 
+@@ -103,12 +110,15 @@
+     ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, MODULE_NAME " " MODULE_VERSION " started");
+     ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
+     ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
++    ap_add_version_component(p, MODULE_NAME "/" MODULE_VERSION); 
+     return OK;
+ }
+ 
+ 
+ static int pre_connection(conn_rec *c)
+ {
++    char *client_ip;
++
+     antiloris_config *conf = ap_get_module_config (c->base_server->module_config,  &antiloris_module);
+     sb_handle *sbh = c->sbh;
+     
+@@ -123,16 +133,26 @@
+     worker_score *ws_record;
+     
+     ws_record = &ap_scoreboard_image->servers[sbh->child_num][sbh->thread_num];
+-    apr_cpystrn(ws_record->client, c->remote_ip, sizeof(ws_record->client));
++    apr_cpystrn(ws_record->client, c->client_ip, sizeof(ws_record->client)); 
+     
+-    char *client_ip = ws_record->client;
++    client_ip = ws_record->client;
+     
+     /* Count up the number of connections we are handling right now from this IP address */
+     for (i = 0; i < server_limit; ++i) {
+ 	for (j = 0; j < thread_limit; ++j) {
+-    	    ws_record = ap_get_scoreboard_worker(i, j);
++#if AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER > 2 
++    	    ws_record = ap_get_scoreboard_worker_from_indexes(i, j); 
++#else 
++    	    ws_record = ap_get_scoreboard_worker(i, j); 
++#endif 
+             switch (ws_record->status) {
+         	case SERVER_BUSY_READ:
++        	case SERVER_BUSY_WRITE:
++        	case SERVER_BUSY_KEEPALIVE:
++        	case SERVER_BUSY_DNS:
++        	case SERVER_BUSY_LOG:
++        	case SERVER_CLOSING:
++        	case SERVER_GRACEFUL:
+             	    if (strcmp(client_ip, ws_record->client) == 0)
+             		ip_count++;
+                     break;
+@@ -143,7 +163,7 @@
+     }
+     
+     if (ip_count > conf->limit) {
+-	ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "Rejected, too many connections in READ state from %s", c->remote_ip);
++	ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "[client %s] Antiloris rejected, too many connections", c->client_ip); 
+ 	return OK;
+     } else {
+ 	return DECLINED;
+@@ -151,17 +171,10 @@
+ }
+ 
+ 
+-static void child_init (apr_pool_t *p, server_rec *s)
+-{
+-    ap_add_version_component(p, MODULE_NAME "/" MODULE_VERSION);
+-}
+-
+-
+ static void register_hooks(apr_pool_t *p)
+ {
+     ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
+     ap_hook_process_connection(pre_connection, NULL, NULL, APR_HOOK_FIRST);
+-    ap_hook_child_init(child_init, NULL, NULL, APR_HOOK_MIDDLE);    
+ }
+ 
+ module AP_MODULE_DECLARE_DATA antiloris_module = {
diff --git a/component/aspell/buildout.cfg b/component/aspell/buildout.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..365126682545dee4173f7eec1172eb2e4ad4f016
--- /dev/null
+++ b/component/aspell/buildout.cfg
@@ -0,0 +1,11 @@
+[buildout]
+parts =
+  aspell
+
+extends = 
+  ../ncurses/buildout.cfg
+
+[aspell]
+recipe = hexagonit.recipe.cmmi
+url = http://ftp.gnu.org/gnu/aspell/aspell-0.60.6.1.tar.gz
+md5sum = e66a9c9af6a60dc46134fdacf6ce97d7
diff --git a/component/automake/buildout.cfg b/component/automake/buildout.cfg
index 3d552ff020a88df7e9bb462dbb82d7b00e754b60..fbd7082c95f97c17befc75af4b8c2a821d9701b8 100644
--- a/component/automake/buildout.cfg
+++ b/component/automake/buildout.cfg
@@ -7,7 +7,7 @@ parts =
 
 [automake-1.11]
 recipe = hexagonit.recipe.cmmi
-md5sum = c2972c4d9b3e29c03d5f2af86249876f
-url = http://ftp.gnu.org/gnu/automake/automake-1.11.1.tar.bz2
+md5sum = 93ecb319f0365cb801990b00f658d026
+url = http://ftp.gnu.org/gnu/automake/automake-1.11.3.tar.gz
 environment =
   PATH =${autoconf:location}/bin:${perl:location}/bin:%(PATH)s
diff --git a/component/binutils/buildout.cfg b/component/binutils/buildout.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..e20a1620559712cf2e4dd8f9f5e2c5d58f776e09
--- /dev/null
+++ b/component/binutils/buildout.cfg
@@ -0,0 +1,8 @@
+[buildout]
+parts =
+  binutils
+
+[binutils]
+recipe = hexagonit.recipe.cmmi
+url = http://ftp.gnu.org/gnu/binutils/binutils-2.21.1.tar.bz2
+md5sum = bde820eac53fa3a8d8696667418557ad
diff --git a/component/ca-certificates/buildout.cfg b/component/ca-certificates/buildout.cfg
index cd11287aa84d8acf900003c302e7caf6fd87c4c8..850821bdc102895cdf94ceca17827c1d895a4be7 100644
--- a/component/ca-certificates/buildout.cfg
+++ b/component/ca-certificates/buildout.cfg
@@ -14,7 +14,7 @@ download-only = true
 
 [ca-certificates]
 recipe = hexagonit.recipe.cmmi
-version = 20111211
+version = 20120212
 url = ftp://ftp.free.fr/mirrors/ftp.debian.org/pool/main/c/ca-certificates/ca-certificates_${:version}.tar.gz
 patches =
   ${ca-certificates-sbin-dir.patch:location}/${ca-certificates-sbin-dir.patch:filename}
diff --git a/component/cloud9/buildout.cfg b/component/cloud9/buildout.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..71f299a6b3d56290a39ec8bedf92fa95f71e9a70
--- /dev/null
+++ b/component/cloud9/buildout.cfg
@@ -0,0 +1,45 @@
+[buildout]
+extends =
+  ../dcron/buildout.cfg
+  ../libxml2/buildout.cfg
+  ../logrotate/buildout.cfg
+  ../rdiff-backup/buildout.cfg
+  ../nodejs/buildout.cfg
+
+parts =
+  nodejs
+  npm
+  cloud9
+
+[cloud9]
+<= cloud9-git
+
+[cloud9-git]
+# Online IDE written in javascript/node.js
+# URL : c9.io
+# You can use it using the following command :
+# NODE_PATH=${:destination}/node_modules ${nodejs:node_location} ${:cloud9_js_location} 
+recipe = plone.recipe.command
+stop-on-error = true
+commit = 97db1467c517d265438684bd2a70b0b76ee282f6
+repository = https://github.com/ajaxorg/cloud9.git
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+git-binary = ${git:location}/bin/git
+npm-binary = ${nodejs-0.4:location}/bin/node ${npm:location}/bin/npm
+command = export GIT_SSL_NO_VERIFY=true; (${:git-binary} clone --quiet ${:repository} ${:location} && cd ${:location} && ${:git-binary} reset --hard ${:commit} && ${:git-binary} submodule update --init && cd support/jsdav && PATH=${nodejs-0.4:location}/bin:$PATH LDFLAGS=-L${libxml2:location}/lib ${:npm-binary} install) || (rm -fr ${:location}; exit 1)
+update-command =
+
+[cloud9-npm]
+# Online IDE written in javascript/node.js
+# URL : c9.io 
+# You can use it using the following command :
+# NODE_PATH=${:destination}/node_modules ${nodejs:node_location} ${:cloud9_js_location} 
+recipe = slapos.recipe.npm
+# Node part has to be specified, otherwise system node is used.
+node = nodejs-0.6
+# List of packages to install
+packages =
+  cloud9
+# Specify environment jsDAV (dependency of cloud9) needs libxml2
+environment = 
+  LDFLAGS=-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib
diff --git a/component/cloudooo/buildout.cfg b/component/cloudooo/buildout.cfg
index ff627da7a399fea06d1de77a06c3b1b55d177fdd..40d156d6b72ca5265cbf422b1242514ac1e4b371 100644
--- a/component/cloudooo/buildout.cfg
+++ b/component/cloudooo/buildout.cfg
@@ -1,64 +1,25 @@
 [buildout]
-software_home = ${:directory}
-
 extends =
-  ../profiles/versions-common.cfg
-  ../profiles/software-definition.cfg
-  ../profiles/common.cfg
-  ../xpdf/buildout.cfg
-  ../imagemagick/buildout.cfg
-  ../file/buildout.cfg
-  ../pdftk/buildout.cfg
-  ../ffmpeg/buildout.cfg
-  ../python-2.6/buildout.cfg
-  ../libreoffice-bin/buildout.cfg
   ../lxml-python/buildout.cfg
 
-python = software_definition
-versions = versions
 parts =
-  instance_template
   cloudooo
-  imagemagick
-  instance-egg
-  libreoffice-bin
-  file
-  xpdf
-  pdftk
-  ffmpeg
-  python2.6
-  bootstrap2.6
 
-cloudooo-packages = 
-  cloudooo.handler.ooo
-  cloudooo.handler.pdf
-  cloudooo.handler.ffmpeg
-  cloudooo.handler.imagemagick
-  cloudooo
+sources = sources
 
+[sources]
+# Include information related to official cloudooo source code.
+cloudooo = git http://git.erp5.org/repos/cloudooo.git
 
-[instance-egg]
-recipe = zc.recipe.egg
+[lxml-python]
 python = python2.6
-eggs = 
-  erp5.recipe.cloudoooinstance
-  z3c.recipe.mkdir
-  ${buildout:cloudooo-packages}
-
 
 [cloudooo]
 recipe = zc.recipe.egg
 python = python2.6
-interpreter = pycloudoo
-scripts = 
 eggs =
   ${lxml-python:egg}
-  collective.recipe.supervisor
-  plone.recipe.command
-  erp5.extension.sectionextender
-  supervisor
-  ${buildout:cloudooo-packages}
-
-[software_definition]
-software_home = ${buildout:directory}
-executable = ${python2.6:executable}
+  cloudooo
+  PasteScript
+scripts =
+  paster=cloudooo_paster
diff --git a/component/file/buildout.cfg b/component/file/buildout.cfg
index a5cfc0924b1da82e1a85fe926da15ba89d323c33..5c171cd90560eee2ceee88ee4028f095e2aad5b7 100644
--- a/component/file/buildout.cfg
+++ b/component/file/buildout.cfg
@@ -8,8 +8,8 @@ extends =
 
 [file]
 recipe = hexagonit.recipe.cmmi
-url = ftp://ftp.astron.com/pub/file/file-5.10.tar.gz
-md5sum = 4cea34b087b060772511e066e2038196
+url = ftp://ftp.astron.com/pub/file/file-5.11.tar.gz
+md5sum = 16a407bd66d6c7a832f3a5c0d609c27b
 configure-options =
   --disable-static
 environment =
diff --git a/component/firefox/buildout.cfg b/component/firefox/buildout.cfg
index 4b8bf8a4d5d48b1144835ecc1d9124c81cc813b1..b55f70653aa8868102cf284871f62e3dfeabd41b 100644
--- a/component/firefox/buildout.cfg
+++ b/component/firefox/buildout.cfg
@@ -20,8 +20,8 @@ depends =
   ${liberation-fonts:location}
   ${ipaex-fonts:location}
 
-x86 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/7.0.1/linux-i686/fr/firefox-7.0.1.tar.bz2 42c2559892f26ed2a0563faaf693a00f
-x86-64 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/7.0.1/linux-x86_64/en-US/firefox-7.0.1.tar.bz2 20d6c8e3dfc97d08d1dec7d0479f924f
+x86 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/11.0/linux-i686/fr/firefox-11.0.tar.bz2 a7e9c614ddac993476ef771afaedf568
+x86-64 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/11.0/linux-x86_64/fr/firefox-11.0.tar.bz2 b358865c08145211314a62660e871614
 
 script =
   if not self.options.get('url'): self.options['url'], self.options['md5sum'] = self.options[guessPlatform()].split(' ')
diff --git a/component/fontconfig/buildout.cfg b/component/fontconfig/buildout.cfg
index 1198708d99db24b93ef9452bd5ec6770a3e9d29d..58643399d8f9b4ec09a3c9f12e31e813107076fe 100644
--- a/component/fontconfig/buildout.cfg
+++ b/component/fontconfig/buildout.cfg
@@ -4,6 +4,7 @@ extends =
   ../freetype/buildout.cfg
   ../libxml2/buildout.cfg
   ../pkgconfig/buildout.cfg
+  ../bzip2/buildout.cfg
   ../zlib/buildout.cfg
 
 parts =
@@ -23,5 +24,5 @@ configure-options =
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig
-  CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  CPPFLAGS=-I${zlib:location}/include -I${bzip2:location}/include
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib
diff --git a/component/freetype/buildout.cfg b/component/freetype/buildout.cfg
index c358b3e996713b4d215af71d95eb238c3b9a318e..c4c818a1643770a94e99fb66cec45f6451a515a3 100644
--- a/component/freetype/buildout.cfg
+++ b/component/freetype/buildout.cfg
@@ -3,6 +3,7 @@
 
 [buildout]
 extends =
+  ../bzip2/buildout.cfg
   ../zlib/buildout.cfg
 
 parts =
@@ -10,10 +11,10 @@ parts =
 
 [freetype]
 recipe = hexagonit.recipe.cmmi
-url = http://download.savannah.gnu.org/releases/freetype/freetype-2.4.8.tar.bz2
-md5sum = dbf2caca1d3afd410a29217a9809d397
+url = http://download.savannah.gnu.org/releases/freetype/freetype-2.4.9.tar.bz2
+md5sum = 77a893dae81fd5b896632715ca041179
 configure-options =
   --disable-static
 environment =
-  CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include
+  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
diff --git a/component/gettext/buildout.cfg b/component/gettext/buildout.cfg
index c84d0bac194187463336604d75c538ae9a31c7c5..bfb9e58f45519ca9bb0bb9febc5a8a17d14f6f4a 100644
--- a/component/gettext/buildout.cfg
+++ b/component/gettext/buildout.cfg
@@ -20,6 +20,7 @@ configure-options =
   --without-emacs
   --disable-acl
   --disable-openmp
+  --without-git
 
 environment =
   CPPFLAGS=-I${libxml2:location}/include -I${zlib:location}/include -I${ncurses:location}/include
diff --git a/component/ghostscript/buildout.cfg b/component/ghostscript/buildout.cfg
index 85ff413060e3c14faf7a6ee981e0e5de3577f03a..3a38e298efb00ffcdc6038c3258e9aa12d58ea0b 100644
--- a/component/ghostscript/buildout.cfg
+++ b/component/ghostscript/buildout.cfg
@@ -9,24 +9,25 @@ parts = ghostscript
 
 [ghostscript-common]
 recipe = hexagonit.recipe.cmmi
+depends =
+  ${libtiff:version}
 configure-options =
   --disable-cups
-  --disable-cairo
+  --with-system-libtiff
   --without-x
   --with-drivers=FILES
 # it seems that parallel build sometimes fails for ghostscript.
 make-options = -j1
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
-  PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig
-  CPPFLAGS=-I${libtiff:location}/include
-  LDFLAGS=-Wl,-rpath=${fontconfig:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib
-  LD_LIBRARY_PATH=${fontconfig:location}/lib
+  PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${libtiff:location}/lib/pkgconfig
+  LDFLAGS=-Wl,-rpath=${fontconfig:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -Wl,-rpath=${libtiff:location}/lib
+  LD_LIBRARY_PATH=${fontconfig:location}/lib:${libtiff:location}/lib
 
 [ghostscript]
 <= ghostscript-9
 
 [ghostscript-9]
 <= ghostscript-common
-url = http://downloads.ghostscript.com/public/ghostscript-9.04.tar.bz2
-md5sum = 9f6899e821ab6d78ab2c856f10fa3023
+url = http://downloads.ghostscript.com/public/ghostscript-9.05.tar.bz2
+md5sum = 8bcef1f33ddf8a4d12b2cf8da385c191
diff --git a/component/git/buildout.cfg b/component/git/buildout.cfg
index a848e34be7d4cebcb545beba3ede60dbf2465f87..e88ef464e4391b6195359efd00559c534b559f3a 100644
--- a/component/git/buildout.cfg
+++ b/component/git/buildout.cfg
@@ -13,8 +13,8 @@ parts =
 
 [git]
 recipe = hexagonit.recipe.cmmi
-url = http://git-core.googlecode.com/files/git-1.7.8.3.tar.gz
-md5sum = 7a4bc5160166537d4da5eb48a7670dff
+url = http://git-core.googlecode.com/files/git-1.7.8.4.tar.gz
+md5sum = e6c3319d76d52a830af395046fc56143
 configure-options =
   --with-curl=${curl:location}
   --with-openssl=${openssl:location}
diff --git a/component/graphviz/buildout.cfg b/component/graphviz/buildout.cfg
index 85f97fb1401061b41d01b54dca91fd43efd4c9dc..9658c1ad0f270709599968ac4a42d5eb58765677 100644
--- a/component/graphviz/buildout.cfg
+++ b/component/graphviz/buildout.cfg
@@ -5,6 +5,7 @@
 parts =
   graphviz
 extends =
+  ../bzip2/buildout.cfg
   ../fontconfig/buildout.cfg
   ../freetype/buildout.cfg
   ../libpng/buildout.cfg
@@ -50,5 +51,5 @@ configure-options =
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig
-  CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include
+  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
diff --git a/component/groonga/buildout.cfg b/component/groonga/buildout.cfg
index 4c863643c58545e6148050d30e3fa267e48195e3..b5394501d32d1af5873c3da9ba3e79c9ba5b895c 100644
--- a/component/groonga/buildout.cfg
+++ b/component/groonga/buildout.cfg
@@ -7,10 +7,11 @@ parts =
 
 [groonga]
 recipe = hexagonit.recipe.cmmi
-url = http://packages.groonga.org/source/groonga/groonga-1.2.9.tar.gz
-md5sum = 47117baa401a3db08362e00f94fced12
+url = http://packages.groonga.org/source/groonga/groonga-2.0.0.tar.gz
+md5sum = 09e6a34db15cf42b6a3aff07e0f841ff
 configure-options =
   --disable-static
   --disable-glibtest
   --disable-benchmark
+  --disable-document
   --without-mecab
diff --git a/component/haproxy/buildout.cfg b/component/haproxy/buildout.cfg
index 1d24658422513a11df0a704d7be14f0f5ae06619..08ba79f3311378a0b0f015e1a304d16bfbd7b222 100644
--- a/component/haproxy/buildout.cfg
+++ b/component/haproxy/buildout.cfg
@@ -10,6 +10,6 @@ configure-command = true
 # otherwise use "generic".
 # For ARCH value, x86_64 and i[3456]86 are supported.
 make-options =
-  TARGET="$(uname -sr 2>/dev/null|grep -q '^Linux 2\.6' && echo linux26 || echo generic)"
+  TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6|3)' && echo linux26 || echo generic)"
   ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
   PREFIX=${buildout:parts-directory}/${:_buildout_section_name_}
diff --git a/component/imagemagick/buildout.cfg b/component/imagemagick/buildout.cfg
index 062a81e90d94cd3d17068115be38c321ff9cfbd1..283af483b86f63cb9efe3a649f48ad9dc0a25915 100644
--- a/component/imagemagick/buildout.cfg
+++ b/component/imagemagick/buildout.cfg
@@ -27,8 +27,10 @@ filename = imagemagick-6.6.6-1-no-gsx-gsc-probe.patch
 
 [imagemagick]
 recipe = hexagonit.recipe.cmmi
-url = ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.7.3-10.tar.bz2
-md5sum = 3c1d1a04b1ed2998217e16001b58069f
+url = ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.7.5-10.tar.bz2
+md5sum = 99bc7ec1e756fa75f1af6150df3d1383
+depends =
+  ${libtiff:version}
 configure-options =
   --disable-static
   --without-x
diff --git a/component/java/buildout.cfg b/component/java/buildout.cfg
index fdfd350db67e0bcf9a5f392e12a8ecb6e411850d..657b140eb732b0629cd10d316201cb17358e6b07 100644
--- a/component/java/buildout.cfg
+++ b/component/java/buildout.cfg
@@ -29,8 +29,8 @@ slapos_promisee =
   directory:javaws
   file:lib/rt.jar
   file:bin/java
-x86 = http://javadl.sun.com/webapps/download/AutoDL?BundleId=52240 0bd27d325c5ce11ce863d982ad052f7f
-x86-64 =  http://javadl.sun.com/webapps/download/AutoDL?BundleId=52242 a4d929bc4d6511290c07c3745477b77b
+x86 = http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jre-6u30-linux-i586.bin 3e80243483bc825c34ae01a4373cce5f
+x86-64 = http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jre-6u30-linux-x64.bin a4d28c49251d6b9c2d300b3d61f1ce95
 script =
   if not self.options.get('url'): self.options['url'], self.options['md5sum'] = self.options[guessPlatform()].split(' ')
   download_file = self.download(self.options['url'], self.options.get('md5sum'))
@@ -43,7 +43,7 @@ script =
   subprocess.call([auto_extract_bin])
   self.cleanup_dir_list.append(extract_dir)
   workdir = guessworkdir(extract_dir)
-  self.copyTree(os.path.join(workdir, "jre1.6.0_27"), "%(location)s")
+  self.copyTree(os.path.join(workdir, "jre1.6.0_30"), "%(location)s")
 
 [java-sdk-1.6.0]
 recipe = slapos.recipe.build
diff --git a/component/libjpeg/buildout.cfg b/component/libjpeg/buildout.cfg
index a4340087680f77f71fad2997a5dbba19d0841e80..74e4461d2ff7cb84e17cd11652f868f25015f436 100644
--- a/component/libjpeg/buildout.cfg
+++ b/component/libjpeg/buildout.cfg
@@ -4,7 +4,7 @@ parts =
 
 [libjpeg]
 recipe = hexagonit.recipe.cmmi
-url = http://www.ijg.org/files/jpegsrc.v8b.tar.gz
-md5sum = e022acbc5b36cd2cb70785f5b575661e
+url = http://www.ijg.org/files/jpegsrc.v8d.tar.gz
+md5sum = 52654eb3b2e60c35731ea8fc87f1bd29
 configure-options =
   --disable-static
diff --git a/component/libpng/buildout.cfg b/component/libpng/buildout.cfg
index a78e8143ea8c5762c182fb003a8388bcbacbe591..70229b0eb89f4be0160f5de730696d21bed9c9c1 100644
--- a/component/libpng/buildout.cfg
+++ b/component/libpng/buildout.cfg
@@ -3,6 +3,7 @@ extends =
   ../zlib/buildout.cfg
 
 parts =
+  libpng12
   libpng
 
 [libpng-common]
@@ -13,7 +14,12 @@ environment =
   CPPFLAGS =-I${zlib:location}/include
   LDFLAGS =-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
 
+[libpng12]
+<= libpng-common
+url = http://download.sourceforge.net/libpng/libpng-1.2.47.tar.bz2
+md5sum = 4389dab9fcd2f9d57ac14701b9115f59
+
 [libpng]
 <= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.5.5.tar.bz2
-md5sum = 3270bf2990c3174ae939388398de751e
+url = http://download.sourceforge.net/libpng/libpng-1.5.9.tar.bz2
+md5sum = 684ba5f05da436a99c6303a83c7856d6
diff --git a/component/libreoffice-bin/buildout.cfg b/component/libreoffice-bin/buildout.cfg
index b5604c2e0b7920a1864e8d0ba52fe3b68afd7c7e..c788822e839fa055b37b7f16bc79e58846720dd8 100644
--- a/component/libreoffice-bin/buildout.cfg
+++ b/component/libreoffice-bin/buildout.cfg
@@ -12,15 +12,15 @@ find-links =
 [libreoffice-bin]
 recipe = slapos.recipe.build
 # here, two %s are used, first one is for directory name (eg. x86_64), and second one is for filename (eg. x86-64).
-version = 3.4.5
+version = 3.5.1
 url = http://download.documentfoundation.org/libreoffice/stable/${:version}/rpm/%s/LibO_${:version}_Linux_%s_install-rpm_en-US.tar.gz
 
 # supported architectures md5sums
-md5sum_x86 = 34786e6aa570782abac551ab092f3fb3
-md5sum_x86-64 = 2159a50daab707c02b669a83f635ff0c
+md5sum_x86 = ee46fdafb8361b8e131994508c2723b3
+md5sum_x86-64 = ddda58719358e5c97ca5d1c118646574
 
 # where office code can be found?
-officedir = libreoffice3.4
+officedir = libreoffice3.5
 
 # script to install
 script =
@@ -38,7 +38,11 @@ script =
   rpmsdir = os.path.join(workdir, [q for q in os.listdir(workdir) if q == 'RPMS'][0])
   rpmlist = [os.path.join(rpmsdir, q) for q in os.listdir(rpmsdir) if q.endswith('.rpm') and 'javafilter' not in q and 'xsltfilter' not in q]
   [self.pipeCommand([[sys.executable, '${:rpm2cpio}', rpm], ['${:cpio}', '-idum']], cwd=storagedir) for rpm in rpmlist]
-  self.copyTree(os.path.join(storagedir, 'opt', '${:officedir}'), location, ['basis3.4', 'ure'])
+  self.copyTree(os.path.join(storagedir, 'opt', '${:officedir}'), location, ['ure-link'])
+  os.symlink('ure', os.path.join(location, 'ure-link'))
+  # backward compatibility for cloudooo configuration
+  os.mkdir(os.path.join(location, 'basis-link'))
+  os.symlink(os.path.join('..', 'program'), os.path.join(location, 'basis-link', 'program'))
 
 # helper binaries
 cpio = ${cpio:location}/bin/cpio
diff --git a/component/libtiff/buildout.cfg b/component/libtiff/buildout.cfg
index 0d7814db8b058371406bec52aee355f886449286..ddf2db3d051729ca404f9eb60811cac452dbb363 100644
--- a/component/libtiff/buildout.cfg
+++ b/component/libtiff/buildout.cfg
@@ -9,10 +9,11 @@ parts =
 
 [libtiff]
 recipe = hexagonit.recipe.cmmi
-#url = http://download.osgeo.org/libtiff/tiff-3.9.5.tar.gz
+version = 4.0.1
+#url = http://download.osgeo.org/libtiff/tiff-${:version}.tar.gz
 # server is down - circumvent
-url = http://www.imagemagick.org/download/delegates/tiff-3.9.5.tar.gz
-md5sum = 8fc7ce3b4e1d0cc8a319336967815084
+url = http://www.imagemagick.org/download/delegates/tiff-${:version}.tar.gz
+md5sum = fae149cc9da35c598d8be897826dfc63
 configure-options =
   --disable-static
   --without-x
diff --git a/component/mariadb/buildout.cfg b/component/mariadb/buildout.cfg
index d98313f30be73ff9f4ba0ea4c32bd28d751f043c..3fa8cf611d75b74197191270fefd3dc89ab6e89b 100644
--- a/component/mariadb/buildout.cfg
+++ b/component/mariadb/buildout.cfg
@@ -3,10 +3,13 @@
 
 [buildout]
 extends =
+  ../cmake/buildout.cfg
   ../zlib/buildout.cfg
   ../groonga/buildout.cfg
+  ../libaio/buildout.cfg
   ../libevent/buildout.cfg
   ../ncurses/buildout.cfg
+  ../openssl/buildout.cfg
   ../pkgconfig/buildout.cfg
   ../readline/buildout.cfg
 
@@ -22,9 +25,9 @@ download-only = true
 
 [mariadb]
 recipe = hexagonit.recipe.cmmi
-version = 5.3.3-rc
+version = 5.3.5-ga
 url = http://downloads.askmonty.org/f/mariadb-${:version}/kvm-tarbake-jaunty-x86/mariadb-${:version}.tar.gz/from/http:/ftp.osuosl.org/pub/mariadb
-md5sum = 715c61bb101acc7d37e893f6a9de9267
+md5sum = 98ce0441b37c8d681855150495fdc03b
 # compile directory is required to build mysql plugins.
 keep-compile-dir = true
 # configure: how to avoid searching for my.cnf?
@@ -42,10 +45,9 @@ configure-options =
   --with-extra-charsets=complex
   --with-collation=utf8_unicode_ci
   --with-big-tables
-  --with-embedded-server
+  --without-embedded-server
   --with-plugins=max-no-ndb
   --with-aria-tmp-tables
-  --without-plugin-innodb_plugin
   --without-plugin-oqgraph
   --without-readline
   --with-ssl
@@ -61,11 +63,68 @@ environment =
 
 [mroonga-mariadb]
 recipe = hexagonit.recipe.cmmi
-url = https://github.com/downloads/mroonga/mroonga/mroonga-1.11.tar.gz
-md5sum = 69e56246226e0b9969ee7f99e08aa7da
+url = https://github.com/downloads/mroonga/mroonga/mroonga-2.00.tar.gz
+md5sum = 49dab92863b5c3fa1d49344c73357ca2
 configure-options =
   --with-mysql-source=${mariadb:location}__compile__/mariadb-${mariadb:version}
   --with-mysql-config=${mariadb:location}/bin/mysql_config
+depends =
+  ${mariadb:version}
+environment =
+  PATH=${groonga:location}/bin:${pkgconfig:location}/bin:%(PATH)s
+  CPPFLAGS=-I${groonga:location}/include/groonga
+  LDFLAGS=-L${groonga:location}/lib
+  PKG_CONFIG_PATH=${groonga:location}/lib/pkgconfig
+
+[mariadb-5.5-no_test-patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = 14e6d713c16298a10f40d29f2b799aca
+filename = mariadb_5.5_create_system_tables__no_test.patch
+download-only = true
+
+[mariadb-5.5]
+recipe = hexagonit.recipe.cmmi
+version = 5.5.20
+url = http://downloads.askmonty.org/f/mariadb-${:version}/kvm-tarbake-jaunty-x86/mariadb-${:version}.tar.gz/from/http://ftp.osuosl.org/pub/mariadb
+md5sum = e618343b5039fa468c0e1e6098785e3c
+# compile directory is required to build mysql plugins.
+keep-compile-dir = true
+patch-options = -p0
+patches =
+  ${mariadb-5.5-no_test-patch:location}/${mariadb-5.5-no_test-patch:filename}
+configure-command = ${cmake:location}/bin/cmake
+configure-options =
+  -DCMAKE_INSTALL_PREFIX=${buildout:parts-directory}/${:_buildout_section_name_}
+  -DBUILD_CONFIG=mysql_release
+  -DDEFAULT_CHARSET=utf8
+  -DDEFAULT_COLLATION=utf8_unicode_ci
+  -DWITH_SSL=system
+  -DWITH_ZLIB=system
+  -DWITH_READLINE=0
+  -DWITH_PIC=1
+  -DWITH_EXTRA_CHARSETS=complex
+  -DWITH_EMBEDDED_SERVER=0
+  -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1
+  -DWITHOUT_DAEMON_EXAMPLE=1
+  -DWITH_SPHINX_STORAGE_ENGINE=1
+  -DCMAKE_C_FLAGS="-I${libaio:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${zlib:location}/include"
+  -DCMAKE_INSTALL_RPATH=${libaio:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib
+environment =
+  CMAKE_PROGRAM_PATH=${cmake:location}/bin
+  CMAKE_INCLUDE_PATH=${libaio:location}/include:${ncurses:location}/include:${openssl:location}/include:${readline5:location}/include:${zlib:location}/include
+  CMAKE_LIBRARY_PATH=${libaio:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib
+  LDFLAGS=-L${libaio:location}/lib
+
+[mroonga-mariadb-5.5]
+recipe = hexagonit.recipe.cmmi
+url = https://github.com/downloads/mroonga/mroonga/mroonga-2.00.tar.gz
+md5sum = 49dab92863b5c3fa1d49344c73357ca2
+configure-options =
+  --with-mysql-source=${mariadb-5.5:location}__compile__/mariadb-${mariadb-5.5:version}
+  --with-mysql-config=${mariadb-5.5:location}/bin/mysql_config
+depends =
+  ${mariadb-5.5:version}
 environment =
   PATH=${groonga:location}/bin:${pkgconfig:location}/bin:%(PATH)s
   CPPFLAGS=-I${groonga:location}/include/groonga
diff --git a/component/noVNC/buildout.cfg b/component/noVNC/buildout.cfg
index 00dad6c804d8c077bcb44ffe946a889fa95b14a1..41b6f8ae2886031efe5dc3c11497f4420a370ec0 100644
--- a/component/noVNC/buildout.cfg
+++ b/component/noVNC/buildout.cfg
@@ -3,6 +3,6 @@ parts =
   noVNC
 
 [noVNC]
-recipe = hexagonit.recipe.download
-url = https://github.com/kanaka/noVNC/tarball/master
+recipe = slapos.recipe.build:download-unpacked
+url = https://github.com/kanaka/noVNC/tarball/v0.2
 strip-top-level-dir = true
diff --git a/component/nodejs/buildout.cfg b/component/nodejs/buildout.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..dddcf4bef82274e0e4d7c02f1c275fac93574b0c
--- /dev/null
+++ b/component/nodejs/buildout.cfg
@@ -0,0 +1,50 @@
+[buildout]
+extends =
+  ../git/buildout.cfg
+  ../pkgconfig/buildout.cfg
+  ../openssl/buildout.cfg
+  ../python-2.7/buildout.cfg
+  ../zlib/buildout.cfg
+
+parts =
+  nodejs
+
+[nodejs]
+# Server-side Javascript.
+recipe = hexagonit.recipe.cmmi
+url = http://nodejs.org/dist/v0.6.12/node-v0.6.12.tar.gz
+md5sum = a12766ae4003c9712927d1fa134ed9f6
+configure-options =
+  --openssl-includes=${openssl:location}/include
+  --openssl-libpath=${openssl:location}/lib
+environment =
+  PATH=${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig/
+  CPPFLAGS=-I${zlib:location}/include
+  LDFLAGS=-Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+
+[nodejs-0.4]
+recipe = hexagonit.recipe.cmmi
+url = http://nodejs.org/dist/node-v0.4.12.tar.gz
+md5sum = a6375eaa43db5356bf443e25b828ae16
+configure-options =
+  --openssl-includes=${openssl:location}/include
+  --openssl-libpath=${openssl:location}/lib
+environment =
+  PATH=${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig/
+  CPPFLAGS=-I${zlib:location}/include
+  LDFLAGS=-Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+
+[npm]
+# Node.js Package Manager
+# Deprecated. Included in node >= 0.6.3.
+recipe = plone.recipe.command
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+stop-on-error = true
+commit = 3136abc5c6b3ed332c4700ece24450fada63639b
+origin = https://github.com/isaacs/npm.git
+git-bin = ${git:location}/bin/git
+node-bin = ${nodejs-0.4:location}/bin/node
+command = (GIT_SSL_NO_VERIFY=true ${:git-bin} clone --quiet ${:origin} ${:location} && cd ${:location} && ${:git-bin} reset --hard ${:commit} && ${:location}/configure --prefix=${:location} && GIT_SSL_NO_VERIFY=true ${:git-bin} submodule update --init --recursive && ${:node-bin} cli.js install npm@1.0.106 -g -f) || (rm -fr ${:location}; exit 1)
+update-command =
diff --git a/component/openssl/buildout.cfg b/component/openssl/buildout.cfg
index 22398442b9f29b75202256977df6327a9297a63d..ba87ebacb27dfefa51a658a38195b49e8bb290a6 100644
--- a/component/openssl/buildout.cfg
+++ b/component/openssl/buildout.cfg
@@ -19,12 +19,20 @@ url = ${:_profile_base_location_}/${:filename}
 filename = ${:_buildout_section_name_}
 download-only = true
 
+[openssl-exlibs.patch]
+recipe = hexagonit.recipe.download
+md5sum = dfb8979460d6d75f2d23d1ea83bbb40a
+url = ${:_profile_base_location_}/${:filename}
+filename = ${:_buildout_section_name_}
+download-only = true
+
 [openssl]
 recipe = hexagonit.recipe.cmmi
-url = https://www.openssl.org/source/openssl-1.0.0g.tar.gz
-md5sum = 07ecbe4324f140d157478637d6beccf1
+url = https://www.openssl.org/source/openssl-1.0.1.tar.gz
+md5sum = 134f168bc2a8333f19f81d684841710b
 patches =
   ${openssl-nodoc.patch:location}/${openssl-nodoc.patch:filename}
+  ${openssl-exlibs.patch:location}/${openssl-exlibs.patch:filename}
 patch-options = -p0
 configure-command = ./config
 configure-options =
@@ -33,13 +41,11 @@ configure-options =
   --openssldir=${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl
   --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
   --libdir=lib
-  shared
-  no-zlib
+  shared no-idea no-mdc2 no-rc5 zlib
+  -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib
 
 # it seems that parallel build sometimes fails for openssl.
 make-options =
   -j1
 make-targets =
   install && rm -f ${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl/certs/* && for i in ${ca-certificates:location}/certs/*/*.crt; do ln -sv $i ${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl/certs/`${buildout:parts-directory}/${:_buildout_section_name_}/bin/openssl x509 -hash -noout -in $i`.0; done; true
-  LDFLAGS="-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib"
-  SHARED_LDFLAGS="-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib"
diff --git a/component/openssl/openssl-exlibs.patch b/component/openssl/openssl-exlibs.patch
new file mode 100644
index 0000000000000000000000000000000000000000..63b4d11602190283702b31cd68058b4771a5380e
--- /dev/null
+++ b/component/openssl/openssl-exlibs.patch
@@ -0,0 +1,19 @@
+--- engines/ccgost/Makefile~	2010-08-24 23:46:34.000000000 +0200
++++ engines/ccgost/Makefile	2012-03-14 10:11:46.826419864 +0100
+@@ -7,6 +7,7 @@
+ AR= ar r
+ CFLAGS= $(INCLUDES) $(CFLAG)
+ LIB=$(TOP)/libcrypto.a
++EX_LIBS= 
+ 
+ LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
+ 
+@@ -32,7 +33,7 @@
+ 		$(MAKE) -f $(TOP)/Makefile.shared -e \
+ 			LIBNAME=$(LIBNAME) \
+ 			LIBEXTRAS='$(LIBOBJ)' \
+-			LIBDEPS='-L$(TOP) -lcrypto' \
++			LIBDEPS='-L$(TOP) -lcrypto $(EX_LIBS)' \
+ 			link_o.$(SHLIB_TARGET); \
+ 	else \
+ 		$(AR) $(LIB) $(LIBOBJ); \
diff --git a/component/percona-toolkit/buildout.cfg b/component/percona-toolkit/buildout.cfg
index 5b2047a8dcd4c800d7817506fd65fa95c393f66f..d24c053588b440b71fa829d20ab1e5ce134bfc83 100644
--- a/component/percona-toolkit/buildout.cfg
+++ b/component/percona-toolkit/buildout.cfg
@@ -10,7 +10,7 @@ parts =
 recipe = hexagonit.recipe.cmmi
 depends =
   ${perl:version}
-url = http://www.percona.com/redir/downloads/percona-toolkit/percona-toolkit-2.0.1.tar.gz
-md5sum = 3a78c78672cb7c634bda35dfb2f817bf
+url = http://www.percona.com/redir/downloads/percona-toolkit/2.0.4/percona-toolkit-2.0.4.tar.gz
+md5sum = df7dffcccb48d50f143849629228d4b4
 configure-command =
   ${perl:location}/bin/perl Makefile.PL
diff --git a/component/poppler/buildout.cfg b/component/poppler/buildout.cfg
index 938aa32a707ba399cc9d46f17368bcb06d1f42c2..ed0583a75ec172a733cc6bde0b918e6b6bc5ef75 100644
--- a/component/poppler/buildout.cfg
+++ b/component/poppler/buildout.cfg
@@ -1,6 +1,7 @@
 [buildout]
 parts = poppler
 extends =
+  ../bzip2/buildout.cfg
   ../fontconfig/buildout.cfg
   ../freetype/buildout.cfg
   ../jbigkit/buildout.cfg
@@ -17,10 +18,12 @@ extends =
 recipe = hexagonit.recipe.cmmi
 md5sum = b566d1fbaa29b9257bf0ecc130e7b2ca
 url = http://poppler.freedesktop.org/poppler-0.17.2.tar.gz
+depends =
+  ${libtiff:version}
 configure-options =
   --disable-cairo-output
   --disable-cms
-  --disable-curl
+  --disable-libcurl
   --disable-gtk-doc-html
   --disable-gtk-test
   --disable-poppler-cpp
@@ -31,5 +34,5 @@ configure-options =
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig
-  CPPFLAGS=-I${libjpeg:location}/include -I${libpng:location}/include -I${libtiff:location}/include -I${zlib:location}/include
-  LDFLAGS=-L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  CPPFLAGS=-I${bzip2:location}/include -I${libjpeg:location}/include -I${libpng:location}/include -I${libtiff:location}/include -I${zlib:location}/include
+  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
diff --git a/component/python-2.6/buildout.cfg b/component/python-2.6/buildout.cfg
index cf1f1634707b5ee91f7942ada40d0789bd1ece64..cb46c70fd15b1a952894dec53346e13f73450b6f 100644
--- a/component/python-2.6/buildout.cfg
+++ b/component/python-2.6/buildout.cfg
@@ -30,16 +30,18 @@ depends =
 # other settings in this part if we don't set it explicitly here.
 prefix = ${buildout:parts-directory}/${:_buildout_section_name_}
 version = 2.6
-package_version = ${:version}.7
+package_version = ${:version}.8
+package_version_suffix = rc1
 executable = ${:prefix}/bin/python${:version}
 
 url =
-  http://python.org/ftp/python/${:package_version}/Python-${:package_version}.tar.bz2
-md5sum = d40ef58ed88438a870bbeb0ac5d4217b
+  http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.bz2
+md5sum = df6ccdac7da3b7c7c79124b92110277e
 patch-options = -p1
 patches =
   ${python-2.6.6-no_system_inc_dirs.patch:location}/${python-2.6.6-no_system_inc_dirs.patch:filename}
 configure-options =
+  --enable-ipv6
   --enable-unicode=ucs4
   --with-threads
 
diff --git a/component/python-2.7/buildout.cfg b/component/python-2.7/buildout.cfg
index e4a5f5cbcb7aa889f61c359bcf94003f8ac93737..fb5fc7ad3795c014fcc318c044270386566c31e2 100644
--- a/component/python-2.7/buildout.cfg
+++ b/component/python-2.7/buildout.cfg
@@ -3,6 +3,7 @@ extends =
   ../bzip2/buildout.cfg
   ../gdbm/buildout.cfg
   ../gettext/buildout.cfg
+  ../libexpat/buildout.cfg
   ../ncurses/buildout.cfg
   ../openssl/buildout.cfg
   ../readline/buildout.cfg
@@ -12,21 +13,6 @@ extends =
 parts =
     python2.7
 
-[python2.7]
-<= python2.7.2
-
-[python2.7.1]
-<= python2.7common
-package_version = 2.7.1
-md5sum = aa27bc25725137ba155910bd8e5ddc4f
-package_version_suffix =
-
-[python2.7.2]
-<= python2.7common
-package_version = 2.7.2
-md5sum = ba7b2f11ffdbf195ee0d111b9455a5bd
-package_version_suffix =
-
 [bootstrap2.7]
 recipe = zc.recipe.egg
 eggs = zc.buildout
@@ -36,8 +22,12 @@ scripts =
 arguments = sys.argv[1:] + ["bootstrap"]
 python = python2.7
 
-[python2.7common]
+[python2.7]
 recipe = hexagonit.recipe.cmmi
+package_version = 2.7.3
+package_version_suffix = rc1
+md5sum = 72aaa940dfa2777de161d7cb27c91df7
+
 depends =
   ${gdbm:version}
 # This is actually the default setting for prefix, but we can't use it in
@@ -49,9 +39,11 @@ executable = ${:prefix}/bin/python${:version}
 url =
   http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.bz2
 configure-options =
+  --enable-ipv6
   --enable-unicode=ucs4
+  --with-system-expat
   --with-threads
 
 environment =
-  CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include/ -I${ncurses:location}/include/ncursesw/ -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
+  CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${libexpat:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
+  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${libexpat:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
diff --git a/component/readline/buildout.cfg b/component/readline/buildout.cfg
index 273cbffb9bace11e618db63be51a3b56ab2faa1b..4210e38ad834bea15d6ddccd7f8466b1476f5a6f 100644
--- a/component/readline/buildout.cfg
+++ b/component/readline/buildout.cfg
@@ -12,18 +12,6 @@ configure-options =
   --enable-multibyte
   --disable-static
 
-# readline-5.x is still used for GPL2 only softwares.
-[readline5]
-recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnu.org/gnu/readline/readline-5.2.tar.gz
-md5sum = e39331f32ad14009b9ff49cc10c5e751
-configure-options =
-  --enable-multibyte
-  --disable-static
-  --with-ncurses=${ncurses:location}
-environment =
-    LDFLAGS =-Wl,-rpath=${ncurses:location}/lib
-
 [readline]
 recipe = hexagonit.recipe.cmmi
 url = http://ftp.gnu.org/gnu/readline/readline-6.2.tar.gz
diff --git a/component/slapos/buildout.cfg b/component/slapos/buildout.cfg
index 71e9ad796e3e9f787389c17d0c95948c26952fe7..0088c4709030c33159f60734cb6acb5402071282 100644
--- a/component/slapos/buildout.cfg
+++ b/component/slapos/buildout.cfg
@@ -120,17 +120,17 @@ Werkzeug = 0.8.3
 buildout-versions = 1.7
 collective.recipe.template = 1.9
 hexagonit.recipe.cmmi = 1.5.0
-lxml = 2.3.3
+lxml = 2.3.4
 meld3 = 0.6.8
 netaddr = 0.7.6
-slapos.core = 0.22
+slapos.core = 0.24
 slapos.libnetworkcache = 0.12
 xml-marshaller = 0.9.7
-z3c.recipe.scripts = 1.0.1 
+z3c.recipe.scripts = 1.0.1
 zc.recipe.egg = 1.3.2
 
 # Required by:
-# slapos.core==0.22
+# slapos.core==0.24
 Flask = 0.8
 
 # Required by:
@@ -138,11 +138,11 @@ Flask = 0.8
 hexagonit.recipe.download = 1.5.0
 
 # Required by:
-# slapos.core==0.22
+# slapos.core==0.24
 netifaces = 0.8
 
 # Required by:
-# slapos.core==0.22
+# slapos.core==0.24
 # slapos.libnetworkcache==0.12
 # supervisor==3.0a12
 # zc.buildout==1.6.0-dev-SlapOS-004
@@ -150,9 +150,9 @@ netifaces = 0.8
 setuptools = 0.6c12dev-r88846
 
 # Required by:
-# slapos.core==0.22
+# slapos.core==0.24
 supervisor = 3.0a12
 
 # Required by:
-# slapos.core==0.22
+# slapos.core==0.24
 zope.interface = 3.8.0
diff --git a/component/sphinx/buildout.cfg b/component/sphinx/buildout.cfg
index bb8b0aa7c192c88870a8c49586f4aeb530ca15f3..b6ae4bf2f6f2411b1fe4b84a0a635e72c12b640f 100644
--- a/component/sphinx/buildout.cfg
+++ b/component/sphinx/buildout.cfg
@@ -21,9 +21,7 @@ recipe = hexagonit.recipe.cmmi
 url = http://sphinxsearch.com/files/sphinx-2.0.2-beta.tar.gz
 md5sum = fafe0f1a71d0ded32404c067eba7d0b3
 configure-options =
-  --with-mysql
-  --with-mysql-includes=${mariadb:location}/include/mysql
-  --with-mysql-libs=${mariadb:location}/lib/mysql
+  --with-mysql=${mariadb:location}
   --with-libstemmer
   --with-iconv
   --without-pgsql
diff --git a/component/stunnel/buildout.cfg b/component/stunnel/buildout.cfg
index 8321200e7becbc25dbb364092978c176574c2a6e..63eb5e6b098c8e9086eca629de947eb923238972 100644
--- a/component/stunnel/buildout.cfg
+++ b/component/stunnel/buildout.cfg
@@ -17,8 +17,8 @@ filename = stunnel-4-hooks.py
 
 [stunnel-4]
 recipe = hexagonit.recipe.cmmi
-url = http://mirror.bit.nl/stunnel/stunnel-4.52.tar.gz
-md5sum = f5e713dda0e8efa659f372832ecd0c2c
+url = http://mirror.bit.nl/stunnel/stunnel-4.53.tar.gz
+md5sum = ab3bfc915357d67da18c73f73610d593
 pre-configure-hook = ${stunnel-4-hook-download:location}/${stunnel-4-hook-download:filename}:pre_configure_hook
 configure-options =
   --enable-ipv6
diff --git a/component/tesseract/buildout.cfg b/component/tesseract/buildout.cfg
index eb738c8c3161c44269d3340bd289da6d8e01afeb..221bdd7ea2b076ab579d4692fb829a321c40f8a1 100644
--- a/component/tesseract/buildout.cfg
+++ b/component/tesseract/buildout.cfg
@@ -23,6 +23,8 @@ stop-on-error = yes
 recipe = hexagonit.recipe.cmmi
 url = http://tesseract-ocr.googlecode.com/files/tesseract-3.00.tar.gz
 md5sum = cc812a261088ea0c3d2da735be35d09f
+depends =
+  ${libtiff:version}
 configure-options =
   --disable-static
   --datarootdir=${tesseract-share:location}
diff --git a/component/tomcat/buildout.cfg b/component/tomcat/buildout.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..8ce1c3dec54834715d36f920e3aa5d0f70fe39a2
--- /dev/null
+++ b/component/tomcat/buildout.cfg
@@ -0,0 +1,22 @@
+# Apache Tomcat - an open source software implementation of the Java Servlet and JavaServer Pages technologies.
+# http://tomcat.apache.org/
+
+[buildout]
+
+parts =
+  tomcat
+
+[tomcat]
+<= tomcat6
+
+[tomcat6]
+recipe = hexagonit.recipe.download
+strip-top-level-dir = true
+url = http://apache.multidist.com/tomcat/tomcat-6/v6.0.35/bin/apache-tomcat-6.0.35.tar.gz
+md5sum = 171d255cd60894b29a41684ce0ff93a8
+
+[tomcat7]
+recipe = hexagonit.recipe.download
+strip-top-level-dir = true
+url = http://apache.multidist.com/tomcat/tomcat-7/v7.0.25/bin/apache-tomcat-7.0.25.tar.gz
+md5sum = 2aa59d23555d641b20efad4aed86b693
diff --git a/component/wget/buildout.cfg b/component/wget/buildout.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..08195cc8dfeee9d636d6fa0fa0b3a32e674ffad0
--- /dev/null
+++ b/component/wget/buildout.cfg
@@ -0,0 +1,25 @@
+[buildout]
+extends =
+  ../openssl/buildout.cfg
+  ../pkgconfig/buildout.cfg
+  ../zlib/buildout.cfg
+parts =
+  wget
+
+[wget]
+recipe = hexagonit.recipe.cmmi
+url = http://ftp.gnu.org/gnu/wget/wget-1.13.4.tar.bz2
+md5sum = 12115c3750a4d92f9c6ac62bac372e85
+configure-options =
+  --enable-ipv6
+  --enable-opie
+  --disable-iri
+  --with-ssl=openssl
+  --with-libssl-prefix=${openssl:location}
+  --with-zlib-lib=${zlib:location}
+
+environment =
+  PATH=${pkgconfig:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig
+  LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib
+  CPPFLAGS=-I${zlib:location}/include -I${openssl:location}/include
diff --git a/component/xorg/buildout.cfg b/component/xorg/buildout.cfg
index 9258a76ce07248887351550c8c1630c9e8069051..edc919ff94c7b4030ce8f66c67fb5d3eeb32dfa5 100644
--- a/component/xorg/buildout.cfg
+++ b/component/xorg/buildout.cfg
@@ -13,8 +13,8 @@ parts =
   libXdmcp
   libXext
   libXau
-  libXinerama
   libSM
+  libXrender
 
 [xorg-aclocal]
 ACLOCAL=${xorg-util-macros:location}/share/aclocal
@@ -33,6 +33,7 @@ configure-options =
   --without-xmlto
   --without-fop
 environment =
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
   PATH=${libxml2:location}/bin:${pkgconfig:location}/bin:%(PATH)s
 
 [xextproto]
@@ -43,6 +44,9 @@ configure-options =
   --disable-specs
   --without-xmlto
   --without-fop
+environment =
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
+  PATH=${pkgconfig:location}/bin:%(PATH)s
 
 [xtrans]
 recipe = hexagonit.recipe.cmmi
@@ -53,6 +57,7 @@ configure-options =
   --without-xmlto
   --without-fop
 environment =
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
   PATH=${pkgconfig:location}/bin:%(PATH)s
 
 [libXau]
@@ -62,7 +67,7 @@ md5sum = 4a2cbd83727682f9ee1c1e719bac6adb
 configure-options =
   --disable-static
 environment =
-  PKG_CONFIG_PATH=${xproto:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig
   PATH=${pkgconfig:location}/bin:%(PATH)s
 
 [xcbproto]
@@ -99,7 +104,7 @@ recipe = hexagonit.recipe.cmmi
 url = http://www.x.org/releases/X11R7.6/src/lib/libXext-1.2.0.tar.bz2
 md5sum = 9bb236ff0193e9fc1c1fb504dd840331
 environment =
-  PKG_CONFIG_PATH=${xcbproto:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xcbproto:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig
   CPPFLAGS=-I${xcbproto:location}/include -I${libXau:location}/include -I${xproto:location}/include -I${xorg-libpthread-stubs:location}/include -I${xextproto:location}/include -I${libX11:location}/include -I${libxcb:location}/include
   LD_LIBRARY_PATH=${xcbproto:location}/lib:${libXau:location}/lib:${xorg-libpthread-stubs:location}/lib:${xextproto:location}/lib:${libX11:location}/lib:${libxcb:location}/lib
   LD_RUN_PATH=${xcbproto:location}/lib:${libXau:location}/lib:${xorg-libpthread-stubs:location}/lib:${xextproto:location}/lib:${libX11:location}/lib:${libxcb:location}/lib
@@ -148,7 +153,7 @@ configure-options =
   --without-xmlto
   --without-fop
 environment =
-  PKG_CONFIG_PATH=${xproto:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${inputproto:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${inputproto:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig
   LD_LIBRARY_PATH=${xproto:location}/lib:${xextproto:location}/lib:${libxcb:location}/lib
   LD_RUN_PATH=${xproto:location}/lib:${xextproto:location}/lib:${libxcb:location}/lib
   PATH=${pkgconfig:location}/bin:%(PATH)s
@@ -329,7 +334,7 @@ configure-options =
   --without-xmlto
   --without-fop
 environment =
-  PKG_CONFIG_PATH=${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig
   PATH=${pkgconfig:location}/bin:%(PATH)s
 
 [libSM]
@@ -341,10 +346,26 @@ configure-options =
   --without-xmlto
   --without-fop
 environment =
-  PKG_CONFIG_PATH=${libICE:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${libICE:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig
   PATH=${pkgconfig:location}/bin:%(PATH)s
   LIBUUID_CFLAGS=-I${libuuid:location}/include
 
+[renderproto]
+recipe = hexagonit.recipe.cmmi
+url = http://www.x.org/releases/X11R7.6/src/proto/renderproto-0.11.1.tar.bz2
+md5sum = a914ccc1de66ddeb4b611c6b0686e274
+
+[libXrender]
+recipe = hexagonit.recipe.cmmi
+url = http://www.x.org/releases/X11R7.6/src/lib/libXrender-0.9.6.tar.bz2
+md5sum = 3b3b7d076c2384b6c600c0b5f4ba971f
+configure-options =
+  --disable-static
+environment =
+  PKG_CONFIG_PATH=${libX11:location}/lib/pkgconfig:${renderproto:location}/lib/pkgconfig:${xorg-util-macros:location}/share/pkgconfig
+  PATH=${pkgconfig:location}/bin:%(PATH)s
+  CPPFLAGS=-I${libX11:location}/include -I${renderproto:location}/include -I${xproto:location}/include
+
 [libXt]
 recipe = hexagonit.recipe.cmmi
 url = http://www.x.org/releases/X11R7.6/src/lib/libXt-1.0.9.tar.bz2
diff --git a/component/zlib/buildout.cfg b/component/zlib/buildout.cfg
index 3afcf1f80d48f48101c70cdeab6f5bc4228b895f..830d92c8e43e4e58af9ab90fc69f1f2f7c074f6e 100644
--- a/component/zlib/buildout.cfg
+++ b/component/zlib/buildout.cfg
@@ -4,5 +4,5 @@ parts =
 
 [zlib]
 recipe = hexagonit.recipe.cmmi
-url = http://prdownloads.sourceforge.net/libpng/zlib-1.2.5.tar.gz?download
-md5sum = c735eab2d659a96e5a594c9e8541ad63
+url = http://prdownloads.sourceforge.net/libpng/zlib-1.2.6.tar.bz2?download
+md5sum = dc2cfa0d2313ca77224b4d932b2911e9
diff --git a/setup.py b/setup.py
index 10cdeec329e8d1e2a491e0c83618e80404c4c34f..01af1693a53100b2275a3ed43c9db43abe5c9a0e 100644
--- a/setup.py
+++ b/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '0.40-dev'
+version = '0.46-dev'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"
@@ -40,11 +40,13 @@ setup(name=name,
       zip_safe=True,
       entry_points={
         'zc.buildout': [
+          'apache.frontend = slapos.recipe.apache_frontend:Recipe',
           'apachephp = slapos.recipe.apachephp:Recipe',
           'apacheproxy = slapos.recipe.apacheproxy:Recipe',
           'apache.zope.backend = slapos.recipe.apache_zope_backend:Recipe',
           'certificate_authority = slapos.recipe.certificate_authority:Recipe',
           'certificate_authority.request = slapos.recipe.certificate_authority:Request',
+          'check_port_listening = slapos.recipe.check_port_listening:Recipe',
           'cron = slapos.recipe.dcron:Recipe',
           'cron.d = slapos.recipe.dcron:Part',
           'davstorage = slapos.recipe.davstorage:Recipe',
@@ -55,14 +57,18 @@ setup(name=name,
           'erp5scalabilitytestbed = slapos.recipe.erp5scalabilitytestbed:Recipe',
           'equeue = slapos.recipe.equeue:Recipe',
           'erp5testnode = slapos.recipe.erp5testnode:Recipe',
+          'generate.mac = slapos.recipe.generatemac:Recipe',
+          'nbdserver = slapos.recipe.nbdserver:Recipe',
+          'generic.onetimeupload = slapos.recipe.generic_onetimeupload:Recipe',
           'helloworld = slapos.recipe.helloworld:Recipe',
           'generic.cloudooo = slapos.recipe.generic_cloudooo:Recipe',
           'fontconfig = slapos.recipe.fontconfig:Recipe',
           'java = slapos.recipe.java:Recipe',
           'kumofs = slapos.recipe.kumofs:Recipe',
+          'kvm = slapos.recipe.kvm:Recipe',
+          'kvm.frontend = slapos.recipe.kvm_frontend:Recipe',
           'generic.kumofs = slapos.recipe.generic_kumofs:Recipe',
           'haproxy = slapos.recipe.haproxy:Recipe',
-          'kvm = slapos.recipe.kvm:Recipe',
           'libcloud = slapos.recipe.libcloud:Recipe',
           'libcloudrequest = slapos.recipe.libcloudrequest:Recipe',
           'lockfile = slapos.recipe.lockfile:Recipe',
@@ -72,11 +78,11 @@ setup(name=name,
           'mydumper = slapos.recipe.mydumper:Recipe',
           'generic.mysql = slapos.recipe.generic_mysql:Recipe',
           'mkdirectory = slapos.recipe.mkdirectory:Recipe',
-          'nbdserver = slapos.recipe.nbdserver:Recipe',
           'nosqltestbed = slapos.recipe.nosqltestbed:NoSQLTestBed',
           'notifier = slapos.recipe.notifier:Recipe',
           'notifier.callback = slapos.recipe.notifier:Callback',
           'notifier.notify = slapos.recipe.notifier:Notify',
+          'novnc = slapos.recipe.novnc:Recipe',
           'lamp = slapos.recipe.lamp:Request',
           'lamp.request = slapos.recipe.lamp:Request',
           'lamp.static = slapos.recipe.lamp:Static',
@@ -114,8 +120,12 @@ setup(name=name,
           'generate.cloudooo = slapos.recipe.generate_cloudooo:Recipe',
           'zeo = slapos.recipe.zeo:Recipe',
           'tidstorage = slapos.recipe.tidstorage:Recipe',
+          'erp5.bootstrap = slapos.recipe.erp5_bootstrap:Recipe',
+          'erp5.promise = slapos.recipe.erp5_promise:Recipe',
           'erp5.update = slapos.recipe.erp5_update:Recipe',
           'erp5.test = slapos.recipe.erp5_test:Recipe',
+          'generic.varnish = slapos.recipe.generic_varnish:Recipe',
+          'webchecker = slapos.recipe.web_checker:Recipe',
         ],
         'slapos.recipe.nosqltestbed.plugin': [
           'kumo = slapos.recipe.nosqltestbed.kumo:KumoTestBed',
diff --git a/slapos/recipe/README.apache_frontend.txt b/slapos/recipe/README.apache_frontend.txt
new file mode 100644
index 0000000000000000000000000000000000000000..89da1b88f1d91025b3cff543c0025a5d39dd727a
--- /dev/null
+++ b/slapos/recipe/README.apache_frontend.txt
@@ -0,0 +1,36 @@
+apache_frontend
+==========
+
+Frontend using Apache, allowing to rewrite and proxy URLs like
+myinstance.myfrontenddomainname.com to real IP/URL of myinstance.
+
+apache_frontend works using the master instance / slave instance design.
+It means that a single main instance of Apache will be used to act as frontend
+for many slaves.
+
+
+How to use
+========
+First, you will need to request a "master" instance of Apache Frontend with
+"domain" parameter, like : 
+<?xml version='1.0' encoding='utf-8'?>
+<instance>
+ <parameter id="domain">moulefrite.com</parameter>
+ <parameter id="port">443</parameter>
+</instance>
+
+Then, it is possible to request many slave instances
+(currently only from slapconsole, UI doesn't work yet)
+of Apache Frontend, like : 
+instance = request(
+       software_release=apache_frontend,
+       partition_reference='frontend2',
+       shared=True,
+       partition_parameter_kw={"url":"https://[1:2:3:4]:1234/someresource"}
+     )
+Those slave instances will be redirected to the "master" instance,
+and you will see on the "master" instance the associated RewriteRules of
+all slave instances.
+
+Finally, the slave instance will be accessible from :
+https://someidentifier.moulefrite.com.
diff --git a/slapos/recipe/README.helloworld.txt b/slapos/recipe/README.helloworld.txt
deleted file mode 100644
index 50a7fc1812a75c5d2584503b41c7787b7521533b..0000000000000000000000000000000000000000
--- a/slapos/recipe/README.helloworld.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-helloworld
-==========
-
-It only installs a dummy wrapper saying "Hello World!" and sends to the master an "HelloWorld" parameter.
diff --git a/slapos/recipe/README.kvm_frontend.txt b/slapos/recipe/README.kvm_frontend.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b600221c6a89767798aa1a94834e786b53f680ab
--- /dev/null
+++ b/slapos/recipe/README.kvm_frontend.txt
@@ -0,0 +1,56 @@
+kvm_frontend
+===
+
+Introduction
+------------
+
+The ``slapos.recipe.kvm_frontend`` aims to provide proxy server to KVM instances.
+
+It allows HTTPS IPv4/IPv6 proxying (with or without domain name), and supports
+the WebSocket technology needed for VNC-in-webapplication noVNC.
+
+It works following the master/slave instances system. A master instance is
+created, containing all what is needed to run the proxy. Slave instances
+are later created, adding one line in the master instance's proxy configuration
+that specify the IP/port to proxy to the KVM.
+
+The slave instance (kvm) is then accessible from
+http://[masterinstanceIPorhostname]/[randomgeneratednumber]
+
+
+Instance parameters
+------------
+
+Incoming master instance parameters
++++++++
+
+``port``                - Port of server, optional, defaults to 4443.
+``domain``              - domain name to use, optional, default to
+                          "host.vifib.net".
+``redirect_plain_http`` - if value is one of ['y', 'yes', '1', 'true'], instance
+                          will try to create a simple http server on port 80
+                          redirecting to the proxy. Optional.
+
+Incoming slave instance parameters
++++++++
+
+``host``    - KVM instance IP or hostname. Mandatory.
+``port``    - KVM instance port, Mandatory.
+``https``   - if value is one of ['n', 'no', '0', 'false'], will try to connect
+              to target in plain http. Optional.
+
+Connection parameters
+-------------
+
+Outgoing master connection parameters
++++++++
+
+``domain_ipv6_address``  - Proxy IP
+``site_url``             - Proxy URL
+
+Outgoing slave connection parameters are :
++++++++
+
+``site_url``             - URL of instance
+``domain_name``          - Domain name of proxy
+``port``                 - Port of proxy
diff --git a/slapos/recipe/apache_frontend/__init__.py b/slapos/recipe/apache_frontend/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..acb67c8d418c51a42bb7251ceb05831bef64bb56
--- /dev/null
+++ b/slapos/recipe/apache_frontend/__init__.py
@@ -0,0 +1,442 @@
+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import BaseSlapRecipe
+import os
+import pkg_resources
+import hashlib
+import sys
+import zc.buildout
+import zc.recipe.egg
+import ConfigParser
+import re
+
+
+class Recipe(BaseSlapRecipe):
+
+  def getTemplateFilename(self, template_name):
+    return pkg_resources.resource_filename(__name__,
+        'template/%s' % template_name)
+
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set()
+
+    # self.cron_d is a directory, where cron jobs can be registered
+    self.cron_d = self.installCrond()
+    self.logrotate_d, self.logrotate_backup = self.installLogrotate()
+    self.killpidfromfile = zc.buildout.easy_install.scripts(
+        [('killpidfromfile', 'slapos.recipe.erp5.killpidfromfile',
+          'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
+
+    self.path_list.append(self.killpidfromfile)
+
+    frontend_port_number = self.parameter_dict.get("port", 4443)
+    frontend_domain_name = self.parameter_dict.get("domain",
+        "host.vifib.net")
+
+    base_varnish_port = 26009
+    slave_instance_list = self.parameter_dict.get("slave_instance_list", [])
+    rewrite_rule_list = []
+    slave_dict = {}
+    service_dict = {}
+    if frontend_port_number is 443:
+      base_url = "%s/" % frontend_domain_name
+    else:
+      base_url = "%s:%s/" % (frontend_domain_name, frontend_port_number)
+    for slave_instance in slave_instance_list:
+      url = slave_instance.get("url")
+      if url is None:
+        continue
+      reference = slave_instance.get("slave_reference")
+      subdomain = reference.replace("-", "").lower()
+      slave_dict[reference] = "https://%s.%s" % (subdomain, base_url)
+
+      enable_cache = slave_instance.get("enable_cache", "")
+      if enable_cache.upper() in ('1', 'TRUE'):
+        # Varnish should use stunnel to connect to the backend
+        base_varnish_control_port = base_varnish_port
+        base_varnish_port += 1
+        # Use regex
+        host_regex = "((\[\w*|[0-9]+\.)(\:|)).*(\]|\.[0-9]+)"
+        slave_host = re.search(host_regex, url).group(0)
+        port_regex = "\w+(\/|)$"
+        matcher = re.search(port_regex, url)
+        if matcher is not None:
+          slave_port = matcher.group(0)
+          slave_port = slave_port.replace("/", "")
+        elif url.startswith("https://"):
+          slave_port = 443
+        else:
+          slave_port = 80
+        service_name = "varnish_%s" % reference
+        varnish_ip = self.getLocalIPv4Address()
+        stunnel_port = base_varnish_port + 1
+        self.installVarnishCache(service_name,
+          ip=varnish_ip,
+          port=base_varnish_port,
+          control_port=base_varnish_control_port,
+          backend_host=varnish_ip,
+          backend_port=stunnel_port,
+          size="1G")
+        service_dict[service_name] = dict(public_ip=varnish_ip,
+            public_port=stunnel_port,
+            private_ip=slave_host.replace("[", "").replace("]", ""),
+            private_port=slave_port)
+        rewrite_rule_list.append("%s.%s http://%s:%s" % \
+            (reference.replace("-", ""), frontend_domain_name,
+            varnish_ip, base_varnish_port))
+        base_varnish_port += 2
+      else:
+        rewrite_rule_list.append("%s.%s %s" % (subdomain, frontend_domain_name,
+            url))
+
+    valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
+    valid_key_str = self.parameter_dict.get("domain_ssl_ca_key")
+
+    if valid_certificate_str is None and valid_key_str is None:
+      ca_conf = self.installCertificateAuthority()
+      key, certificate = self.requestCertificate(frontend_domain_name)
+    else:
+      ca_conf = self.installValidCertificateAuthority(
+          frontend_domain_name, valid_certificate_str, valid_key_str)
+      key = ca_conf.pop("key")
+      certificate = ca_conf.pop("certificate")
+
+    if service_dict != {}:
+      if valid_certificate_str is not None and valid_key_str is not None:
+        self.installCertificateAuthority()
+        stunnel_key, stunnel_certificate = \
+            self.requestCertificate(frontend_domain_name)
+      else:
+        stunnel_key, stunnet_certificate = key, certificate
+      self.installStunnel(service_dict,
+        stunnel_certificate, stunnel_key,
+        ca_conf["ca_crl"],
+        ca_conf["certificate_authority_path"])
+
+    apache_parameter_dict = self.installFrontendApache(
+        ip_list=["[%s]" % self.getGlobalIPv6Address(),
+                 self.getLocalIPv4Address()],
+        port=frontend_port_number,
+        name=frontend_domain_name,
+        rewrite_rule_list=rewrite_rule_list,
+        key=key, certificate=certificate)
+
+    for reference, url in slave_dict.iteritems():
+      self.setConnectionDict(dict(site_url=url), reference)
+
+    self.setConnectionDict(
+      dict(site_url=apache_parameter_dict["site_url"],
+           domain_ipv6_address=self.getGlobalIPv6Address(),
+           domain_ipv4_address=self.getLocalIPv4Address()))
+    return self.path_list
+
+  def installLogrotate(self):
+    """Installs logortate main configuration file and registers its to cron"""
+    logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
+      'logrotate.d'))
+    self._createDirectory(logrotate_d)
+    logrotate_backup = self.createBackupDirectory('logrotate')
+    logrotate_conf = self.createConfigurationFile("logrotate.conf",
+        "include %s" % logrotate_d)
+    logrotate_cron = os.path.join(self.cron_d, 'logrotate')
+    state_file = os.path.join(self.data_root_directory, 'logrotate.status')
+    open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
+        (self.options['logrotate_binary'], state_file, logrotate_conf))
+    self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
+    return logrotate_d, logrotate_backup
+
+  def registerLogRotation(self, name, log_file_list, postrotate_script):
+    """Register new log rotation requirement"""
+    open(os.path.join(self.logrotate_d, name), 'w').write(
+        self.substituteTemplate(self.getTemplateFilename(
+          'logrotate_entry.in'),
+          dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
+            postrotate=postrotate_script, olddir=self.logrotate_backup)))
+
+  def requestCertificate(self, name):
+    hash = hashlib.sha512(name).hexdigest()
+    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+    parser = ConfigParser.RawConfigParser()
+    parser.add_section('certificate')
+    parser.set('certificate', 'name', name)
+    parser.set('certificate', 'key_file', key)
+    parser.set('certificate', 'certificate_file', certificate)
+    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+    return key, certificate
+
+  def installCrond(self):
+   timestamps = self.createDataDirectory('cronstamps')
+   cron_output = os.path.join(self.log_directory, 'cron-output')
+   self._createDirectory(cron_output)
+   catcher = zc.buildout.easy_install.scripts([('catchcron',
+     __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+     self.bin_directory, arguments=[cron_output])[0]
+   self.path_list.append(catcher)
+   cron_d = os.path.join(self.etc_directory, 'cron.d')
+   crontabs = os.path.join(self.etc_directory, 'crontabs')
+   self._createDirectory(cron_d)
+   self._createDirectory(crontabs)
+   wrapper = zc.buildout.easy_install.scripts([('crond',
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+     self.wrapper_directory, arguments=[
+       self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+       '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+     )[0]
+   self.path_list.append(wrapper)
+   return cron_d
+
+  def installValidCertificateAuthority(self, domain_name, certificate, key):
+    ca_dir = os.path.join(self.data_root_directory, 'ca')
+    ca_private = os.path.join(ca_dir, 'private')
+    ca_certs = os.path.join(ca_dir, 'certs')
+    ca_crl = os.path.join(ca_dir, 'crl')
+    self._createDirectory(ca_dir)
+    for path in (ca_private, ca_certs, ca_crl):
+      self._createDirectory(path)
+    key_path = os.path.join(ca_private, domain_name + ".key")
+    certificate_path = os.path.join(ca_certs, domain_name + ".crt")
+    self._writeFile(key_path, key)
+    self._writeFile(certificate_path, certificate)
+    return dict(certificate_authority_path=ca_dir,
+        ca_crl=ca_crl,
+        certificate=certificate_path,
+        key=key_path)
+
+  def installCertificateAuthority(self, ca_country_code='XX',
+      ca_email='xx@example.com', ca_state='State', ca_city='City',
+      ca_company='Company'):
+    backup_path = self.createBackupDirectory('ca')
+    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+    self._createDirectory(self.ca_dir)
+    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+    self._createDirectory(self.ca_request_dir)
+    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+    self.ca_private = os.path.join(self.ca_dir, 'private')
+    self.ca_certs = os.path.join(self.ca_dir, 'certs')
+    self.ca_crl = os.path.join(self.ca_dir, 'crl')
+    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
+    self.ca_key_ext = '.key'
+    self.ca_crt_ext = '.crt'
+    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
+      self._createDirectory(d)
+    for f in ['crlnumber', 'serial']:
+      if not os.path.exists(os.path.join(self.ca_dir, f)):
+        open(os.path.join(self.ca_dir, f), 'w').write('01')
+    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
+      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
+    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
+    config.update(
+        working_directory=self.ca_dir,
+        country_code=ca_country_code,
+        state=ca_state,
+        city=ca_city,
+        company=ca_company,
+        email_address=ca_email,
+    )
+    self._writeFile(openssl_configuration, pkg_resources.resource_string(
+      __name__, 'template/openssl.cnf.ca.in') % config)
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('certificate_authority', __name__ + '.certificate_authority',
+         'runCertificateAuthority')],
+        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+          openssl_configuration=openssl_configuration,
+          openssl_binary=self.options['openssl_binary'],
+          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
+          key=os.path.join(self.ca_private, 'cakey.pem'),
+          crl=os.path.join(self.ca_crl),
+          request_dir=self.ca_request_dir
+          )]))
+
+    # configure backup
+    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    open(backup_cron, 'w').write(
+        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+          rdiff_backup=self.options['rdiff_backup_binary'],
+          source=self.ca_dir,
+          destination=backup_path))
+    self.path_list.append(backup_cron)
+
+    return dict(
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+      certificate_authority_path=config['ca_dir']
+    )
+
+  def _getApacheConfigurationDict(self, name, ip_list, port):
+    apache_conf = dict()
+    apache_conf['server_name'] = name
+    apache_conf['pid_file'] = os.path.join(self.run_directory,
+        name + '.pid')
+    apache_conf['lock_file'] = os.path.join(self.run_directory,
+        name + '.lock')
+    apache_conf['document_root'] = os.path.join(self.data_root_directory,
+        'htdocs')
+    apache_conf['ip_list'] = ip_list
+    apache_conf['port'] = port
+    apache_conf['server_admin'] = 'admin@'
+    apache_conf['error_log'] = os.path.join(self.log_directory,
+        name + '-error.log')
+    apache_conf['access_log'] = os.path.join(self.log_directory,
+        name + '-access.log')
+    self.registerLogRotation(name, [apache_conf['error_log'],
+      apache_conf['access_log']], self.killpidfromfile + ' ' +
+      apache_conf['pid_file'] + ' SIGUSR1')
+    return apache_conf
+
+  def installVarnishCache(self, name, ip, port, control_port, backend_host,
+                                backend_port, size="1G"):
+    """
+      Install a varnish daemon for a certain address
+    """
+    directory = self.createDataDirectory(name)
+    varnish_config = dict(
+      directory=directory,
+      pid = "%s/varnish.pid" % directory,
+      port="%s:%s" % (ip, port),
+      varnishd_binary=self.options["varnishd_binary"],
+      control_port="%s:%s" % (ip, control_port),
+      storage="file,%s/storage.bin,%s" % (directory, size))
+
+    config_file = self.createConfigurationFile("%s.conf" % name,
+      self.substituteTemplate(self.getTemplateFilename('varnish.vcl.in'),
+        dict(backend_host=backend_host, backend_port=backend_port)))
+
+    varnish_argument_list = [varnish_config['varnishd_binary'].strip(),
+        "-F", "-n", directory, "-P", varnish_config["pid"], "-p",
+        "cc_command=exec %s " % self.options["gcc_binary"] +\
+            "-fpic -shared -o %o %s",
+        "-f", config_file,
+        "-a", varnish_config["port"], "-T", varnish_config["control_port"],
+        "-s", varnish_config["storage"]]
+    environment = dict(PATH=self.options["binutils_directory"])
+    wrapper = zc.buildout.easy_install.scripts([(name,
+      'slapos.recipe.librecipe.execute', 'executee')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[varnish_argument_list,
+      environment])[0]
+    self.path_list.append(wrapper)
+
+    return varnish_config
+
+  def installStunnel(self, service_dict, certificate,
+      key, ca_crl, ca_path):
+    """Installs stunnel
+      service_dict =
+        { name: (public_ip, private_ip, public_port, private_port),}
+    """
+    template_filename = self.getTemplateFilename('stunnel.conf.in')
+    template_entry_filename = self.getTemplateFilename('stunnel.conf.entry.in')
+
+    log = os.path.join(self.log_directory, 'stunnel.log')
+    pid_file = os.path.join(self.run_directory, 'stunnel.pid')
+    stunnel_conf = dict(
+        pid_file=pid_file,
+        log=log,
+        cert = certificate,
+        key = key,
+        ca_crl = ca_crl,
+        ca_path = ca_path,
+        entry_str=''
+    )
+    entry_list = []
+    for name, parameter_dict in service_dict.iteritems():
+      parameter_dict["name"] = name
+      entry_str = self.substituteTemplate(template_entry_filename,
+          parameter_dict)
+      entry_list.append(entry_str)
+
+    stunnel_conf["entry_str"] = "\n".join(entry_list)
+    stunnel_conf_path = self.createConfigurationFile("stunnel.conf",
+        self.substituteTemplate(template_filename,
+          stunnel_conf))
+    wrapper = zc.buildout.easy_install.scripts([('stunnel',
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[
+        [self.options['stunnel_binary'].strip(), stunnel_conf_path],
+        [certificate, key]]
+      )[0]
+    self.path_list.append(wrapper)
+    return stunnel_conf
+
+  def installFrontendApache(self, ip_list, port, key, certificate, name,
+                            rewrite_rule_list=[], rewrite_rule_zope_list=[],
+                            access_control_string=None):
+    # Create htdocs, populate it with default 404 document
+    htdocs_location = os.path.join(self.data_root_directory, 'htdocs')
+    self._createDirectory(htdocs_location)
+    notfound_file_location = os.path.join(htdocs_location, 'notfound.html')
+    notfound_template_file_location = self.getTemplateFilename(
+        'notfound.html')
+    notfound_file_content = open(notfound_template_file_location, 'r').read()
+    self._writeFile(notfound_file_location, notfound_file_content)
+
+    # Create configuration file and rewritemaps
+    apachemap_name = "apachemap.txt"
+    # XXX-Cedric : implement zope specific rewrites list. Current apachemap is
+    #              generic and does not use VirtualHost Monster.
+    apachemapzope_name = "apachemapzope.txt"
+    self.createConfigurationFile(apachemap_name, "\n".join(rewrite_rule_list))
+    self.createConfigurationFile(apachemapzope_name,
+        "\n".join(rewrite_rule_zope_list))
+    apache_conf = self._getApacheConfigurationDict(name, ip_list, port)
+    apache_conf['ssl_snippet'] = self.substituteTemplate(
+        self.getTemplateFilename('apache.ssl-snippet.conf.in'),
+        dict(login_certificate=certificate, login_key=key))
+
+    apache_conf["listen"] = "\n".join(["Listen %s:%s" % (ip, port) for ip in ip_list])
+
+    path = self.substituteTemplate(
+        self.getTemplateFilename('apache.conf.path-protected.in'),
+        dict(path='/', access_control_string='none'))
+
+    apache_conf.update(**dict(
+      path_enable=path,
+      apachemap_path=os.path.join(self.etc_directory, apachemap_name),
+      apachemapzope_path=os.path.join(self.etc_directory, apachemapzope_name),
+      apache_domain=name,
+      port=port,
+    ))
+
+    apache_conf_string = self.substituteTemplate(
+          self.getTemplateFilename('apache.conf.in'), apache_conf)
+
+    apache_config_file = self.createConfigurationFile('apache_frontend.conf',
+        apache_conf_string)
+
+
+    self.path_list.append(apache_config_file)
+    self.path_list.extend(zc.buildout.easy_install.scripts([(
+      name, 'slapos.recipe.erp5.apache', 'runApache')], self.ws,
+          sys.executable, self.wrapper_directory, arguments=[
+            dict(
+              required_path_list=[key, certificate],
+              binary=self.options['httpd_binary'],
+              config=apache_config_file)
+          ]))
+
+    return dict(site_url="https://%s:%s/" % (name, port))
diff --git a/slapos/recipe/kvm/certificate_authority.py b/slapos/recipe/apache_frontend/certificate_authority.py
similarity index 100%
rename from slapos/recipe/kvm/certificate_authority.py
rename to slapos/recipe/apache_frontend/certificate_authority.py
diff --git a/slapos/recipe/apache_frontend/template/apache.conf.in b/slapos/recipe/apache_frontend/template/apache.conf.in
new file mode 100644
index 0000000000000000000000000000000000000000..1ec1e6cd12b02dd24f2d6ab9232f6c2cfe89254a
--- /dev/null
+++ b/slapos/recipe/apache_frontend/template/apache.conf.in
@@ -0,0 +1,74 @@
+# Apache configuration file for Zope
+# Automatically generated
+
+# Basic server configuration
+PidFile "%(pid_file)s"
+LockFile "%(lock_file)s"
+ServerName %(server_name)s
+DocumentRoot %(document_root)s
+
+%(listen)s
+
+ServerAdmin %(server_admin)s
+DefaultType text/plain
+TypesConfig conf/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+# As backend is trusting REMOTE_USER header unset it always
+RequestHeader unset REMOTE_USER
+
+# SSL Configuration
+%(ssl_snippet)s
+
+# Log configuration
+ErrorLog "%(error_log)s"
+LogLevel warn
+LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
+LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
+CustomLog "%(access_log)s" common
+
+# Directory protection
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Order deny,allow
+    Deny from all
+</Directory>
+
+%(path_enable)s
+
+# Rewrite part
+RewriteEngine On
+
+# Define the two rewritemaps : one for zope, one generic
+RewriteMap apachemapzope txt:%(apachemapzope_path)s
+RewriteMap apachemapgeneric txt:%(apachemap_path)s
+
+# First, we check if we have a zope backend server
+# If so, let's use Virtual Host Daemon rewrite
+#RewriteCond ${apachemapzope:%%{SERVER_NAME}} >""
+#RewriteRule ^/(\w+)($|/.*) ${apachemapzope:$1}/VirtualHostBase/https/%(apache_domain)s:%(port)s/VirtualHostRoot/_vh_$1$2 [L,P]
+
+# If we have generic backend server, let's rewrite without virtual host daemon
+RewriteCond ${apachemapgeneric:%%{SERVER_NAME}} >""
+RewriteRule ^/(.*)$ ${apachemapgeneric:%%{SERVER_NAME}}/$1 [L,P]
+
+# If nothing exist : put a nice error
+ErrorDocument 404 /notfound.html
+
+# List of modules
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule antiloris_module modules/mod_antiloris.so
diff --git a/slapos/recipe/apache_frontend/template/apache.conf.path-protected.in b/slapos/recipe/apache_frontend/template/apache.conf.path-protected.in
new file mode 100644
index 0000000000000000000000000000000000000000..0644a2afec06f030dd4663d0f4a3280af12d5fed
--- /dev/null
+++ b/slapos/recipe/apache_frontend/template/apache.conf.path-protected.in
@@ -0,0 +1,5 @@
+# Path protected
+<Location %(path)s>
+  Order Deny,Allow
+  Allow from %(access_control_string)s
+</Location>
diff --git a/slapos/recipe/apache_frontend/template/apache.location-snippet.conf.in b/slapos/recipe/apache_frontend/template/apache.location-snippet.conf.in
new file mode 100644
index 0000000000000000000000000000000000000000..470260a8fcfad00dfa6ee8cb68d9684e4d05310c
--- /dev/null
+++ b/slapos/recipe/apache_frontend/template/apache.location-snippet.conf.in
@@ -0,0 +1,5 @@
+<Location %(location)s>
+  Order Deny,Allow
+  Deny from all
+  Allow from %(allow_string)s
+</Location>
diff --git a/slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in b/slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in
new file mode 100644
index 0000000000000000000000000000000000000000..67e6766ef23dfac6021247daa5dadebc8f69a126
--- /dev/null
+++ b/slapos/recipe/apache_frontend/template/apache.ssl-snippet.conf.in
@@ -0,0 +1,6 @@
+SSLEngine on
+SSLProxyEngine on
+SSLCertificateFile %(login_certificate)s
+SSLCertificateKeyFile %(login_key)s
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
diff --git a/slapos/recipe/apache_frontend/template/logrotate_entry.in b/slapos/recipe/apache_frontend/template/logrotate_entry.in
new file mode 100644
index 0000000000000000000000000000000000000000..bfa2abf0970af28f8cab98793db9b09db85d1847
--- /dev/null
+++ b/slapos/recipe/apache_frontend/template/logrotate_entry.in
@@ -0,0 +1,13 @@
+%(file_list)s {
+  daily
+  dateext
+  rotate 30
+  compress
+  notifempty
+  sharedscripts
+  create
+  postrotate
+    %(postrotate)s
+  endscript
+  olddir %(olddir)s
+}
diff --git a/slapos/recipe/apache_frontend/template/notfound.html b/slapos/recipe/apache_frontend/template/notfound.html
new file mode 100644
index 0000000000000000000000000000000000000000..2e87e0a9bec1acebe77ad603c9023ce9f6b464f4
--- /dev/null
+++ b/slapos/recipe/apache_frontend/template/notfound.html
@@ -0,0 +1,9 @@
+<html>
+<head>
+  <title>Instance not found</title>
+</head>
+<body>
+<h1>This instance has not been found.</h1>
+<p>If this error persists, please check your instance URL and status on SlapOS Master.</p>
+</body>
+</html>
diff --git a/slapos/recipe/kvm/template/openssl.cnf.ca.in b/slapos/recipe/apache_frontend/template/openssl.cnf.ca.in
similarity index 67%
rename from slapos/recipe/kvm/template/openssl.cnf.ca.in
rename to slapos/recipe/apache_frontend/template/openssl.cnf.ca.in
index 67067178b951729004cc20c0156bc76d8d968d23..8a450a68762145e72923635273e06a00e80d34ca 100644
--- a/slapos/recipe/kvm/template/openssl.cnf.ca.in
+++ b/slapos/recipe/apache_frontend/template/openssl.cnf.ca.in
@@ -6,16 +6,16 @@
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
-RANDFILE		  = $ENV::HOME/.rnd
+RANDFILE		= $ENV::HOME/.rnd
 
 # Extra OBJECT IDENTIFIER info:
-#oid_file      		  = $ENV::HOME/.oid
-oid_section		    = new_oids
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
 
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
-# extensions	     	= 
+# extensions		= 
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 
@@ -40,27 +40,27 @@ default_ca	= CA_default		# The default ca section
 [ CA_default ]
 
 dir		= %(working_directory)s		# Where everything is kept
-certs		= $dir/certs			  # Where the issued certs are kept
-crl_dir		= $dir/crl			    # Where the issued crl are kept
-database	= $dir/index.txt		    # database index file.
-#unique_subject	= no			      	       # Set to 'no' to allow creation of
-		      					       	     # several ctificates with same subject.
-new_certs_dir	= $dir/newcerts	       # default place for new certs.
-
-certificate	= $dir/cacert.pem 	       # The CA certificate
-serial		= $dir/serial 	       	 # The current serial number
-crlnumber	= $dir/crlnumber		 # the current crl number
-				       # must be commented out to leave a V1 CRL
-crl		= $dir/crl.pem        # The current CRL
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
-RANDFILE	= $dir/private/.rand	  # private random number file
+RANDFILE	= $dir/private/.rand	# private random number file
 
-x509_extensions	= usr_cert		    # The extentions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
 
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
-name_opt      = ca_default		# Subject Name options
-cert_opt      = ca_default		  # Certificate field options
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
 
 # Extension copying option: use with caution.
 # copy_extensions = copy
@@ -68,21 +68,21 @@ cert_opt      = ca_default		  # Certificate field options
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
+# crl_extensions	= crl_ext
 
-default_days	 = 3650			# how long to certify for
-default_crl_days = 30			      # how long before next CRL
-default_md	 = default		      	# use public key default MD
-preserve	 = no				      # keep passed DN ordering
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
 
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
-policy	       	      = policy_match
+policy		= policy_match
 
 # For the CA policy
 [ policy_match ]
-countryName	= match
+countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
@@ -108,7 +108,7 @@ default_md		= sha1
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 #attributes		= req_attributes
-x509_extensions		= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
@@ -116,7 +116,7 @@ x509_extensions		= v3_ca	# The extentions to add to the self signed cert
 
 # This sets a mask for permitted string types. There are several options. 
 # default: PrintableString, T61String, BMPString.
-# pkix	    : PrintableString, BMPString (PKIX recommendation before 2004)
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
@@ -126,39 +126,39 @@ string_mask = utf8only
 # req_extensions = v3_req # The extensions to add to a certificate request
 
 [ req_distinguished_name ]
-countryName				= Country Name (2 letter code)
-countryName_value			= %(country_code)s
-countryName_min				= 2
-countryName_max				= 2
+countryName			= Country Name (2 letter code)
+countryName_value		= %(country_code)s
+countryName_min			= 2
+countryName_max			= 2
 
-stateOrProvinceName			= State or Province Name (full name)
-stateOrProvinceName_value		= %(state)s
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_value	= %(state)s
 
-localityName				= Locality Name (eg, city)
-localityName_value			= %(city)s
+localityName			= Locality Name (eg, city)
+localityName_value		= %(city)s
 
-0.organizationName			= Organization Name (eg, company)
-0.organizationName_value		= %(company)s
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_value	= %(company)s
 
 # we can do this but it is not needed normally :-)
-#1.organizationName  	= Second Organization Name (eg, company)
-#1.organizationName_default	 = World Wide Web Pty Ltd
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
 
-commonName	   = Common Name (eg, your name or your server\'s hostname)
-commonName_max	   = 64
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
 
-emailAddress	   = Email Address
+emailAddress			= Email Address
 emailAddress_value = %(email_address)s
-emailAddress_max   = 64
+emailAddress_max		= 64
 
-# SET-ex3	   = SET extension number 3
+# SET-ex3			= SET extension number 3
 
 #[ req_attributes ]
-#challengePassword	= A challenge password
-#challengePassword_min	= 4
-#challengePassword_max	= 20
+#challengePassword		= A challenge password
+#challengePassword_min		= 4
+#challengePassword_max		= 20
 #
-#unstructuredName	= An optional company name
+#unstructuredName		= An optional company name
 
 [ usr_cert ]
 
@@ -173,7 +173,7 @@ basicConstraints=CA:FALSE
 # the certificate can be used for anything *except* object signing.
 
 # This is OK for an SSL server.
-# nsCertType 	    = server
+# nsCertType			= server
 
 # For an object signing certificate this would be used.
 # nsCertType = objsign
@@ -188,7 +188,7 @@ basicConstraints=CA:FALSE
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 # This will be displayed in Netscape's comment listbox.
-nsComment      		 = "OpenSSL Generated Certificate"
+nsComment			= "OpenSSL Generated Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
@@ -278,7 +278,7 @@ basicConstraints=CA:FALSE
 # the certificate can be used for anything *except* object signing.
 
 # This is OK for an SSL server.
-# nsCertType 	    = server
+# nsCertType			= server
 
 # For an object signing certificate this would be used.
 # nsCertType = objsign
@@ -293,7 +293,7 @@ basicConstraints=CA:FALSE
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 # This will be displayed in Netscape's comment listbox.
-nsComment      		 = "OpenSSL Generated Certificate"
+nsComment			= "OpenSSL Generated Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
@@ -327,24 +327,24 @@ default_tsa = tsa_config1	# the default TSA section
 [ tsa_config1 ]
 
 # These are used by the TSA reply generation only.
-dir	                = /etc/pki/tls  	  # TSA root directory
-serial	                = $dir/tsaserial	  # The current serial number (mandatory)
-crypto_device           = builtin		    # OpenSSL engine to use for signing
-signer_cert             = $dir/tsacert.pem    # The TSA signing certificate
-	      		      	  # (optional)
-certs	                = $dir/cacert.pem	# Certificate chain to include in reply
-		  	      # (optional)
-signer_key              = $dir/private/tsakey.pem # The TSA private key (optional)
-
-default_policy          = tsa_policy1		  # Policy if request did not specify it
-					    	   # (optional)
-other_policies          = tsa_policy2, tsa_policy3 # acceptable policies (optional)
-digests	                = md5, sha1  	      # Acceptable message digests (mandatory)
-accuracy                = secs:1, millisecs:500, microsecs:100	   # (optional)
-clock_precision_digits  = 0	    # number of digits after dot. (optional)
-ordering		= yes	    # Is ordering defined for timestamps?
-			  	       # (optional, default: no)
-tsa_name		= yes	    # Must the TSA name be included in the reply?
-			  	      # (optional, default: no)
-ess_cert_id_chain	= no	   # Must the ESS cert id chain be included?
-				     # (optional, default: no)
+dir		= /etc/pki/tls		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)
diff --git a/slapos/recipe/apache_frontend/template/stunnel.conf.entry.in b/slapos/recipe/apache_frontend/template/stunnel.conf.entry.in
new file mode 100644
index 0000000000000000000000000000000000000000..ff22e9bd4751c1b37a3761610b077ac038e3692b
--- /dev/null
+++ b/slapos/recipe/apache_frontend/template/stunnel.conf.entry.in
@@ -0,0 +1,3 @@
+[%(name)s]
+accept = %(public_ip)s:%(public_port)s
+connect = %(private_ip)s:%(private_port)s
diff --git a/slapos/recipe/apache_frontend/template/stunnel.conf.in b/slapos/recipe/apache_frontend/template/stunnel.conf.in
new file mode 100644
index 0000000000000000000000000000000000000000..e1264d7d61fcc214765ffc50c1e2f8b3d9f46e9f
--- /dev/null
+++ b/slapos/recipe/apache_frontend/template/stunnel.conf.in
@@ -0,0 +1,14 @@
+foreground = yes
+output = %(log)s
+pid = %(pid_file)s
+syslog = no
+client = yes
+CApath = %(ca_path)s
+key = %(key)s
+CRLpath = %(ca_crl)s
+cert = %(cert)s
+sslVersion = SSLv3
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+
+%(entry_str)s
diff --git a/slapos/recipe/apache_frontend/template/varnish.vcl.in b/slapos/recipe/apache_frontend/template/varnish.vcl.in
new file mode 100644
index 0000000000000000000000000000000000000000..1113fe2348bb75fc9100ea07d28234069bb2c464
--- /dev/null
+++ b/slapos/recipe/apache_frontend/template/varnish.vcl.in
@@ -0,0 +1,245 @@
+# This is a basic VCL configuration file for varnish.  See the vcl(7)
+# man page for details on VCL syntax and semantics.
+# 
+# Default backend definition.  Set this to point to your content
+# server.
+# 
+backend default {
+    .host = "%(backend_host)s";
+    .port = "%(backend_port)s";
+    .probe = { 
+        .url = "/";
+        .timeout = 10s;
+        .interval = 10s;
+        .window = 4;
+        .threshold = 3;
+    }
+}
+# 
+# Below is a commented-out copy of the default VCL logic.  If you
+# redefine any of these subroutines, the built-in logic will be
+# appended to your code.
+# 
+# sub vcl_recv {
+#     if (req.http.x-forwarded-for) {
+#   set req.http.X-Forwarded-For =
+#       req.http.X-Forwarded-For ", " client.ip;
+#     } else {
+#   set req.http.X-Forwarded-For = client.ip;
+#     }
+#     if (req.request != "GET" &&
+#       req.request != "HEAD" &&
+#       req.request != "PUT" &&
+#       req.request != "POST" &&
+#       req.request != "TRACE" &&
+#       req.request != "OPTIONS" &&
+#       req.request != "DELETE") {
+#         /* Non-RFC2616 or CONNECT which is weird. */
+#         return (pipe);
+#     }
+#     if (req.request != "GET" && req.request != "HEAD") {
+#         /* We only deal with GET and HEAD by default */
+#         return (pass);
+#     }
+#     if (req.http.Authorization || req.http.Cookie) {
+#         /* Not cacheable by default */
+#         return (pass);
+#     }
+#     return (lookup);
+# }
+sub vcl_recv {
+    if (req.http.cache-control ~ "no-cache") {
+        purge_url(req.url);
+    }
+
+    if (req.url ~ "\.(css|js|ico)$") {
+        unset req.http.cookie;
+    }
+
+    # remove bogus cookies
+    if (req.http.Cookie) {
+        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "\1");
+        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac_name=\x22\x22;? *", "\1");
+        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac=\x22Og.3D.3D\x22;? *", "\1");
+    }
+    if (req.http.Cookie == "") {
+        remove req.http.Cookie;
+    }
+
+    if (req.http.x-forwarded-for) {
+  set req.http.X-Forwarded-For =
+      req.http.X-Forwarded-For ", " client.ip;
+    } else {
+  set req.http.X-Forwarded-For = client.ip;
+    }
+    if (req.request != "GET" &&
+      req.request != "HEAD" &&
+      req.request != "PUT" &&
+      req.request != "POST" &&
+      req.request != "TRACE" &&
+      req.request != "OPTIONS" &&
+      req.request != "DELETE") {
+        /* Non-RFC2616 or CONNECT which is weird. */
+        return (pipe);
+    }
+    if (req.request != "GET" && req.request != "HEAD") {
+        /* We only deal with GET and HEAD by default */
+        return (pass);
+    }
+    if (req.http.Authorization) {
+        /* Not cacheable by default */
+        return (pass);
+    }
+    if (req.http.Cookie && req.http.Cookie ~ "(^|; ) *__ac=") {
+        /* Not cacheable for authorised users,
+     but KM images are cacheable */
+  if (!(req.url ~ "/km_img/.*\.(png|gif)$")) {
+    return (pass);
+  }
+    }
+    # XXX login form can defer based on __ac_name cookie value
+    if (req.url ~ "/(login_form|WebSite_viewLoginDialog)($|\?)") {
+        return (pass);
+    }
+    if (req.backend.healthy) {
+        set req.grace = 1h;
+    } else {
+        set req.grace = 1w;
+    }
+    return (lookup);
+}
+# 
+# sub vcl_pipe {
+#     # Note that only the first request to the backend will have
+#     # X-Forwarded-For set.  If you use X-Forwarded-For and want to
+#     # have it set for all requests, make sure to have:
+#     # set req.http.connection = "close";
+#     # here.  It is not set by default as it might break some broken web
+#     # applications, like IIS with NTLM authentication.
+#     return (pipe);
+# }
+# 
+# sub vcl_pass {
+#     return (pass);
+# }
+# 
+# sub vcl_hash {
+#     set req.hash += req.url;
+#     if (req.http.host) {
+#         set req.hash += req.http.host;
+#     } else {
+#         set req.hash += server.ip;
+#     }
+#     return (hash);
+# }
+# 
+# sub vcl_hit {
+#     if (!obj.cacheable) {
+#         return (pass);
+#     }
+#     return (deliver);
+# }
+# 
+# sub vcl_miss {
+#     return (fetch);
+# }
+# 
+# sub vcl_fetch {
+#     if (!beresp.cacheable) {
+#         return (pass);
+#     }
+#     if (beresp.http.Set-Cookie) {
+#         return (pass);
+#     }
+#     return (deliver);
+# }
+sub vcl_fetch {
+    # we only cache 200 (OK) and 304 (Not Modified) responses.
+    if (beresp.status != 200 && beresp.status != 304) {
+        set beresp.cacheable = false;
+    }
+
+    if (beresp.http.cache-control ~ "no-cache") {
+        set beresp.cacheable = false;
+    }
+
+    if (!beresp.cacheable) {
+        unset beresp.http.expires;
+        set beresp.http.cache-control = "no-cache";
+        return (pass);
+    }
+
+    # we don't care haproxy's cookie.
+    if (beresp.http.Set-Cookie && beresp.http.Set-Cookie !~ "^SERVERID=[^;]+; path=/$") {
+        return (pass);
+    }
+
+    if (req.url ~ "\.(css|js|ico)$") {
+        unset beresp.http.set-cookie;
+        set beresp.http.cache-control = regsub(beresp.http.cache-control, "^", "public,");
+        set beresp.http.cache-control = regsub(beresp.http.cache-control, ",$", "");
+    }
+
+    # remove some headers added by caching policy manager to avoid
+    # '304 Not Modified' in case of login <-> logout switching.
+    if (beresp.http.content-type ~ "^text/html") {
+  unset beresp.http.last-modified;
+    }
+
+    if (beresp.cacheable) {
+        /* Remove Expires from backend, it's not long enough */
+        unset beresp.http.expires;
+        /* Set the clients TTL on this object */
+        set beresp.http.cache-control = "max-age = 900";
+        /* Set how long Varnish will keep it */
+        set beresp.ttl = 1w;
+        /* marker for vcl_deliver to reset Age: */
+        set beresp.http.magicmarker = "1";
+    }
+
+    set beresp.grace = 1w;
+
+    return (deliver);
+}
+# 
+# sub vcl_deliver {
+#     return (deliver);
+# }
+sub vcl_deliver {
+    if (resp.http.magicmarker) {
+        /* Remove the magic marker */
+        unset resp.http.magicmarker;
+        /* By definition we have a fresh object */
+        set resp.http.age = "0";
+    }
+    if (obj.hits > 0) {
+        set resp.http.X-Cache = obj.hits;
+    } else {
+      set resp.http.X-Cache = "MISS";
+    }
+    return (deliver);
+}
+
+# 
+# sub vcl_error {
+#     set obj.http.Content-Type = "text/html; charset=utf-8";
+#     synthetic {"
+# <?xml version="1.0" encoding="utf-8"?>
+# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+#  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+# <html>
+#   <head>
+#     <title>"} obj.status " " obj.response {"</title>
+#   </head>
+#   <body>
+#     <h1>Error "} obj.status " " obj.response {"</h1>
+#     <p>"} obj.response {"</p>
+#     <h3>Guru Meditation:</h3>
+#     <p>XID: "} req.xid {"</p>
+#     <hr>
+#     <p>Varnish cache server</p>
+#   </body>
+# </html>
+# "};
+#     return (deliver);
+# }
diff --git a/slapos/recipe/apache_zope_backend/__init__.py b/slapos/recipe/apache_zope_backend/__init__.py
index e4b23482e552fe3d860e2f7d3112d4148e2ea83e..8da96f658d30f2ddcf7cb885ffff68cdd703c24f 100644
--- a/slapos/recipe/apache_zope_backend/__init__.py
+++ b/slapos/recipe/apache_zope_backend/__init__.py
@@ -33,10 +33,33 @@ class Recipe(GenericBaseRecipe):
     ip = self.options['ip']
     port = self.options['port']
     backend = self.options['backend']
-    key = self.options['key-file']
-    certificate = self.options['cert-file']
-    access_control_string = self.options['access-control-string']
+
     apache_conf = dict()
+
+    scheme = self.options['scheme']
+    if scheme == 'http':
+      required_path_list = []
+      apache_conf['ssl_snippet'] = ''
+    elif scheme == 'https':
+      key = self.options['key-file']
+      certificate = self.options['cert-file']
+      required_path_list = [key, certificate]
+      apache_conf['key'] = key
+      apache_conf['certificate'] = certificate
+      apache_conf['ssl_session_cache'] = self.options['ssl-session-cache']
+      apache_conf['ssl_snippet'] = pkg_resources.resource_string(__name__,
+          'template/snippet.ssl.in') % apache_conf
+      if 'ssl-authentication' in self.options and self.optionIsTrue(
+          'ssl-authentication'):
+        apache_conf['ssl_snippet'] += pkg_resources.resource_string(__name__,
+          'template/snippet.ssl.ca.in') % dict(
+            ca_certificate=self.options['ssl-authentication-certificate'],
+            ca_crl=self.options['ssl-authentication-crl']
+          )
+    else:
+      raise ValueError, "Unsupported scheme %s" % scheme
+
+    access_control_string = self.options['access-control-string']
     apache_conf['pid_file'] = self.options['pid-file']
     apache_conf['lock_file'] = self.options['lock-file']
     apache_conf['ip'] = ip
@@ -45,11 +68,10 @@ class Recipe(GenericBaseRecipe):
     apache_conf['error_log'] = self.options['error-log']
     apache_conf['access_log'] = self.options['access-log']
     apache_conf['server_name'] = '%s' % apache_conf['ip']
-    apache_conf['certificate'] = certificate
-    apache_conf['key'] = key
     apache_conf['path'] = '/'
     apache_conf['access_control_string'] = access_control_string
-    apache_conf['rewrite_rule'] = "RewriteRule (.*) %s$1 [L,P]" % backend
+    apache_conf['rewrite_rule'] = "RewriteRule (.*) %s%s [L,P]" % (backend,
+      self.options.get('backend-path', '/'))
     apache_conf_string = pkg_resources.resource_string(__name__,
           'template/apache.zope.conf.in') % apache_conf
     apache_config_file = self.createFile(self.options['configuration-file'],
@@ -58,7 +80,7 @@ class Recipe(GenericBaseRecipe):
     wrapper = self.createPythonScript(self.options['wrapper'], __name__ +
       '.apache.runApache', [
             dict(
-              required_path_list=[key, certificate],
+              required_path_list=required_path_list,
               binary=self.options['apache-binary'],
               config=apache_config_file
             )
diff --git a/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in b/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in
index ac689e15fcbe647833625b98f29a369085d4e2cc..f39107b2f944cf9b383a528465ffe92f8cbfcf9f 100644
--- a/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in
+++ b/slapos/recipe/apache_zope_backend/template/apache.zope.conf.in
@@ -2,12 +2,16 @@
 # Automatically generated
 
 # List of modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule setenvif_module modules/mod_setenvif.so
 LoadModule version_module modules/mod_version.so
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 LoadModule ssl_module modules/mod_ssl.so
 LoadModule mime_module modules/mod_mime.so
 LoadModule dav_module modules/mod_dav.so
@@ -18,24 +22,23 @@ LoadModule headers_module modules/mod_headers.so
 
 # Basic server configuration
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 ServerAdmin %(server_admin)s
 TypesConfig conf/mime.types
 AddType application/x-compress .Z
 AddType application/x-gzip .gz .tgz
 
+ServerTokens Prod
+ServerSignature Off
+TraceEnable Off
+
+# Apache 2.4's default value (60 seconds) can be a bit too short
+TimeOut 300
+
 # As backend is trusting REMOTE_USER header unset it always
 RequestHeader unset REMOTE_USER
 
-# SSL Configuration
-SSLEngine on
-SSLCertificateFile %(certificate)s
-SSLCertificateKeyFile %(key)s
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-
-SSLProxyEngine On
+%(ssl_snippet)s
 
 # Log configuration
 ErrorLog "%(error_log)s"
diff --git a/slapos/recipe/apache_zope_backend/template/snippet.ssl.ca.in b/slapos/recipe/apache_zope_backend/template/snippet.ssl.ca.in
new file mode 100644
index 0000000000000000000000000000000000000000..58a774f759dd866d9ad0f7b1d21339ab6a359475
--- /dev/null
+++ b/slapos/recipe/apache_zope_backend/template/snippet.ssl.ca.in
@@ -0,0 +1,4 @@
+SSLVerifyClient require
+RequestHeader set REMOTE_USER %%{SSL_CLIENT_S_DN_CN}s
+SSLCACertificateFile %(ca_certificate)s
+SSLCARevocationPath %(ca_crl)s
diff --git a/slapos/recipe/apache_zope_backend/template/snippet.ssl.in b/slapos/recipe/apache_zope_backend/template/snippet.ssl.in
new file mode 100644
index 0000000000000000000000000000000000000000..0b9f8b357c002b1ef58a48807f760936707a38f6
--- /dev/null
+++ b/slapos/recipe/apache_zope_backend/template/snippet.ssl.in
@@ -0,0 +1,12 @@
+
+# SSL Configuration
+SSLEngine on
+SSLCertificateFile %(certificate)s
+SSLCertificateKeyFile %(key)s
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+SSLSessionCache shmcb:%(ssl_session_cache)s(512000)
+SSLProxyEngine On
diff --git a/slapos/recipe/apachephp/template/apache.in b/slapos/recipe/apachephp/template/apache.in
index 8dc3ef81d383ccbeb5d1fbd269f4013f64ec7622..a354890425d6f96e946627a659c65299e4c0091c 100644
--- a/slapos/recipe/apachephp/template/apache.in
+++ b/slapos/recipe/apachephp/template/apache.in
@@ -3,7 +3,6 @@
 
 # Basic server configuration
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 PHPINIDir %(php_ini_dir)s
 ServerAdmin someone@email
@@ -25,20 +24,21 @@ CustomLog "%(access_log)s" common
 <Directory />
     Options FollowSymLinks
     AllowOverride None
-    Order deny,allow
-    Deny from all
+    Require all denied
 </Directory>
 
 <Directory %(document_root)s>
   Options FollowSymLinks
   AllowOverride All
-  Order allow,deny
-  Allow from all
+  Require all granted
 </Directory>
 DocumentRoot %(document_root)s
 DirectoryIndex index.html index.php
 
 # List of modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule setenvif_module modules/mod_setenvif.so
diff --git a/slapos/recipe/certificate_authority/__init__.py b/slapos/recipe/certificate_authority/__init__.py
index 8cbbd7d088825149111a88e5a71043407303427d..297182915dc248a7504ef8d1314493aa28f61317 100644
--- a/slapos/recipe/certificate_authority/__init__.py
+++ b/slapos/recipe/certificate_authority/__init__.py
@@ -45,13 +45,14 @@ class Recipe(GenericBaseRecipe):
   def install(self):
     path_list = []
 
-    # XXX: We gotta find better a way to get these options
-    ca_country_code = 'XX'
-    ca_email = 'xx@example.com'
-    ca_state = 'State',
-    ca_city = 'City'
-    ca_company = 'Company'
-    # XXX: end
+    ca_country_code = self.options.get('country-code', 'XX')
+    ca_email = self.options.get('email', 'xx@example.com')
+    # XXX-BBB: State by mistake has been configured as string "('State',)"
+    #          string, so keep this for backward compatibility of existing
+    #          automatically setup CAs
+    ca_state = self.options.get('state', "('State',)")
+    ca_city = self.options.get('city', 'City')
+    ca_company = self.options.get('company', 'Company')
 
     self.setPath()
 
diff --git a/slapos/recipe/check_port_listening/__init__.py b/slapos/recipe/check_port_listening/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..542072d68f8b9e331dd52f88e8557cc1e406d250
--- /dev/null
+++ b/slapos/recipe/check_port_listening/__init__.py
@@ -0,0 +1,48 @@
+##############################################################################
+#
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+import sys
+
+class Recipe(GenericBaseRecipe):
+  """
+  Check listening port promise
+  """
+
+  def install(self):
+    config = dict(
+      hostname=self.options['hostname'],
+      port=self.options['port'],
+      python_path=sys.executable,
+    )
+
+    vnc_promise = self.createExecutable(
+      self.options['path'],
+      self.substituteTemplate(
+        self.getTemplateFilename('socket_connection_attempt.py.in'),
+        config))
+
+    return [vnc_promise]
diff --git a/slapos/recipe/check_port_listening/template/socket_connection_attempt.py.in b/slapos/recipe/check_port_listening/template/socket_connection_attempt.py.in
new file mode 100644
index 0000000000000000000000000000000000000000..7c7a2699123fffd451900f6f604b2c74133dd68f
--- /dev/null
+++ b/slapos/recipe/check_port_listening/template/socket_connection_attempt.py.in
@@ -0,0 +1,21 @@
+#!%(python_path)s
+# BEWARE: This file is operated by slapgrid
+# BEWARE: It will be overwritten automatically
+import socket
+import sys
+
+hostname = "%(hostname)s"
+port = %(port)s
+
+connection_okay = False
+
+try:
+  s = socket.create_connection((hostname, port))
+  connection_okay = True
+  s.close()
+except (socket.error, socket.timeout):
+  connection_okay = False
+
+if not connection_okay:
+  print >> sys.stderr, "%(port)s on %(hostname)s isn't listening"
+  sys.exit(127)
diff --git a/slapos/recipe/davstorage/template/httpd.conf.in b/slapos/recipe/davstorage/template/httpd.conf.in
index 515593e8cff5e37dbb88bc8ff15b6c78a843a490..9fdea7ade783da6be7be6fc5420faa98d28d9563 100644
--- a/slapos/recipe/davstorage/template/httpd.conf.in
+++ b/slapos/recipe/davstorage/template/httpd.conf.in
@@ -3,6 +3,9 @@ ServerRoot "%(server_root)s"
 Listen [%(ip)s]:%(port)s
 
 # Needed modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authn_file_module "%(modules_dir)s/mod_authn_file.so"
 LoadModule authz_host_module "%(modules_dir)s/mod_authz_host.so"
 LoadModule authz_user_module "%(modules_dir)s/mod_authz_user.so"
@@ -11,6 +14,7 @@ LoadModule auth_digest_module "%(modules_dir)s/mod_auth_digest.so"
 LoadModule log_config_module "%(modules_dir)s/mod_log_config.so"
 LoadModule headers_module "%(modules_dir)s/mod_headers.so"
 LoadModule setenvif_module "%(modules_dir)s/mod_setenvif.so"
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 LoadModule ssl_module "%(modules_dir)s/mod_ssl.so"
 LoadModule mime_module "%(modules_dir)s/mod_mime.so"
 LoadModule dav_module "%(modules_dir)s/mod_dav.so"
@@ -25,7 +29,6 @@ ServerTokens ProductOnly
 
 DocumentRoot "%(document_root)s"
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 DavLockDB "%(davlock_db)s"
 
 <Directory />
diff --git a/slapos/recipe/erp5/template/apache.zope.conf.in b/slapos/recipe/erp5/template/apache.zope.conf.in
index a63d292996d3842c9883126a7ba44b2da1b16564..973cd992f727630f7a0b44c0ae759e70699f7bb0 100644
--- a/slapos/recipe/erp5/template/apache.zope.conf.in
+++ b/slapos/recipe/erp5/template/apache.zope.conf.in
@@ -2,12 +2,16 @@
 # Automatically generated
 
 # List of modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule setenvif_module modules/mod_setenvif.so
 LoadModule version_module modules/mod_version.so
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 LoadModule ssl_module modules/mod_ssl.so
 LoadModule mime_module modules/mod_mime.so
 LoadModule dav_module modules/mod_dav.so
@@ -19,7 +23,6 @@ LoadModule antiloris_module modules/mod_antiloris.so
 
 # Basic server configuration
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 ServerAdmin %(server_admin)s
 TypesConfig conf/mime.types
diff --git a/slapos/recipe/erp5_bootstrap/__init__.py b/slapos/recipe/erp5_bootstrap/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..f6f1a99dc68da6bc38ed26212788b4673d57ab80
--- /dev/null
+++ b/slapos/recipe/erp5_bootstrap/__init__.py
@@ -0,0 +1,66 @@
+##############################################################################
+#
+# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+from slapos.recipe.librecipe import GenericBaseRecipe
+import os
+import sys
+import urlparse
+
+class Recipe(GenericBaseRecipe):
+  """
+  Instanciate ERP5 in Zope
+  """
+
+  def install(self):
+    parsed = urlparse.urlparse(self.options['mysql-url'])
+    mysql_connection_string = "%(database)s@%(hostname)s:%(port)s "\
+        "%(username)s %(password)s" % dict(
+      database=parsed.path.split('/')[1],
+      hostname=parsed.hostname,
+      port=parsed.port,
+      username=parsed.username,
+      password=parsed.password
+    )
+
+    zope_parsed = urlparse.urlparse(self.options['zope-url'])
+
+    config = dict(
+      python_path=sys.executable,
+      user=zope_parsed.username,
+      password=zope_parsed.password,
+      site_id=zope_parsed.path.split('/')[1],
+      host="%s:%s" % (zope_parsed.hostname, zope_parsed.port),
+      sql_connection_string=mysql_connection_string,
+    )
+
+    # Runners
+    runner_path = self.createExecutable(
+      self.options['runner-path'],
+      self.substituteTemplate(self.getTemplateFilename('erp5_bootstrap.in'),
+                              config))
+
+    return [runner_path]
diff --git a/slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in b/slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in
new file mode 100644
index 0000000000000000000000000000000000000000..c3087f8dc581a2edc4e5f3f1d9c04a6b23c35b43
--- /dev/null
+++ b/slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in
@@ -0,0 +1,35 @@
+#!%(python_path)s
+
+import httplib
+import urllib
+import base64
+
+user = "%(user)s"
+password = "%(password)s"
+host = "%(host)s"
+site_id = "%(site_id)s"
+erp5_catalog_storage = 'erp5_mysql_innodb_catalog'
+mysql_url = "%(sql_connection_string)s"
+
+header_dict = {'Authorization': 'Basic %%s' %% \
+  base64.encodestring('%%s:%%s' %% (user, password)).strip()}
+zope_connection = httplib.HTTPConnection(host)
+
+# Check if an ERP5 site is already created, as ERP5 does support having
+# 2 instances in the same zope, and this script should not destroy user data
+zope_connection.request('GET', '/isERP5SitePresent', headers=header_dict)
+result = zope_connection.getresponse()
+
+if result.status == 204: # and (result.read() == "False"):
+
+  # Create the expected ERP5 instance
+  zope_connection.request(
+    'POST', '/manage_addProduct/ERP5/manage_addERP5Site',
+    urllib.urlencode({
+      'id': site_id,
+      'erp5_catalog_storage': erp5_catalog_storage,
+      'erp5_sql_connection_string': mysql_url,
+      'cmf_activity_sql_connection_string': mysql_url,
+    }),
+    headers=header_dict)
+
diff --git a/slapos/recipe/erp5_promise/__init__.py b/slapos/recipe/erp5_promise/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..dec8b1cb59077458c8b65100d72409ab93809673
--- /dev/null
+++ b/slapos/recipe/erp5_promise/__init__.py
@@ -0,0 +1,52 @@
+##############################################################################
+#
+# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+from slapos.recipe.librecipe import GenericBaseRecipe
+import ConfigParser
+
+class Recipe(GenericBaseRecipe):
+  """
+  Generate ERP5 promise configuration file
+  """
+
+  def install(self):
+
+    promise_parser = ConfigParser.RawConfigParser()
+
+    promise_parser.add_section('portal_templates')
+    promise_parser.set('portal_templates', 'repository', self.options['bt5-repository-url'])
+    promise_parser.set('portal_templates', 'expected_bt5', self.options['bt5'])
+
+    promise_parser.add_section('external_service')
+    promise_parser.set('external_service', 'cloudooo_url', self.options['cloudooo-url'])
+    promise_parser.set('external_service', 'memcached_url', self.options['memcached-url'])
+    promise_parser.set('external_service', 'kumofs_url', self.options['kumofs-url'])
+    promise_parser.set('external_service', 'smtp_url', self.options['smtp-url'])
+
+    promise_parser.write(open(self.options['promise-path'], 'w'))
+
+    return [self.options['promise-path']]
diff --git a/slapos/recipe/fontconfig/template/fontconfig.cfg.in b/slapos/recipe/fontconfig/template/fontconfig.cfg.in
index c6799d21dc15414354306d605ec3f9abd4fc8f4a..9167e6c7cec9eba371941e533aa55bc5f59ef85e 100644
--- a/slapos/recipe/fontconfig/template/fontconfig.cfg.in
+++ b/slapos/recipe/fontconfig/template/fontconfig.cfg.in
@@ -1,5 +1,6 @@
 <?xml version="1.0"?>
 <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
 <fontconfig>
+<cachedir>~/.fontconfig</cachedir>
 %(font_folder_path_snippet)s
 </fontconfig>
\ No newline at end of file
diff --git a/slapos/recipe/generate_erp5_tidstorage.py b/slapos/recipe/generate_erp5_tidstorage.py
index cfc03e6642581d39549fbff3cbcfb550fd301078..8ab68ed8d47526352c49ad3d2e06822de9d99524 100644
--- a/slapos/recipe/generate_erp5_tidstorage.py
+++ b/slapos/recipe/generate_erp5_tidstorage.py
@@ -57,6 +57,9 @@ class Recipe(GenericSlapRecipe):
     known_tid_storage_identifier_dict = {}
     snippet_zeo = open(self.options['snippet-zeo']).read()
     for zeo_id, zeo_configuration_list in json_data['zeo'].iteritems():
+      if not type(zeo_configuration_list) in (type([]), type(set()), type(())):
+        raise ValueError('%s passed in json is not a list, json: %s.' % (
+          zeo_configuration_list, json_data))
       storage_list = []
       a = storage_list.append
       for zeo_slave in zeo_configuration_list:
@@ -92,7 +95,8 @@ class Recipe(GenericSlapRecipe):
     zeo_connection_string = '\n'.join(zeo_connection_list)
     zope_dict.update(
       timezone=json_data['timezone'],
-      zeo_connection_string=zeo_connection_string
+      zeo_connection_string=zeo_connection_string,
+      site_id=site_id,
     )
     # always one distribution node
     current_zope_port += 1
@@ -151,32 +155,72 @@ class Recipe(GenericSlapRecipe):
           longrequest_logger_interval=longrequest_logger_interval,
           **zope_dict)
         haproxy_backend_list.append('${%(part_name)s:ip}:${%(part_name)s:port}' % dict(part_name=part_name))
+
+      scheme = backend_configuration.get('scheme', ['https'])
+
       # now generate backend access
       current_apache_port += 1
       current_haproxy_port += 1
-      part_list.append('apache-%(backend_name)s ca-apache-%(backend_name)s logrotate-entry-apache-%(backend_name)s haproxy-%(backend_name)s' % dict(backend_name=backend_name))
       backend_dict = dict(
         backend_name=backend_name,
         apache_port=current_apache_port,
+        apache_public_port=current_apache_port+1,
         haproxy_port=current_haproxy_port,
         access_control_string=backend_configuration['access-control-string'],
         maxconn=backend_configuration['maxconn'],
         server_check_path='/%s/getId' % site_id,
-        haproxy_backend_list=' '.join(haproxy_backend_list)
+        haproxy_backend_list=' '.join(haproxy_backend_list),
+        ssl_authentication=backend_configuration.get('ssl-authentication',
+          False),
+        backend_path=backend_configuration.get('backend-path', '/') % {
+            'site-id': site_id}
+
       )
-      publish_url_list.append('url-%(backend_name)s = https://[${apache-%(backend_name)s:ip}]:${apache-%(backend_name)s:port}' % dict(
-        backend_name=backend_name))
+      current_apache_port += 1
       output += snippet_backend % backend_dict
+
+      if 'http' in scheme:
+        part_list.append('apache-public-%(backend_name)s logrotate-entry-apache-public-%(backend_name)s' % dict(backend_name=backend_name))
+        publish_url_list.append('url-public-%(backend_name)s = http://[${apache-public-%(backend_name)s:ip}]:${apache-public-%(backend_name)s:port}' % dict(
+          backend_name=backend_name))
+      if 'https' in scheme:
+        part_list.append('apache-%(backend_name)s ca-apache-%(backend_name)s logrotate-entry-apache-%(backend_name)s haproxy-%(backend_name)s' % dict(backend_name=backend_name))
+        publish_url_list.append('url-%(backend_name)s = https://[${apache-%(backend_name)s:ip}]:${apache-%(backend_name)s:port}' % dict(
+          backend_name=backend_name))
+
     output += SECTION_BACKEND_PUBLISHER + '\n'
     output += '\n'.join(publish_url_list)
     part_list.append('publish-apache-backend-list')
+    master_dict = self.parameter_dict.copy()
+    if 'erp5-ca' in json_data:
+      erp5_ca = json_data['erp5-ca']
+      # Fetching exactly named parameters from json in order to raise proper
+      # error if required
+      master_dict.update(
+        erp5_ca_country_code = erp5_ca['country-code'],
+        erp5_ca_email = erp5_ca['email'],
+        erp5_ca_state = erp5_ca['state'],
+        erp5_ca_city = erp5_ca['city'],
+        erp5_ca_company = erp5_ca['company']
+      )
+    else:
+      master_dict.update(dict(
+        erp5_ca_country_code = 'XX',
+        erp5_ca_email = 'xx@example.com',
+        # XXX-BBB: State by mistake has been configured as string "('State',)"
+        #          string, so keep this for backward compatibility of existing
+        #          automatically setup CAs
+        erp5_ca_state = "('State',)",
+        erp5_ca_city = 'City',
+        erp5_ca_company = 'Company'
+      ))
     prepend = open(self.options['snippet-master']).read() % dict(
         part_list='  \n'.join(['  '+q for q in part_list]),
         known_tid_storage_identifier_dict=known_tid_storage_identifier_dict,
         haproxy_section="haproxy-%s" % backend_name,
         zope_section=zope_id,
         site_id=site_id,
-        **self.parameter_dict
+        **master_dict
         )
     output = prepend + output
     with open(self.options['output'], 'w') as f:
diff --git a/slapos/recipe/helloworld.py b/slapos/recipe/generatemac.py
similarity index 75%
rename from slapos/recipe/helloworld.py
rename to slapos/recipe/generatemac.py
index 743f242e97b2a6f9f574b9199ccf9b36e9baa41b..45abf6d2ee8961b025539b442403af8a62ee2036 100644
--- a/slapos/recipe/helloworld.py
+++ b/slapos/recipe/generatemac.py
@@ -1,3 +1,4 @@
+
 ##############################################################################
 #
 # Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
@@ -24,21 +25,16 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 #
 ##############################################################################
-from slapos.recipe.librecipe import BaseSlapRecipe
+import random
+
+from slapos.recipe.librecipe import GenericBaseRecipe
 
-class Recipe(BaseSlapRecipe):
+class Recipe(GenericBaseRecipe):
 
-  def _install(self):
-    parameter_dict = self.computer_partition.getInstanceParameterDict()
-    dummy_wrapper = self.createRunningWrapper('dummy', """#!/bin/sh
-while [ true ]
-do
-   sleep 10
-   echo "Hello World!"
-done""")
+  def __init__(self, buildout, name, options):
+    # First octet has to represent a locally administered address
+    octet_list = [254] + [random.randint(0x00, 0xff) for x in range(5)]
+    options['mac-address'] = ':'.join(['%02x' % x for x in octet_list])
 
-    self.computer_partition.setConnectionDict(dict(
-      hello_world="Hello World!",
-      ))
-    return [dummy_wrapper]
-    
\ No newline at end of file
+  def install(self):
+    return []
diff --git a/slapos/recipe/generic_kumofs/__init__.py b/slapos/recipe/generic_kumofs/__init__.py
index 0b939c8879e7282e1e528c248aefe3e86e20afc0..03d1a78b8236019e641e8eceb04175b08e0d6d2d 100644
--- a/slapos/recipe/generic_kumofs/__init__.py
+++ b/slapos/recipe/generic_kumofs/__init__.py
@@ -52,7 +52,8 @@ class Recipe(GenericBaseRecipe):
       kumo_manager_port=kumo_manager_port,
       kumo_server_port=kumo_server_port,
       kumo_server_listen_port=kumo_server_listen_port,
-      kumo_gateway_port=kumo_gateway_port
+      kumo_gateway_port=kumo_gateway_port,
+      shell_path=self.options['shell-path'],
     )
 
     path_list.append(self.createExecutable(self.options['gateway-wrapper'],
diff --git a/slapos/recipe/generic_kumofs/template/kumo_gateway.in b/slapos/recipe/generic_kumofs/template/kumo_gateway.in
index 912f8f1007ad2cad325c56ce13a634375cee8ebc..f18c8a4ec358c4bd92c2c8506db279c2afb6f3b2 100644
--- a/slapos/recipe/generic_kumofs/template/kumo_gateway.in
+++ b/slapos/recipe/generic_kumofs/template/kumo_gateway.in
@@ -1,2 +1,2 @@
-#!/bin/sh
+#!%(shell_path)s
 exec %(kumo_gateway_binary)s -F -E -m %(kumo_manager_ip)s:%(kumo_manager_port)s -t %(kumo_gateway_ip)s:%(kumo_gateway_port)s -o %(kumo_gateway_log)s
diff --git a/slapos/recipe/generic_kumofs/template/kumo_manager.in b/slapos/recipe/generic_kumofs/template/kumo_manager.in
index e63e3c569de5f689176f19793706e49f90d3c95f..25e2ed1a0e78385c08f11b08f309a2d01d325af3 100644
--- a/slapos/recipe/generic_kumofs/template/kumo_manager.in
+++ b/slapos/recipe/generic_kumofs/template/kumo_manager.in
@@ -1,2 +1,2 @@
-#!/bin/sh
+#!%(shell_path)s
 exec %(kumo_manager_binary)s -a -l %(kumo_manager_ip)s:%(kumo_manager_port)s -o %(kumo_manager_log)s
diff --git a/slapos/recipe/generic_kumofs/template/kumo_server.in b/slapos/recipe/generic_kumofs/template/kumo_server.in
index 81aeabb323590320bc1be69b1854d50cdc3d9687..aba0ac6f257d8f44a2c1d32b8a37677aef41416d 100644
--- a/slapos/recipe/generic_kumofs/template/kumo_server.in
+++ b/slapos/recipe/generic_kumofs/template/kumo_server.in
@@ -1,2 +1,2 @@
-#!/bin/sh
+#!%(shell_path)s
 exec %(kumo_server_binary)s -l %(kumo_server_ip)s:%(kumo_server_port)s -L %(kumo_server_listen_port)s -m %(kumo_manager_ip)s:%(kumo_manager_port)s -s %(kumo_server_storage)s -o %(kumo_server_log)s
diff --git a/slapos/recipe/generic_memcached/__init__.py b/slapos/recipe/generic_memcached/__init__.py
index 7a3a77a2a63034bef5e35acc34dd04b8f0da9334..fa6a40eddd6e9e99913deaad281f2c32698bf662 100644
--- a/slapos/recipe/generic_memcached/__init__.py
+++ b/slapos/recipe/generic_memcached/__init__.py
@@ -46,6 +46,7 @@ class Recipe(GenericBaseRecipe):
         memcached_binary=self.options['binary_path'],
         memcached_ip=self.options['ip'],
         memcached_port=self.options['port'],
+        shell_path=self.options['shell-path'],
     )
 
     executable_path = self.createExecutable(
diff --git a/slapos/recipe/generic_memcached/template/memcached.in b/slapos/recipe/generic_memcached/template/memcached.in
index 92dae43a99feff580ac9ff3a6437c25a925f32e5..32bf42cb99456d42d62045969cec373c2323a7f9 100644
--- a/slapos/recipe/generic_memcached/template/memcached.in
+++ b/slapos/recipe/generic_memcached/template/memcached.in
@@ -1,2 +1,2 @@
-#!/bin/sh
+#!%(shell_path)s
 exec %(memcached_binary)s -p %(memcached_port)s -U %(memcached_port)s -l %(memcached_ip)s
diff --git a/slapos/recipe/generic_mysql/__init__.py b/slapos/recipe/generic_mysql/__init__.py
index 6c36637d99ede3a452307337e9a5b94a15a6a26f..c0ef36b466e027201e8e7360846147ee23967701 100644
--- a/slapos/recipe/generic_mysql/__init__.py
+++ b/slapos/recipe/generic_mysql/__init__.py
@@ -67,6 +67,12 @@ class Recipe(GenericBaseRecipe):
 
     mysql_script_list = []
 
+    # user defined functions
+    mysql_script_list.append(self.substituteTemplate(
+      self.getTemplateFilename('mysql-init-function.sql.in'),
+      {
+      }
+    ))
     # real database
     mysql_script_list.append(self.substituteTemplate(
       self.getTemplateFilename('initmysql.sql.in'),
diff --git a/slapos/recipe/generic_mysql/template/my.cnf.in b/slapos/recipe/generic_mysql/template/my.cnf.in
index 25d951e863b594e5ac3ca2709897da3763c45754..78e847cd871daf80b807807c29a02549af2092c4 100644
--- a/slapos/recipe/generic_mysql/template/my.cnf.in
+++ b/slapos/recipe/generic_mysql/template/my.cnf.in
@@ -17,15 +17,15 @@ pid-file = %(pid_file)s
 log-error = %(error_log)s
 slow_query_log
 slow_query_log_file = %(slow_query_log)s
-long_query_time = 5
+long_query_time = 1
 max_allowed_packet = 128M
 query_cache_size = 32M
 
-plugin-load = ha_groonga.so;ha_sphinx.so
+plugin-load = ha_mroonga.so;ha_sphinx.so;handlersocket.so
 
 # By default only 100 connections are allowed, when using zeo
 # we may have much more connections
-# max_connections = 1000
+max_connections = 1000
 
 # The following are important to configure and depend a lot on to the size of
 # your database and the available resources.
diff --git a/slapos/recipe/erp5/template/mysql-init-function.sql.in b/slapos/recipe/generic_mysql/template/mysql-init-function.sql.in
similarity index 73%
rename from slapos/recipe/erp5/template/mysql-init-function.sql.in
rename to slapos/recipe/generic_mysql/template/mysql-init-function.sql.in
index c4d0cbde46c01372b3808db3601e517e14788b4e..6105ac73fe8887b30f452176a549a30a2ca94404 100644
--- a/slapos/recipe/erp5/template/mysql-init-function.sql.in
+++ b/slapos/recipe/generic_mysql/template/mysql-init-function.sql.in
@@ -1,5 +1,5 @@
 USE mysql;
 DROP FUNCTION IF EXISTS last_insert_grn_id;
-CREATE FUNCTION last_insert_grn_id RETURNS INTEGER SONAME 'ha_groonga.so';
+CREATE FUNCTION last_insert_grn_id RETURNS INTEGER SONAME 'ha_mroonga.so';
 DROP FUNCTION IF EXISTS sphinx_snippets;
 CREATE FUNCTION sphinx_snippets RETURNS STRING SONAME 'sphinx.so';
diff --git a/slapos/recipe/generic_onetimeupload/__init__.py b/slapos/recipe/generic_onetimeupload/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..97ef798220e045de31c3d917ba7daf1167b182b1
--- /dev/null
+++ b/slapos/recipe/generic_onetimeupload/__init__.py
@@ -0,0 +1,59 @@
+##############################################################################
+#
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+import binascii
+import os
+import sys
+
+class Recipe(GenericBaseRecipe):
+  """
+  kvm instance configuration.
+  """
+
+  def __init__(self, buildout, name, options):
+    options['key'] = binascii.hexlify(os.urandom(24))
+    return GenericBaseRecipe.__init__(self, buildout, name, options)
+
+  def install(self):
+    config = dict(
+      ip=self.options['ip'],
+      port=self.options['port'],
+      onetimeupload_path=self.options['onetimeupload-path'],
+      shell_path=self.options['shell-path'],
+      log_path=self.options['log-path'],
+      image=self.options['image-path'],
+      key=self.options['key'],
+    )
+
+    # Runners
+    runner_path = self.createExecutable(
+      self.options['path'],
+      self.substituteTemplate(self.getTemplateFilename('onetimeupload_run.in'),
+                              config))
+
+    return [runner_path]
+
diff --git a/slapos/recipe/nbdserver/template/onetimeupload_run.in b/slapos/recipe/generic_onetimeupload/template/onetimeupload_run.in
similarity index 90%
rename from slapos/recipe/nbdserver/template/onetimeupload_run.in
rename to slapos/recipe/generic_onetimeupload/template/onetimeupload_run.in
index 9d6cfe22248f543a22fc43e9c0b5deb2080500a3..a09627d5501af0b3e2d71835ea345c71efc1b37b 100644
--- a/slapos/recipe/nbdserver/template/onetimeupload_run.in
+++ b/slapos/recipe/generic_onetimeupload/template/onetimeupload_run.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!%(shell_path)s
 # BEWARE: This file is operated by slapgrid
 # BEWARE: It will be overwritten automatically
 exec %(onetimeupload_path)s -l %(log_path)s %(ip)s %(port)s %(image)s %(key)s 
diff --git a/slapos/recipe/generic_varnish/__init__.py b/slapos/recipe/generic_varnish/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..4187b7ea0993a245a8be326aebf9461a381f39d1
--- /dev/null
+++ b/slapos/recipe/generic_varnish/__init__.py
@@ -0,0 +1,77 @@
+##############################################################################
+#
+# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+import os
+import re
+from slapos.recipe.librecipe import GenericSlapRecipe
+
+class Recipe(GenericSlapRecipe):
+  """
+    Instantiate varnish daemon
+
+    TODO:
+      - use varnish3.x and replace .vcl for it
+  """
+  def _install(self):
+    ip = self.options['ip']
+    backend_url = self.parameter_dict['tidstorage-url']
+    backend_ip, backend_port = self._getBackendServer(backend_url)
+    varnishd_manager_port = int(self.options['manager-port'])
+    varnishd_server_port = int(self.options['server-port'])
+    path_list = []
+    config = dict(
+      varnishd_binary=self.options['varnishd-binary'],
+      varnish_ip=ip,
+      varnishlog_binary=self.options['varnishlog-binary'],
+      varnishd_manager_port=varnishd_manager_port,
+      varnishd_server_port=varnishd_server_port,
+      varnishd_pid_file=self.options['pid-file'],
+      varnish_instance_name=self.options['varnish-instance-name'],
+      varnish_data=self.options['varnish-data'],
+      shell_path=self.options['shell-path'],
+      vcl_file=self.options['vcl-file'],
+      backend_ip = backend_ip,
+      backend_port = backend_port,
+      backend_server = "[%s]" % backend_ip,
+    )
+
+    path_list.append(self.createExecutable(self.options['varnishd-wrapper'],
+      self.substituteTemplate(self.getTemplateFilename('varnishd.in'),
+        config)))
+    path_list.append(self.createExecutable(self.options['varnishlog-wrapper'],
+      self.substituteTemplate(self.getTemplateFilename('varnishlog.in'),
+        config)))
+    path_list.append(self.createFile(self.options['vcl-file'],
+      self.substituteTemplate(self.getTemplateFilename('default.vcl.in'),
+        config)))
+    return path_list
+
+  def _getBackendServer(self, url):
+    r = re.compile('\/\/\[(.*)\]:(\d*)')
+    result = r.search(url)
+    ip = result.groups()[0]
+    port = result.groups()[1]
+    return (ip, port)
diff --git a/slapos/recipe/generic_varnish/template/default.vcl.in b/slapos/recipe/generic_varnish/template/default.vcl.in
new file mode 100644
index 0000000000000000000000000000000000000000..bac86d2dc551489ced38b93e1c420cc935614820
--- /dev/null
+++ b/slapos/recipe/generic_varnish/template/default.vcl.in
@@ -0,0 +1,124 @@
+#This is a basic VCL configuration file for varnish.  See the vcl(7)
+#man page for details on VCL syntax and semantics.
+#
+#Default backend definition.  Set this to point to your content
+#server.
+#
+backend default {
+  .host = "%(backend_ip)s";
+  .port = "%(backend_port)s";
+  .probe = {
+           .timeout = 30s;
+           .interval = 5s;
+           .window = 4;
+           .threshold = 3;
+           .request =
+             "OPTIONS /erp5/getId HTTP/1.1"
+             "Host: %(backend_server)s:%(backend_port)s"
+             "Accept-Encoding: identity"
+             "Connection: close"
+             "User-Agent: Varnish";
+  }
+}
+#
+#Below is a commented-out copy of the default VCL logic.  If you
+#redefine any of these subroutines, the built-in logic will be
+#appended to your code.
+#
+
+sub vcl_recv {
+  if (req.request != "GET" &&
+    req.request != "HEAD" &&
+    req.request != "PUT" &&
+    req.request != "POST" &&
+    req.request != "TRACE" &&
+    req.request != "OPTIONS" &&
+    req.request != "PURGE" &&
+    req.request != "DELETE") {
+      /* Non-RFC2616 or CONNECT which is weird. */
+      pipe;
+  }
+  if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") {
+      /* We only deal with GET and HEAD by default */
+      pass;
+  }
+  remove req.http.Cookie;
+  remove req.http.Set-Cookie;
+  if (req.http.Accept-Encoding) {
+    if (req.http.Accept-Encoding ~ "gzip") {
+      set req.http.Accept-Encoding = "gzip";
+    } elsif (req.http.Accept-Encoding ~ "deflate") {
+      set req.http.Accept-Encoding = "deflate";
+    } else {
+      # unkown algorithm
+      remove req.http.Accept-Encoding;
+    }
+  }
+  # Force deflate
+  remove req.http.Accept-Encoding;
+  # We do not care about Accept-Language, this is url controlled
+  remove req.http.Accept-Language;
+  #if (req.request == "PURGE") {
+  #  if (!client.ip ~ purge) {
+  #    error 405 "Not allowed.";
+  #  }
+  #  purge_url(req.url);
+  #  error 200 "HASHPURGED";
+  #  unset req.http.x;
+  #}
+  set req.grace = 30d;
+  lookup;
+}
+
+sub vcl_hash {
+    set req.hash += req.url;
+    hash;
+}
+
+sub vcl_hit {
+   #if (req.request == "PURGE" && client.ip ~ purge) {
+   #  set obj.ttl = 0s;
+   #  error 200 "Purged.";
+   #}
+
+   #if (client.ip ~ purge){
+   #  # Force refresh from localhost
+   #  set obj.ttl = 0s;
+   #  return (restart);
+   #}
+   # According Vary Header do not return those headers
+   remove req.http.Accept-Language;
+   remove req.http.Accept-Encoding;
+   remove req.http.Cookie;
+   deliver;
+}
+
+sub vcl_miss {
+    fetch;
+}
+
+sub vcl_fetch {
+    /* Never send request to backend even if client ask refreshed content */
+    if (obj.cacheable) {
+       /* Setup grace period for 30days for all cacheable contents */
+      #set req.grace = 30d;
+      set obj.grace = 30d;
+      }
+   deliver;
+   }
+
+
+sub vcl_deliver {
+   if (obj.hits > 0) {
+     set resp.http.X-Cache = obj.hits;
+   } else {
+     set resp.http.X-Cache = "MISS";
+   }
+   #if (obj.hash) {
+   #  set resp.http.X-Hash = obj.hash;
+   #} else {
+   #  set resp.http.X-Hash = "No hash";
+   #}
+
+   deliver;
+}
diff --git a/slapos/recipe/generic_varnish/template/varnishd.in b/slapos/recipe/generic_varnish/template/varnishd.in
new file mode 100644
index 0000000000000000000000000000000000000000..c30582488bc3b0876ed5a218c2b3fb0777cd6592
--- /dev/null
+++ b/slapos/recipe/generic_varnish/template/varnishd.in
@@ -0,0 +1,15 @@
+#!%(shell_path)s
+
+DAEMON_OPTS="-F \
+             -a %(varnish_ip)s:%(varnishd_server_port)s \
+             -T %(varnish_ip)s:%(varnishd_manager_port)s \
+             -n %(varnish_instance_name)s \
+             -f %(vcl_file)s \
+             -s file,%(varnish_data)s/varnish_storage.bin,1G"
+
+PIDFILE=%(varnishd_pid_file)s
+# exporting PATH here so that we will pass the PATH variable to the subprocess
+export PATH
+output=$(/bin/tempfile -s.varnish)
+exec %(varnishd_binary)s -P ${PIDFILE} ${DAEMON_OPTS} > ${output} 2>&1
+
diff --git a/slapos/recipe/generic_varnish/template/varnishlog.in b/slapos/recipe/generic_varnish/template/varnishlog.in
new file mode 100644
index 0000000000000000000000000000000000000000..72141b9f7c4baec464ef725707d0bf0f77a45b42
--- /dev/null
+++ b/slapos/recipe/generic_varnish/template/varnishlog.in
@@ -0,0 +1,6 @@
+#!%(shell_path)s
+
+DAEMON_OPTS="-a %(varnish_ip)s:%(varnishd_server_port)s \
+             -n %(varnish_instance_name)s"
+
+exec %(varnishlog_binary)s ${DAEMON_OPTS} "$@"
diff --git a/slapos/recipe/generic_varnish/template/varnishlogd.in b/slapos/recipe/generic_varnish/template/varnishlogd.in
new file mode 100644
index 0000000000000000000000000000000000000000..b0f1e24dcae66c8d3b2c007eec13da3ecbfb17e8
--- /dev/null
+++ b/slapos/recipe/generic_varnish/template/varnishlogd.in
@@ -0,0 +1,22 @@
+#!%(shell_path)s
+
+DAEMON_OPTS="-F \
+             -a %(varnish_ip)s:%(varnishd_server_port)s \
+             -T %(varnish_ip)s:%(varnishd_manager_port)s \
+             -n %(varnish_instance_name)s \
+             -f %(vcl_file)s \
+             -s file,%(varnish_data)s/varnish_storage.bin,1G"
+
+PIDFILE=%(varnishd_pid_file)s
+# exporting PATH here so that it will pass the PATH variable to the subprocess
+export PATH
+
+# If unset, or set to "0" or "no", exit
+if [ -z "${VARNISHLOG_ENABLED}" ] || \
+   [ "${VARNISHLOG_ENABLED}" = "0" ] || \
+   [ "${VARNISHLOG_ENABLED}" = "no" ]; then
+  exit 0;
+fi
+
+output=$(/bin/tempfile -s.varnish)
+exec %(varnishlog_binary)s ${DAEMON_OPTS} > ${output} 2>&1
diff --git a/slapos/recipe/generic_zope/__init__.py b/slapos/recipe/generic_zope/__init__.py
index 0c29ac934228aa025b2363d9e4947e7ec6129827..5f1b601ea645842b4022b71911d3970a7b71d8b9 100644
--- a/slapos/recipe/generic_zope/__init__.py
+++ b/slapos/recipe/generic_zope/__init__.py
@@ -128,6 +128,13 @@ class Recipe(GenericBaseRecipe):
     zope_conf_content = self.substituteTemplate(zope_wrapper_template_location,
       zope_config)
 
+    if ('promise-path' in self.options) and ('site-id' in self.options):
+      zope_conf_content += self.substituteTemplate(self.getTemplateFilename(
+          'zope.conf.promise.in'), {
+            'site-id': self.options['site-id'],
+            'promise-path': self.options['promise-path'],
+            })
+
     zope_conf_path = self.createFile(self.options['configuration-file'], zope_conf_content)
     path_list.append(zope_conf_path)
     # Create init script
diff --git a/slapos/recipe/generic_zope/template/zope.conf.in b/slapos/recipe/generic_zope/template/zope.conf.in
index 3853b0d641c8d5aa664890f9f2c5e050b61db921..36f0fead11786fcdc74c89c046fc81bba1d86685 100644
--- a/slapos/recipe/generic_zope/template/zope.conf.in
+++ b/slapos/recipe/generic_zope/template/zope.conf.in
@@ -20,6 +20,11 @@ zserver-threads %(thread_amount)s
 pid-filename %(pid-filename)s
 lock-filename %(lock-filename)s
 
+# Encoding
+rest-input-encoding utf-8
+rest-output-encoding utf-8
+default-zpublisher-encoding utf-8
+
 # Temporary storage database (for sessions)
 <zodb_db temporary>
      <temporarystorage>
diff --git a/slapos/recipe/generic_zope/template/zope.conf.promise.in b/slapos/recipe/generic_zope/template/zope.conf.promise.in
new file mode 100644
index 0000000000000000000000000000000000000000..692ae21c2ea70fa5e456572e4750bb7edc86d42a
--- /dev/null
+++ b/slapos/recipe/generic_zope/template/zope.conf.promise.in
@@ -0,0 +1,5 @@
+
+# ERP5 promise
+<product-config /%(site-id)s>
+  promise_path %(promise-path)s
+</product-config>
diff --git a/slapos/recipe/generic_zope_zeo_client/__init__.py b/slapos/recipe/generic_zope_zeo_client/__init__.py
index 94e4cf8b9727c99e211521ef79efab42945a22bf..f3ea8d57401a1d0ab8c2713c9f8377d3a328eb8b 100644
--- a/slapos/recipe/generic_zope_zeo_client/__init__.py
+++ b/slapos/recipe/generic_zope_zeo_client/__init__.py
@@ -115,7 +115,7 @@ class Recipe(GenericBaseRecipe):
       TMPDIR=self.options['tmp-path'],
       HOME=self.options['tmp-path'],
       PATH=self.options['bin-path'],
-      TIMEZONE=self.options['timezone'],
+      TZ=self.options['timezone'],
     )
 
     # longrequestlogger product which requires environment settings
@@ -157,6 +157,18 @@ class Recipe(GenericBaseRecipe):
     if self.isTrueValue(self.options['timeserver']):
       zope_conf_content += self.substituteTemplate(self.getTemplateFilename(
           'zope.conf.timeserver.in'), {})
+    if 'tidstorage-ip' in self.options:
+      zope_conf_content += self.substituteTemplate(self.getTemplateFilename(
+          'zope.conf.tidstorage.in'), {
+            'tidstorage-ip': self.options['tidstorage-ip'],
+            'tidstorage-port': self.options['tidstorage-port'],
+            })
+    if ('promise-path' in self.options) and ('site-id' in self.options):
+      zope_conf_content += self.substituteTemplate(self.getTemplateFilename(
+          'zope.conf.promise.in'), {
+            'site-id': self.options['site-id'],
+            'promise-path': self.options['promise-path'],
+            })
 
     zope_conf_path = self.createFile(self.options['configuration-file'], zope_conf_content)
     path_list.append(zope_conf_path)
diff --git a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.in b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.in
index 9f64fff798c1af0a03901b565e825229ff5ff521..72866b799963049f94f8e39c9ff7b4b848518e65 100644
--- a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.in
+++ b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.in
@@ -20,6 +20,11 @@ zserver-threads %(thread_amount)s
 pid-filename %(pid-filename)s
 lock-filename %(lock-filename)s
 
+# Encoding
+rest-input-encoding utf-8
+rest-output-encoding utf-8
+default-zpublisher-encoding utf-8
+
 # Temporary storage database (for sessions)
 <zodb_db temporary>
      <temporarystorage>
diff --git a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.promise.in b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.promise.in
new file mode 100644
index 0000000000000000000000000000000000000000..692ae21c2ea70fa5e456572e4750bb7edc86d42a
--- /dev/null
+++ b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.promise.in
@@ -0,0 +1,5 @@
+
+# ERP5 promise
+<product-config /%(site-id)s>
+  promise_path %(promise-path)s
+</product-config>
diff --git a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.tidstorage.in b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.tidstorage.in
new file mode 100644
index 0000000000000000000000000000000000000000..d3e0bb4bad6b5bdd86a6925b8b9f722941947513
--- /dev/null
+++ b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.tidstorage.in
@@ -0,0 +1,6 @@
+
+# TIDStorage connection
+<product-config TIDStorage>
+  backend-ip %(tidstorage-ip)s
+  backend-port %(tidstorage-port)s
+</product-config>
diff --git a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.timeserver.in b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.timeserver.in
index 707c6bab66727c76535bd64ef1ef9923dc7c97b4..a1edc33f97608278fc55eb90373bb48d99908f94 100644
--- a/slapos/recipe/generic_zope_zeo_client/template/zope.conf.timeserver.in
+++ b/slapos/recipe/generic_zope_zeo_client/template/zope.conf.timeserver.in
@@ -2,5 +2,5 @@
 # ERP5 Timer Service
 %%import timerserver
 <timer-server>
-  interval 5
+  interval 1
 </timer-server>
diff --git a/slapos/recipe/kvm/__init__.py b/slapos/recipe/kvm/__init__.py
index e4d5688562bd5d1590f8922d144ef582d86965ec..54ec9a442a48014717616d341d37e705fcd53bd3 100644
--- a/slapos/recipe/kvm/__init__.py
+++ b/slapos/recipe/kvm/__init__.py
@@ -1,6 +1,6 @@
 ##############################################################################
 #
-# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
 #
 # WARNING: This program as such is intended to be used by professional
 # programmers who take the whole responsibility of assessing all potential
@@ -24,333 +24,53 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 #
 ##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+import binascii
 import os
 import sys
-from slapos.recipe.librecipe import BaseSlapRecipe
-import subprocess
-import binascii
-import random
-import zc.buildout
-import pkg_resources
-import ConfigParser
-import hashlib
-
-class Recipe(BaseSlapRecipe):
-
-  # To avoid magic numbers
-  VNC_BASE_PORT = 5900
-
-  def _install(self):
-    """
-    Set the connection dictionnary for the computer partition and create a list
-    of paths to the different wrappers
-
-    Parameters : none
-
-    Returns    : List path_list
-    """
-    self.path_list = []
-
-    self.requirements, self.ws           = self.egg.working_set()
-    self.cron_d                          = self.installCrond()
-
-    self.ca_conf                         = self.installCertificateAuthority()
-    self.key_path, self.certificate_path = self.requestCertificate('noVNC')
-
-    # Install the socket_connection_attempt script
-    catcher = zc.buildout.easy_install.scripts(
-      [('check_port_listening', 'slapos.recipe.kvm.socket_connection_attempt',
-        'connection_attempt')],
-      self.ws,
-      sys.executable,
-      self.bin_directory,
-    )
-    # Save the check_port_listening script path
-    check_port_listening_script = catcher[0]
-    # Get the port_listening_promise template path, and save it
-    self.port_listening_promise_path = pkg_resources.resource_filename(
-      __name__, 'template/port_listening_promise.in')
-    self.port_listening_promise_conf = dict(
-     check_port_listening_script=check_port_listening_script,
-    )
-
-    kvm_conf = self.installKvm(vnc_ip = self.getLocalIPv4Address())
-
-    vnc_port = Recipe.VNC_BASE_PORT + kvm_conf['vnc_display']
-
-    noVNC_conf = self.installNoVnc(source_ip   = self.getGlobalIPv6Address(),
-                                   source_port = 6080,
-                                   target_ip   = kvm_conf['vnc_ip'],
-                                   target_port = vnc_port)
-
-    self.linkBinary()
-    self.computer_partition.setConnectionDict(dict(
-        url = "https://[%s]:%s/vnc_auto.html?host=[%s]&port=%s&encrypt=1" % (
-            noVNC_conf['source_ip'],
-            noVNC_conf['source_port'],
-            noVNC_conf['source_ip'],
-            noVNC_conf['source_port']),
-        password = kvm_conf['vnc_passwd']))
-
-    return self.path_list
-
-  def installKvm(self, vnc_ip):
-    """
-    Create kvm configuration dictionnary and instanciate a wrapper for kvm and
-    kvm controller
-
-    Parameters : IP the vnc server is listening on
-
-    Returns    : Dictionnary kvm_conf
-    """
-    kvm_conf = dict(vnc_ip = vnc_ip)
-
-    connection_found = False
-    for tap_interface, dummy in self.parameter_dict['ip_list']:
-      # Get an ip associated to a tap interface
-      if tap_interface:
-        connection_found = True
-    if not connection_found:
-      raise NotImplementedError("Do not support ip without tap interface")
-
-    kvm_conf['tap_interface'] = tap_interface
-
-    # Disk path
-    kvm_conf['disk_path'] = os.path.join(self.data_root_directory,
-        'virtual.qcow2')
-    kvm_conf['socket_path'] = os.path.join(self.var_directory, 'qmp_socket')
-    # XXX Weak password
-    ##XXX -Vivien: add an option to generate one password for all instances
-    # and/or to input it yourself
-    kvm_conf['vnc_passwd'] = binascii.hexlify(os.urandom(4))
-
-    #XXX pid_file path, database_path, path to python binary and xml path
-    kvm_conf['pid_file_path'] = os.path.join(self.run_directory, 'pid_file')
-    kvm_conf['database_path'] = os.path.join(self.data_root_directory,
-        'slapmonitor_database')
-    kvm_conf['python_path']   = sys.executable
-    kvm_conf['qemu_path']     = self.options['qemu_path']
-    #xml_path = os.path.join(self.var_directory, 'slapreport.xml' )
 
-    # Create disk if needed
-    if not os.path.exists(kvm_conf['disk_path']):
-      retcode = subprocess.call(["%s create -f qcow2 %s %iG" % (
-          self.options['qemu_img_path'], kvm_conf['disk_path'],
-          int(self.options['disk_size']))], shell=True)
-      if retcode != 0:
-        raise OSError, "Disk creation failed!"
-
-    # Options nbd_ip and nbd_port are provided by slapos master
-    kvm_conf['nbd_ip']   = self.parameter_dict['nbd_ip']
-    kvm_conf['nbd_port'] = self.parameter_dict['nbd_port']
-
-    # First octet has to represent a locally administered address
-    octet_list         = [254] + [random.randint(0x00, 0xff) for x in range(5)]
-    kvm_conf['mac_address'] = ':'.join(['%02x' % x for x in octet_list])
-
-    kvm_conf['hostname']    = "slaposkvm"
-    kvm_conf['smp_count']   = self.options['smp_count']
-    kvm_conf['ram_size']    = self.options['ram_size']
-
-    kvm_conf['vnc_display'] = 1
-
-    # Instanciate KVM
-    kvm_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template', 'kvm_run.in'))
-
-    kvm_runner_path = self.createRunningWrapper("kvm",
-          self.substituteTemplate(kvm_template_location,
-                                  kvm_conf))
-
-    self.path_list.append(kvm_runner_path)
-
-    # Instanciate KVM controller
-    kvm_controller_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template',
-                                             'kvm_controller_run.in' ))
-
-    kvm_controller_runner_path = self.createRunningWrapper("kvm_controller",
-          self.substituteTemplate(kvm_controller_template_location,
-                                  kvm_conf))
-
-    self.path_list.append(kvm_controller_runner_path)
-
-    # Instanciate Slapmonitor
-    ##slapmonitor_runner_path = self.instanciate_wrapper("slapmonitor",
-    #    [database_path, pid_file_path, python_path])
-    # Instanciate Slapreport
-    ##slapreport_runner_path = self.instanciate_wrapper("slapreport",
-    #    [database_path, python_path])
-
-    # Add VNC promise
-    self.port_listening_promise_conf.update(
-      hostname=kvm_conf['vnc_ip'],
-      port=Recipe.VNC_BASE_PORT + kvm_conf['vnc_display'],
+class Recipe(GenericBaseRecipe):
+  """
+  kvm instance configuration.
+  """
+
+  def __init__(self, buildout, name, options):
+    options['passwd'] = binascii.hexlify(os.urandom(4))
+    return GenericBaseRecipe.__init__(self, buildout, name, options)
+
+  def install(self):
+    config = dict(
+      tap_interface=self.options['tap'],
+      vnc_ip=self.options['vnc-ip'],
+      vnc_port=self.options['vnc-port'],
+      nbd_ip=self.options['nbd-ip'],
+      nbd_port=self.options['nbd-port'],
+      disk_path=self.options['disk-path'],
+      disk_size=self.options['disk-size'],
+      mac_address=self.options['mac-address'],
+      smp_count=self.options['smp-count'],
+      ram_size=self.options['ram-size'],
+      socket_path=self.options['socket-path'],
+      pid_file_path=self.options['pid-path'],
+      python_path=sys.executable,
+      shell_path=self.options['shell-path'],
+      qemu_path=self.options['qemu-path'],
+      qemu_img_path=self.options['qemu-img-path'],
+      # XXX Weak password
+      vnc_passwd=self.options['passwd']
     )
-    self.createPromiseWrapper("vnc_promise",
-        self.substituteTemplate(self.port_listening_promise_path,
-                                self.port_listening_promise_conf,
-                               )
-                             )
 
-    return kvm_conf
+    # Runners
+    runner_path = self.createExecutable(
+      self.options['runner-path'],
+      self.substituteTemplate(self.getTemplateFilename('kvm_run.in'),
+                              config))
 
-  def installNoVnc(self, source_ip, source_port, target_ip, target_port):
-    """
-    Create noVNC configuration dictionnary and instanciate Websockify proxy
+    controller_path = self.createExecutable(
+      self.options['controller-path'],
+      self.substituteTemplate(self.getTemplateFilename('kvm_controller_run.in'),
+                              config))
 
-    Parameters : IP of the proxy, port on which is situated the proxy,
-                 IP of the vnc server, port on which is situated the vnc server,
-                 path to python binary
-
-    Returns    : noVNC configuration dictionnary
-    """
-
-    noVNC_conf = {}
-
-    noVNC_conf['source_ip']   = source_ip
-    noVNC_conf['source_port'] = source_port
-
-    execute_arguments = [[
-        self.options['websockify'].strip(),
-        '--web',
-        self.options['noVNC_location'],
-        '--key=%s' % (self.key_path),
-        '--cert=%s' % (self.certificate_path),
-        '--ssl-only',
-        '%s:%s' % (source_ip, source_port),
-        '%s:%s' % (target_ip, target_port)],
-        [self.certificate_path, self.key_path]]
-
-    self.path_list.extend(zc.buildout.easy_install.scripts([('websockify',
-      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws, sys.executable,
-      self.wrapper_directory, arguments=execute_arguments))
-
-    # Add noVNC promise
-    self.port_listening_promise_conf.update(hostname=noVNC_conf['source_ip'],
-                                            port=noVNC_conf['source_port'],
-                                           )
-    self.createPromiseWrapper("novnc_promise",
-        self.substituteTemplate(self.port_listening_promise_path,
-                                self.port_listening_promise_conf,
-                               )
-                             )
-
-    return noVNC_conf
-
-  def linkBinary(self):
-    """Links binaries to instance's bin directory for easier exposal"""
-    for linkline in self.options.get('link_binary_list', '').splitlines():
-      if not linkline:
-        continue
-      target = linkline.split()
-      if len(target) == 1:
-        target = target[0]
-        path, linkname = os.path.split(target)
-      else:
-        linkname = target[1]
-        target = target[0]
-      link = os.path.join(self.bin_directory, linkname)
-      if os.path.lexists(link):
-        if not os.path.islink(link):
-          raise zc.buildout.UserError(
-              'Target link already %r exists but it is not link' % link)
-        os.unlink(link)
-      os.symlink(target, link)
-      self.logger.debug('Created link %r -> %r' % (link, target))
-      self.path_list.append(link)
-
-  def installCertificateAuthority(self, ca_country_code='XX',
-      ca_email='xx@example.com', ca_state='State', ca_city='City',
-      ca_company='Company'):
-    backup_path = self.createBackupDirectory('ca')
-    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
-    self._createDirectory(self.ca_dir)
-    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
-    self._createDirectory(self.ca_request_dir)
-    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
-    self.ca_private = os.path.join(self.ca_dir, 'private')
-    self.ca_certs = os.path.join(self.ca_dir, 'certs')
-    self.ca_crl = os.path.join(self.ca_dir, 'crl')
-    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
-    self.ca_key_ext = '.key'
-    self.ca_crt_ext = '.crt'
-    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
-      self._createDirectory(d)
-    for f in ['crlnumber', 'serial']:
-      if not os.path.exists(os.path.join(self.ca_dir, f)):
-        open(os.path.join(self.ca_dir, f), 'w').write('01')
-    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
-      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
-    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
-    config.update(
-        working_directory=self.ca_dir,
-        country_code=ca_country_code,
-        state=ca_state,
-        city=ca_city,
-        company=ca_company,
-        email_address=ca_email,
-    )
-    self._writeFile(openssl_configuration, pkg_resources.resource_string(
-      __name__, 'template/openssl.cnf.ca.in') % config)
-    self.path_list.extend(zc.buildout.easy_install.scripts([
-      ('certificate_authority',
-        __name__ + '.certificate_authority', 'runCertificateAuthority')],
-        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
-          openssl_configuration=openssl_configuration,
-          openssl_binary=self.options['openssl_binary'],
-          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
-          key=os.path.join(self.ca_private, 'cakey.pem'),
-          crl=os.path.join(self.ca_crl),
-          request_dir=self.ca_request_dir
-          )]))
-    # configure backup
-    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
-    open(backup_cron, 'w').write(
-        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
-          rdiff_backup=self.options['rdiff_backup_binary'],
-          source=self.ca_dir,
-          destination=backup_path))
-    self.path_list.append(backup_cron)
-
-    return dict(
-      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
-      ca_crl=os.path.join(config['ca_dir'], 'crl'),
-      certificate_authority_path=config['ca_dir']
-    )
 
-  def requestCertificate(self, name):
-    hash = hashlib.sha512(name).hexdigest()
-    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
-    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
-    parser = ConfigParser.RawConfigParser()
-    parser.add_section('certificate')
-    parser.set('certificate', 'name', name)
-    parser.set('certificate', 'key_file', key)
-    parser.set('certificate', 'certificate_file', certificate)
-    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
-    return key, certificate
+    return [runner_path, controller_path]
 
-  def installCrond(self):
-    timestamps = self.createDataDirectory('cronstamps')
-    cron_output = os.path.join(self.log_directory, 'cron-output')
-    self._createDirectory(cron_output)
-    catcher = zc.buildout.easy_install.scripts([('catchcron',
-      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
-      self.bin_directory, arguments=[cron_output])[0]
-    self.path_list.append(catcher)
-    cron_d = os.path.join(self.etc_directory, 'cron.d')
-    crontabs = os.path.join(self.etc_directory, 'crontabs')
-    self._createDirectory(cron_d)
-    self._createDirectory(crontabs)
-    # Use execute from erp5.
-    wrapper = zc.buildout.easy_install.scripts([('crond',
-      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
-      self.wrapper_directory, arguments=[
-        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
-        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
-      )[0]
-    self.path_list.append(wrapper)
-    return cron_d
diff --git a/slapos/recipe/kvm/socket_connection_attempt.py b/slapos/recipe/kvm/socket_connection_attempt.py
deleted file mode 100644
index dfd9fad4b930518c6ef94a88c69ed40ce6b22539..0000000000000000000000000000000000000000
--- a/slapos/recipe/kvm/socket_connection_attempt.py
+++ /dev/null
@@ -1,26 +0,0 @@
-import socket
-import sys
-
-def connection_attempt():
-
-  try:
-    hostname, port = sys.argv[1:3]
-  except ValueError:
-    print >> sys.stderr, """Bad command line.
-  Usage: %s hostname|ip port""" % sys.argv[0]
-    sys.exit(1)
-
-  connection_okay = False
-
-  try:
-    s = socket.create_connection((hostname, port))
-    connection_okay = True
-    s.close()
-  except (socket.error, socket.timeout):
-    connection_okay = False
-
-  if not connection_okay:
-    print >> sys.stderr, "%(port)s on %(ip)s isn't listening" % {
-      'port': port, 'ip': hostname
-    }
-    sys.exit(127)
diff --git a/slapos/recipe/kvm/template/kvm_run.in b/slapos/recipe/kvm/template/kvm_run.in
index 3987f1df1135c832be80d5e0b19a9dc9dc3192ea..d4f770a2d6f471b0ab208f67e57816b93a8f82c7 100644
--- a/slapos/recipe/kvm/template/kvm_run.in
+++ b/slapos/recipe/kvm/template/kvm_run.in
@@ -1,17 +1,55 @@
-#!/bin/sh
+#!%(python_path)s
 # BEWARE: This file is operated by slapgrid
 # BEWARE: It will be overwritten automatically
 
-# TODO: -net nic,model=virtio, but OS installer has to provide the virtio_net
-# module
-exec %(qemu_path)s \
-  -net nic,macaddr=%(mac_address)s \
-  -net tap,ifname=%(tap_interface)s,script=no,downscript=no \
-  -smp %(smp_count)s \
-  -m %(ram_size)s \
-  -cdrom nbd:[%(nbd_ip)s]:%(nbd_port)s \
-  -drive file=%(disk_path)s,if=virtio,boot=on \
-  -vnc %(vnc_ip)s:1,ipv4,password \
-  -boot menu=on \
-  -qmp unix:%(socket_path)s,server \
-  -pidfile %(pid_file_path)s
+# Echo client program
+import os
+import socket
+import subprocess
+
+def getSocketStatus(host, port):
+  s = None
+  for res in socket.getaddrinfo(host, port,
+      socket.AF_UNSPEC, socket.SOCK_STREAM):
+    af, socktype, proto, canonname, sa = res
+    try:
+      s = socket.socket(af, socktype, proto)
+    except socket.error, msg:
+      s = None
+      continue
+    try:
+      s.connect(sa)
+    except socket.error, msg:
+      s.close()
+      s = None
+      continue
+    break
+  return s
+
+# create disk if doesn't exist
+disk_path = '%(disk_path)s'
+if not os.path.exists(disk_path):
+  subprocess.Popen(['%(qemu_img_path)s', 'create' ,'-f', 'qcow2',
+      '%(disk_path)s', '%(disk_size)sG'])
+
+kvm_argument_list = ['kvm', '-net', 'nic,macaddr=%(mac_address)s',
+  '-net', 'tap,ifname=%(tap_interface)s,script=no,downscript=no',
+  '-smp', '%(smp_count)s',
+  '-m', '%(ram_size)s',
+  '-drive', 'file=%(disk_path)s,if=virtio,boot=on',
+  '-vnc', '%(vnc_ip)s:1,ipv4,password',
+  '-boot', 'menu=on',
+  '-qmp', 'unix:%(socket_path)s,server',
+  '-pidfile', '%(pid_file_path)s',
+]
+
+# Try to connect to NBD server
+s = getSocketStatus('%(nbd_ip)s', %(nbd_port)s)
+if s is None:
+  # NBD is not available : launch kvm without it
+  print 'Warning : Nbd is not available.'
+  os.execv('%(qemu_path)s', kvm_argument_list)
+else:
+  # NBD is available
+  kvm_argument_list.extend(['-cdrom', 'nbd:[%(nbd_ip)s]:%(nbd_port)s'])
+  os.execv('%(qemu_path)s', kvm_argument_list)
diff --git a/slapos/recipe/kvm/template/port_listening_promise.in b/slapos/recipe/kvm/template/port_listening_promise.in
deleted file mode 100644
index 15fa390d01e38096cfb8a9d01356bf1687e3f740..0000000000000000000000000000000000000000
--- a/slapos/recipe/kvm/template/port_listening_promise.in
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/usr/bin/env sh
-
-"%(check_port_listening_script)s" "%(hostname)s" "%(port)s"
-exit $?
diff --git a/slapos/recipe/kvm/template/slapmonitor_run.in b/slapos/recipe/kvm/template/slapmonitor_run.in
deleted file mode 100644
index c790e0904af68481fb1b6f13d9cdbd64454b4ad7..0000000000000000000000000000000000000000
--- a/slapos/recipe/kvm/template/slapmonitor_run.in
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-# BEWARE: This file is operated by slapgrid
-# BEWARE: It will be overwritten automatically
-exec %(python_path)s %(slapmonitor_path)s %(pid_file_path)s %(database_path)s
diff --git a/slapos/recipe/kvm/template/slapreport_run.in b/slapos/recipe/kvm/template/slapreport_run.in
deleted file mode 100644
index 4b3dd99a377d0dcbcf256255c056877811dce397..0000000000000000000000000000000000000000
--- a/slapos/recipe/kvm/template/slapreport_run.in
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-# BEWARE: This file is operated by slapgrid
-# BEWARE: It will be overwritten automatically
-exec %(python_path)s %(slapreport_path)s $1 %(database_path)s
diff --git a/slapos/recipe/kvm_frontend/__init__.py b/slapos/recipe/kvm_frontend/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..0da2573480b73e3aa0d0c62c739991a0ebc5cd87
--- /dev/null
+++ b/slapos/recipe/kvm_frontend/__init__.py
@@ -0,0 +1,137 @@
+##############################################################################
+#
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe, GenericSlapRecipe
+import json
+import zc.buildout
+
+class Recipe(GenericSlapRecipe):
+  """
+  kvm frontend instance configuration.
+  """
+
+  def _getRewriteRuleContent(self, slave_instance_list):
+    """Generate rewrite rules list from slaves list"""
+    rewrite_rule_list = []
+    for slave_instance in slave_instance_list:
+      self.logger.info("Processing slave instance %s..." %
+          slave_instance['slave_reference'])
+      # Check for mandatory fields
+      if slave_instance.get('host', None) is None:
+        self.logger.warn('No "host" parameter is defined for %s slave'\
+            'instance. Ignoring it.' % slave_instance['slave_reference'])
+        continue
+      if slave_instance.get('port', None) is None:
+        self.logger.warn('No "host" parameter is defined for %s slave'\
+            'instance. Ignoring it.' % slave_instance['slave_reference'])
+        continue
+
+      current_slave_dict = dict()
+
+      # Get host, and if IPv6 address, remove "[" and "]"
+      current_slave_dict['host'] = slave_instance['host'].\
+          replace('[', '').replace(']', '')
+      current_slave_dict['port'] = slave_instance['port']
+
+      # Check if target is https or http
+      current_slave_dict['https'] = slave_instance.get('https', 'true')
+      if current_slave_dict['https'] in GenericBaseRecipe.FALSE_VALUES:
+        current_slave_dict['https'] = 'false'
+      # Set reference and resource url
+      # Reference is raw reference from SlapOS Master, resource is
+      # URL-compatible name
+      reference = slave_instance.get('slave_reference')
+      current_slave_dict['reference'] = reference
+      current_slave_dict['resource'] = reference.replace('-', '')
+      rewrite_rule_list.append(current_slave_dict)
+    return rewrite_rule_list
+
+  def _getProxyTableContent(self, rewrite_rule_list):
+    """Generate proxy table file content from rewrite rules list"""
+    proxy_table = dict()
+    for rewrite_rule in rewrite_rule_list:
+      proxy_table[rewrite_rule['resource']] = {
+          'port': rewrite_rule['port'],
+          'host': rewrite_rule['host'],
+          'https': rewrite_rule['https'],
+      }
+
+    proxy_table_content = json.dumps(proxy_table)
+    return proxy_table_content
+
+  def _install(self):
+    # Check for mandatory field
+    if self.options.get('domain', None) is None:
+      raise zc.buildout.UserError('No domain name specified. Please define '
+          'the "domain" instance parameter.')
+    # Generate rewrite rules
+    rewrite_rule_list = self._getRewriteRuleContent(
+      json.loads(self.options['slave-instance-list']))
+    # Create Map
+    map_content = self._getProxyTableContent(rewrite_rule_list)
+    map_file = self.createFile(self.options['map-path'], map_content)
+
+    # Create configuration
+    conf = open(self.getTemplateFilename('kvm-proxy.js'), 'r')
+    conf_file = self.createFile(self.options['conf-path'], conf.read())
+    conf.close()
+
+    # Do we create http dummy server used to redirect to https?
+    if self.options['http-redirection'] in GenericBaseRecipe.TRUE_VALUES:
+      http_redirect_server = '1'
+    else:
+      http_redirect_server = ''
+
+    config = dict(
+      ip=self.options['ip'],
+      port=self.options['port'],
+      key=self.options['ssl-key-path'],
+      certificate=self.options['ssl-cert-path'],
+      name=self.options['domain'],
+      shell_path=self.options['shell-path'],
+      node_path=self.options['node-binary'],
+      node_env=self.options['node-env'],
+      conf_path=conf_file,
+      map_path=map_file,
+      plain_http=http_redirect_server,
+    )
+
+    runner_path = self.createExecutable(
+      self.options['wrapper-path'],
+      self.substituteTemplate(self.getTemplateFilename('nodejs_run.in'),
+                              config))
+
+    # Send connection parameters of slave instances
+    site_url = "https://%s:%s/" % (self.options['domain'], self.options['port'])
+    for slave in rewrite_rule_list:
+      self.setConnectionDict(
+          dict(url="%s%s" % (site_url, slave['resource']),
+               domainname=self.options['domain'],
+               port=self.options['port'],
+               resource=slave['resource']),
+          slave['reference'])
+
+    return [map_file, conf_file, runner_path]
diff --git a/slapos/recipe/kvm_frontend/template/kvm-proxy.js b/slapos/recipe/kvm_frontend/template/kvm-proxy.js
new file mode 100644
index 0000000000000000000000000000000000000000..9c83d6930e1732ae9aa1efb75ecced8b93274004
--- /dev/null
+++ b/slapos/recipe/kvm_frontend/template/kvm-proxy.js
@@ -0,0 +1,128 @@
+/*****************************************************************************
+*
+* Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+*
+* WARNING: This program as such is intended to be used by professional
+* programmers who take the whole responsibility of assessing all potential
+* consequences resulting from its eventual inadequacies and bugs
+* End users who are looking for a ready-to-use solution with commercial
+* guarantees and support are strongly adviced to contract a Free Software
+* Service Company
+*
+* This program is Free Software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 3
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*
+*****************************************************************************/
+
+/* Wrapper used to configure the httpproxy node package to proxy
+   http://myhost/myinstance
+   to real IP/URL of myinstance
+*/
+
+var fs = require('fs'),
+    util = require('util'),
+    colors = require('colors'),
+    http = require('http'),
+    httpProxy = require('http-proxy'),
+    proxyByUrl = require('proxy-by-url');
+
+var listenInterface = process.argv[2],
+    port = process.argv[3],
+    sslKeyFile = process.argv[4],
+    sslCertFile = process.argv[5],
+    proxyTable = process.argv[6],
+    redirect = process.argv[7] || false,
+    isRawIPv6;
+
+if (process.argv.length < 7) {
+    console.error("Too few arguments. Exiting.");
+  process.exit(1);
+}
+
+isRawIPv6 = function checkipv6(str) {
+  // Inspired by http://forums.intermapper.com/viewtopic.php?t=452
+  return (/^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/.test(str));
+}(listenInterface);
+
+/**
+ * Dummy middleware that throws 404 not found. Does not contain websocket
+ * middleware.
+ */
+var middlewareNotFound = function(req, res, proxy) {
+  res.statusCode = 404;
+  res.setHeader('Content-Type', 'text/plain');
+  res.end('This URL is not known. Please check your URL or contact your ' +
+      'SlapOS administrator.');
+};
+
+/**
+ * Create server
+ */
+var proxyServer = httpProxy.createServer(
+  // We declare our proxyByUrl middleware
+  proxyByUrl(proxyTable),
+  // Then we add your dummy middleware, called when proxyByUrl doesn't find url.
+  middlewareNotFound,
+  // And we set HTTPS options for server. HTTP will be forbidden.
+  {
+    https: {
+      key: fs.readFileSync(
+        sslKeyFile,
+        'utf8'
+      ),
+      cert: fs.readFileSync(
+        sslCertFile,
+        'utf8'
+      )
+    },
+    source: {
+    host: listenInterface,
+    port: port
+  }}
+);
+
+console.log('HTTPS server starting and trying to listen on ' +
+            listenInterface + ':' + port);
+// Release the beast.
+proxyServer.listen(port, listenInterface);
+
+// Dummy HTTP server redirecting to HTTPS. Only has sense if we can use port 80
+if (redirect === '1') {
+  console.log('HTTP redirect server starting and trying to listen on ' +
+              listenInterface + ':' + httpPort);
+  try {
+    var httpPort = 80;
+    http.createServer(function(req, res) {
+      var url;
+      if (isRawIPv6 === true) {
+        url = 'https://[' + listenInterface + ']';
+      } else {
+        url = 'https://' + listenInterface;
+      }
+      // If non standard port : need to specify it
+      if (port !== 443) {
+        url = url + ':' + port;
+      }
+      // Add last part of URL
+      url = url + req.url;
+      console.log(url);
+      // Anwser "permanently redirected"
+      res.statusCode = 301;
+      res.setHeader('Location', url);
+      res.end();
+    }).listen(httpPort, listenInterface);
+  } catch (error) {
+    console.log('Couldn\'t start plain HTTP redirection server : ' + error)
+  }
+}
diff --git a/slapos/recipe/kvm_frontend/template/nodejs_run.in b/slapos/recipe/kvm_frontend/template/nodejs_run.in
new file mode 100644
index 0000000000000000000000000000000000000000..8384f05deba13f9e6be0a9417dd54a2b945a9eb9
--- /dev/null
+++ b/slapos/recipe/kvm_frontend/template/nodejs_run.in
@@ -0,0 +1,5 @@
+#!%(shell_path)s
+# BEWARE: This file is operated by slapgrid
+# BEWARE: It will be overwritten automatically
+export NODE_PATH=%(node_env)s
+exec %(node_path)s %(conf_path)s %(ip)s %(port)s %(key)s %(certificate)s %(map_path)s %(plain_http)s
diff --git a/slapos/recipe/lamp/__init__.py b/slapos/recipe/lamp/__init__.py
index 55ae815bcc6c859406b57b352b13c3c0eeef2bfa..710cc076032c2692df652dd9e354ef53695572b0 100644
--- a/slapos/recipe/lamp/__init__.py
+++ b/slapos/recipe/lamp/__init__.py
@@ -33,6 +33,8 @@ import sys
 import zc.recipe.egg
 import urlparse
 
+# Warning : this recipe is deprecated and has been replaced by apachephp.
+
 class BaseRecipe(BaseSlapRecipe):
   def getTemplateFilename(self, template_name):
     return pkg_resources.resource_filename(__name__,
diff --git a/slapos/recipe/lamp/template/apache.in b/slapos/recipe/lamp/template/apache.in
index 1d7d6a94d878c91a13533a3af66c426a2dde3490..b0b180872cc10068f3e43865f61bc78f4b7a2b11 100644
--- a/slapos/recipe/lamp/template/apache.in
+++ b/slapos/recipe/lamp/template/apache.in
@@ -3,7 +3,6 @@
 
 # Basic server configuration
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 PHPINIDir %(php_ini_dir)s
 ServerAdmin someone@email
@@ -39,6 +38,9 @@ DocumentRoot %(document_root)s
 DirectoryIndex index.html index.php
 
 # List of modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule setenvif_module modules/mod_setenvif.so
diff --git a/slapos/recipe/lamp/template/my.cnf.in b/slapos/recipe/lamp/template/my.cnf.in
index 00eb280232a8e41206dccdca6be7fe15e58a1591..1466632e5b1af5a22713c563b012f9e85fbcca92 100644
--- a/slapos/recipe/lamp/template/my.cnf.in
+++ b/slapos/recipe/lamp/template/my.cnf.in
@@ -21,7 +21,7 @@ long_query_time = 5
 max_allowed_packet = 128M
 query_cache_size = 32M
 
-plugin-load = ha_groonga.so;ha_sphinx.so
+plugin-load = ha_mroonga.so;ha_sphinx.so
 
 # The following are important to configure and depend a lot on to the size of
 # your database and the available resources.
diff --git a/slapos/recipe/librecipe/generic.py b/slapos/recipe/librecipe/generic.py
index 86829c378ceea8061730cf1add7811beff75173c..19729c6352d1018967c7c586c5999d9b646c5776 100644
--- a/slapos/recipe/librecipe/generic.py
+++ b/slapos/recipe/librecipe/generic.py
@@ -38,6 +38,7 @@ import zc.buildout
 class GenericBaseRecipe(object):
 
   TRUE_VALUES = ['y', 'yes', '1', 'true']
+  FALSE_VALUES = ['n', 'no', '0', 'false']
 
   def __init__(self, buildout, name, options):
     """Recipe initialisation"""
diff --git a/slapos/recipe/logrotate.py b/slapos/recipe/logrotate.py
index 42959a1c00f38372b45d6fa435e974d78c9d424e..06a455379e5b539600a3ea52f4c51f6bbca83e3c 100644
--- a/slapos/recipe/logrotate.py
+++ b/slapos/recipe/logrotate.py
@@ -31,23 +31,14 @@ from slapos.recipe.librecipe import GenericBaseRecipe
 class Recipe(GenericBaseRecipe):
 
   def install(self):
-    logrotate_backup = self.options['backup']
     logrotate_d = self.options['logrotate-entries']
     logrotate_conf_file = self.options['conf']
 
     logrotate_conf = [
-      'daily',
-      'dateext',
-      'rotate 3650',
-      'compress',
       'compresscmd %s' % self.options['gzip-binary'],
       'compressoptions -9',
       'uncompresscmd %s' % self.options['gunzip-binary'],
-      'notifempty',
-      'sharedscripts',
-      'create',
       'include %s' % logrotate_d,
-      'olddir %s' % logrotate_backup,
     ]
 
     logrotate_conf_file = self.createFile(logrotate_conf_file, 
@@ -69,7 +60,16 @@ class Part(GenericBaseRecipe):
 
     logrotate_d = self.options['logrotate-entries']
 
-    conf = []
+    conf = [
+      'daily',
+      'dateext',
+      'rotate 3650',
+      'compress',
+      'notifempty',
+      'sharedscripts',
+      'create',
+      'olddir %s' % self.options['backup'],
+    ]
 
     if 'post' in self.options:
       conf.append("postrotate\n%s\nendscript" % self.options['post'])
diff --git a/slapos/recipe/mkdirectory.py b/slapos/recipe/mkdirectory.py
index 2eebf5579cf013267036fe13630061dd5b25f3cd..9ed44f14f5b572da0173a8351e7e824679cd2070 100644
--- a/slapos/recipe/mkdirectory.py
+++ b/slapos/recipe/mkdirectory.py
@@ -33,21 +33,12 @@ class Recipe(GenericBaseRecipe):
   def _options(self, options):
     self.directory = options.copy()
     del self.directory['recipe']
-
-    str_mode = '0700'
-    if 'mode' in self.directory:
-      str_mode = self.directory['mode']
-      del self.directory['mode']
-    self.mode = int(str_mode, 8)
+    self.mode = int(self.directory.pop('mode', '700'), 8)
 
   def install(self):
-
-    for directory in sorted(self.directory.values()):
-      path = directory
-
+    for path in sorted(self.directory.values()):
       if not os.path.exists(path):
-        os.mkdir(path, self.mode)
+        os.makedirs(path, self.mode)
       elif not os.path.isdir(path):
         raise OSError("%s path exits, but it's not a directory.")
-
     return []
diff --git a/slapos/recipe/mysql/template/my.cnf.in b/slapos/recipe/mysql/template/my.cnf.in
index f72db92443fd30d88a15a561d290945ade511608..5359785be61404413e73e2f1984a46f2614414ae 100644
--- a/slapos/recipe/mysql/template/my.cnf.in
+++ b/slapos/recipe/mysql/template/my.cnf.in
@@ -19,7 +19,7 @@ long_query_time = 5
 max_allowed_packet = 128M
 query_cache_size = 32M
 
-plugin-load = ha_groonga.so;ha_sphinx.so
+plugin-load = ha_mroonga.so;ha_sphinx.so
 
 # The following are important to configure and depend a lot on to the size of
 # your database and the available resources.
diff --git a/slapos/recipe/nbdserver/__init__.py b/slapos/recipe/nbdserver/__init__.py
index 3b7e654b90dfa737f885b30c31c102b9ff068474..6f35add02be7a81cd558b7464ca6c125eb7469b0 100644
--- a/slapos/recipe/nbdserver/__init__.py
+++ b/slapos/recipe/nbdserver/__init__.py
@@ -1,6 +1,6 @@
 ##############################################################################
 #
-# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
 #
 # WARNING: This program as such is intended to be used by professional
 # programmers who take the whole responsibility of assessing all potential
@@ -24,59 +24,29 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 #
 ##############################################################################
-import os
+from slapos.recipe.librecipe import GenericBaseRecipe
 import binascii
-from slapos.recipe.librecipe import BaseSlapRecipe
-
-import pkg_resources
-
-class Recipe(BaseSlapRecipe):
-
-  def _install(self):
-
-    # Image path
-    cdrom_iso = os.path.join(self.data_root_directory, 'cdrom.iso')
-
-    #Get the IP list
-    ip = self.getGlobalIPv6Address()
-    http_port = 9999
-    nbd_port = 1024
-
-    # Instanciate onetimeupload
-    onetimeupload_config = {}
-    onetimeupload_config.update(self.options)
-    onetimeupload_config['port'] = http_port
-    onetimeupload_config['ip'] = ip
-    onetimeupload_config['image'] = cdrom_iso
-    onetimeupload_config['key'] = binascii.hexlify(os.urandom(24))
-    onetimeupload_config['log_path'] = os.path.join(self.log_directory, 
-                                                    'onetimeupload.log')
-
-    wrapper_template_location = pkg_resources.resource_filename(
-                                       __name__, os.path.join(
-                                       'template', 'onetimeupload_run.in'))
-    onetimeupload_runner_path = self.createRunningWrapper("onetimeupload",
-        self.substituteTemplate(wrapper_template_location, 
-                                onetimeupload_config))
-
-    # Instanciate qemu
-    qemu_config = {}
-    qemu_config.update(self.options)
-    qemu_config['ip'] = ip
-    qemu_config['port'] = nbd_port
-    qemu_config['image'] = cdrom_iso
-
-    wrapper_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template', 'nbdserver_run.in'))
-    nbdserver_runner_path = self.createRunningWrapper("nbdserver",
-        self.substituteTemplate(wrapper_template_location, qemu_config))
-
-    # Publish connection dict
-    self.computer_partition.setConnectionDict(dict(
-      upload_connection_string="https://[%s]:%s/" % (ip, http_port),
-      upload_key=onetimeupload_config['key'],
-      nbd_connection_string="nbd:[%s]:%s" % (ip, nbd_port),
-      ))
-
-    return [onetimeupload_runner_path, nbdserver_runner_path]
+import os
+import sys
+
+class Recipe(GenericBaseRecipe):
+  """
+  nbd instance configuration.
+  """
+
+  def install(self):
+    config = dict(
+      ip=self.options['ip'],
+      port=self.options['port'],
+      image_path=self.options['image-path'],
+      qemu_path=self.options['qemu-path'],
+      shell_path=self.options['shell-path'],
+    )
+
+    # Runners
+    runner_path = self.createExecutable(
+      self.options['path'],
+      self.substituteTemplate(self.getTemplateFilename('nbdserver_run.in'),
+                              config))
+
+    return [runner_path]
diff --git a/slapos/recipe/nbdserver/template/nbdserver_run.in b/slapos/recipe/nbdserver/template/nbdserver_run.in
index ca93f73b70fd273c59c559104e05eb7cdab3f968..dd7068a0e0e39f1f5e78e5f6fddb5fd5a9f76d48 100644
--- a/slapos/recipe/nbdserver/template/nbdserver_run.in
+++ b/slapos/recipe/nbdserver/template/nbdserver_run.in
@@ -1,6 +1,6 @@
-#!/bin/sh
+#!%(shell_path)s
 # BEWARE: This file is operated by slapgrid
 # BEWARE: It will be overwritten automatically
 
 # 32767 is the maximum number of connections allowed by the nbd server
-exec %(qemu_path)s -b %(ip)s %(image)s -r -t -p %(port)s -e 32767
+exec %(qemu_path)s -b %(ip)s %(image_path)s -r -t -p %(port)s -e 32767
diff --git a/slapos/recipe/novnc/__init__.py b/slapos/recipe/novnc/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..a24588d54c40e571e5c97ab508506356429f096f
--- /dev/null
+++ b/slapos/recipe/novnc/__init__.py
@@ -0,0 +1,54 @@
+##############################################################################
+#
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+import binascii
+import os
+import sys
+
+class Recipe(GenericBaseRecipe):
+  """
+  novnc instance configuration.
+  """
+
+  def install(self):
+    runner_path = self.createPythonScript(
+      self.options['path'],
+      'slapos.recipe.librecipe.execute.execute_wait',
+      [[
+        self.options['websockify-path'],
+        '--web',
+        self.options['novnc-location'],
+        '--key=%s' % self.options['ssl-key-path'],
+        '--cert=%s' % self.options['ssl-cert-path'],
+        '--ssl-only',
+        '%s:%s' % (self.options['ip'], self.options['port']),
+        '%s:%s' % (self.options['vnc-ip'], self.options['vnc-port']),
+      ],
+      [self.options['ssl-key-path'], self.options['ssl-cert-path']]],
+    )
+
+    return [runner_path]
diff --git a/slapos/recipe/pulse2/template/apache.in.in b/slapos/recipe/pulse2/template/apache.in.in
index 3a8a8c7f6b1dfbef5f6617ffaed3305351db6585..5bcaade54b55d0bb5831176c5d6c440f132e1f86 100644
--- a/slapos/recipe/pulse2/template/apache.in.in
+++ b/slapos/recipe/pulse2/template/apache.in.in
@@ -3,7 +3,6 @@
 
 # Basic server configuration
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 PHPINIDir %(php_ini_dir)s
 ServerAdmin someone@email
@@ -42,6 +41,9 @@ DocumentRoot %(document_root)s
 DirectoryIndex index.html index.php
 
 # List of modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule setenvif_module modules/mod_setenvif.so
diff --git a/slapos/recipe/request.py b/slapos/recipe/request.py
index 46ca4d68272ef20d9db6c6159aae93c555c38d30..52c8454f9bb2fa9c836c30d7e12b31bf93204fac 100644
--- a/slapos/recipe/request.py
+++ b/slapos/recipe/request.py
@@ -54,7 +54,7 @@ class Recipe(object):
       self.return_parameters = [str(parameter).strip()
                                for parameter in options['return'].split()]
     else:
-      self.logger.warning("No parameter to return to main instance."
+      self.logger.debug("No parameter to return to main instance."
                           "Be careful about that...")
 
     software_type = 'RootInstanceSoftware'
@@ -72,14 +72,15 @@ class Recipe(object):
         partition_parameter_kw[config_parameter] = \
             options['config-%s' % config_parameter]
 
-    instance = self.request(options['software-url'], software_type,
+    self.instance = self.request(options['software-url'], software_type,
       options.get('name', name), partition_parameter_kw=partition_parameter_kw,
       filter_kw=filter_kw, shared=self.isSlave)
 
     self.failed = None
     for param in self.return_parameters:
       try:
-        options['connection-%s' % param] = str(instance.getConnectionParameter(param))
+        options['connection-%s' % param] = str(
+            self.instance.getConnectionParameter(param))
       except slapmodule.NotFoundError:
         options['connection-%s' % param] = ''
         if self.failed is None:
@@ -87,7 +88,16 @@ class Recipe(object):
 
   def install(self):
     if self.failed is not None:
-      raise KeyError("Connection parameter %r not found." % self.failed)
+      # Check instance status to know if instance has been deployed
+      try:
+        status = self.instance.getState()
+      except slapmodule.NotFoundError:
+        status = "not ready yet, please try again"
+      # XXX-Cedric : currently raise an error. So swallow it...
+      except AttributeError:
+        status = "unknown"
+      raise KeyError("Connection parameter %s not found. "
+          "Status of requested instance is : %s." % (self.failed, status))
     return []
 
   update = install
diff --git a/slapos/recipe/slaprunner/__init__.py b/slapos/recipe/slaprunner/__init__.py
index 3c74cb5b21bde688d1163612fcff06280a629428..347c13ef9e06c238dc01e6ef326336a684ce4078 100644
--- a/slapos/recipe/slaprunner/__init__.py
+++ b/slapos/recipe/slaprunner/__init__.py
@@ -40,6 +40,7 @@ class Recipe(BaseSlapRecipe):
     ipv6 = self.getGlobalIPv6Address()
     proxy_port = '50000'
     runner_port = '50000'
+    cloud9_port = '30000'
     workdir = self.createDataDirectory('runner')
     software_root = os.path.join(workdir, 'software')
     instance_root = os.path.join(workdir, 'instance')
@@ -48,7 +49,7 @@ class Recipe(BaseSlapRecipe):
         instance_root=instance_root,
         master_url='http://%s:%s/' % (ipv4, proxy_port),
         computer_id='slaprunner',
-        partition_amount=2,
+        partition_amount=7,
         slapgrid_sr=self.options['slapgrid_sr'],
         slapgrid_cp=self.options['slapgrid_cp'],
         slapproxy=self.options['slapproxy'],
@@ -64,22 +65,33 @@ class Recipe(BaseSlapRecipe):
         proxy_port=proxy_port,
         proxy_database=os.path.join(workdir, 'proxy.db'),
 	git=self.options['git'],
+	cloud9_url='http://[%s]:%s' % (ipv6, cloud9_port),
 	ssh_client=self.options['ssh_client'],
 	public_key=self.options['public_key'],
-	private_key=self.options['private_key']
+	private_key=self.options['private_key'],
+
     )
     config_file = self.createConfigurationFile('slapos.cfg',
         self.substituteTemplate(pkg_resources.resource_filename(__name__,
           'template/slapos.cfg.in'), configuration))
     self.path_list.append(config_file)
-    
+
     environment = dict(
         PATH=os.path.dirname(self.options['git']) + ':' + os.environ['PATH'],
         GIT_SSH=self.options['ssh_client']
     )
+    workdir = os.path.join(workdir, 'project')
+    if not os.path.exists(workdir):
+      os.mkdir(workdir)
     launch_args = [self.options['slaprunner'].strip(), config_file, '--debug']
+    cloud9_args = [self.options['node-bin'].strip(), self.options['cloud9'].strip(),
+                   '-l', ipv6, '-p', cloud9_port, '-w', workdir]
     self.path_list.extend(zc.buildout.easy_install.scripts([('slaprunner',
       'slapos.recipe.librecipe.execute', 'executee')], self.ws, sys.executable,
       self.wrapper_directory, arguments=[launch_args, environment]))
-    self.setConnectionDict(dict(url='http://[%s]:%s' % (ipv6, runner_port)))
+    self.path_list.extend(zc.buildout.easy_install.scripts([('cloud9IDE',
+      'slapos.recipe.librecipe.execute', 'executee')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[cloud9_args, environment]))
+    self.setConnectionDict(dict(slaprunner_url='http://[%s]:%s' % (ipv6, runner_port),
+                            cloud9_url='http://[%s]:%s' % (ipv6, cloud9_port)))
     return self.path_list
diff --git a/slapos/recipe/slaprunner/template/slapos.cfg.in b/slapos/recipe/slaprunner/template/slapos.cfg.in
index 5dc00060eccae8c5842ae6500da3459e4bb9e200..a10da0cf5e11a414df22ed6f8dd6adb7955b6e4b 100644
--- a/slapos/recipe/slaprunner/template/slapos.cfg.in
+++ b/slapos/recipe/slaprunner/template/slapos.cfg.in
@@ -31,3 +31,6 @@ private_key = %(private_key)s
 
 [gitclient]
 git = %(git)s
+
+[cloud9_IDE]
+cloud9 = %(cloud9_url)s
\ No newline at end of file
diff --git a/slapos/recipe/softwaretype.py b/slapos/recipe/softwaretype.py
index 43ff451f1e8a30c1dfba1b107f22abdb8ed7d655..825a153f1a91a5a48729b6f76232e83a15a53ad0 100644
--- a/slapos/recipe/softwaretype.py
+++ b/slapos/recipe/softwaretype.py
@@ -64,6 +64,15 @@ class Recipe:
     # XXX: Lack checking for globality of address
     return self._getIpAddress(netaddr.valid_ipv6)
 
+  def getNetworkInterface(self):
+    """Returns the network interface available on partition"""
+    if not 'ip_list' in self.parameter_dict:
+      raise AttributeError
+    for name, ip in self.parameter_dict['ip_list']:
+      if name:
+        return name
+    raise AttributeError, "Not network interface found"
+
   def install(self):
     slap = slapos.slap.slap()
     slap_connection = self.buildout['slap_connection']
@@ -111,6 +120,8 @@ class Recipe:
                  self.getLocalIPv4Address())
     buildout.set('slap-network-information', 'global-ipv6',
                  self.getGlobalIPv6Address())
+    buildout.set('slap-network-information', 'network-interface', 
+                 self.getNetworkInterface())
 
     # Copy/paste slap_connection
     buildout.add_section('slap-connection')
diff --git a/slapos/recipe/symbolic_link.py b/slapos/recipe/symbolic_link.py
index 2bcc01d6fd6be7f54342ccc4f3360f7041684c5b..4e1d97e477c6abb5bf6fd382281fcca90636af3c 100644
--- a/slapos/recipe/symbolic_link.py
+++ b/slapos/recipe/symbolic_link.py
@@ -54,3 +54,5 @@ class Recipe:
       path_list.append(link)
 
     return path_list
+
+  update = install
diff --git a/slapos/recipe/web_checker/__init__.py b/slapos/recipe/web_checker/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..4101e5bf454e49e0485a3aa4d4eb0ad9660b2a66
--- /dev/null
+++ b/slapos/recipe/web_checker/__init__.py
@@ -0,0 +1,53 @@
+##############################################################################
+#
+# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+import os
+import re
+from slapos.recipe.librecipe import GenericSlapRecipe
+
+class Recipe(GenericSlapRecipe):
+  """
+    Create web checker configuration.
+  """
+  def _install(self):
+    path_list = []
+    web_checker_mail_address = self.parameter_dict['web-checker-mail-address']
+    web_checker_smtp_host = self.parameter_dict['web-checker-smtp-host']
+    web_checker_working_directory = \
+      self.options['web-checker-working-directory']
+    config = dict(
+      web_checker_mail_address = web_checker_mail_address,
+      web_checker_smtp_host = web_checker_smtp_host,
+      web_checker_working_directory = web_checker_working_directory,
+      frontend_url = self.options['frontend-url'],
+      wget_binary_path = self.options['wget-binary-path'],
+      varnishlog_binary_path = self.options['varnishlog-binary-path'],
+      web_checker_log = self.options['web-checker-log'],
+    )
+    path_list.append(self.createFile(self.options['web-checker-config'],
+      self.substituteTemplate(self.getTemplateFilename('web_checker.cfg.in'),
+        config)))
+    return path_list
diff --git a/slapos/recipe/web_checker/template/web_checker.cfg.in b/slapos/recipe/web_checker/template/web_checker.cfg.in
new file mode 100644
index 0000000000000000000000000000000000000000..8ac98a61c16085b54245d3e453207d0d49cbd25d
--- /dev/null
+++ b/slapos/recipe/web_checker/template/web_checker.cfg.in
@@ -0,0 +1,36 @@
+[web_checker]
+url = %(frontend_url)s
+working_directory = %(web_checker_working_directory)s
+varnishlog_binary_path = %(varnishlog_binary_path)s
+wget_binary_path = %(wget_binary_path)s
+email_address = %(web_checker_mail_address)s
+smtp_host = %(web_checker_smtp_host)s
+debug_level = debug
+file_log_path = %(web_checker_log)s
+
+[header_list]
+Last-Modified = True
+Expires = True
+Vary = Accept-Language, Cookie, Accept-Encoding
+  Accept-Language, Cookie
+  Accept-Language,Cookie,Accept-Encoding
+  Accept-Language,Cookie
+  Accept-Encoding
+Cache-Control = max-age=300
+  max-age=3600
+
+[header url=(.*_form)]
+Vary = Accept-Encoding
+
+[header url=.*/favicon.ico]
+Last-Modified = True
+
+[no_header content-type=(image/.*|text/css|.*/javascript)]
+Vary = None
+
+[erp5_extension_list]
+prohibited_folder_name_list = web_page_module
+  document_module
+prohibited_file_name_list = WebSection_viewAsWeb
+  Base_viewHistory
+  list
diff --git a/slapos/recipe/xwiki/template/my.cnf.in b/slapos/recipe/xwiki/template/my.cnf.in
index 00eb280232a8e41206dccdca6be7fe15e58a1591..1466632e5b1af5a22713c563b012f9e85fbcca92 100644
--- a/slapos/recipe/xwiki/template/my.cnf.in
+++ b/slapos/recipe/xwiki/template/my.cnf.in
@@ -21,7 +21,7 @@ long_query_time = 5
 max_allowed_packet = 128M
 query_cache_size = 32M
 
-plugin-load = ha_groonga.so;ha_sphinx.so
+plugin-load = ha_mroonga.so;ha_sphinx.so
 
 # The following are important to configure and depend a lot on to the size of
 # your database and the available resources.
diff --git a/software/apache-frontend/instance.cfg b/software/apache-frontend/instance.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..fecc536ddae08643a9b55bb2f92277fb695321c9
--- /dev/null
+++ b/software/apache-frontend/instance.cfg
@@ -0,0 +1,18 @@
+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+httpd_binary = ${apache:location}/bin/httpd
+logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
+openssl_binary = ${openssl:location}/bin/openssl
+dcrond_binary = ${dcron:location}/sbin/crond
+varnishd_binary = ${varnish-2.1:location}/sbin/varnishd
+stunnel_binary = ${stunnel:location}/bin/stunnel
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+gcc_binary = ${gcc-java-minimal:location}/bin/gcc
+binutils_directory = ${binutils:location}/bin/
diff --git a/software/apache-frontend/software.cfg b/software/apache-frontend/software.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..90df60953ac66f8b889e8196dadca64e940ff92e
--- /dev/null
+++ b/software/apache-frontend/software.cfg
@@ -0,0 +1,141 @@
+[buildout]
+versions = versions
+
+extends =
+  ../../component/binutils/buildout.cfg
+  ../../component/gcc/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+  ../../component/apache/buildout.cfg
+  ../../component/stunnel/buildout.cfg
+  ../../component/varnish/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../stack/slapos.cfg
+
+parts =
+  template
+  binutils
+  gcc-java-minimal
+  apache
+  apache-antiloris
+
+  stunnel
+  varnish-2.1
+
+  dcron
+  logrotate
+  rdiff-backup
+
+# Buildoutish
+  eggs
+  instance-recipe-egg
+
+[instance-recipe]
+# Note: In case if specific instantiation recipe is used this is the place to
+# put its name
+egg = slapos.cookbook
+module = apache.frontend
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+eggs = ${instance-recipe:egg}
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  ${lxml-python:egg}
+
+[template]
+# Default template for apache instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 17180caef7d1c477fbb037d28b705e8b
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.6.0-dev-SlapOS-004
+Jinja2 = 2.6
+Werkzeug = 0.8.3
+buildout-versions = 1.7
+hexagonit.recipe.cmmi = 1.5.0
+meld3 = 0.6.8
+rdiff-backup = 1.0.5
+slapos.recipe.template = 2.2
+slapos.cookbook = 0.40.1
+
+# Required by:
+# slapos.core==0.23
+Flask = 0.8
+
+# Required by:
+# slapos.cookbook==0.40.1
+PyXML = 0.8.4
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.40.1
+inotifyx = 0.2.0
+
+# Required by:
+# slapos.cookbook==0.40.1
+# slapos.core==0.23
+# xml-marshaller==0.9.7
+lxml = 2.3.3
+
+# Required by:
+# slapos.cookbook==0.40.1
+netaddr = 0.7.6
+
+# Required by:
+# slapos.core==0.23
+netifaces = 0.8
+
+# Required by:
+# slapos.cookbook==0.40.1
+# slapos.core==0.23
+# zc.buildout==1.6.0-dev-SlapOS-004
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.40.1
+slapos.core = 0.23
+
+# Required by:
+# slapos.core==0.23
+supervisor = 3.0a12
+
+# Required by:
+# slapos.cookbook==0.40.1
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.40.1
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.23
+zope.interface = 3.8.0
+
+[networkcache]
+# Cedric de Saint Martin signature certificate
+signature-certificate-list =
+  -----BEGIN CERTIFICATE-----
+  MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+  BAMMCENPTVAtMjMyMCAXDTEyMDIxNjExMTAyM1oYDzIxMTIwMTIzMTExMDIzWjAT
+  MREwDwYDVQQDDAhDT01QLTIzMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+  wi/3Z8W9pUiegUXIk/AiFDQ0UJ4JFAwjqr+HSRUirlUsHHT+8DzH/hfcTDX1I5BB
+  D1ADk+ydXjMm3OZrQcXjn29OUfM5C+g+oqeMnYQImN0DDQIOcUyr7AJc4xhvuXQ1
+  P2pJ5NOd3tbd0kexETa1LVhR6EgBC25LyRBRae76qosCAwEAAaNQME4wHQYDVR0O
+  BBYEFMDmW9aFy1sKTfCpcRkYnP6zUd1cMB8GA1UdIwQYMBaAFMDmW9aFy1sKTfCp
+  cRkYnP6zUd1cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAskbFizHr
+  b6d3iIyN+wffxz/V9epbKIZVEGJd/6LrTdLiUfJPec7FaxVCWNyKBlCpINBM7cEV
+  Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby
+  If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY=
+  -----END CERTIFICATE-----
diff --git a/software/cloudooo/development.cfg b/software/cloudooo/development.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..d86faeff17d77fb80556ea3998c452fc2c3ebbcb
--- /dev/null
+++ b/software/cloudooo/development.cfg
@@ -0,0 +1,3 @@
+[buildout]
+extends = software.cfg
+auto-checkout = cloudooo
diff --git a/software/cloudooo/instance.cfg b/software/cloudooo/instance.cfg
index 5d3da358eadd29c644a9b368b3ed41bb3b580c21..a1a1b42e20818b9c7c7a6cf2a2d062f4b47eedf6 100644
--- a/software/cloudooo/instance.cfg
+++ b/software/cloudooo/instance.cfg
@@ -23,4 +23,4 @@ link_binary_list =
   ${pdftk:location}/bin/pdftk
 
 environment =
-  LD_LIBRARY_PATH = ${file:location}/lib:${fontconfig:location}/lib:${freetype:location}/lib:${libICE:location}/lib:${libSM:location}/lib:${libX11:location}/lib:${libXau:location}/lib:${libXdmcp:location}/lib:${libXext:location}/lib:${libXinerama:location}/lib:${libxcb:location}/lib:${zlib:location}/lib
+  LD_LIBRARY_PATH = ${file:location}/lib:${fontconfig:location}/lib:${freetype:location}/lib:${libICE:location}/lib:${libpng12:location}/lib:${libSM:location}/lib:${libX11:location}/lib:${libXau:location}/lib:${libXdmcp:location}/lib:${libXext:location}/lib:${libxcb:location}/lib:${libXrender:location}/lib:${zlib:location}/lib
diff --git a/software/cloudooo/software.cfg b/software/cloudooo/software.cfg
index 879ef71da20891701d7a7da4cd7feb71d5bdeb63..7f8143fb47931371823ef29d1864358400d4f80a 100644
--- a/software/cloudooo/software.cfg
+++ b/software/cloudooo/software.cfg
@@ -33,6 +33,6 @@ module = cloudooo
 # Default template for erp5 instance.
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
-md5sum = 2a38a928deb5870e02a8271b34341f5b
+md5sum = 49da453a38dc5462c170747a029037b7
 output = ${buildout:directory}/template.cfg
 mode = 0644
diff --git a/software/erp5/instance-cloudooo.cfg b/software/erp5/instance-cloudooo.cfg
index 894530fedcc465a91daec84323bce93b42c57482..3428ecd13a81c40fd81878813c547620369db93a 100644
--- a/software/erp5/instance-cloudooo.cfg
+++ b/software/erp5/instance-cloudooo.cfg
@@ -27,7 +27,7 @@ wrapper = $${basedirectory:services}/cloudooo
 data-directory = $${directory:cloudooo-data}
 
 environment =
-  LD_LIBRARY_PATH = ${file:location}/lib:${fontconfig:location}/lib:${freetype:location}/lib:${libICE:location}/lib:${libSM:location}/lib:${libX11:location}/lib:${libXau:location}/lib:${libXdmcp:location}/lib:${libXext:location}/lib:${libXinerama:location}/lib:${libxcb:location}/lib:${zlib:location}/lib
+  LD_LIBRARY_PATH = ${file:location}/lib:${fontconfig:location}/lib:${freetype:location}/lib:${libICE:location}/lib:${libpng12:location}/lib:${libSM:location}/lib:${libX11:location}/lib:${libXau:location}/lib:${libXdmcp:location}/lib:${libXext:location}/lib:${libxcb:location}/lib:${libXrender:location}/lib:${zlib:location}/lib
   FONTCONFIG_FILE = $${fontconfig-instance:conf-path}
 
 # Binary information
diff --git a/software/erp5/instance-erp5-development.cfg b/software/erp5/instance-erp5-development.cfg
index 605342eb6a45dfb5b150b347c8fb7bdc7fcb1a6b..1664c2c1a01be81a117f6756daf56ec73701118b 100644
--- a/software/erp5/instance-erp5-development.cfg
+++ b/software/erp5/instance-erp5-development.cfg
@@ -54,11 +54,11 @@ ca-crl = $${test-cadirectory:crl}
 
 [test-cadirectory]
 recipe = slapos.cookbook:mkdirectory
-requests = $${directory:test-ca-dir}/requests/
-private = $${directory:test-ca-dir}/private/
-certs = $${directory:test-ca-dir}/certs/
-newcerts = $${directory:test-ca-dir}/newcerts/
-crl = $${directory:test-ca-dir}/crl/
+requests = $${directory:test-ca-dir}/requests
+private = $${directory:test-ca-dir}/private
+certs = $${directory:test-ca-dir}/certs
+newcerts = $${directory:test-ca-dir}/newcerts
+crl = $${directory:test-ca-dir}/crl
 
 [erp5-update]
 recipe = slapos.cookbook:erp5.update
@@ -117,13 +117,13 @@ software-type = kumofs
 # rest of parts are candidates for some generic stuff
 [basedirectory]
 recipe = slapos.cookbook:mkdirectory
-services = $${rootdirectory:etc}/run/
+services = $${rootdirectory:etc}/run
 
 [rootdirectory]
 recipe = slapos.cookbook:mkdirectory
-etc = $${buildout:directory}/etc/
+etc = $${buildout:directory}/etc
 
 [directory]
-test-ca-dir = $${rootdirectory:srv}/test-ca/
-test-instance-path = $${rootdirectory:srv}/test-instance/
-unit-test-path = $${:test-instance-path}/unit_test/
+test-ca-dir = $${rootdirectory:srv}/test-ca
+test-instance-path = $${rootdirectory:srv}/test-instance
+unit-test-path = $${:test-instance-path}/unit_test
diff --git a/software/erp5/instance-erp5-production.cfg b/software/erp5/instance-erp5-production.cfg
index 5922f446021e05884ea1ad64369408e9ad27533f..50e0c606d8203dd2d19d8c38a6e17c35f0fe48a8 100644
--- a/software/erp5/instance-erp5-production.cfg
+++ b/software/erp5/instance-erp5-production.cfg
@@ -34,6 +34,7 @@ partition-id = $${slap-connection:partition-id}
 name = Sphinx Search Engine
 software-type = sphinx
 sla-computer_guid = $${slap-parameter:sphinx-computer-guid}
+return = url-sphinx url-sphinx-sql
 
 [request-mariadb]
 <=request-common
@@ -65,15 +66,30 @@ sla-computer_guid = $${slap-parameter:kumofs-computer-guid}
 <=request-common
 name = TidStorage
 return = url-login
-config = json mysql-url memcached-url cloudooo-url kumofs-url
+config = json mysql-url memcached-url cloudooo-url kumofs-url sphinx-url-sphinx sphinx-url-sphinx-sql smtp-url bt5 bt5-repository-url
 config-json = $${slap-parameter:json}
 config-mysql-url = $${request-mariadb:connection-url}
 config-memcached-url = $${request-memcached:connection-url}
 config-cloudooo-url = $${request-cloudooo:connection-url}
 config-kumofs-url = $${request-kumofs:connection-url}
+config-sphinx-url-sphinx = $${request-sphinx:connection-url-sphinx}
+config-sphinx-url-sphinx-sql = $${request-sphinx:connection-url-sphinx-sql}
+config-bt5 = $${slap-parameter:bt5}
+config-bt5-repository-url = $${slap-parameter:bt5-repository-url}
+config-smtp-url = $${slap-parameter:smtp-url}
 software-type = tidstorage
 sla-computer_guid = $${slap-parameter:tidstorage-computer-guid}
 
+[request-varnish]
+<=request-common
+name = Varnish
+config = tidstorage-url
+config-tidstorage-url = $${request-tidstorage:connection-url-login}
+config-web-checker-mail-address = $${slap-parameter:web-checker-mail-address}
+config-web-checker-smtp-host = $${slap-parameter:web-checker-smtp-host}
+software-type = varnish
+sla-computer_guid = $${slap-parameter:varnish-computer-guid}
+
 [slap-parameter]
 # Default value if no computer_guid is specified for each type
 sphinx-computer-guid = $${slap-connection:computer-id}
@@ -82,6 +98,15 @@ cloudooo-computer-guid = $${slap-connection:computer-id}
 memcached-computer-guid = $${slap-connection:computer-id}
 kumofs-computer-guid = $${slap-connection:computer-id}
 tidstorage-computer-guid = $${slap-connection:computer-id}
+varnish-computer-guid = $${slap-connection:computer-id}
+cloudooo-json =
+bt5 = erp5_full_text_myisam_catalog
+  erp5_configurator_standard
+  erp5_configurator_maxma_demo
+  erp5_configurator_ung
+  erp5_configurator_run_my_doc
+bt5-repository-url = ${local-bt5-repository:list}
+smtp-url = smtp://localhost:25/
 
 # rest of parts are candidates for some generic stuff
 [basedirectory]
diff --git a/software/erp5/instance-kumofs.cfg b/software/erp5/instance-kumofs.cfg
index b8b49dd4a64af53ee50e4d1e8922c3c8a5c5831c..4b1acb1b78edcbd3eebddc82afba7e91c6480024 100644
--- a/software/erp5/instance-kumofs.cfg
+++ b/software/erp5/instance-kumofs.cfg
@@ -42,6 +42,7 @@ kumo-server-log = $${basedirectory:log}/kumo-server.log
 kumo-gateway-binary = ${kumo:location}/bin/kumo-gateway
 kumo-manager-binary = ${kumo:location}/bin/kumo-manager
 kumo-server-binary = ${kumo:location}/bin/kumo-server
+shell-path = ${dash:location}/bin/dash
 
 [logrotate-entry-kumofs]
 <= logrotate
@@ -77,7 +78,6 @@ recipe = slapos.cookbook:mkdirectory
 cron-entries = $${rootdirectory:etc}/cron.d
 crontabs = $${rootdirectory:etc}/crontabs
 cronstamps = $${rootdirectory:etc}/cronstamps
-cronoutput = $${basedirectory:log}/cron
 logrotate-backup = $${basedirectory:backup}/logrotate
 logrotate-entries = $${rootdirectory:etc}/logrotate.d
 kumofs-data = $${rootdirectory:srv}/kumofs
@@ -95,13 +95,13 @@ dcrond-binary = ${dcron:location}/sbin/crond
 cron-entries = $${directory:cron-entries}
 crontabs = $${directory:crontabs}
 cronstamps = $${directory:cronstamps}
-catcher = $${cron-simplelogger:binary}
+catcher = $${cron-simplelogger:wrapper}
 binary = $${basedirectory:services}/crond
 
 [cron-simplelogger]
 recipe = slapos.cookbook:simplelogger
-binary = $${rootdirectory:bin}/cron_simplelogger
-output = $${directory:cronoutput}
+wrapper = $${rootdirectory:bin}/cron_simplelogger
+log = $${basedirectory:log}/cron.log
 
 [cron-entry-logrotate]
 <= cron
diff --git a/software/erp5/instance-mariadb.cfg b/software/erp5/instance-mariadb.cfg
index 119f138851ec956e98d34f29cdc9b2b5ffd4ef10..04ed909b6754096ef86a6a09664b0f5e9a348a08 100644
--- a/software/erp5/instance-mariadb.cfg
+++ b/software/erp5/instance-mariadb.cfg
@@ -115,13 +115,13 @@ dcrond-binary = ${dcron:location}/sbin/crond
 cron-entries = $${directory:cron-entries}
 crontabs = $${directory:crontabs}
 cronstamps = $${directory:cronstamps}
-catcher = $${cron-simplelogger:binary}
+catcher = $${cron-simplelogger:wrapper}
 binary = $${basedirectory:services}/crond
 
 [cron-simplelogger]
 recipe = slapos.cookbook:simplelogger
-binary = $${rootdirectory:bin}/cron_simplelogger
-output = $${directory:cronoutput}
+wrapper = $${rootdirectory:bin}/cron_simplelogger
+log = $${basedirectory:log}/cron.log
 
 [cron-entry-logrotate]
 <= cron
@@ -164,7 +164,6 @@ recipe = slapos.cookbook:mkdirectory
 cron-entries = $${rootdirectory:etc}/cron.d
 crontabs = $${rootdirectory:etc}/crontabs
 cronstamps = $${rootdirectory:etc}/cronstamps
-cronoutput = $${basedirectory:log}/cron
 ca-dir = $${rootdirectory:srv}/ssl
 mariadb-backup-full = $${basedirectory:backup}/mariadb-full
 mariadb-backup-incremental = $${basedirectory:backup}/mariadb-incremental
diff --git a/software/erp5/instance-memcached.cfg b/software/erp5/instance-memcached.cfg
index 4ec3390f9a6f162475d5767b66c8baf24723e1e0..4a90d757e47de4cdaa6f7f0cc982ac1ed52d3a87 100644
--- a/software/erp5/instance-memcached.cfg
+++ b/software/erp5/instance-memcached.cfg
@@ -27,6 +27,7 @@ services = $${rootdirectory:etc}/run
 recipe = slapos.cookbook:generic.memcached
 wrapper_path = $${basedirectory:services}/memcached
 binary_path = ${memcached:location}/bin/memcached
+shell-path = ${dash:location}/bin/dash
 ip = $${slap-network-information:local-ipv4}
 port = 11000
 
diff --git a/software/erp5/instance-varnish.cfg b/software/erp5/instance-varnish.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..d08d9de18109ea0db2429576cd6337ab959a3e40
--- /dev/null
+++ b/software/erp5/instance-varnish.cfg
@@ -0,0 +1,118 @@
+[buildout]
+parts =
+  publish-varnish-connection-information
+  varnish-instance
+  web-checker
+  cron
+  cron-entry-logrotate
+  cron-entry-web-checker
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+[publish-varnish-connection-information]
+recipe = slapos.cookbook:publishurl
+url = http://$${varnish-instance:ip}:$${varnish-instance:server-port}/
+
+[varnish-instance]
+recipe = slapos.cookbook:generic.varnish
+
+# Network options
+ip = $${slap-network-information:local-ipv4}
+server-port = 6001
+manager-port = 6002
+
+# Paths: Running wrappers
+varnishd-wrapper = $${basedirectory:services}/varnishd
+varnishlog-wrapper = $${rootdirectory:bin}/varnishlog
+
+# Binary information
+varnishd-binary = ${varnish:location}/sbin/varnishd
+varnishlog-binary = ${varnish:location}/bin/varnishlog
+shell-path = ${dash:location}/bin/dash
+# Configuration by VCL
+vcl-file = $${rootdirectory:etc}/default.vcl
+pid-file = $${basedirectory:run}/varnishd.pid
+varnish-data = $${directory:varnish-data}
+# this will pass at -n option
+varnish-instance-name = $${directory:varnish-instance}
+web-checker = ${buildout:bin-directory}/web_checker_utility
+
+[cron-entry-web-checker]
+<= cron
+recipe = slapos.cookbook:cron.d
+name = web-checker
+frequency = 0 0 * * *
+command = $${varnish-instance:web-checker} $${web-checker:web-checker-config}
+
+[web-checker]
+recipe = slapos.cookbook:webchecker
+web-checker-config = $${rootdirectory:etc}/web_checker.cfg
+web-checker-working-directory = $${directory:web-checker}
+# for now frontend-url is varnish, it will replace with the real front-end one.
+frontend-url = $${varnish-instance:ip}:$${varnish-instance:server-port}
+wget-binary-path = ${wget:location}/bin/wget
+varnishlog-binary-path = $${varnish-instance:varnishlog-wrapper}
+web-checker-log = $${basedirectory:log}/web-checker.log
+
+[cron]
+recipe = slapos.cookbook:cron
+dcrond-binary = ${dcron:location}/sbin/crond
+cron-entries = $${directory:cron-entries}
+crontabs = $${directory:crontabs}
+cronstamps = $${directory:cronstamps}
+binary = $${basedirectory:services}/crond
+catcher = $${cron-simplelogger:wrapper}
+
+[cron-simplelogger]
+recipe = slapos.cookbook:simplelogger
+wrapper = $${rootdirectory:bin}/cron_simplelogger
+log = $${basedirectory:log}/cron.log
+
+[cron-entry-logrotate]
+<= cron
+recipe = slapos.cookbook:cron.d
+name = logrotate
+frequency = 0 0 * * *
+command = $${logrotate:wrapper}
+
+[logrotate]
+recipe = slapos.cookbook:logrotate
+# Binaries
+logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
+gzip-binary = ${gzip:location}/bin/gzip
+gunzip-binary = ${gzip:location}/bin/gunzip
+# Directories
+wrapper = $${rootdirectory:bin}/logrotate
+conf = $${rootdirectory:etc}/logrotate.conf
+logrotate-entries = $${directory:logrotate-entries}
+backup = $${directory:logrotate-backup}
+state-file = $${rootdirectory:srv}/logrotate.status
+
+[basedirectory]
+recipe = slapos.cookbook:mkdirectory
+services = $${rootdirectory:etc}/run
+run = $${rootdirectory:var}/run
+backup = $${rootdirectory:srv}/backup
+log = $${rootdirectory:var}/log
+backup = $${rootdirectory:srv}/backup
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+varnish-data = $${rootdirectory:srv}/varnish
+varnish-instance = $${directory:varnish-data}/instance
+cron-entries = $${rootdirectory:etc}/cron.d
+crontabs = $${rootdirectory:etc}/crontabs
+cronstamps = $${rootdirectory:etc}/cronstamps
+logrotate-backup = $${basedirectory:backup}/logrotate
+logrotate-entries = $${rootdirectory:etc}/logrotate.d
+web-checker = $${rootdirectory:srv}/web-checker
+
+[rootdirectory]
+recipe = slapos.cookbook:mkdirectory
+etc = $${buildout:directory}/etc
+var = $${buildout:directory}/var
+srv = $${buildout:directory}/srv
+bin = $${buildout:directory}/bin
+
diff --git a/software/erp5/instance-zope.cfg b/software/erp5/instance-zope.cfg
index 9a71a931db8bc2fcf784e113ed131082367e5d5f..9474818dbb6baffd9b29d9f846d74b450930157c 100644
--- a/software/erp5/instance-zope.cfg
+++ b/software/erp5/instance-zope.cfg
@@ -18,8 +18,8 @@ develop-eggs-directory = ${buildout:develop-eggs-directory}
 offline = true
 
 [slap-parameter]
-# By default backend disallows the access
-access-control-string = none
+# By default, if no white list is specified, backend allows access to everyone
+access-control-string = all
 
 [publish-apache-zope-backend-connection-string]
 recipe = slapos.cookbook:publish
@@ -38,9 +38,11 @@ configuration-file = $${directory:apache-conf}/apache.conf
 access-control-string = $${slap-parameter:access-control-string}
 pid-file = $${basedirectory:run}/apache.pid
 lock-file = $${basedirectory:run}/apache.lock
+ssl-session-cache = $${basedirectory:log}/apache-ssl-session-cache
 error-log = $${basedirectory:log}/apache-error.log
 access-log = $${basedirectory:log}/apache-access.log
 apache-binary = ${apache:location}/bin/httpd
+scheme = https
 
 [ca-apache-zope-backend]
 <= certificate-authority
@@ -132,13 +134,13 @@ dcrond-binary = ${dcron:location}/sbin/crond
 cron-entries = $${directory:cron-entries}
 crontabs = $${directory:crontabs}
 cronstamps = $${directory:cronstamps}
-catcher = $${cron-simplelogger:binary}
+catcher = $${cron-simplelogger:wrapper}
 binary = $${basedirectory:services}/crond
 
 [cron-simplelogger]
 recipe = slapos.cookbook:simplelogger
-binary = $${rootdirectory:bin}/cron_simplelogger
-output = $${directory:cronoutput}
+wrapper = $${rootdirectory:bin}/cron_simplelogger
+log = $${basedirectory:log}/cron.log
 
 [cron-entry-logrotate]
 <= cron
@@ -226,11 +228,11 @@ ca-crl = $${erp5-cadirectory:crl}
 
 [erp5-cadirectory]
 recipe = slapos.cookbook:mkdirectory
-requests = $${directory:erp5-ca-dir}/requests/
-private = $${directory:erp5-ca-dir}/private/
-certs = $${directory:erp5-ca-dir}/certs/
-newcerts = $${directory:erp5-ca-dir}/newcerts/
-crl = $${directory:erp5-ca-dir}/crl/
+requests = $${directory:erp5-ca-dir}/requests
+private = $${directory:erp5-ca-dir}/private
+certs = $${directory:erp5-ca-dir}/certs
+newcerts = $${directory:erp5-ca-dir}/newcerts
+crl = $${directory:erp5-ca-dir}/crl
 
 [directory]
 recipe = slapos.cookbook:mkdirectory
@@ -248,11 +250,10 @@ instance-constraint = $${:instance}/Constraint
 instance-import = $${:instance}/import
 instance-lib = $${:instance}/lib
 instance-tests = $${:instance}/tests
-erp5-ca-dir = $${rootdirectory:srv}/erp5-ca/
+erp5-ca-dir = $${rootdirectory:srv}/erp5-ca
 ca-dir = $${rootdirectory:srv}/ssl
 cron-entries = $${rootdirectory:etc}/cron.d
 crontabs = $${rootdirectory:etc}/crontabs
 cronstamps = $${rootdirectory:etc}/cronstamps
-cronoutput = $${basedirectory:log}/cron
 logrotate-backup = $${basedirectory:backup}/logrotate
 logrotate-entries = $${rootdirectory:etc}/logrotate.d
diff --git a/software/erp5/instance.cfg b/software/erp5/instance.cfg
index 8abb090d57cd0b98e3504b2160b6050dcb789185..82d61d9e31ca06046b3f1ecbb91b549c2cdbc38e 100644
--- a/software/erp5/instance.cfg
+++ b/software/erp5/instance.cfg
@@ -33,6 +33,7 @@ zope = ${template-zope:output}
 mariadb = ${template-mariadb:output}
 sphinx = ${template-sphinx:output}
 tidstorage = $${dynamic-template-tidstorage:output}
+varnish = ${template-varnish:output}
 
 [slap-connection]
 # part to migrate to new - separated words
diff --git a/software/erp5/snippet-backend.cfg b/software/erp5/snippet-backend.cfg
index b18a7f20881ce14477b30fecaac305e3300fe796..6effa6b4f55c83047d1db3b188a7c37e18b8c867 100644
--- a/software/erp5/snippet-backend.cfg
+++ b/software/erp5/snippet-backend.cfg
@@ -1,18 +1,40 @@
-[apache-%(backend_name)s]
+[apache-public-%(backend_name)s]
 recipe = slapos.cookbook:apache.zope.backend
 backend = http://$${haproxy-%(backend_name)s:ip}:$${haproxy-%(backend_name)s:port}/
 ip = $${slap-network-information:global-ipv6}
+port = %(apache_public_port)s
+scheme = http
+wrapper = $${basedirectory:services}/apache-public-%(backend_name)s
+configuration-file = $${directory:apache-conf}/apache-public-%(backend_name)s.conf
+access-control-string = %(access_control_string)s
+pid-file = $${basedirectory:run}/apache-public-%(backend_name)s.pid
+lock-file = $${basedirectory:run}/apache-public-%(backend_name)s.lock
+error-log = $${basedirectory:log}/apache-public-%(backend_name)s-error.log
+access-log = $${basedirectory:log}/apache-public-%(backend_name)s-access.log
+apache-binary = ${apache:location}/bin/httpd
+
+[apache-%(backend_name)s]
+recipe = slapos.cookbook:apache.zope.backend
+backend = http://$${haproxy-%(backend_name)s:ip}:$${haproxy-%(backend_name)s:port}
+ip = $${slap-network-information:global-ipv6}
 port = %(apache_port)s
 wrapper = $${rootdirectory:bin}/apache-%(backend_name)s
+scheme = https
 key-file = $${directory:apache-conf}/apache-%(backend_name)s.key
 cert-file = $${directory:apache-conf}/apache-%(backend_name)s.crt
 configuration-file = $${directory:apache-conf}/apache-%(backend_name)s.conf
 access-control-string = %(access_control_string)s
 pid-file = $${basedirectory:run}/apache-%(backend_name)s.pid
 lock-file = $${basedirectory:run}/apache-%(backend_name)s.lock
+ssl-session-cache = $${basedirectory:log}/apache-ssl-session-cache
 error-log = $${basedirectory:log}/apache-%(backend_name)s-error.log
 access-log = $${basedirectory:log}/apache-%(backend_name)s-access.log
 apache-binary = ${apache:location}/bin/httpd
+ssl-authentication = %(ssl_authentication)s
+backend-path = %(backend_path)s
+# Note: Without erp5-certificate-authority main certificate have to be hardcoded
+ssl-authentication-certificate = $${erp5-certificate-authority:ca-dir}/cacert.pem
+ssl-authentication-crl = $${erp5-certificate-authority:ca-crl}
 
 [ca-apache-%(backend_name)s]
 <= certificate-authority
@@ -22,6 +44,13 @@ cert-file = $${apache-%(backend_name)s:cert-file}
 executable = $${apache-%(backend_name)s:wrapper}
 wrapper = $${basedirectory:services}/apache-%(backend_name)s
 
+[logrotate-entry-apache-public-%(backend_name)s]
+<= logrotate
+recipe = slapos.cookbook:logrotate.d
+name = apache-public-%(backend_name)s
+log = $${apache-public-%(backend_name)s:error-log} $${apache-public-%(backend_name)s:access-log}
+post = ${buildout:bin-directory}/killpidfromfile $${apache-public-%(backend_name)s:pid-file} SIGUSR1
+
 [logrotate-entry-apache-%(backend_name)s]
 <= logrotate
 recipe = slapos.cookbook:logrotate.d
diff --git a/software/erp5/snippet-master.cfg b/software/erp5/snippet-master.cfg
index 8c44deb8e0524939becf088938fe65884654530d..e0d52fe50b3fdd4762fbf489e5366a1273cd2af3 100644
--- a/software/erp5/snippet-master.cfg
+++ b/software/erp5/snippet-master.cfg
@@ -1,15 +1,3 @@
-#############################
-#
-# Instanciate zeo
-#
-# zeo-id -- local id of the requested zeo (1,2,3,...)
-#
-# zeo-port -- ip port to use to run the process
-#
-# storage_list -- string with list of all resquested storage
-#    Example: event_module person_module
-#
-#############################
 [buildout]
 parts =
   logrotate
@@ -21,7 +9,8 @@ parts =
   cron-entry-tidstorage-backup
   logrotate-entry-tidstorage
   binary-link
-  erp5-update
+  erp5-promise
+  erp5-bootstrap
   %(part_list)s
 
 eggs-directory = ${buildout:eggs-directory}
@@ -59,28 +48,19 @@ name = tidstorage
 log = $${tidstorage:logfile-name}
 post = ${buildout:bin-directory}/killpidfromfile $${tidstorage:pidfile-name} SIGHUP
 
-[directory]
-recipe = slapos.cookbook:mkdirectory
-cron-entries = $${rootdirectory:etc}/cron.d/
-crontabs = $${rootdirectory:etc}/crontabs/
-cronstamps = $${rootdirectory:etc}/cronstamps/
-cronoutput = $${basedirectory:log}/cron/
-logrotate-backup = $${basedirectory:backup}/logrotate/
-logrotate-entries = $${rootdirectory:etc}/logrotate.d/
-
 [cron]
 recipe = slapos.cookbook:cron
 dcrond-binary = ${dcron:location}/sbin/crond
 cron-entries = $${directory:cron-entries}
 crontabs = $${directory:crontabs}
 cronstamps = $${directory:cronstamps}
-catcher = $${cron-simplelogger:binary}
+catcher = $${cron-simplelogger:wrapper}
 binary = $${basedirectory:services}/crond
 
 [cron-simplelogger]
 recipe = slapos.cookbook:simplelogger
-binary = $${rootdirectory:bin}/cron_simplelogger
-output = $${directory:cronoutput}
+wrapper = $${rootdirectory:bin}/cron_simplelogger
+log = $${basedirectory:log}/cron.log
 
 [cron-entry-logrotate]
 <= cron
@@ -89,8 +69,6 @@ name = logrotate
 frequency = 0 0 * * *
 command = $${logrotate:wrapper}
 
-# rest of parts are candidates for some generic stuff
-
 [logrotate]
 recipe = slapos.cookbook:logrotate
 # Binaries
@@ -119,14 +97,19 @@ ca-private = $${erp5-cadirectory:private}
 ca-certs = $${erp5-cadirectory:certs}
 ca-newcerts = $${erp5-cadirectory:newcerts}
 ca-crl = $${erp5-cadirectory:crl}
+country-code = %(erp5_ca_country_code)s
+email = %(erp5_ca_email)s
+state = %(erp5_ca_state)s
+city = %(erp5_ca_city)s
+company = %(erp5_ca_company)s
 
 [erp5-cadirectory]
 recipe = slapos.cookbook:mkdirectory
-requests = $${directory:erp5-ca-dir}/requests/
-private = $${directory:erp5-ca-dir}/private/
-certs = $${directory:erp5-ca-dir}/certs/
-newcerts = $${directory:erp5-ca-dir}/newcerts/
-crl = $${directory:erp5-ca-dir}/crl/
+requests = $${directory:erp5-ca-dir}/requests
+private = $${directory:erp5-ca-dir}/private
+certs = $${directory:erp5-ca-dir}/certs
+newcerts = $${directory:erp5-ca-dir}/newcerts
+crl = $${directory:erp5-ca-dir}/crl
 
 [certificate-authority]
 recipe = slapos.cookbook:certificate_authority
@@ -141,33 +124,33 @@ ca-crl = $${cadirectory:crl}
 
 [cadirectory]
 recipe = slapos.cookbook:mkdirectory
-requests = $${directory:ca-dir}/requests/
-private = $${directory:ca-dir}/private/
-certs = $${directory:ca-dir}/certs/
-newcerts = $${directory:ca-dir}/newcerts/
-crl = $${directory:ca-dir}/crl/
+requests = $${directory:ca-dir}/requests
+private = $${directory:ca-dir}/private
+certs = $${directory:ca-dir}/certs
+newcerts = $${directory:ca-dir}/newcerts
+crl = $${directory:ca-dir}/crl
 
 [rootdirectory]
 recipe = slapos.cookbook:mkdirectory
-etc = $${buildout:directory}/etc/
-var = $${buildout:directory}/var/
-srv = $${buildout:directory}/srv/
-bin = $${buildout:directory}/bin/
-tmp = $${buildout:directory}/tmp/
+etc = $${buildout:directory}/etc
+var = $${buildout:directory}/var
+srv = $${buildout:directory}/srv
+bin = $${buildout:directory}/bin
+tmp = $${buildout:directory}/tmp
 
 [basedirectory]
 recipe = slapos.cookbook:mkdirectory
-log = $${rootdirectory:var}/log/
-services = $${rootdirectory:etc}/run/
-run = $${rootdirectory:var}/run/
-backup = $${rootdirectory:srv}/backup/
+log = $${rootdirectory:var}/log
+services = $${rootdirectory:etc}/run
+run = $${rootdirectory:var}/run
+backup = $${rootdirectory:srv}/backup
 
 [directory]
 recipe = slapos.cookbook:mkdirectory
-tidstorage = $${rootdirectory:srv}/tidstorage/
-zodb = $${rootdirectory:srv}/zodb/
+tidstorage = $${rootdirectory:srv}/tidstorage
+zodb = $${rootdirectory:srv}/zodb
 zodb-backup = $${basedirectory:backup}/zodb
-instance = $${rootdirectory:srv}/erp5shared/
+instance = $${rootdirectory:srv}/erp5shared
 instance-etc = $${:instance}/etc
 apache-conf = $${rootdirectory:etc}/apache
 instance-etc-package-include = $${:instance}/etc/package-include
@@ -180,14 +163,13 @@ instance-constraint = $${:instance}/Constraint
 instance-import = $${:instance}/import
 instance-lib = $${:instance}/lib
 instance-tests = $${:instance}/tests
-erp5-ca-dir = $${rootdirectory:srv}/erp5-ssl/
-ca-dir = $${rootdirectory:srv}/ssl/
-cron-entries = $${rootdirectory:etc}/cron.d/
-crontabs = $${rootdirectory:etc}/crontabs/
-cronstamps = $${rootdirectory:etc}/cronstamps/
-cronoutput = $${basedirectory:log}/cron/
-logrotate-backup = $${basedirectory:backup}/logrotate/
-logrotate-entries = $${rootdirectory:etc}/logrotate.d/
+erp5-ca-dir = $${rootdirectory:srv}/erp5-ssl
+ca-dir = $${rootdirectory:srv}/ssl
+cron-entries = $${rootdirectory:etc}/cron.d
+crontabs = $${rootdirectory:etc}/crontabs
+cronstamps = $${rootdirectory:etc}/cronstamps
+logrotate-backup = $${basedirectory:backup}/logrotate
+logrotate-entries = $${rootdirectory:etc}/logrotate.d
 
 [binary-link]
 recipe = slapos.cookbook:symbolic.link
@@ -214,22 +196,19 @@ link-binary =
   ${poppler:location}/bin/pdftotext
   ${poppler:location}/bin/pdftohtml
 
-[erp5-update]
-recipe = slapos.cookbook:erp5.update
-
-# Configuration
-url = http://$${%(zope_section)s:user}:$${%(zope_section)s:password}@$${%(zope_section)s:ip}:$${%(zope_section)s:port}/
+[erp5-bootstrap]
+recipe = slapos.cookbook:erp5.bootstrap
+runner-path = $${basedirectory:services}/erp5-bootstrap
 mysql-url = %(mysql-url)s
+zope-url = http://$${%(zope_section)s:user}:$${%(zope_section)s:password}@$${%(zope_section)s:ip}:$${%(zope_section)s:port}/%(site_id)s
+
+[erp5-promise]
+recipe = slapos.cookbook:erp5.promise
+promise-path = $${rootdirectory:etc}/erp5promise.cfg
 kumofs-url = %(kumofs-url)s
 memcached-url = %(memcached-url)s
 cloudooo-url = %(cloudooo-url)s
-site-id = %(site_id)s
-openssl-binary = ${openssl:location}/bin/openssl
-cadir-path = $${erp5-certificate-authority:ca-dir}
-
-# Paths
-update-wrapper = $${basedirectory:services}/erp5-update
+smtp-url = $${slap-parameter:smtp-url}
+bt5 = $${slap-parameter:bt5}
+bt5-repository-url = $${slap-parameter:bt5-repository-url}
 
-# Defaults
-configurator-bt5-list = erp5_full_text_myisam_catalog erp5_configurator_standard erp5_configurator_maxma_demo erp5_configurator_ung erp5_configurator_ung erp5_configurator_run_my_doc
-bt5-repository-list = $${%(zope_section)s:bt5-repository-list}
diff --git a/software/erp5/snippet-zope.cfg b/software/erp5/snippet-zope.cfg
index a4a9c581c9d310b1a9bdc39d4f25470d3a50df1e..b65c773ae3a122e0855a21c7413f4d74af8ea4b2 100644
--- a/software/erp5/snippet-zope.cfg
+++ b/software/erp5/snippet-zope.cfg
@@ -17,6 +17,8 @@ zeo-connection-string =
   %(zeo_connection_string)s
 
 timeserver = %(zope_timeserver)s
+tidstorage-ip = $${tidstorage:ip}
+tidstorage-port = $${tidstorage:port}
 
 # long request
 longrequest-logger-file = %(longrequest_logger_file)s
@@ -44,6 +46,9 @@ runzope-binary = ${buildout:bin-directory}/runzope
 # BT5 Configuration
 bt5-repository-list =
 
+promise-path = $${erp5-promise:promise-path}
+site-id = %(site_id)s
+
 [logrotate-entry-%(zope_id)s]
 <= logrotate
 recipe = slapos.cookbook:logrotate.d
diff --git a/software/erp5/software.cfg b/software/erp5/software.cfg
index 9e1f72f9e6b59accbbdb527f7c6c727a1388e900..9c75576e677f6afb69820af57ff3f20eb18eb4ba 100644
--- a/software/erp5/software.cfg
+++ b/software/erp5/software.cfg
@@ -28,7 +28,7 @@ recipe = plone.recipe.command
 stop-on-error = true
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 command = ${git:location}/bin/git clone --branch erp5 --quiet http://git.erp5.org/repos/slapos.git ${:location}
-update-command = cd ${:location} && ${git:location}/bin/git pull --quiet
+update-command = cd ${:location} && GIT_COMMITTER_EMAIL=nobody@example.com GIT_AUTHOR_NAME=Nobody GIT_AUTHOR_EMAIL=nobody@example.com ${git:location}/bin/git pull --quiet
 
 [check-recipe]
 recipe = plone.recipe.command
@@ -41,11 +41,12 @@ recipe = zc.recipe.egg
 eggs = slapos.cookbook
 scripts =
 python = python2.6
+ugly-depend-on = ${slapos.cookbook-repository:command} ${slapos.cookbook-repository:update-command}
 
 [template-mariadb]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-mariadb.cfg
-md5sum = 3225a2ba7337505bdeb95867f5028891
+md5sum = 6580f1d431f65281c7aa1358a51cc292
 output = ${buildout:directory}/template-mariadb.cfg
 mode = 0644
 
@@ -59,14 +60,14 @@ mode = 0644
 [template-zope]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-zope.cfg
-md5sum = 769a7ba8e8c5865637e374376be8cbcd
+md5sum = d3d221255f93a9ced82dcca9ca57f84e
 output = ${buildout:directory}/template-zope.cfg
 mode = 0644
 
 [template-cloudooo]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-cloudooo.cfg
-md5sum = 8ea2839e951f26af2bc74b9a8c0fa5c2
+md5sum = e7698a0537785339e249bdc57f369e93
 output = ${buildout:directory}/template-cloudooo.cfg
 mode = 0644
 
@@ -80,35 +81,35 @@ mode = 0644
 [template-kumofs]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-kumofs.cfg
-md5sum = c12d8dc1925d16a75247971086734aa8
+md5sum = 9746823ccbbedf42b3e759c3e7150252
 output = ${buildout:directory}/template-kumofs.cfg
 mode = 0644
 
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
-md5sum = 961d404f5726fce7c4d8b34d7e120077
+md5sum = f3443d071d8d7330b3453583e096fef0
 output = ${buildout:directory}/template.cfg
 mode = 0644
 
 [template-memcached]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-memcached.cfg
-md5sum = 9a1462f3e34b99f384ae47b48a3a733c
+md5sum = 7ed1d93dafa76adc025acb2f0e08c05f
 output = ${buildout:directory}/template-memcached.cfg
 mode = 0644
 
 [template-erp5-development]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-erp5-development.cfg
-md5sum = 9af9db6f1220ffe42e030c81f9072669
+md5sum = 4bc5a2ec8c04b206dab8b98258a69efd
 output = ${buildout:directory}/template-erp5-development.cfg
 mode = 0644
 
 [template-erp5-production]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-erp5-production.cfg
-md5sum = 32f6537110bbc29e7cc5613695863096
+md5sum = 54ad3c5e92af02d0db98d1085adf986d
 output = ${buildout:directory}/template-erp5-production.cfg
 mode = 0644
 
@@ -122,24 +123,31 @@ mode = 0644
 [template-snippet-master]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/snippet-master.cfg
-md5sum = c9bea484c2827954b9f9f728ce0342fb
+md5sum = 14ffe48453a74190bdd289169220739f
 output = ${buildout:directory}/template-snippet-master.cfg
 mode = 0644
 
 [template-snippet-zope]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/snippet-zope.cfg
-md5sum = 99fcce6aa6120787870522898650800d
+md5sum = bcc68c31a16b35bee7111f9c6e02b781
 output = ${buildout:directory}/template-snippet-zope.cfg
 mode = 0644
 
 [template-snippet-backend]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/snippet-backend.cfg
-md5sum = e2b26547ba1435ec1b8e8cd1de89e2c6
+md5sum = 3a1b359b57bf21a226bb96c0c18f1924
 output = ${buildout:directory}/template-snippet-backend.cfg
 mode = 0644
 
+[template-varnish]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-varnish.cfg
+md5sum = 70fb0ccadf0d6723ddb0fe55a1549ca5
+output = ${buildout:directory}/template-varnish.cfg
+mode = 0644
+
 [validator]
 # Default json schema for instance parameters.
 recipe = slapos.recipe.template
@@ -153,6 +161,9 @@ mode = 0644
 #   Romain Courteaud
 #   Sebastien Robin
 #   Kazuhiko Shiozaki
+#   Cedric de Saint Martin
+#   Yingjie Xu
+#   Gabriel Monnerat
 signature-certificate-list =
   -----BEGIN CERTIFICATE-----
   MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJGUjEZMBcGA1UE
@@ -193,3 +204,42 @@ signature-certificate-list =
   KrDm39slYD/1KoE5kB4l/p6KVOdeJ4I6xcgu9rnkqqHzDwI4v7e8/D3WZbpiFUsY
   vaZhjNYKWQf79l6zXfOvphzJ
   -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+  BAMMCENPTVAtMjMyMCAXDTEyMDIxNjExMTAyM1oYDzIxMTIwMTIzMTExMDIzWjAT
+  MREwDwYDVQQDDAhDT01QLTIzMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+  wi/3Z8W9pUiegUXIk/AiFDQ0UJ4JFAwjqr+HSRUirlUsHHT+8DzH/hfcTDX1I5BB
+  D1ADk+ydXjMm3OZrQcXjn29OUfM5C+g+oqeMnYQImN0DDQIOcUyr7AJc4xhvuXQ1
+  P2pJ5NOd3tbd0kexETa1LVhR6EgBC25LyRBRae76qosCAwEAAaNQME4wHQYDVR0O
+  BBYEFMDmW9aFy1sKTfCpcRkYnP6zUd1cMB8GA1UdIwQYMBaAFMDmW9aFy1sKTfCp
+  cRkYnP6zUd1cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAskbFizHr
+  b6d3iIyN+wffxz/V9epbKIZVEGJd/6LrTdLiUfJPec7FaxVCWNyKBlCpINBM7cEV
+  Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby
+  If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY=
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB9jCCAV+gAwIBAgIJAIlBksrZVkK8MA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+  BAMMCENPTVAtMzU3MCAXDTEyMDEyNjEwNTUyOFoYDzIxMTIwMTAyMTA1NTI4WjAT
+  MREwDwYDVQQDDAhDT01QLTM1NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+  ts+iGUwi44vtIfwXR8DCnLtHV4ydl0YTK2joJflj0/Ws7mz5BYkxIU4fea/6+VF3
+  i11nwBgYgxQyjNztgc9u9O71k1W5tU95yO7U7bFdYd5uxYA9/22fjObaTQoC4Nc9
+  mTu6r/VHyJ1yRsunBZXvnk/XaKp7gGE9vNEyJvPn2bkCAwEAAaNQME4wHQYDVR0O
+  BBYEFKuGIYu8+6aEkTVg62BRYaD11PILMB8GA1UdIwQYMBaAFKuGIYu8+6aEkTVg
+  62BRYaD11PILMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMoTRpBxK
+  YLEZJbofF7gSrRIcrlUJYXfTfw1QUBOKkGFFDsiJpEg4y5pUk1s5Jq9K3SDzNq/W
+  it1oYjOhuGg3al8OOeKFrU6nvNTF1BAvJCl0tr3POai5yXyN5jlK/zPfypmQYxE+
+  TaqQSGBJPVXYt6lrq/PRD9ciZgKLOwEqK8w=
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB9jCCAV+gAwIBAgIJAPHoWu90gbsgMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
+  BAMMCXZpZmlibm9kZTAeFw0xMjAzMTkyMzIwNTVaFw0xMzAzMTkyMzIwNTVaMBQx
+  EjAQBgNVBAMMCXZpZmlibm9kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+  ozBijpO8PS5RTeKTzA90vi9ezvv4vVjNaguqT4UwP9+O1+i6yq1Y2W5zZxw/Klbn
+  oudyNzie3/wqs9VfPmcyU9ajFzBv/Tobm3obmOqBN0GSYs5fyGw+O9G3//6ZEhf0
+  NinwdKmrRX+d0P5bHewadZWIvlmOupcnVJmkks852BECAwEAAaNQME4wHQYDVR0O
+  BBYEFF9EtgfZZs8L2ZxBJxSiY6eTsTEwMB8GA1UdIwQYMBaAFF9EtgfZZs8L2ZxB
+  JxSiY6eTsTEwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAc43YTfc6
+  baSemaMAc/jz8LNLhRE5dLfLOcRSoHda8y0lOrfe4lHT6yP5l8uyWAzLW+g6s3DA
+  Yme/bhX0g51BmI6gjKJo5DoPtiXk/Y9lxwD3p7PWi+RhN+AZQ5rpo8UfwnnN059n
+  yDuimQfvJjBFMVrdn9iP6SfMjxKaGk6gVmI=
+  -----END CERTIFICATE-----
diff --git a/software/erp5testnode/software.cfg b/software/erp5testnode/software.cfg
index 2492dbef65effc42c1453aa8949bbce9e9405f58..b2451292acc5a68af8e1a475d9aed6a68ada47a4 100644
--- a/software/erp5testnode/software.cfg
+++ b/software/erp5testnode/software.cfg
@@ -36,11 +36,6 @@ parts =
   zip
   git
 
-# Separate from site eggs
-allowed-eggs-from-site-packages =
-include-site-packages = false
-exec-sitecustomize = false
-
 # Use only quite well working sites.
 allow-hosts =
   *.nexedi.org
@@ -159,7 +154,7 @@ zc.buildout = 1.6.0-dev-SlapOS-003
 
 Jinja2 = 2.6
 Werkzeug = 0.8.2
-erp5.util = 0.3
+erp5.util = 0.4.1
 hexagonit.recipe.cmmi = 1.5.0
 lxml = 2.3.2
 meld3 = 0.6.7
diff --git a/software/kvm/README.txt b/software/kvm/README.txt
new file mode 100644
index 0000000000000000000000000000000000000000..17e9a2cdf5ade017b1a82899e829168524d47291
--- /dev/null
+++ b/software/kvm/README.txt
@@ -0,0 +1,80 @@
+kvm
+===
+
+Introduction
+------------
+
+This software release is used to deploy KVM instances, NBD instances and
+Frontend instances of KVM.
+
+Examples
+--------
+
+The following examples listhow to request different possible instances of KVM
+Software Release from slap console or command line.
+
+KVM instance (1GB of RAM, 10GB of SSD, one core)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Note that the KVM instance will request a frontend slave instance in order
+to be accessible from IPv4.
+
+KVM instance needs a NBD to fetch disk image at first boot. Working NBD IP/port
+has to be specified.
+
+::
+  myawesomekvm = request(
+      software_release=kvm,
+      partition_reference="myawesomekvm",
+      partition_parameter_kw={
+          "ndb_ip":"2a01:e35:2e27:460:e2cb:4eff:fed9:48dc",
+          "ndb_port": 1024
+      }
+  )
+
+
+KVM+ instance (2GB of RAM, 20GB of SSD, two cores)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+  myevenmoreawesomekvm = request(
+      software_release=kvm,
+      partition_reference="myevenmoreawesomekvm",
+      partition_parameter_kw={
+          "ndb_ip":"2a01:e35:2e27:460:e2cb:4eff:fed9:48dc",
+          "ndb_port": 1024
+      },
+      software_type="kvm+",
+  )
+
+
+NBD instance
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This type of instance will allow to host a disk image that will be used by
+any KVM instance.
+
+::
+  mynbd = request(
+      software_release=kvm,
+      partition_reference="mynbd",
+      software_type="nbd",
+  )
+
+
+KVM Frontend Master Instance (will host all frontend Slave Instances)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This type of instance will allow to host any frontend slave instance requested
+by KVM instances. Slave instances (and thus KVM instance) will be accessible
+at : https://mydomain.com/instancereference .
+
+::
+  mykvmfrontend = request(
+      software_release=kvm,
+      partition_reference="mykvmfrontend",
+      partition_parameter_kw={
+          "domain":"mydomain.com"
+      },
+      software_type="frontend",
+  )
diff --git a/software/kvm/instance-frontend.cfg b/software/kvm/instance-frontend.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..277674c850734d60e80fecbc604b724bf59aa44b
--- /dev/null
+++ b/software/kvm/instance-frontend.cfg
@@ -0,0 +1,148 @@
+#############################
+#
+# Instanciate kvm frontend
+#
+#############################
+[buildout]
+parts =
+  logrotate
+#   logrotate-entry-frontend
+  cron
+  cron-entry-logrotate
+  ca-frontend
+  certificate-authority
+  frontend-promise
+  publish-kvm-frontend-connection-information
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+[rootdirectory]
+recipe = slapos.cookbook:mkdirectory
+etc = $${buildout:directory}/etc
+bin = $${buildout:directory}/bin
+srv = $${buildout:directory}/srv
+var = $${buildout:directory}/var
+
+[basedirectory]
+recipe = slapos.cookbook:mkdirectory
+services = $${rootdirectory:etc}/run
+promises = $${rootdirectory:etc}/promise
+nodejs-conf = $${rootdirectory:etc}/nodejs
+run = $${rootdirectory:var}/run
+log = $${rootdirectory:var}/log
+ca-dir = $${rootdirectory:srv}/ssl
+backup = $${rootdirectory:srv}/backup
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+cron-entries = $${rootdirectory:etc}/cron.d
+crontabs = $${rootdirectory:etc}/crontabs
+cronstamps = $${rootdirectory:etc}/cronstamps
+ca-dir = $${rootdirectory:srv}/ssl
+logrotate-backup = $${basedirectory:backup}/logrotate
+logrotate-entries = $${rootdirectory:etc}/logrotate.d
+
+[frontend-instance]
+recipe = slapos.cookbook:kvm.frontend
+domain = $${ca-frontend:name}
+# port = $${slap-parameter:port}
+ip = $${slap-network-information:global-ipv6}
+port = $${slap-parameter:port}
+http-redirection = $${slap-parameter:http-redirection}
+ssl-key-path = $${ca-frontend:key-file}
+ssl-cert-path = $${ca-frontend:cert-file}
+slave-instance-list = $${slap-parameter:slave_instance_list}
+map-path = $${basedirectory:nodejs-conf}/proxy_table.json
+conf-path = $${basedirectory:nodejs-conf}/kvm-proxy.js
+wrapper-path = $${rootdirectory:bin}/kvm_frontend
+node-binary = ${nodejs:location}/bin/node
+node-env = ${buildout:parts-directory}:${npm-modules:location}/node_modules
+shell-path = ${dash:location}/bin/dash
+
+[frontend-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${basedirectory:promises}/frontend_promise
+hostname = $${frontend-instance:ip}
+port = $${frontend-instance:port}
+
+[certificate-authority]
+recipe = slapos.cookbook:certificate_authority
+openssl-binary = ${openssl:location}/bin/openssl
+ca-dir = $${basedirectory:ca-dir}
+requests-directory = $${cadirectory:requests}
+wrapper = $${basedirectory:services}/certificate_authority
+ca-private = $${cadirectory:private}
+ca-certs = $${cadirectory:certs}
+ca-newcerts = $${cadirectory:newcerts}
+ca-crl = $${cadirectory:crl}
+
+[cadirectory]
+recipe = slapos.cookbook:mkdirectory
+requests = $${basedirectory:ca-dir}/requests/
+private = $${basedirectory:ca-dir}/private/
+certs = $${basedirectory:ca-dir}/certs/
+newcerts = $${basedirectory:ca-dir}/newcerts/
+crl = $${basedirectory:ca-dir}/crl/
+
+[ca-frontend]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = $${basedirectory:nodejs-conf}/nodejs.key
+cert-file = $${basedirectory:nodejs-conf}/nodejs.crt
+executable = $${frontend-instance:wrapper-path}
+wrapper = $${basedirectory:services}/nodejs
+# Put domain name
+name = $${slap-parameter:domain}
+
+[cron]
+recipe = slapos.cookbook:cron
+dcrond-binary = ${dcron:location}/sbin/crond
+cron-entries = $${directory:cron-entries}
+crontabs = $${directory:crontabs}
+cronstamps = $${directory:cronstamps}
+catcher = $${cron-simplelogger:wrapper}
+binary = $${basedirectory:services}/crond
+
+[cron-simplelogger]
+recipe = slapos.cookbook:simplelogger
+wrapper = $${rootdirectory:bin}/cron_simplelogger
+log = $${basedirectory:log}/cron.log
+
+[cron-entry-logrotate]
+<= cron
+recipe = slapos.cookbook:cron.d
+name = logrotate
+frequency = 0 0 * * *
+command = $${logrotate:wrapper}
+
+[logrotate]
+recipe = slapos.cookbook:logrotate
+# Binaries
+logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
+gzip-binary = ${gzip:location}/bin/gzip
+gunzip-binary = ${gzip:location}/bin/gunzip
+# Directories
+wrapper = $${rootdirectory:bin}/logrotate
+conf = $${rootdirectory:etc}/logrotate.conf
+logrotate-entries = $${directory:logrotate-entries}
+backup = $${directory:logrotate-backup}
+state-file = $${rootdirectory:srv}/logrotate.status
+
+[publish-kvm-frontend-connection-information]
+recipe = slapos.cookbook:publish
+ip = $${frontend-instance:ip}
+port = $${frontend-instance:port}
+
+[slap-parameter]
+# Default value if no port is specified
+port = 4443
+http-redirection = 0
+
+# [logrotate-entry-frontend]
+# <= logrotate
+# recipe = slapos.cookbook:logrotate.d
+# name = frontend
+# log = $${mariadb-instance:error-log} $${mariadb-instance:slow-query-log}
+# post = $${mariadb-instance:mysql-binary} --no-defaults -B --socket=$${mariadb-instance:socket} -e "FLUSH LOGS"
diff --git a/software/kvm/instance-kvm.cfg b/software/kvm/instance-kvm.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..bfd9715ba9cbaecca2f66a5bf87a8e699daa6ea8
--- /dev/null
+++ b/software/kvm/instance-kvm.cfg
@@ -0,0 +1,136 @@
+#############################
+#
+# Instanciate kvm
+#
+#############################
+[buildout]
+parts =
+  request-slave-frontend
+  certificate-authority
+  kvm-promise
+  novnc-promise
+  publish-kvm-connection-information
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+[rootdirectory]
+recipe = slapos.cookbook:mkdirectory
+etc = $${buildout:directory}/etc
+bin = $${buildout:directory}/bin
+srv = $${buildout:directory}/srv
+var = $${buildout:directory}/var
+
+[basedirectory]
+recipe = slapos.cookbook:mkdirectory
+services = $${rootdirectory:etc}/run
+promises = $${rootdirectory:etc}/promise
+novnc-conf = $${rootdirectory:etc}/novnc
+run = $${rootdirectory:var}/run
+ca-dir = $${rootdirectory:srv}/ssl
+
+[create-mac]
+recipe = slapos.cookbook:generate.mac
+
+[kvm-instance]
+recipe = slapos.cookbook:kvm
+vnc-ip = $${slap-network-information:local-ipv4}
+vnc-port = 5901
+nbd-ip = $${slap-parameter:nbd_ip}
+nbd-port = $${slap-parameter:nbd_port}
+tap = $${slap-network-information:network-interface}
+disk-path = $${rootdirectory:srv}/virtual.qcow2
+disk-size = 10
+socket-path = $${rootdirectory:var}/qmp_socket
+pid-path = $${basedirectory:run}/pid_file
+smp-count = 1
+ram-size = 1024
+mac-address = $${create-mac:mac-address}
+runner-path = $${basedirectory:services}/kvm
+controller-path = $${basedirectory:services}/kvm_controller
+shell-path = ${dash:location}/bin/dash
+qemu-path = ${kvm:location}/bin/qemu-system-x86_64
+qemu-img-path = ${kvm:location}/bin/qemu-img
+
+[kvm-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${basedirectory:promises}/vnc_promise
+hostname = $${kvm-instance:vnc-ip}
+port = $${kvm-instance:vnc-port}
+
+[novnc-instance]
+recipe = slapos.cookbook:novnc
+path = $${ca-novnc:executable}
+ip = $${slap-network-information:global-ipv6}
+port = 6080
+vnc-ip = $${kvm-instance:vnc-ip}
+vnc-port = $${kvm-instance:vnc-port}
+novnc-location = ${noVNC:location}
+websockify-path = ${buildout:directory}/bin/websockify
+ssl-key-path = $${ca-novnc:key-file}
+ssl-cert-path = $${ca-novnc:cert-file}
+
+[certificate-authority]
+recipe = slapos.cookbook:certificate_authority
+openssl-binary = ${openssl:location}/bin/openssl
+ca-dir = $${basedirectory:ca-dir}
+requests-directory = $${cadirectory:requests}
+wrapper = $${basedirectory:services}/certificate_authority
+ca-private = $${cadirectory:private}
+ca-certs = $${cadirectory:certs}
+ca-newcerts = $${cadirectory:newcerts}
+ca-crl = $${cadirectory:crl}
+
+[cadirectory]
+recipe = slapos.cookbook:mkdirectory
+requests = $${basedirectory:ca-dir}/requests/
+private = $${basedirectory:ca-dir}/private/
+certs = $${basedirectory:ca-dir}/certs/
+newcerts = $${basedirectory:ca-dir}/newcerts/
+crl = $${basedirectory:ca-dir}/crl/
+
+[ca-novnc]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = $${basedirectory:novnc-conf}/novnc.key
+cert-file = $${basedirectory:novnc-conf}/novnc.crt
+executable = $${rootdirectory:bin}/novnc
+wrapper = $${basedirectory:services}/websockify
+
+[novnc-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${basedirectory:promises}/novnc_promise
+hostname = $${novnc-instance:ip}
+port = $${novnc-instance:port}
+
+[kvm-monitor]
+recipe = slapos.cookbook:generic.slapmonitor
+db-path = $${rootdirectory:srv}/slapmonitor_database
+
+[request-common]
+recipe = slapos.cookbook:request
+software-url = $${slap-connection:software-release-url}
+sla = computer_guid
+sla-computer_guid = $${slap-connection:computer-id}
+server-url = $${slap-connection:server-url}
+key-file = $${slap-connection:key-file}
+cert-file = $${slap-connection:cert-file}
+computer-id = $${slap-connection:computer-id}
+partition-id = $${slap-connection:partition-id}
+
+[request-slave-frontend]
+<=request-common
+name = SlaveFrontend
+software-type = frontend
+slave = true
+config = host port
+config-host = $${novnc-instance:ip}
+config-port = $${novnc-instance:port}
+return = url resource port domainname
+
+[publish-kvm-connection-information]
+recipe = slapos.cookbook:publish
+backend_url = https://[$${novnc-instance:ip}]:$${novnc-instance:port}/vnc_auto.html?host=[$${novnc-instance:ip}]&port=$${novnc-instance:port}&encrypt=1
+url = $${request-slave-frontend:connection-url}/vnc_auto.html?host=$${request-slave-frontend:connection-domainname}&port=$${request-slave-frontend:connection-port}&encrypt=1&path=$${request-slave-frontend:connection-resource}
+password = $${kvm-instance:passwd}
diff --git a/software/kvm/instance-kvmplus.cfg b/software/kvm/instance-kvmplus.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..1babe8bf0c4de089a06c9505d9148b0bf03b4a87
--- /dev/null
+++ b/software/kvm/instance-kvmplus.cfg
@@ -0,0 +1,27 @@
+#############################
+#
+# Instanciate kvm+
+#
+#############################
+[buildout]
+extends = instance-kvm.cfg
+
+[kvm-instance]
+recipe = slapos.cookbook:kvm
+vnc-ip = $${slap-network-information:local-ipv4}
+vnc-port = 5901
+nbd-ip = $${slap-parameter:nbd_ip}
+nbd-port = $${slap-parameter:nbd_port}
+tap = $${slap-network-information:network-interface}
+disk-path = $${rootdirectory:srv}/virtual.qcow2
+disk-size = 20
+socket-path = $${rootdirectory:var}/qmp_socket
+pid-path = $${basedirectory:run}/pid_file
+smp-count = 2
+ram-size = 2048
+mac-address = $${create-mac:mac-address}
+runner-path = $${basedirectory:services}/kvm
+controller-path = $${basedirectory:services}/kvm_controller
+shell-path = ${dash:location}/bin/dash
+qemu-path = ${kvm:location}/bin/qemu-system-x86_64
+qemu-img-path = ${kvm:location}/bin/qemu-img
diff --git a/software/kvm/instance-nbd.cfg b/software/kvm/instance-nbd.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..9df5cfcf508fd4dab3bb10e32eadbc041979c748
--- /dev/null
+++ b/software/kvm/instance-nbd.cfg
@@ -0,0 +1,63 @@
+#############################
+#
+# Instanciate nbdserver
+#
+#############################
+[buildout]
+parts =
+  nbd-promise
+  onetimeupload-promise
+  publish-connection-information
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+[rootdirectory]
+recipe = slapos.cookbook:mkdirectory
+etc = $${buildout:directory}/etc
+srv = $${buildout:directory}/srv
+log = $${buildout:directory}/log
+
+[basedirectory]
+recipe = slapos.cookbook:mkdirectory
+services = $${rootdirectory:etc}/run
+promises = $${rootdirectory:etc}/promise
+
+[nbd-instance]
+recipe = slapos.cookbook:nbdserver
+ip = $${slap-network-information:global-ipv6}
+port = 1024
+image-path = $${onetimeupload-instance:image-path}
+qemu-path = ${kvm:location}/bin/qemu-nbd
+shell-path = ${dash:location}/bin/dash
+# XXX TODO: Wait for the iso to be uploaded (execute_wait)
+path = $${basedirectory:services}/nbdserver
+
+[nbd-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${basedirectory:promises}/nbd_promise
+hostname = $${nbd-instance:ip}
+port = $${nbd-instance:port}
+
+[onetimeupload-instance]
+recipe = slapos.cookbook:generic.onetimeupload
+ip = $${slap-network-information:global-ipv6}
+port = 9999
+image-path = $${rootdirectory:srv}/cdrom.iso
+log-path = $${rootdirectory:log}/onetimeupload.log
+shell-path = ${dash:location}/bin/dash
+onetimeupload-path = ${buildout:bin-directory}/onetimeupload
+path = $${basedirectory:services}/onetimeupload
+
+[onetimeupload-promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${basedirectory:promises}/onetimeupload_promise
+hostname = $${onetimeupload-instance:ip}
+port = $${onetimeupload-instance:port}
+
+[publish-connection-information]
+recipe = slapos.cookbook:publish
+nbd_url = nbd://[$${nbd-instance:ip}]:$${nbd-instance:port}
+upload_url = http://[$${onetimeupload-instance:ip}]:$${onetimeupload-instance:port}/
+upload_key = $${onetimeupload-instance:key}
diff --git a/software/kvm/instance.cfg b/software/kvm/instance.cfg
index 65041a3f9aff4c2f506ad283d6b5520aec5233ce..8d44ea5663dd9c71d101a97d0a149a16602a6964 100644
--- a/software/kvm/instance.cfg
+++ b/software/kvm/instance.cfg
@@ -1,22 +1,24 @@
 [buildout]
 parts =
-  kvminstance
+  switch-softwaretype
 
 eggs-directory = ${buildout:eggs-directory}
-develop-eggs-directory = ${buildout:develop-eggs-directory} 
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
 
-[kvminstance]
-recipe = slapos.cookbook:kvm
-qemu_path = ${kvm:location}/bin/qemu-system-x86_64
-qemu_img_path = ${kvm:location}/bin/qemu-img
-#slapmonitor_path = ${buildout:bin-directory}/slapmonitor
-#slapreport_path = ${buildout:bin-directory}/slapreport
-websockify = ${buildout:directory}/bin/websockify
-noVNC_location = ${noVNC:location}
-openssl_binary = ${openssl:location}/bin/openssl
-rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
-dcrond_binary = ${dcron:location}/sbin/crond
+[switch-softwaretype]
+recipe = slapos.cookbook:softwaretype
+default = ${template-kvm:output}
+kvm = ${template-kvm:output}
+kvm+ = ${template-kvmplus:output}
+nbd = ${template-nbd:output}
+frontend = ${template-frontend:output}
 
-smp_count = 1
-ram_size = 1024
-disk_size = 10
+[slap-connection]
+# part to migrate to new - separated words
+computer-id = $${slap_connection:computer_id}
+partition-id = $${slap_connection:partition_id}
+server-url = $${slap_connection:server_url}
+software-release-url = $${slap_connection:software_release_url}
+key-file = $${slap_connection:key_file}
+cert-file = $${slap_connection:cert_file}
diff --git a/software/kvm/software.cfg b/software/kvm/software.cfg
index 541d80f78fdac489e51223edd05641e564ccdf69..5100d46b330b8ffff16631e5af90e1494637068a 100644
--- a/software/kvm/software.cfg
+++ b/software/kvm/software.cfg
@@ -3,46 +3,37 @@ extensions =
   buildout-versions
   
 extends =
+  ../../component/gzip/buildout.cfg
   ../../component/dcron/buildout.cfg
+  ../../component/logrotate/buildout.cfg
   ../../component/git/buildout.cfg
   ../../component/gnutls/buildout.cfg
   ../../component/libpng/buildout.cfg
   ../../component/libuuid/buildout.cfg
-  ../../component/lxml-python/buildout.cfg
   ../../component/noVNC/buildout.cfg
   ../../component/openssl/buildout.cfg
-  ../../component/python-2.7/buildout.cfg
-  ../../component/rdiff-backup/buildout.cfg
-  ../../stack/shacache-client.cfg
+  ../../component/dash/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+  ../../stack/nodejs.cfg
 
 develop =
   ${:parts-directory}/websockify
 
 parts =
   template
+  dash
   kvm
   eggs
   check-local-eggs
-
-find-links +=
-  http://www.nexedi.org/static/packages/source/slapos.buildout/
+  nodejs
+  http-proxy
+  proxy-by-url
+  npm-modules
+  dcron
+  logrotate
 
 versions = versions
 
-# Use only quite well working sites.
-allow-hosts =
-  *.nexedi.org
-  *.python.org
-  *.sourceforge.net
-  alastairs-place.net
-  dist.repoze.org
-  effbot.org
-  github.com
-  peak.telecommunity.com
-  psutil.googlecode.com
-  www.dabeaz.com
-  www.owlfish.com
-
 #XXX-Cedric : Currently, one can only access to KVM using noVNC.
 #             Ideally one should be able to access KVM by using either NoVNC or VNC.
 #             Problem is : no native crypto support in web browsers. So we have to disable ssl
@@ -54,15 +45,14 @@ allow-hosts =
 #            Websockify (socket <-> websocket proxy server) when it is ready.
 #            May solve previous XXX depending on the implementation.
 
-#XXX-Cedric: Check status of 
-#            https://www.tiolive.com/nexedi/bug_module/20110819-11F4F70 for
-#            Chrome >= 14 and Firefox >=7 can access to noVNC. (should be solved)
-
 #XXX-Cedric : add list of keyboard layouts (azerty/us querty/...) parameter to qemu
 
 [kvm]
 recipe = hexagonit.recipe.cmmi
 url = http://downloads.sourceforge.net/project/kvm/qemu-kvm/0.15.1/qemu-kvm-0.15.1.tar.gz
+# XXX-Cedric : Upgrade to 1.0
+# url = http://downloads.sourceforge.net/project/kvm/qemu-kvm/1.0/qemu-kvm-1.0.tar.gz
+# md5sum = 00a825db46a70ba8ef9fc95da9cc7c1e
 md5sum = 8800a7d6b3aa4a168ea7f78dc66c0320
 configure-options =
   --disable-sdl
@@ -76,7 +66,7 @@ configure-options =
   --enable-vnc-png
   --disable-vnc-jpeg
   --extra-cflags="-I${gnutls:location}/include -I${libuuid:location}/include -I${zlib:location}/include -I${libpng:location}/include"
-  --extra-ldflags="-Wl,-rpath -Wl,${glib:location}/lib -L${glib:location}/lib -Wl,-rpath -Wl,${gnutls:location}/lib -L${gnutls:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib -L${libpng:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lpng -lz -lgnutls"
+  --extra-ldflags="-Wl,-rpath -Wl,${glib:location}/lib -L${glib:location}/lib -Wl,-rpath -Wl,${gnutls:location}/lib -L${gnutls:location}/lib -Wl,-rpath -Wl,${gpg-error:location}/lib -L${gpg-error:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib -L${libpng:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lpng -lz -lgnutls"
   --disable-werror
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
@@ -86,8 +76,8 @@ environment =
 # XXX-Cedric : use official egg from pypi when it is released
 recipe = plone.recipe.command
 stop-on-error = true
-commit = e7363f43443deb9982bdb5c3db50eec475584b06
-repository = https://github.com/desaintmartin/websockify.git
+commit = 301f3ae580557da47fa5ea2050aa671ce9c5a1a0
+repository = https://github.com/SlapOS/websockify.git
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 git-binary = ${git:location}/bin/git
 command = export GIT_SSL_NO_VERIFY=true; (${:git-binary} clone --quiet ${:repository} ${:location} && cd ${:location} && ${:git-binary} reset --hard ${:commit}) || (rm -fr ${:location}; exit 1)
@@ -101,83 +91,199 @@ command = grep parts ${buildout:develop-eggs-directory}/websockify.egg-link
 depends = ${eggs:dummy}
 
 [eggs]
-python = python2.7
 recipe = z3c.recipe.scripts
 dummy =
   ${websockify:location}
 eggs =
   ${lxml-python:egg}
-  slapos.cookbook
   websockify
-  
+  slapos.cookbook
+  slapos.toolbox
+
+[http-proxy]
+# https://github.com/nodejitsu/node-http-proxy
+recipe = slapos.recipe.build:download-unpacked
+#XXX-Cedric : use upstream when merged
+url = https://nodeload.github.com/desaintmartin/node-http-proxy/zipball/master
+md5sum = 20204d0b29c2cef26e1c91e99eedca6b
+
+[proxy-by-url]
+# https://github.com/dominictarr/proxy-by-url
+recipe = slapos.recipe.build:download-unpacked
+#XXX-Cedric : use upstream when merged
+url = https://nodeload.github.com/desaintmartin/proxy-by-url/zipball/master
+md5sum = c2609948aa708581f93b981b23880314
+
+[npm-modules]
+recipe = plone.recipe.command
+destination = ${buildout:parts-directory}/${:_buildout_section_name_}
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+command =
+  rm -fr ${:destination} &&
+  mkdir -p ${:destination} &&
+  cd ${:destination} &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install colors@0.6.0-1 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install socket.io@0.8.7 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install socket.io-client@0.8.7 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install optimist@0.3.1 &&
+  ${nodejs:location}/bin/node ${nodejs:location}/bin/npm install pkginfo@0.2.3
+
+
+[template-kvm]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-kvm.cfg
+md5sum = b6572c018e44d4676e76805116bcade0
+output = ${buildout:directory}/template-kvm.cfg
+mode = 0644
+
+[template-kvmplus]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-kvmplus.cfg
+md5sum = 2e35c5b2ac9ee51d8f98fb1199f011c4
+output = ${buildout:directory}/template-kvmplus.cfg
+mode = 0644
+
+[template-nbd]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-nbd.cfg
+md5sum = 7691fadfc8d4392c58ac1bf0ebd5aaf2
+output = ${buildout:directory}/template-nbd.cfg
+mode = 0644
+
+[template-frontend]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-frontend.cfg
+md5sum = 123bf4e5bea9e86c03b62e9afb8ca04b
+output = ${buildout:directory}/template-frontend.cfg
+mode = 0644
+
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
-md5sum = 298b146e4efce41bfd58b3f85d064ff1
+md5sum = 68788763d23f70f24b9e575871c903a8
 output = ${buildout:directory}/template.cfg
 mode = 0644
 
-[versions]
-zc.buildout = 1.5.3-dev-SlapOS-010
+[networkcache]
+# signature certificates of the following uploaders.
+#   Romain Courteaud
+#   Cedric de Saint Martin
+signature-certificate-list =
+  -----BEGIN CERTIFICATE-----
+  MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJGUjEZMBcGA1UE
+  CBMQRGVmYXVsdCBQcm92aW5jZTEPMA0GA1UEChMGTmV4ZWRpMB4XDTExMDkxNTA5
+  MDAwMloXDTEyMDkxNTA5MDAwMlowOTELMAkGA1UEBhMCRlIxGTAXBgNVBAgTEERl
+  ZmF1bHQgUHJvdmluY2UxDzANBgNVBAoTBk5leGVkaTCBnzANBgkqhkiG9w0BAQEF
+  AAOBjQAwgYkCgYEApYZv6OstoqNzxG1KI6iE5U4Ts2Xx9lgLeUGAMyfJLyMmRLhw
+  boKOyJ9Xke4dncoBAyNPokUR6iWOcnPHtMvNOsBFZ2f7VA28em3+E1JRYdeNUEtX
+  Z0s3HjcouaNAnPfjFTXHYj4um1wOw2cURSPuU5dpzKBbV+/QCb5DLheynisCAwEA
+  ATANBgkqhkiG9w0BAQsFAAOBgQBCZLbTVdrw3RZlVVMFezSHrhBYKAukTwZrNmJX
+  mHqi2tN8tNo6FX+wmxUUAf3e8R2Ymbdbn2bfbPpcKQ2fG7PuKGvhwMG3BlF9paEC
+  q7jdfWO18Zp/BG7tagz0jmmC4y/8akzHsVlruo2+2du2freE8dK746uoMlXlP93g
+  QUUGLQ==
+  -----END CERTIFICATE-----
+  -----BEGIN CERTIFICATE-----
+  MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+  BAMMCENPTVAtMjMyMCAXDTEyMDIxNjExMTAyM1oYDzIxMTIwMTIzMTExMDIzWjAT
+  MREwDwYDVQQDDAhDT01QLTIzMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+  wi/3Z8W9pUiegUXIk/AiFDQ0UJ4JFAwjqr+HSRUirlUsHHT+8DzH/hfcTDX1I5BB
+  D1ADk+ydXjMm3OZrQcXjn29OUfM5C+g+oqeMnYQImN0DDQIOcUyr7AJc4xhvuXQ1
+  P2pJ5NOd3tbd0kexETa1LVhR6EgBC25LyRBRae76qosCAwEAAaNQME4wHQYDVR0O
+  BBYEFMDmW9aFy1sKTfCpcRkYnP6zUd1cMB8GA1UdIwQYMBaAFMDmW9aFy1sKTfCp
+  cRkYnP6zUd1cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAskbFizHr
+  b6d3iIyN+wffxz/V9epbKIZVEGJd/6LrTdLiUfJPec7FaxVCWNyKBlCpINBM7cEV
+  Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby
+  If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY=
+  -----END CERTIFICATE-----
 
-slapos.cookbook = 0.37
+[versions]
 Jinja2 = 2.6
-Werkzeug = 0.8.1
+Werkzeug = 0.8.3
+apache-libcloud = 0.8.0
+async = 0.6.1
 buildout-versions = 1.7
+gitdb = 0.5.4
 hexagonit.recipe.cmmi = 1.5.0
-lxml = 2.3.2
-meld3 = 0.6.7
+lxml = 2.3.3
+meld3 = 0.6.8
 plone.recipe.command = 1.1
+pycrypto = 2.5
+slapos.cookbook = 0.41
+slapos.recipe.build = 0.7
 slapos.recipe.template = 2.2
+slapos.toolbox = 0.18
+smmap = 0.8.2
 z3c.recipe.scripts = 1.0.1
 
 # Required by:
-# slapos.core==0.20
+# slapos.core==0.23
+# slapos.toolbox==0.18
 Flask = 0.8
 
 # Required by:
-# slapos.cookbook==0.37
+# slapos.toolbox==0.18
+GitPython = 0.3.2.RC1
+
+# Required by:
+# slapos.cookbook==0.41
 PyXML = 0.8.4
 
 # Required by:
-# hexagonit.recipe.cmmi==1.5.0
-hexagonit.recipe.download = 1.5.0
+# slapos.toolbox==0.18
+atomize = 0.1.1
+
+# Required by:
+# slapos.toolbox==0.18
+feedparser = 5.1.1
+
+# Required by:
+# slapos.cookbook==0.41
+inotifyx = 0.2.0
 
 # Required by:
-# slapos.cookbook==0.37
+# slapos.cookbook==0.41
 netaddr = 0.7.6
 
 # Required by:
-# slapos.core==0.20
-netifaces = 0.6
+# slapos.core==0.23
+netifaces = 0.8
 
 # Required by:
 # websockify==0.1-dev
 numpy = 1.6.1
 
 # Required by:
-# slapos.cookbook==0.37
-# slapos.core==0.20
-# zc.buildout==1.5.3-dev-SlapOS-010
-# zc.recipe.egg==1.3.2
+# slapos.toolbox==0.18
+paramiko = 1.7.7.1
+
+# Required by:
+# slapos.toolbox==0.18
+psutil = 0.4.1
+
+# Required by:
+# slapos.cookbook==0.41
+# slapos.core==0.23
+# slapos.toolbox==0.18
 setuptools = 0.6c12dev-r88846
 
 # Required by:
-# slapos.cookbook==0.37
-slapos.core = 0.20
+# slapos.cookbook==0.41
+# slapos.toolbox==0.18
+slapos.core = 0.23
 
 # Required by:
-# slapos.core==0.20
-supervisor = 3.0a10
+# slapos.core==0.23
+supervisor = 3.0a12
 
 # Required by:
-# slapos.cookbook==0.37
+# slapos.cookbook==0.41
+# slapos.toolbox==0.18
 xml-marshaller = 0.9.7
 
 # Required by:
-# slapos.cookbook==0.37
+# slapos.cookbook==0.41
 zc.recipe.egg = 1.3.2
 
 # Required by:
-# slapos.core==0.20
+# slapos.core==0.23
 zope.interface = 3.8.0
\ No newline at end of file
diff --git a/software/lamp-template/software.cfg b/software/lamp-template/software.cfg
index a27faf2786f1df777788547bae708982957b2e49..de0023c8ea855d2f7483b42d78bf67290025020d 100644
--- a/software/lamp-template/software.cfg
+++ b/software/lamp-template/software.cfg
@@ -7,7 +7,6 @@ parts =
   mariadb
   eggs
   instance-recipe-egg
-  downloadcache-workaround
   
 extends =
   ../../stack/lamp.cfg
@@ -18,7 +17,6 @@ url = Student shall put here url of zipped or tarballed web page or application
 md5sum = Student may put here md5sum of this file, this is good idea
 #If provided tarball does not contain top directory, option shall be changed to false
 strip-top-level-dir = true
-#extract-directory = 
 
 [application-template]
 recipe = slapos.recipe.download
@@ -43,91 +41,7 @@ url = ${:_profile_base_location_}/instance.cfg
 output = ${buildout:directory}/template.cfg
 mode = 0644
 
-[mariadb]
-keep-compile-dir = false
-
 [instance-recipe-egg]
 recipe = zc.recipe.egg
 eggs = 
   ${instance-recipe:egg}
-
-[versions]
-# Use SlapOS patched zc.buildout
-zc.buildout = 1.6.0-dev-SlapOS-003
-# Generated by buildout-versions
-Jinja2 = 2.6
-Werkzeug = 0.8.2
-buildout-versions = 1.7
-hexagonit.recipe.cmmi = 1.5.0
-meld3 = 0.6.8
-plone.recipe.command = 1.1
-slapos.cookbook = 0.20
-slapos.recipe.build = 0.7
-slapos.recipe.download = 1.0.dev-r4053
-slapos.recipe.template = 2.2
-
-# Required by:
-# slapos.core==0.21
-Flask = 0.8
-
-# Required by:
-# slapos.cookbook==0.38
-PyXML = 0.8.4
-
-# Required by:
-# hexagonit.recipe.cmmi==1.5.0
-hexagonit.recipe.download = 1.5.0
-
-# Required by:
-# slapos.cookbook==0.38
-# slapos.core==0.21
-# xml-marshaller==0.9.7
-lxml = 2.3.3
-
-# Required by:
-# slapos.cookbook==0.38
-netaddr = 0.7.6
-
-# Required by:
-# slapos.core==0.21
-netifaces = 0.6
-
-# Required by:
-# slapos.cookbook==0.38
-# slapos.core==0.21
-# zc.buildout==1.6.0-dev-SlapOS-003
-# zc.recipe.egg==1.3.2
-setuptools = 0.6c12dev-r88846
-
-# Required by:
-# slapos.cookbook==0.38
-slapos.core = 0.21
-
-# Required by:
-# slapos.core==0.21
-supervisor = 3.0a12
-
-# Required by:
-# slapos.cookbook==0.38
-xml-marshaller = 0.9.7
-
-# Required by:
-# slapos.cookbook==0.38
-zc.recipe.egg = 1.3.2
-
-# Required by:
-# slapos.core==0.21
-zope.interface = 3.8.0
-
-[downloadcache-workaround]
-# workaround irritating problem of hexagonit.recipe.cmmi which automatically
-# creates download cache, which in turn switches builout to "semi-offline" mode
-recipe = plone.recipe.command
-# in hexagonit.recipe.cmmi if there is no ${buildout:download-cache} set it resolves
-# to ${buildout:directory}/downloads but this variable is available late, that's
-# why it is hardcoded only for required case
-download-cache = ${buildout:directory}/downloads
-command = [ -d ${:download-cache} ] && rm -fr ${:download-cache}/* || exit 0
-update-command = ${:command}
-stop-on-error = True
-
diff --git a/software/nbd/instance.cfg b/software/nbd/instance.cfg
deleted file mode 100644
index dcc2d0a62cecc520e7d3eb37c39af67d713d091e..0000000000000000000000000000000000000000
--- a/software/nbd/instance.cfg
+++ /dev/null
@@ -1,11 +0,0 @@
-[buildout]
-parts =
-  nbdserverinstance
-
-eggs-directory = ${buildout:eggs-directory}
-develop-eggs-directory = ${buildout:develop-eggs-directory} 
-
-[nbdserverinstance]
-recipe = ${instance-recipe:egg}:${instance-recipe:module}
-qemu_path = ${nbdserver:location}/bin/qemu-nbd
-onetimeupload_path = ${buildout:bin-directory}/onetimeupload
diff --git a/software/nbd/software.cfg b/software/nbd/software.cfg
deleted file mode 100644
index 2735046e37ff296efde2ea571b7584131d6fe314..0000000000000000000000000000000000000000
--- a/software/nbd/software.cfg
+++ /dev/null
@@ -1,20 +0,0 @@
-[buildout]
-
-extends =
-  ../../stack/nbd.cfg
-  ../../stack/shacache-client.cfg
-
-parts +=
-  template
-
-[template]
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/instance.cfg
-md5sum = 82e948e1c0cb0d5540ef185edeef3ec3
-output = ${buildout:directory}/template.cfg
-mode = 0644
-
-[versions]
-# XXX-CEDRIC Quick and dirty workaround to avoid m2crypto problems.
-# should not be used elsewhere unless for urgent cases. 
-slapos.libnetworkcache = 0.2
diff --git a/software/slaprunner/instance.cfg b/software/slaprunner/instance.cfg
index f9427ba5b784e6b1a80dd1c813a584f300376d98..182887a686342b03b7a68db2bd14de3dc3cf0242 100644
--- a/software/slaprunner/instance.cfg
+++ b/software/slaprunner/instance.cfg
@@ -16,6 +16,8 @@ slapgrid_cp = ${buildout:directory}/bin/slapgrid-cp
 slapproxy = ${buildout:directory}/bin/slapproxy
 supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
 git = ${git:location}/bin/git
+node-bin = ${nodejs-0.4:location}/bin/node
+cloud9 = ${cloud9:location}/bin/cloud9.js
 ssh_client = $${sshkeys-dropbear:wrapper}
 public_key = $${sshkeys-dropbear:public-key}
 private_key = $${sshkeys-dropbear:private-key}
@@ -62,4 +64,4 @@ bin = $${buildout:directory}/bin/
 recipe = slapos.cookbook:mkdirectory
 sshkeys = $${rootdirectory:srv}/sshkeys
 services = $${rootdirectory:etc}/run/
-ssh = $${rootdirectory:etc}/ssh/
+ssh = $${rootdirectory:etc}/ssh/
\ No newline at end of file
diff --git a/software/slaprunner/software.cfg b/software/slaprunner/software.cfg
index 8a2e90bb72e9f594dcafa5111ebc8b20e8f445e2..e6ee0edd7a7d68ece8108b9dee768aeca0d2030e 100644
--- a/software/slaprunner/software.cfg
+++ b/software/slaprunner/software.cfg
@@ -1,4 +1,5 @@
 [buildout]
+
 extensions =
   buildout-versions
 
@@ -8,6 +9,7 @@ extends =
   ../../stack/shacache-client.cfg
   ../../component/dropbear/buildout.cfg
   ../../component/git/buildout.cfg
+  ../../component/cloud9/buildout.cfg
 
 parts =
   template
@@ -31,7 +33,7 @@ recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
 output = ${buildout:directory}/template.cfg
 mode = 0644
-md5sum = cd69efd5c3a7e9adca7387b9a401590a
+md5sum = 7cfd248cdc6fa6cbb4957d25a0aed884
 
 [eggs]
 eggs +=
@@ -60,6 +62,7 @@ signature-certificate-list =
 [versions]
 # Use SlapOS patched zc.buildout
 zc.buildout = 1.6.0-dev-SlapOS-003
+
 Jinja2 = 2.6
 Werkzeug = 0.8.3
 apache-libcloud = 0.8.0
@@ -68,68 +71,65 @@ buildout-versions = 1.7
 gitdb = 0.5.4
 hexagonit.recipe.cmmi = 1.5.0
 meld3 = 0.6.8
+plone.recipe.command = 1.1
 pycrypto = 2.5
-slapos.cookbook = 0.39
+slapos.cookbook = 0.45
 slapos.libnetworkcache = 0.12
-slapos.recipe.template = 2.2
-slapos.toolbox = 0.18
+slapos.recipe.template = 2.3
+slapos.toolbox = 0.20
 smmap = 0.8.2
 
 # Required by:
-# slapos.core==0.22
+# slapos.core==0.24
 Flask = 0.8
 
 # Required by:
-# slapos.toolbox==0.18
+# slapos.toolbox==0.20
 GitPython = 0.3.2.RC1
 
 # Required by:
-# slapos.cookbook==0.39
+# slapos.cookbook==0.45
 PyXML = 0.8.4
 
 # Required by:
-# slapos.toolbox==0.18
+# slapos.toolbox==0.20
 atomize = 0.1.1
 
 # Required by:
-# slapos.toolbox==0.18
-feedparser = 5.1
-
-# Required by:
-# hexagonit.recipe.cmmi==1.5.0
-hexagonit.recipe.download = 1.5.0
+# slapos.toolbox==0.20
+feedparser = 5.1.1
 
 # Required by:
-# slapos.cookbook==0.39
+# slapos.cookbook==0.45
 inotifyx = 0.2.0
 
 # Required by:
-# slapos.cookbook==0.39
-# slapos.core==0.22
+# slapos.cookbook==0.45
+# slapos.core==0.24
 # xml-marshaller==0.9.7
-lxml = 2.3.3
+lxml = 2.3.4
 
 # Required by:
-# slapos.cookbook==0.39
+# slapos.cookbook==0.45
 netaddr = 0.7.6
 
 # Required by:
-# slapos.core==0.22
+# slapos.core==0.24
 netifaces = 0.8
 
 # Required by:
-# slapos.toolbox==0.18
+# slapos.toolbox==0.20
 paramiko = 1.7.7.1
 
 # Required by:
-# slapos.toolbox==0.18
+# slapos.toolbox==0.20
 psutil = 0.4.1
 
 # Required by:
-# slapos.cookbook==0.39
-# slapos.core==0.22
+# slapos.cookbook==0.45
+# slapos.core==0.24
 # slapos.libnetworkcache==0.12
-# slapos.toolbox==0.18
+# slapos.toolbox==0.20
 # supervisor==3.0a12
 # zc.buildout==1.6.0-dev-SlapOS-003
 # zc.recipe.egg==1.3.2
@@ -137,21 +137,21 @@ psutil = 0.4.1
 setuptools = 0.6c12dev-r88846
 
 # Required by:
-# slapos.cookbook==0.39
-slapos.core = 0.22
+# slapos.cookbook==0.45
+slapos.core = 0.24
 
 # Required by:
-# slapos.core==0.22
+# slapos.core==0.24
 supervisor = 3.0a12
 
 # Required by:
-# slapos.cookbook==0.39
+# slapos.cookbook==0.45
 xml-marshaller = 0.9.7
 
 # Required by:
-# slapos.cookbook==0.39
+# slapos.cookbook==0.45
 zc.recipe.egg = 1.3.2
 
 # Required by:
-# slapos.core==0.22
-zope.interface = 3.8.0
+# slapos.core==0.24
+zope.interface = 3.8.0
\ No newline at end of file
diff --git a/software/vifib/software.cfg b/software/vifib/software.cfg
index a4c0e306dba32aa7506d0724d1488a1ae80a64ca..48dd29ac06d72557637e93fc55dae4f49ed83542 100644
--- a/software/vifib/software.cfg
+++ b/software/vifib/software.cfg
@@ -31,8 +31,12 @@ configurator_bt5_list = erp5_core_proxy_field_legacy erp5_full_text_myisam_catal
 [erp5_repository_list]
 repository_id_list += vifib/master
 
+[erp5]
+branch = interaction-drop
+
 [vifib]
 <= erp5
+branch = master
 repository = http://git.erp5.org/repos/slapos.core.git
 revision =
 
diff --git a/stack/cloudooo.cfg b/stack/cloudooo.cfg
index 207d4cefdd8ad501f7cd37fbaa414b0088dbbc7c..00456586c2e6390856a7f9348e82c7b0561fa052 100644
--- a/stack/cloudooo.cfg
+++ b/stack/cloudooo.cfg
@@ -9,7 +9,8 @@ find-links = http://www.nexedi.org/static/packages/source/slapos.buildout/
     http://www.nexedi.org/static/packages/source/
 
 extends =
-  ../component/openoffice-bin/buildout.cfg 
+  ../component/libreoffice-bin/buildout.cfg 
+  ../component/libpng/buildout.cfg
   ../component/lxml-python/buildout.cfg
   ../component/python-2.6/buildout.cfg
   ../component/python-2.7/buildout.cfg
@@ -20,24 +21,26 @@ extends =
   ../component/pdftk/buildout.cfg
   ../component/ffmpeg/buildout.cfg
   ../component/file/buildout.cfg
+  ../component/cloudooo/buildout.cfg
 
 versions = versions
 
 parts =
-  openoffice-bin
+  libreoffice-bin
 
 # basic Xorg
   libXdmcp
   libXext
   libXau
-  libXinerama
   libSM
+  libXrender
 
 # fonts
   liberation-fonts
   ipaex-fonts
 
 # Dependencies
+  libpng12
   imagemagick
   file
   xpdf 
@@ -64,19 +67,6 @@ python = python2.6
 version = 2
 section = python2.7
 
-[lxml-python]
-python = python2.6
-
-[cloudooo]
-recipe = zc.recipe.egg
-python = python2.6
-eggs =
-  ${lxml-python:egg}
-  cloudooo
-  PasteScript
-scripts =
-  paster=cloudooo_paster
-
 [versions]
 # Use SlapOS patched zc.buildout
 zc.buildout = 1.5.3-dev-SlapOS-001
diff --git a/stack/erp5.cfg b/stack/erp5.cfg
index 67a53a4e84fea7b3a0535fce61589d0b81b3e51a..bba2bcb1e72b45a7cd0d79f63ee4fcc8a5d6841b 100644
--- a/stack/erp5.cfg
+++ b/stack/erp5.cfg
@@ -28,10 +28,11 @@ allow-hosts =
   psutil.googlecode.com
   www.dabeaz.com
   www.owlfish.com
+  launchpad.net
 
 extends =
 # Exact version of Zope
-  http://svn.zope.org/repos/main/Zope/tags/2.12.21/versions.cfg
+  http://svn.zope.org/repos/main/Zope/tags/2.12.22/versions.cfg
   ../component/logrotate/buildout.cfg
   ../component/dcron/buildout.cfg
   ../component/file/buildout.cfg
@@ -45,6 +46,7 @@ extends =
   ../component/hookbox/buildout.cfg
   ../component/imagemagick/buildout.cfg
   ../component/kumo/buildout.cfg
+  ../component/libpng/buildout.cfg
   ../component/libreoffice-bin/buildout.cfg
   ../component/lxml-python/buildout.cfg
   ../component/percona-toolkit/buildout.cfg
@@ -72,12 +74,16 @@ extends =
   ../component/sed/buildout.cfg
   ../component/coreutils/buildout.cfg
   ../component/grep/buildout.cfg
+  ../component/dash/buildout.cfg
+  ../component/wget/buildout.cfg
+  ../component/aspell/buildout.cfg
 
 versions = versions
 
 parts =
   itools-build
   rdiff-backup
+  aspell
   apache
   apache-antiloris
   file
@@ -88,6 +94,7 @@ parts =
   stunnel
   w3m
   poppler
+  libpng12
   libpng
   ghostscript
   mariadb
@@ -107,6 +114,8 @@ parts =
   zabbix-agent
   pdftk
   dcron
+  dash
+  wget
 
 # Buildoutish
   eggs
@@ -117,8 +126,8 @@ parts =
   libXdmcp
   libXext
   libXau
-  libXinerama
   libSM
+  libXrender
 
 # fonts
   liberation-fonts
@@ -226,8 +235,8 @@ stop-on-error = true
 repository = http://git.erp5.org/repos/erp5.git
 branch = master
 revision =
-command = ${git:location}/bin/git clone --quiet -b ${:branch} ${:repository} ${:location} && if [ -n "${:revision}" ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi
-update-command = cd ${:location} && ${git:location}/bin/git pull --quiet && if [ -n "${:revision}" ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi
+command = ${git:location}/bin/git clone --quiet --branch ${:branch} ${:repository} ${:location} && if [ -n "${:revision}" ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi
+update-command = cd ${:location} && GIT_COMMITTER_EMAIL=nobody@example.com GIT_AUTHOR_NAME=Nobody GIT_AUTHOR_EMAIL=nobody@example.com ${git:location}/bin/git pull && if [ -n "${:revision}" ]; then echo "Resetting." ; cd ${:location} && ${git:location}/bin/git reset --hard ${:revision} ; fi
 
 [products]
 # XXX: ERP5 related products are not defined as python distributions, so it is
@@ -268,11 +277,15 @@ initialization =
     [bt5_path, os.path.join(bt5_path, '*')]
     for bt5_path in (os.path.join(parts_directory, x, 'bt5')
                      for x in repository_id_list)), []))
-  sys.path[:0] = [os.path.join(parts_directory, x, 'tests')
-                  for x in repository_id_list]
+  sys.path[:0] = sum((
+    glob.glob(os.path.join(parts_directory, x, 'tests'))
+    for x in repository_id_list), [])
   sys.path[:0] = sum((
     glob.glob(os.path.join(parts_directory, x, 'product', '*', 'tests'))
     for x in repository_id_list), [])
+  sys.path[:0] = sum((
+    glob.glob(os.path.join(x, '*', 'tests'))
+    for x in reversed('''${products:list}'''.split())), [])
 
 [test_suite_runner]
 # XXX: Workaround for fact ERP5Type is not an distribution and does not
@@ -312,6 +325,7 @@ eggs =
   coverage
   elementtree
   erp5diff
+  inotifyx
   ipdb
   mechanize
   numpy
@@ -330,6 +344,7 @@ eggs =
   feedparser
   argparse
   validictory
+  erp5.util
 
 # Zope 2.12 with patched acquisition
   ZODB3
@@ -356,7 +371,6 @@ eggs =
   Products.MimetypesRegistry
   Products.ExternalEditor
   Products.TIDStorage
-  Products.Zelenium
 
 # Currently forked in our repository
 #    Products.PortalTransforms
@@ -373,6 +387,7 @@ scripts =
   runzeo
   tidstoraged
   tidstorage_repozo
+  web_checker_utility = erp5.util.webchecker:web_checker_utility
 
 extra-paths =
   ${itools:location}/lib
@@ -418,7 +433,7 @@ scripts =
 
 [versions]
 # Use SlapOS patched zc.buildout
-zc.buildout = 1.6.0-dev-SlapOS-003
+zc.buildout = 1.6.0-dev-SlapOS-004
 
 # pin Acquisition and Products.DCWorkflow to Nexedi flavour of eggs
 Acquisition = 2.13.7nxd001
@@ -442,3 +457,10 @@ setuptools =
 # official pysvn egg does not supports --include-dirs and
 # --library-dirs, so we use our modified version
 pysvn = 1.7.4nxd006
+
+# CMF 2.3 requries Zope 2.13.
+Products.CMFCalendar = 2.2.2
+Products.CMFCore = 2.2.5
+Products.CMFDefault = 2.2.2
+Products.CMFTopic = 2.2.1
+Products.CMFUid = 2.2.1
diff --git a/stack/lamp.cfg b/stack/lamp.cfg
index 4545904a48d9bc3a5edeb81d4122a924ba7110b5..54d421ce34fe008586729e03e4407c63fbf40a70 100644
--- a/stack/lamp.cfg
+++ b/stack/lamp.cfg
@@ -1,23 +1,4 @@
 [buildout]
-extensions = buildout-versions
-
-find-links +=
-    http://www.nexedi.org/static/packages/source/slapos.buildout/
-
-# Use only quite well working sites.
-allow-hosts =
-  *.nexedi.org
-  *.python.org
-  *.sourceforge.net
-  alastairs-place.net
-  dist.repoze.org
-  effbot.org
-  github.com
-  launchpad.net
-  peak.telecommunity.com
-  psutil.googlecode.com
-  www.dabeaz.com
-
 parts =
   template
   apache-php
@@ -38,7 +19,7 @@ extends =
   ../component/stunnel/buildout.cfg  
   ../component/pycrypto-python/buildout.cfg
   ../component/mysql-python/buildout.cfg
-  shacache-client.cfg
+  ../stack/slapos.cfg
   ../component/python-2.7/buildout.cfg
 # python-2.7 component is here only for compatibility with old software.cfg.
 # It is not needed and should not be used in LAMP-based software.cfg
@@ -52,14 +33,6 @@ eggs =
 [mariadb]
 keep-compile-dir = false
 
-[application]
-#XXX-Cedric : ugly hack to work around h.r.cmmi unrespectful behavior, so that
-#             a cmmi Executes before application but after template downloading.
-#             Useful when [application] uses slapos.recipe.build or
-#             slapos.recipe.download rather than h.r.download.
-depends = ${apache-php:location}
-
-
 [networkcache]
 # Romain Courteaud + Sebastien Robin + Alain Takoudjou signature certificate
 signature-certificate-list =
diff --git a/stack/lamp/buildout.cfg b/stack/lamp/buildout.cfg
index b17f8a7b38267a00e274c9e55d7fd8479a80a20f..f638f55d57efeb23bf0cb70aada7765daecda693 100644
--- a/stack/lamp/buildout.cfg
+++ b/stack/lamp/buildout.cfg
@@ -1,7 +1,4 @@
 [buildout]
-find-links +=
-    http://www.nexedi.org/static/packages/source/slapos.buildout/
-
 parts =
   apache-php
   mariadb
@@ -18,21 +15,7 @@ parts =
   template-mariadb-pbsready-import
   template-mariadb-pbsready-export
 
-allow-hosts =
-  *.nexedi.org
-  *.python.org
-  *.sourceforge.net
-  alastairs-place.net
-  dist.repoze.org
-  effbot.org
-  github.com
-  peak.telecommunity.com
-  psutil.googlecode.com
-  www.dabeaz.com
-  launchpad.net
-
 extends =
-  ../shacache-client.cfg
   ../../component/mariadb/buildout.cfg
   ../../component/apache/buildout.cfg
   ../../component/apache-php/buildout.cfg
@@ -40,7 +23,6 @@ extends =
   ../../component/git/buildout.cfg
   ../../component/glib/buildout.cfg
   ../../component/logrotate/buildout.cfg
-  ../../component/python-2.7/buildout.cfg
   ../../component/perl/buildout.cfg
   ../../component/sqlite3/buildout.cfg
   ../../component/lxml-python/buildout.cfg
@@ -51,6 +33,10 @@ extends =
   ../../component/mydumper/buildout.cfg
   ../../component/mysql-python/buildout.cfg
   ../../component/dropbear/buildout.cfg
+  ../slapos.cfg
+  ../../component/python-2.7/buildout.cfg
+# python-2.7 component is here only for compatibility with old software.cfg.
+# It is not needed and should not be used in LAMP-based software.cfg
 
 versions = versions
 
@@ -64,7 +50,6 @@ module = lamp.request
 
 [instance-recipe-egg]
 recipe = zc.recipe.egg
-#python = python2.7
 eggs = ${instance-recipe:egg}
 
 [application]
@@ -83,7 +68,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-apache-php.cfg
 output = ${buildout:directory}/template-apache-php.cfg
-md5sum = 45bc82dc468e7f418d95c846d1a33d74
+md5sum = 8ebed1e26127c066e5b69372e69e6c38
 mode = 0644
 
 [template-apache-backup]
diff --git a/stack/lamp/instance-apache-php.cfg b/stack/lamp/instance-apache-php.cfg
index 77e266f21def3d68a1ee1cfbe374e9eb4bb86ea6..d77125de685bf8ea09133792e50442de11f4489a 100644
--- a/stack/lamp/instance-apache-php.cfg
+++ b/stack/lamp/instance-apache-php.cfg
@@ -12,6 +12,7 @@ parts =
   logrotate-entry-stunnel
   cron
   cron-entry-logrotate
+  promise
 
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
@@ -21,6 +22,12 @@ offline = true
 recipe = slapos.cookbook:publishurl
 url = http://[$${apache-php:ip}]:$${apache-php:port}/
 
+[promise]
+recipe = slapos.cookbook:check_port_listening
+path = $${basedirectory:promises}/apache
+hostname = $${apache-php:ip}
+port = $${apache-php:port}
+
 [mariadb-urlparse]
 recipe = slapos.cookbook:urlparse
 url = $${request-mariadb:connection-url}
@@ -43,8 +50,6 @@ tmp-dir = $${directory:tmp-php}
 httpd-conf = $${rootdirectory:etc}/apache.conf
 wrapper = $${basedirectory:services}/apache
 
-promise = $${basedirectory:promises}/apache
-
 httpd-binary = ${apache:location}/bin/httpd
 
 mysql-username = $${mariadb-urlparse:username}
diff --git a/stack/nodejs.cfg b/stack/nodejs.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..04b47bc9b8947ab717c769451a4d73c8178613cd
--- /dev/null
+++ b/stack/nodejs.cfg
@@ -0,0 +1,18 @@
+[buildout]
+extends =
+  ../component/nodejs/buildout.cfg
+  ../component/lxml-python/buildout.cfg
+  ../stack/slapos.cfg
+
+versions = versions
+
+parts =
+  eggs
+  nodejs
+  npm
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  slapos.cookbook
+  ${lxml-python:egg}
diff --git a/stack/slapos.cfg b/stack/slapos.cfg
index 83267a377f3333aa6929e326378a7f406c737f63..2054ec53eaaea2f8c5b4eb9f70eb57f1bb43fe1f 100644
--- a/stack/slapos.cfg
+++ b/stack/slapos.cfg
@@ -18,6 +18,7 @@ exec-sitecustomize = false
 # Add location for modified non-official slapos.buildout
 find-links +=
   http://www.nexedi.org/static/packages/source/slapos.buildout/
+  http://www.nexedi.org/static/packages/source/hexagonit.recipe.download/
 
 # Use only quite well working sites.
 allow-hosts +=
@@ -38,3 +39,12 @@ allow-hosts +=
 # Unzippig of eggs is required, as SlapOS do not yet provide nicely working
 # development / fast switching environment for whole software
 unzip = true
+
+versions = versions
+
+[versions]
+# Use patched hexagonit.recipe.download from
+# https://github.com/SlapOS/hexagonit.recipe.download
+hexagonit.recipe.download = 1.5.1-dev-slapos-001
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.6.0-dev-SlapOS-004
diff --git a/stack/tomcat.cfg b/stack/tomcat.cfg
index ee714f3a3c95aaea7f3af4bd1a72a7ee268deda1..cd3752066edcdba5e1de339966adaf72cd67839c 100644
--- a/stack/tomcat.cfg
+++ b/stack/tomcat.cfg
@@ -4,6 +4,7 @@ extends =
   ../component/java/buildout.cfg
   ../component/mysql-5.1/buildout.cfg
   ../component/python-2.7/buildout.cfg
+  ../component/tomcat/buildout.cfg
   ../stack/shacache-client.cfg
 
 find-links +=
@@ -42,12 +43,6 @@ recipe = hexagonit.recipe.download
 url = http://download.softagency.net/mysql/Downloads/Connector-J/mysql-connector-java-5.1.17.zip
 md5sum = 22e1aff6104bb9006f8744a02bf73124
 
-[tomcat]
-recipe = hexagonit.recipe.download
-strip-top-level-dir = true
-url = http://apache.multidist.com/tomcat/tomcat-6/v6.0.32/bin/apache-tomcat-6.0.32.zip
-md5sum = 082a0707985b6c029920d4d6d5ec11cd
-
 [eggs]
 recipe = zc.recipe.egg
 python = python2.7