diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..37d0537
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+install/inventories
+.vagrant
diff --git a/.gitreview b/.gitreview
new file mode 100644
index 0000000..4453a7c
--- /dev/null
+++ b/.gitreview
@@ -0,0 +1,4 @@
+[gerrit]
+host=review.openstack.org
+port=29418
+project=stackforge/compass-install.git
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..acca6f1
--- /dev/null
+++ b/README.md
@@ -0,0 +1,23 @@
+Compass Install
+===============
+
+How to use examples/compass?
+---------------------------------------------
+1. Make sure you have docker installed.
+2. Make sure you have working cobbler and chef servers, where all adapter related code has been updated to the latest.
+3. Go to your chef server's web UI and create a client with admin privileges, name it as docker-controller.
+4. You will have ONE CHANCE to copy the private key, copy it and paste it to replace `conf/chef-client.pem`
+5. Go to `examples/compass/conf` directory
+6. Edit chef-icehouse.conf, change '10.145.89.140' to your chef server's IP.
+7. Edit cobbler.conf and change the IP to your cobbler server's IP.
+8. Edit compass.setting
+  - COMPASS\_SUPPORTED\_PROXY: this is not supported in containerized compass, use the default value
+  - COMPASS\_SUPPORTED\_DEFAULT_NOPROXY: default value
+  - COMPASS\_SUPPORTED\_NTP\_SERVER: I am planning to move ntpd to cobbler container, so for now just point this value to any working compass server.
+  - COMPASS\_DNS\_SERVERS: cobbler server takes care of dns, use cobbler server IP
+  - COMPASS\_SUPPROTED\_DOMAINS: default
+  - COMPASS\_SUPPORTED\_DEFAULT_GATEWAY: default
+  - COMPASS\_SUPPORTED\_LOCAL\_REPO: use `http://$your\_host\_for\_docker:8080`
+9. Go to `examples/compass` and run `docker build -t {image_name} .`
+10. Once build finishes, run `docker run -d -p 8080:80 -i -t {image_name}`
+11. celery log will be displayed on terminal, once the start script finishes running, open your web browser and go to `http://$your\_host\_for\_docker:8080`
diff --git a/README.rst b/README.rst
deleted file mode 100644
index 9006052..0000000
--- a/README.rst
+++ /dev/null
@@ -1,7 +0,0 @@
-This project is no longer maintained.
-
-The contents of this repository are still available in the Git source code
-management system. To see the contents of this repository before it reached
-its end of life, please check out the previous commit with 
-"git checkout HEAD^1".
-
diff --git a/Vagrantfile b/Vagrantfile
new file mode 100644
index 0000000..4ebd303
--- /dev/null
+++ b/Vagrantfile
@@ -0,0 +1,43 @@
+Vagrant.configure("2") do |config|
+  config.vm.define :compass_vm do |compass_vm|
+    compass_vm.vm.box = "precise64"
+    compass_vm.vm.network :private_network, :ip=>"10.1.0.11", :libvirt__dhcp_enabled=>false
+    compass_vm.vm.provider :libvirt do  |domain|
+      domain.memory = 2048
+      domain.cpus =2 
+      domain.nested =true
+      domain.graphics_ip="0.0.0.0"
+    end
+    compass_vm.vm.provision "ansible" do |ansible|
+      ansible.playbook="install/allinone_nochef.yml"
+    end
+  end
+  config.vm.define :compass_nodocker do |compass_nodocker|
+    compass_nodocker.vm.box = "centos65"
+    compass_nodocker.vm.network :private_network, :ip=>"10.1.0.12", :libvirt__dhcp_enabled=>false
+    compass_nodocker.vm.provider :libvirt do  |domain|
+      domain.memory = 4096
+      domain.cpus =4
+      domain.nested =true
+      domain.graphics_ip="0.0.0.0"
+      domain.management_network_address="192.168.200.0/24"
+    end
+    compass_nodocker.vm.provision "ansible" do |ansible|
+      ansible.playbook="install/compass_nodocker.yml"
+#      ansible.tags="debug"
+    end
+  end
+  config.vm.define :regtest_vm do |regtest_vm|
+    regtest_vm.vm.box = "centos65"
+    regtest_vm.vm.network :private_network, :ip=>"10.1.0.253", :libvirt__dhcp_enabled=>false
+    regtest_vm.vm.provider :libvirt do |domain|
+      domain.memory = 1024
+      domain.cpus = 2
+      domain.nested = true
+      domain.graphics_ip="0.0.0.0"
+    end
+    regtest_vm.vm.provision "ansible" do |ansible|
+      ansible.playbook="install/regtest.yml"
+    end
+  end
+end
diff --git a/ci/Vagrantfile b/ci/Vagrantfile
new file mode 100644
index 0000000..4ebd303
--- /dev/null
+++ b/ci/Vagrantfile
@@ -0,0 +1,43 @@
+Vagrant.configure("2") do |config|
+  config.vm.define :compass_vm do |compass_vm|
+    compass_vm.vm.box = "precise64"
+    compass_vm.vm.network :private_network, :ip=>"10.1.0.11", :libvirt__dhcp_enabled=>false
+    compass_vm.vm.provider :libvirt do  |domain|
+      domain.memory = 2048
+      domain.cpus =2 
+      domain.nested =true
+      domain.graphics_ip="0.0.0.0"
+    end
+    compass_vm.vm.provision "ansible" do |ansible|
+      ansible.playbook="install/allinone_nochef.yml"
+    end
+  end
+  config.vm.define :compass_nodocker do |compass_nodocker|
+    compass_nodocker.vm.box = "centos65"
+    compass_nodocker.vm.network :private_network, :ip=>"10.1.0.12", :libvirt__dhcp_enabled=>false
+    compass_nodocker.vm.provider :libvirt do  |domain|
+      domain.memory = 4096
+      domain.cpus =4
+      domain.nested =true
+      domain.graphics_ip="0.0.0.0"
+      domain.management_network_address="192.168.200.0/24"
+    end
+    compass_nodocker.vm.provision "ansible" do |ansible|
+      ansible.playbook="install/compass_nodocker.yml"
+#      ansible.tags="debug"
+    end
+  end
+  config.vm.define :regtest_vm do |regtest_vm|
+    regtest_vm.vm.box = "centos65"
+    regtest_vm.vm.network :private_network, :ip=>"10.1.0.253", :libvirt__dhcp_enabled=>false
+    regtest_vm.vm.provider :libvirt do |domain|
+      domain.memory = 1024
+      domain.cpus = 2
+      domain.nested = true
+      domain.graphics_ip="0.0.0.0"
+    end
+    regtest_vm.vm.provision "ansible" do |ansible|
+      ansible.playbook="install/regtest.yml"
+    end
+  end
+end
diff --git a/ci/conf/four-ansible.conf b/ci/conf/four-ansible.conf
new file mode 100644
index 0000000..c7b8393
--- /dev/null
+++ b/ci/conf/four-ansible.conf
@@ -0,0 +1,40 @@
+export VIRT_NUMBER=4
+export VIRT_CPUS=4
+export VIRT_MEM=4096
+export VIRT_DISK=30G
+export COMPASS_SERVER_URL="http://10.1.0.12/api"
+export COMPASS_USER_EMAIL="admin@huawei.com"
+export COMPASS_USER_PASSWORD="admin"
+export CLUSTER_NAME="opnfv"
+export LANGUAGE="EN"
+export TIMEZONE="America/Los_Angeles"
+export HOSTNAMES="host1,host2,host3,host4"
+export NTP_SERVER="10.1.0.12"
+export NAMESERVERS="10.1.0.12"
+export DOMAIN="ods.com"
+export PARTITIONS="/home=5%,/tmp=5%,/var=20%"
+export SUBNETS="10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24"
+export 'ADAPTER_OS_PATTERN=(?i)ubuntu-14\.04.*'
+#export 'ADAPTER_OS_PATTERN=(?i)centos-6\.5.*'
+export ADAPTER_NAME="openstack_juno"
+export ADAPTER_TARGET_SYSTEM_PATTERN="^openstack$"
+export ADAPTER_FLAVOR_PATTERN="single-controller"
+export HOST_ROLES="host1=controller;host2=network;host3=compute;host4=storage"
+export DEFAULT_ROLES="controller"
+export PROXY=""
+export IGNORE_PROXY=""
+export SEARCH_PATH="ods.com"
+export GATEWAY="10.1.0.1"
+export SERVER_CREDENTIAL="root"
+export LOCAL_REPO_URL=""
+export OS_CONFIG_FILENAME=""
+export SERVICE_CREDENTIALS="service"
+export CONSOLE_CREDENTIALS="console"
+export HOST_NETWORKS="host1:eth0=10.1.0.100|is_mgmt,eth1=172.16.2.100,eth2=172.16.3.100,eth3=172.16.4.100;host2:eth0=10.1.0.101|is_mgmt,eth1=172.16.2.101,eth2=172.16.3.101,eth3=172.16.4.101;host3:eth0=10.1.0.102|is_mgmt,eth1=172.16.2.102;host4:eth0=10.1.0.103|is_mgmt,eth1=172.16.2.103"
+export NETWORK_MAPPING="management=eth0,tenant=eth1,storage=eth3,external=eth2"
+export PACKAGE_CONFIG_FILENAME=""
+export SWITCH_IPS="1.1.1.1"
+export SWITCH_CREDENTIAL="version=2c,community=public"
+export DEPLOYMENT_TIMEOUT="90"
+export POLL_SWITCHES_FLAG="nopoll_switches"
+export DASHBOARD_URL=""
diff --git a/ci/conf/two.conf b/ci/conf/two.conf
new file mode 100644
index 0000000..b923418
--- /dev/null
+++ b/ci/conf/two.conf
@@ -0,0 +1,40 @@
+export VIRT_NUMBER=2
+export VIRT_CPUS=4
+export VIRT_MEM=4096
+export VIRT_DISK=30G
+export COMPASS_SERVER_URL="http://10.1.0.12/api"
+export COMPASS_USER_EMAIL="admin@huawei.com"
+export COMPASS_USER_PASSWORD="admin"
+export CLUSTER_NAME="opnfv"
+export LANGUAGE="EN"
+export TIMEZONE="America/Los_Angeles"
+export HOSTNAMES="host1,host2"
+export NTP_SERVER="10.1.0.12"
+export NAMESERVERS="10.1.0.12"
+export DOMAIN="ods.com"
+export PARTITIONS="/home=5%,/tmp=5%,/var=20%"
+export SUBNETS="10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24"
+export 'ADAPTER_OS_PATTERN=(?i)ubuntu-14\.04.*'
+#export 'ADAPTER_OS_PATTERN=(?i)centos-6\.5.*'
+export ADAPTER_NAME="os_only"
+export ADAPTER_TARGET_SYSTEM_PATTERN=""
+export ADAPTER_FLAVOR_PATTERN=""
+export PROXY=""
+export IGNORE_PROXY=""
+export SEARCH_PATH="ods.com"
+export GATEWAY="10.1.0.1"
+export SERVER_CREDENTIAL="root"
+export LOCAL_REPO_URL=""
+export OS_CONFIG_FILENAME=""
+export SERVICE_CREDENTIALS="service"
+export CONSOLE_CREDENTIALS="console"
+export HOST_NETWORKS="host1:eth0=10.1.0.100|is_mgmt,eth1=172.16.2.100,eth2=172.16.3.100,eth3=172.16.4.100;host2:eth0=10.1.0.101|is_mgmt,eth1=172.16.2.101,eth2=172.16.3.101,eth3=172.16.4.101"
+export NETWORK_MAPPING="management=eth0,tenant=eth1,storage=eth3,external=eth2"
+export PACKAGE_CONFIG_FILENAME=""
+export HOST_ROLES=""
+export DEFAULT_ROLES=""
+export SWITCH_IPS="1.1.1.1"
+export SWITCH_CREDENTIAL="version=2c,community=public"
+export DEPLOYMENT_TIMEOUT="90"
+export POLL_SWITCHES_FLAG="nopoll_switches"
+export DASHBOARD_URL=""
diff --git a/ci/deploy-vm.sh b/ci/deploy-vm.sh
new file mode 100644
index 0000000..be536b5
--- /dev/null
+++ b/ci/deploy-vm.sh
@@ -0,0 +1,44 @@
+cd ..
+rm -rf compass-core
+git clone http://git.openstack.org/stackforge/compass-core -b dev/experimental
+cd compass-core
+virtualenv venv
+source venv/bin/activate
+pip install -e .
+if [[ ! -f /var/log/compass ]]; then
+    sudo mkdir /var/log/compass
+    sudo chown -R 777 /var/log/compass
+fi
+if [[ ! -f /etc/compass ]]; then
+    sudo mkdir /etc/compass
+    sudo cp -rf conf/setting /etc/compass/.
+fi
+cp bin/switch_virtualenv.py.template bin/switch_virtualenv.py
+sed -i "s|\$PythonHome|$VIRTUAL_ENV|g" bin/switch_virtualenv.py
+#source ../compass-install/ci/allinone.conf
+bin/client.py --logfile= --loglevel=debug --logdir= --compass_server="${COMPASS_SERVER_URL}" \
+--compass_user_email="${COMPASS_USER_EMAIL}" --compass_user_password="${COMPASS_USER_PASSWORD}" \
+--cluster_name="${CLUSTER_NAME}" --language="${LANGUAGE}" --timezone="${TIMEZONE}" \
+--hostnames="${HOSTNAMES}" --partitions="${PARTITIONS}" --subnets="${SUBNETS}" \
+--adapter_os_pattern="${ADAPTER_OS_PATTERN}" --adapter_name="${ADAPTER_NAME}" \
+--adapter_target_system_pattern="${ADAPTER_TARGET_SYSTEM_PATTERN}" \
+--adapter_flavor_pattern="${ADAPTER_FLAVOR_PATTERN}" \
+--http_proxy="${PROXY}" --https_proxy="${PROXY}" --no_proxy="${IGNORE_PROXY}" \
+--ntp_server="${NTP_SERVER}" --dns_servers="${NAMESERVERS}" --domain="${DOMAIN}" \
+--search_path="${SEARCH_PATH}" --default_gateway="${GATEWAY}" \
+--server_credential="${SERVER_CREDENTIAL}" --local_repo_url="${LOCAL_REPO_URL}" \
+--os_config_json_file="${OS_CONFIG_FILENAME}" --service_credentials="${SERVICE_CREDENTIALS}" \
+--console_credentials="${CONSOLE_CREDENTIALS}" --host_networks="${HOST_NETWORKS}" \
+--network_mapping="${NETWORK_MAPPING}" --package_config_json_file="${PACKAGE_CONFIG_FILENAME}" \
+--host_roles="${HOST_ROLES}" --default_roles="${DEFAULT_ROLES}" --switch_ips="${SWITCH_IPS}" \
+--machines=${machines//\'} --switch_credential="${SWITCH_CREDENTIAL}" \
+--deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}"
+tear_down_machines
+#cd ../compass-install
+#sudo vagrant destroy compass_nodocker
+if [[ $? != 0 ]]; then
+    echo "deployment failed"
+    exit 1
+else
+    echo "deployment complete" 
+fi
diff --git a/ci/deploy.sh b/ci/deploy.sh
new file mode 100755
index 0000000..38498e7
--- /dev/null
+++ b/ci/deploy.sh
@@ -0,0 +1,4 @@
+SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+source ${SCRIPT_DIR}/prepare.sh || exit $?
+source ${SCRIPT_DIR}/setup-env.sh || exit $?
+source ${SCRIPT_DIR}/deploy-vm.sh || exit $?
diff --git a/ci/func.sh b/ci/func.sh
new file mode 100644
index 0000000..29c2c23
--- /dev/null
+++ b/ci/func.sh
@@ -0,0 +1,20 @@
+function tear_down_machines() {
+    virtmachines=$(virsh list --name |grep pxe)
+    for virtmachine in $virtmachines; do
+        echo "destroy $virtmachine"
+        virsh destroy $virtmachine
+        if [[ "$?" != "0" ]]; then
+            echo "destroy instance $virtmachine failed"
+            exit 1
+        fi
+    done
+    virtmachines=$(virsh list --all --name |grep pxe)
+    for virtmachine in $virtmachines; do
+        echo "undefine $virtmachine"
+        virsh undefine $virtmachine
+        if [[ "$?" != "0" ]]; then
+            echo "undefine instance $virtmachine failed"
+            exit 1
+        fi
+    done
+}
diff --git a/ci/mac_generator.sh b/ci/mac_generator.sh
new file mode 100755
index 0000000..1ee5ebf
--- /dev/null
+++ b/ci/mac_generator.sh
@@ -0,0 +1,23 @@
+#!/bin/bash 
+function mac_address_part() {
+    hex_number=$(printf '%02x' $RANDOM)
+    number_length=${#hex_number}
+    number_start=$(expr $number_length - 2)
+    echo ${hex_number:$number_start:2}
+}
+
+function mac_address() {
+    echo "'00:00:$(mac_address_part):$(mac_address_part):$(mac_address_part):$(mac_address_part)'"
+}
+
+machines=''
+for i in `seq $1`; do
+  mac=$(mac_address)
+
+  if [[ -z $machines ]]; then
+    machines="${mac}"
+  else
+    machines="${machines} ${mac}"
+  fi  
+done
+echo ${machines}
diff --git a/ci/prepare.sh b/ci/prepare.sh
new file mode 100644
index 0000000..9f87812
--- /dev/null
+++ b/ci/prepare.sh
@@ -0,0 +1,35 @@
+sudo apt-get update -y
+sudo apt-get install git python-pip python-dev -y
+vagrant --version
+if [[ $? != 0 ]]; then
+    vagrant_pkg_url=https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.2_x86_64.deb
+    wget ${vagrant_pkg_url}
+    sudo dpkg -i $(basename ${vagrant_pkg_url})
+else
+    echo "vagrant is already installed"
+fi
+sudo apt-get install libxslt-dev libxml2-dev libvirt-dev build-essential qemu-utils qemu-kvm libvirt-bin virtinst libmysqld-dev -y
+sudo service libvirt-bin restart
+
+for plugin in vagrant-libvirt vagrant-mutate; do
+    vagrant plugin list |grep $plugin
+    if [[ $? != 0 ]]; then
+        vagrant plugin install $plugin
+    else
+        echo "$plugin plugin is already installed"
+    fi
+done
+
+#precise_box_vb_url=https://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box
+#precise_box_vb_filename=$(basename ${precise_box_vb_url})
+centos65_box_vb_url=https://developer.nrel.gov/downloads/vagrant-boxes/CentOS-6.5-x86_64-v20140504.box
+centos65_box_vb_filename=$(basename ${centos65_box_vb_url})
+#wget ${precise_box_vb_url}
+vagrant box list |grep centos65
+if [[ $? != 0 ]]; then
+    wget ${centos65_box_vb_url}
+    mv ${centos65_box_vb_filename} centos65.box
+    vagrant mutate centos65.box libvirt
+else
+    echo "centos65 box already exists"
+fi
diff --git a/ci/setup-env.sh b/ci/setup-env.sh
new file mode 100644
index 0000000..d3613b8
--- /dev/null
+++ b/ci/setup-env.sh
@@ -0,0 +1,60 @@
+#rm -rf compass-install
+#git clone http://git.openstack.org/stackforge/compass-install
+#cd compass-install
+
+function join { local IFS="$1"; shift; echo "$*"; }
+source ${SCRIPT_DIR}/conf/two.conf
+source ${SCRIPT_DIR}/func.sh
+if [[ ! -z $VIRT_NUMBER ]]; then
+    mac_array=$(${SCRIPT_DIR}/mac_generator.sh $VIRT_NUMBER)
+    mac_list=$(join , $mac_array)
+    echo "pxe_boot_macs: [${mac_list}]" >> ${SCRIPT_DIR}/../install/group_vars/all
+    echo "test: true" >> ${SCRIPT_DIR}/../install/group_vars/all
+fi
+virsh list |grep compass_nodocker
+if [[ $? != 0 ]]; then
+    sudo vagrant up compass_nodocker
+else
+    sudo vagrant provision compass_nodocker
+fi
+if [[ $? != 0 ]]; then
+    echo "installation of compass failed"
+    sudo vagrant destroy compass_nodocker
+    exit 1
+fi
+echo "compass is up"
+
+tear_down_machines
+if [[ -n $mac_array ]]; then
+    echo "bringing up pxe boot vms"
+    i=0
+    for mac in $mac_array; do
+        echo "creating vm disk for instance pxe${i}"
+        sudo qemu-img create -f raw /home/pxe${i}.raw ${VIRT_DISK}
+        sudo virt-install --accelerate --hvm --connect qemu:///system \
+             --name pxe$i --ram=$VIRT_MEM --pxe --disk /home/pxe$i.raw,format=raw \
+             --vcpus=$VIRT_CPUS --graphics vnc,listen=0.0.0.0 \
+             --network=bridge:virbr2,mac=$mac \
+             --network=bridge:virbr2 \
+             --network=bridge:virbr2 \
+             --network=bridge:virbr2 \
+             --noautoconsole --autostart --os-type=linux --os-variant=rhel6
+        if [[ $? != 0 ]]; then
+            echo "launching pxe${i} failed"
+            exit 1
+        fi
+        echo "checking pxe${i} state"
+        state=$(virsh domstate pxe${i})
+        if [[ "$state" == "running" ]]; then
+            echo "pxe${i} is running"
+            sudo virsh destroy pxe${i}
+        fi
+        echo "add network boot option and make pxe${i} reboot if failing"
+        sudo sed -i "/<boot dev='hd'\/>/ a\    <boot dev='network'\/>" /etc/libvirt/qemu/pxe${i}.xml
+        sudo sed -i "/<boot dev='network'\/>/ a\    <bios useserial='yes' rebootTimeout='0'\/>" /etc/libvirt/qemu/pxe${i}.xml
+        sudo virsh define /etc/libvirt/qemu/pxe${i}.xml
+        sudo virsh start pxe${i}
+        let i=i+1
+    done
+fi
+machines=${mac_list}
diff --git a/ci/test.sh b/ci/test.sh
new file mode 100644
index 0000000..71c2fde
--- /dev/null
+++ b/ci/test.sh
@@ -0,0 +1,127 @@
+sudo apt-get update -y
+sudo apt-get install git python-pip python-dev -y
+vagrant_pkg_url=https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.2_x86_64.deb
+wget ${vagrant_pkg_url}
+sudo dpkg -i $(basename ${vagrant_pkg_url})
+sudo apt-get install libxslt-dev libxml2-dev libvirt-dev build-essential qemu-utils qemu-kvm libvirt-bin virtinst -y
+sudo service libvirt-bin restart
+vagrant plugin install vagrant-libvirt
+vagrant plugin install vagrant-mutate
+precise_box_vb_url=https://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box
+precise_box_vb_filename=$(basename ${precise_box_vb_url})
+centos65_box_vb_url=https://developer.nrel.gov/downloads/vagrant-boxes/CentOS-6.5-x86_64-v20140504.box
+centos65_box_vb_filename=$(basename ${centos65_box_vb_url})
+wget ${precise_box_vb_url}
+wget ${centos65_box_vb_url}
+mv ${precise_box_vb_filename} precise64.box
+mv ${centos65_box_vb_filename} centos65.box
+vagrant mutate precise64.box libvirt
+vagrant mutate centos65.box libvirt
+sudo pip install ansible
+git clone http://git.openstack.org/stackforge/compass-install
+cd compass-install
+
+function join { local IFS="$1"; shift; echo "$*"; }
+
+if [[ ! -z $VIRT_NUMBER ]]; then
+    mac_array=$(ci/mac_generator.sh $VIRT_NUMBER)
+    mac_list=$(join , $mac_array)
+    echo "pxe_boot_macs: [${mac_list}]" >> install/group_vars/all
+    echo "test: true" >> install/group_vars/all
+fi
+sudo vagrant up compass_vm
+if [[ $? != 0 ]]; then
+    sudo vagrant provision compass_vm
+    if [[ $? != 0 ]]; then
+        echo "provisioning of compass failed"
+        exit 1
+    fi
+fi
+echo "compass is up"
+
+if [[ -n $mac_array ]]
+    echo "bringing up pxe boot vms"
+    i=0
+    for mac in "$mac_array"; do
+        virsh list |grep pxe${i}
+        if [[ $? == 0 ]]; then
+            virsh destroy pxe${i}
+            virsh undefine pxe${i}
+        fi
+        virsh list --all |grep pxe${i}
+        if [[ $? == 0 ]]; then
+            virsh undefine pxe${i}
+        fi
+        echo "creating vm disk for instance pxe${i}"
+        sudo qemu-img create -f raw /home/pxe${i}.raw ${VIRT_DISK}
+        sudo virt-install --accelerate --hvm --connect qemu:///system \
+             --name pxe$i --ram=$VIRT_MEM --pxe --disk /home/pxe$i.raw,format=raw \
+             --vcpus=$VIRT_CPUS --graphics vnc,listen=0.0.0.0 \
+             --network=bridge:virbr2,mac=$mac \
+             --network=bridge:virbr2
+             --network=bridge:virbr2
+             --network=bridge:virbr2
+             --noautoconsole --autostart --os-type=linux --os-variant=rhel6
+        if [[ $? != 0 ]]; then
+            echo "launching pxe${i} failed"
+            exit 1
+        fi
+        echo "checking pxe${i} state"
+        state=$(virsh domstate pxe${i})
+        if [[ "$state" == "running" ]]; then
+            echo "pxe${i} is running"
+            sudo virsh destroy pxe${i}
+        fi
+        echo "add network boot option and make pxe${i} reboot if failing"
+        sudo sed -i "/<boot dev='hd'\/>/ a\    <boot dev='network'\/>" /etc/libvirt/qemu/pxe${i}.xml
+        sudo sed -i "/<boot dev='network'\/>/ a\    <bios useserial='yes' rebootTimeout='0'\/>" /etc/libvirt/qemu/pxe${i}.xml
+        sudo virsh define /etc/libvirt/qemu/pxe${i}.xml
+        sudo virsh start pxe${i}
+        let i=i+1
+    done
+fi
+
+rm -rf compass-core
+git clone http://git.openstack.org/stackforge/compass-core -b dev/experimental
+cd compass-core
+virtualenv venv
+source venv/bin/activate
+pip install -e .
+if [[ ! -f /var/log/compass ]]; then
+    sudo mkdir /var/log/compass
+    sudo chown -R 777 /var/log/compass
+fi
+if [[ ! -f /etc/compass ]]; then
+    sudo mkdir /etc/compass
+    sudo cp -rf conf/setting /etc/compass/.
+fi
+cp bin/switch_virtualenv.py.template bin/switch_virtualenv.py
+sed -i "s|\$PythonHome|$VIRTUAL_ENV|g" /opt/compass/bin/switch_virtualenv.py
+source ../compass-install/ci/allinone.conf
+bin/client.py --logfile= --loglevel=debug --logdir= --compass_server="${COMPASS_SERVER_URL}" \
+--compass_user_email="${COMPASS_USER_EMAIL}" --compass_user_password="${COMPASS_USER_PASSWORD}" \
+--cluster_name="${CLUSTER_NAME}" --language="${LANGUAGE}" --timezone="${TIMEZONE}" \
+--hostnames="${HOSTNAMES}" --partitions="${PARTITIONS}" --subnets="${SUBNETS}" \
+--adapter_os_pattern="${ADAPTER_OS_PATTERN}" --adapter_name="${ADAPTER_NAME}" \
+--adapter_target_system_pattern="${ADAPTER_TARGET_SYSTEM_PATTERN}" \
+--adapter_flavor_pattern="${ADAPTER_FLAVOR_PATTERN}" \
+--http_proxy="${PROXY}" --https_proxy="${PROXY}" --no_proxy="${IGNORE_PROXY}" \
+--ntp_server="${NTP_SERVER}" --dns_servers="${NAMESERVERS}" --domain="${DOMAIN}" \
+--search_path="${SEARCH_PATH}" --default_gateway="${GATEWAY}" \
+--server_credential="${SERVER_CREDENTIAL}" --local_repo_url="${LOCAL_REPO_URL}" \
+--os_config_json_file="${OS_CONFIG_FILENAME}" --service_credentials="${SERVICE_CREDENTIALS}" \
+--console_credentials="${CONSOLE_CREDENTIALS}" --host_networks="${HOST_NETWORKS}" \
+--network_mapping="${NETWORK_MAPPING}" --package_config_json_file="${PACKAGE_CONFIG_FILENAME}" \
+--host_roles="${HOST_ROLES}" --default_roles="${DEFAULT_ROLES}" --switch_ips="${SWITCH_IPS}" \
+--machines="${machines}" --switch_credential="${SWITCH_CREDENTIAL}" \
+--deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}"
+#sudo vagrant up regtest_vm
+#if [[ $? != 0 ]]; then
+#    sudo vagrant provision regtest_vm
+#    if [[ $? != 0 ]]; then
+#        echo "deployment of cluster failed"
+#        exit 1
+#    fi
+#fi
+#echo "deployment of cluster complete"
+
diff --git a/docker/build/cobbler/Dockerfile b/docker/build/cobbler/Dockerfile
new file mode 100644
index 0000000..20e2be7
--- /dev/null
+++ b/docker/build/cobbler/Dockerfile
@@ -0,0 +1,150 @@
+FROM centos:centos6
+
+ADD conf/setup.conf /tmp/setup.conf
+ADD conf/cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf
+ADD conf/ssl.conf /etc/httpd/conf.d/ssl.conf
+ADD conf/tftpd.template /etc/cobbler/tftpd.template
+ADD conf/modules.conf /etc/cobbler/modules.conf
+ADD conf/distributions /tmp/distributions
+ADD conf/dhcp.template /etc/cobbler/dhcp.template
+RUN chmod +x /tmp/setup.conf
+
+# add epel repo and atomic(for installing reprepro: a command tool to build debian repos) repo
+RUN source /tmp/setup.conf && \
+    rpm -Uvh $EPEL7 && \
+    sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo && \
+    rpm -Uvh $ATOMIC && \
+    sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/atomic.repo
+
+RUN yum clean all && \
+    yum update -y --skip-broken && \
+    yum install -y syslinux bind rsync dhcp xinetd tftp-server gcc httpd cobbler cobbler-web createrepo mkisofs python-cheetah python-simplejson python-urlgrabber PyYAML PyYAML Django cman pykickstart reprepro git wget debmirror cman openssl openssl098e
+
+# configure cobbler web and ssl
+RUN mkdir -p /root/backup/cobbler && \
+    cp -rn /etc/httpd/conf.d /root/backup/cobbler && \
+    chmod 644 /etc/httpd/conf.d/cobbler_web.conf && \
+    chmod 644 /etc/httpd/conf.d/ssl.conf
+
+# update tftpd template
+RUN chmod 644 /etc/cobbler/tftpd.template
+
+# update modules conf
+RUN chmod 644 /etc/cobbler/modules.conf
+
+# setup cobbler default web username password: cobbler/cobbler
+RUN (echo -n "cobbler:Cobbler:" && echo -n "cobbler:Cobbler:cobbler" | md5sum - | cut -d' ' -f1) > /etc/cobbler/users.digest
+
+
+# get adapters code
+WORKDIR /root/
+RUN git clone -b dev/experimental https://git.openstack.org/stackforge/compass-adapters.git && \
+    cp -rn /var/lib/cobbler/snippets /root/backup/cobbler/ && \
+    cp -rn /var/lib/cobbler/scripts /root/backup/cobbler && \
+    cp -rn /var/lib/cobbler/kickstarts/ /root/backup/cobbler/ && \
+    cp -rn /var/lib/cobbler/triggers /root/backup/cobbler/ && \
+    rm -rf /var/lib/cobbler/snippets/* && \
+    cp -rf compass-adapters/cobbler/snippets/* /var/lib/cobbler/snippets/ && \
+    cp -rf compass-adapters/cobbler/scripts/* /var/lib/cobbler/scripts/ && \
+    cp -rf compass-adapters/cobbler/triggers/* /var/lib/cobbler/triggers/ && \
+    chmod 777 /var/lib/cobbler/snippets && \
+    chmod 777 /var/lib/cobbler/scripts && \
+    chmod -R 666 /var/lib/cobbler/snippets/* && \
+    chmod -R 666 /var/lib/cobbler/scripts/* && \
+    chmod -R 755 /var/lib/cobbler/triggers && \
+    rm -f /var/lib/cobbler/kickstarts/default.ks && \
+    rm -f /var/lib/cobbler/kickstarts/default.seed && \
+    cp -rf compass-adapters/cobbler/kickstarts/default.ks /var/lib/cobbler/kickstarts/ && \
+    cp -rf compass-adapters//cobbler/kickstarts/default.seed /var/lib/cobbler/kickstarts/ && \
+    chmod 666 /var/lib/cobbler/kickstarts/default.ks && \
+    chmod 666 /var/lib/cobbler/kickstarts/default.seed && \
+    mkdir -p /var/www/cblr_ks && \
+    chmod 755 /var/www/cblr_ks && \
+    cp -rf compass-adapters/cobbler/conf/cobbler.conf /etc/httpd/conf.d/ && \
+    chmod 644 /etc/httpd/conf.d/cobbler.conf && \
+    export passwd=$(openssl passwd -1 -salt 'huawei' '123456') && \
+    sed -i "s,^default_password_crypted:[ \t]\+\"\(.*\)\",default_password_crypted: \"$cobbler_passwd\",g" /etc/cobbler/settings && \
+    chmod 644 /etc/cobbler/settings
+    
+
+# disable selinux
+RUN echo 0 > /selinux/enforce
+
+# create log dirs
+RUN mkdir -p /var/log/cobbler && \
+    mkdir -p /var/log/cobbler/tasks && \
+    mkdir -p /var/log/cobbler/anamon && \
+    chmod -R 777 /var/log/cobbler
+
+# create centos ppa repo dir
+RUN rm -rf /var/lib/cobbler/repo_mirror/centos_ppa_repo && \
+    mkdir -p /var/lib/cobbler/repo_mirror/centos_ppa_repo
+
+# download centos repo pkgs
+WORKDIR /var/lib/cobbler/repo_mirror/centos_ppa_repo
+ADD conf/setup.conf /tmp/setup.conf
+RUN source /tmp/setup.conf && \
+    wget $NTP && \
+    wget $SSH_CLIENTS && \
+    wget $OPENSSH && \
+    wget $IPROUTE && \
+    wget $WGET && \
+    wget $NTPDATE && \
+    wget $YUM_PRIORITIES && \
+    wget $JSONC && \
+    wget $LIBESTR && \
+    wget $LIBGT && \
+    wget $LIBLOGGING && \
+    wget $RSYSLOG && \
+    wget $CHEF_CLIENT_CENTOS
+
+# creating ubuntu repo
+RUN rm -rf /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo && \
+    mkdir -p /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/conf && \
+    mv /tmp/distributions /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/conf/distributions && \
+    chmod 644 /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/conf/distributions && \
+    wget -O /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/chef_11.8.0-1.ubuntu.12.04_amd64.deb http://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.0-1.ubuntu.12.04_amd64.deb
+
+ADD conf/1404_distributions /tmp/1404_distributions
+
+RUN rm -rf /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo && \
+    mkdir -p /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf && \
+    mv /tmp/1404_distributions /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf/distributions && \
+    chmod 644 /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf/distributions && \
+    wget -O /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/chef_12.1.1-1_amd64.deb https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/13.04/x86_64/chef_12.1.1-1_amd64.deb
+    
+
+# create repos
+WORKDIR /var/lib/cobbler/repo_mirror
+RUN createrepo centos_ppa_repo && \
+    find ubuntu_ppa_repo -name \*.deb -exec reprepro -Vb ubuntu_ppa_repo includedeb ppa {} \; && \
+    find ubuntu_14_04_ppa_repo -name \*.deb -exec reprepro -Vb ubuntu_14_04_ppa_repo includedeb ppa {} \;
+
+# add repos to cobbler repo and get loaders
+RUN /usr/sbin/apachectl -k start && \
+    /usr/bin/cobblerd start \& && \
+    cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/centos_ppa_repo --name=centos_ppa_repo --mirror-locally=Y --arch=x86_64 && \
+    cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/ubuntu_ppa_repo --name=ubuntu_ppa_repo --mirror-locally=Y --arch=x86_64 && \
+    cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo --name=ubuntu_14_04_ppa_repo --mirror-locally=Y --arch=x86_64 && \
+    cobbler reposync && \
+    cobbler get-loaders
+
+ADD conf/cobbler.settings /etc/cobbler/settings
+RUN sed -i 's/disable\([ \t]\+\)=\([ \t]\+\)yes/disable\1=\2no/g' /etc/xinetd.d/rsync && \
+    sed -i 's/^@dists=/# @dists=/g' /etc/debmirror.conf && \
+    sed -i 's/^@arches=/# @arches=/g' /etc/debmirror.conf
+
+# create mount points
+RUN mkdir -p /var/lib/cobbler/mount_point
+VOLUME ["/var/lib/cobbler/mount_point"]
+ADD scripts/start /root/start
+RUN chmod +x /root/start
+CMD ["/root/start"]
+
+
+EXPOSE 80
+EXPOSE 69 69/udp
+EXPOSE 53 53/udp
+EXPOSE 25151
+EXPOSE 443
+EXPOSE 873
diff --git a/docker/build/cobbler/conf/1404_distributions b/docker/build/cobbler/conf/1404_distributions
new file mode 100644
index 0000000..7f61215
--- /dev/null
+++ b/docker/build/cobbler/conf/1404_distributions
@@ -0,0 +1,8 @@
+Origin: ppa
+Label: ppa_repo
+Suite: stable
+Codename: ppa
+Version: 0.1
+Architectures: i386 amd64 source
+Components: main
+Description: ppa repo
diff --git a/docker/build/cobbler/conf/cobbler.settings b/docker/build/cobbler/conf/cobbler.settings
new file mode 100644
index 0000000..eb965d2
--- /dev/null
+++ b/docker/build/cobbler/conf/cobbler.settings
@@ -0,0 +1,450 @@
+---
+# cobbler settings file
+# restart cobblerd and run "cobbler sync" after making changes
+# This config file is in YAML 1.0 format
+# see http://yaml.org
+# ==========================================================
+# if 1, cobbler will allow insertions of system records that duplicate
+# the --dns-name information of other system records.  In general,
+# this is undesirable and should be left 0.
+allow_duplicate_hostnames: 0
+
+# if 1, cobbler will allow insertions of system records that duplicate
+# the ip address information of other system records.  In general,
+# this is undesirable and should be left 0.
+allow_duplicate_ips: 0
+
+# if 1, cobbler will allow insertions of system records that duplicate
+# the mac address information of other system records.  In general,
+# this is undesirable.
+allow_duplicate_macs: 0
+
+# if 1, cobbler will allow settings to be changed dynamically without
+# a restart of the cobblerd daemon. You can only change this variable
+# by manually editing the settings file, and you MUST restart cobblerd
+# after changing it.
+allow_dynamic_settings: 0
+
+# by default, installs are *not* set to send installation logs to the cobbler
+# # # server.  With 'anamon_enabled', kickstart templates may use the pre_anamon
+# # # snippet to allow remote live monitoring of their installations from the
+# # # cobbler server.  Installation logs will be stored under
+# # # /var/log/cobbler/anamon/.  NOTE: This does allow an xmlrpc call to send logs
+# # # to this directory, without authentication, so enable only if you are
+# # # ok with this limitation.
+anamon_enabled: 1
+
+# If using authn_pam in the modules.conf, this can be configured
+# to change the PAM service authentication will be tested against.
+# The default value is "login".
+authn_pam_service: "login"
+
+# Email out a report when cobbler finishes installing a system.
+# enabled: set to 1 to turn this feature on
+# sender: optional
+# email: which addresses to email
+# smtp_server: used to specify another server for an MTA
+# subject: use the default subject unless overridden
+build_reporting_enabled: 0
+build_reporting_sender: ""
+build_reporting_email: [ 'root@localhost' ]
+build_reporting_smtp_server: "localhost"
+build_reporting_subject: ""
+
+# Cheetah-language kickstart templates can import Python modules.
+# while this is a useful feature, it is not safe to allow them to 
+# import anything they want. This whitelists which modules can be 
+# imported through Cheetah.  Users can expand this as needed but
+# should never allow modules such as subprocess or those that
+# allow access to the filesystem as Cheetah templates are evaluated
+# by cobblerd as code.
+cheetah_import_whitelist:
+ - "random"
+ - "re"
+ - "time"
+
+# Default createrepo_flags to use for new repositories. If you have
+# createrepo >= 0.4.10, consider "-c cache --update -C", which can
+# dramatically improve your "cobbler reposync" time.  "-s sha"
+# enables working with Fedora repos from F11/F12 from EL-4 or
+# EL-5 without python-hashlib installed (which is not available
+# on EL-4)
+createrepo_flags: "-c cache -s sha"
+
+# if no kickstart is specified to profile add, use this template
+default_kickstart: /var/lib/cobbler/kickstarts/default.ks
+
+# configure all installed systems to use these nameservers by default
+# unless defined differently in the profile.  For DHCP configurations
+# you probably do /not/ want to supply this.
+default_name_servers: ['10.145.89.100']
+
+# if using the authz_ownership module (see the Wiki), objects
+# created without specifying an owner are assigned to this
+# owner and/or group.  Can be a comma seperated list.
+default_ownership:
+ - "admin"
+
+# cobbler has various sample kickstart templates stored
+# in /var/lib/cobbler/kickstarts/.  This controls
+# what install (root) password is set up for those
+# systems that reference this variable.  The factory
+# default is "cobbler" and cobbler check will warn if
+# this is not changed.
+# The simplest way to change the password is to run 
+# openssl passwd -1
+# and put the output between the "" below.
+default_password_crypted: "$1$huawei$9OkoVJwO4W8vavlXd1bUS/"
+
+# the default template type to use in the absence of any
+# other detected template. If you do not specify the template 
+# with '#template=<template_type>' on the first line of your
+# templates/snippets, cobbler will assume try to use the
+# following template engine to parse the templates.
+#
+# Current valid values are: cheetah, jinja2
+default_template_type: "cheetah"
+
+# for libvirt based installs in koan, if no virt bridge
+# is specified, which bridge do we try?  For EL 4/5 hosts
+# this should be xenbr0, for all versions of Fedora, try
+# "virbr0".  This can be overriden on a per-profile
+# basis or at the koan command line though this saves
+# typing to just set it here to the most common option.
+default_virt_bridge: xenbr0
+
+# use this as the default disk size for virt guests (GB)
+default_virt_file_size: 5
+
+# use this as the default memory size for virt guests (MB)
+default_virt_ram: 512
+
+# if koan is invoked without --virt-type and no virt-type
+# is set on the profile/system, what virtualization type
+# should be assumed?  Values: xenpv, xenfv, qemu, vmware
+# (NOTE: this does not change what virt_type is chosen by import)
+default_virt_type: xenpv
+
+# enable gPXE booting? Enabling this option will cause cobbler
+# to copy the undionly.kpxe file to the tftp root directory, 
+# and if a profile/system is configured to boot via gpxe it will 
+# chain load off pxelinux.0.
+# Default: 0
+enable_gpxe: 0
+
+# controls whether cobbler will add each new profile entry to the default
+# PXE boot menu.  This can be over-ridden on a per-profile
+# basis when adding/editing profiles with --enable-menu=0/1.  Users
+# should ordinarily leave this setting enabled unless they are concerned
+# with accidental reinstalls from users who select an entry at the PXE
+# boot menu.  Adding a password to the boot menus templates 
+# may also be a good solution to prevent unwanted reinstallations
+enable_menu: 0
+
+# enable Func-integration?  This makes sure each installed machine is set up
+# to use func out of the box, which is a powerful way to script and control
+# remote machines.  
+# Func lives at http://fedorahosted.org/func
+# read more at https://github.com/cobbler/cobbler/wiki/Func-integration
+# you will need to mirror Fedora/EPEL packages for this feature, so see
+# https://github.com/cobbler/cobbler/wiki/Manage-yum-repos if you want cobbler
+# to help you with this
+func_auto_setup: 0
+func_master: overlord.example.org
+
+# change this port if Apache is not running plaintext on port
+# 80.  Most people can leave this alone.
+http_port: 80
+
+# kernel options that should be present in every cobbler installation.
+# kernel options can also be applied at the distro/profile/system
+# level.
+kernel_options:
+ ksdevice: bootif
+ lang: ' '
+ text: ~
+
+# s390 systems require additional kernel options in addition to the
+# above defaults
+kernel_options_s390x:
+ RUNKS: 1
+ ramdisk_size: 40000
+ root: /dev/ram0
+ ro: ~
+ ip: off
+ vnc: ~
+
+# configuration options if using the authn_ldap module. See the
+# the Wiki for details.  This can be ignored if you are not using
+# LDAP for WebUI/XMLRPC authentication.
+ldap_server: "ldap.example.com"
+ldap_base_dn: "DC=example,DC=com"
+ldap_port: 389
+ldap_tls: 1
+ldap_anonymous_bind: 1
+ldap_search_bind_dn: ''
+ldap_search_passwd: ''
+ldap_search_prefix: 'uid='
+ldap_tls_cacertfile: ''
+ldap_tls_keyfile: ''
+ldap_tls_certfile: ''
+
+# cobbler has a feature that allows for integration with config management
+# systems such as Puppet.  The following parameters work in conjunction with 
+# --mgmt-classes  and are described in furhter detail at:
+# https://github.com/cobbler/cobbler/wiki/Using-cobbler-with-a-configuration-management-system
+mgmt_classes: []
+mgmt_parameters:
+ from_cobbler: 1
+
+# if enabled, this setting ensures that puppet is installed during
+# machine provision, a client certificate is generated and a
+# certificate signing request is made with the puppet master server
+puppet_auto_setup: 0
+
+# when puppet starts on a system after installation it needs to have
+# its certificate signed by the puppet master server. Enabling the
+# following feature will ensure that the puppet server signs the
+# certificate after installation if the puppet master server is
+# running on the same machine as cobbler. This requires
+# puppet_auto_setup above to be enabled
+sign_puppet_certs_automatically: 0
+
+# location of the puppet executable, used for revoking certificates
+puppetca_path: "/usr/bin/puppet"
+
+# when a puppet managed machine is reinstalled it is necessary to
+# remove the puppet certificate from the puppet master server before a
+# new certificate is signed (see above). Enabling the following
+# feature will ensure that the certificate for the machine to be
+# installed is removed from the puppet master server if the puppet
+# master server is running on the same machine as cobbler. This
+# requires puppet_auto_setup above to be enabled
+remove_old_puppet_certs_automatically: 0
+
+# choose a --server argument when running puppetd/puppet agent during kickstart
+#puppet_server: 'puppet'
+
+# let cobbler know that you're using a newer version of puppet
+# choose version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'
+#puppet_version: 2
+
+# choose whether to enable puppet parameterized classes or not.
+# puppet versions prior to 2.6.5 do not support parameters
+#puppet_parameterized_classes: 1
+
+# set to 1 to enable Cobbler's DHCP management features.
+# the choice of DHCP management engine is in /etc/cobbler/modules.conf
+manage_dhcp: 1
+
+# set to 1 to enable Cobbler's DNS management features.
+# the choice of DNS mangement engine is in /etc/cobbler/modules.conf
+manage_dns: 1
+
+# set to path of bind chroot to create bind-chroot compatible bind
+# configuration files.  This should be automatically detected.
+bind_chroot_path: ""
+
+# set to the ip address of the master bind DNS server for creating secondary
+# bind configuration files
+bind_master: 127.0.0.1
+
+# set to 1 to enable Cobbler's TFTP management features.
+# the choice of TFTP mangement engine is in /etc/cobbler/modules.conf
+manage_tftpd: 1
+
+# set to 1 to enable Cobbler's RSYNC management features.
+manage_rsync: 0
+
+# if using BIND (named) for DNS management in /etc/cobbler/modules.conf
+# and manage_dns is enabled (above), this lists which zones are managed
+# See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info
+manage_forward_zones: ['ods.com']
+manage_reverse_zones: ['10','172.16']
+
+# if using cobbler with manage_dhcp, put the IP address
+# of the cobbler server here so that PXE booting guests can find it
+# if you do not set this correctly, this will be manifested in TFTP open timeouts.
+next_server: 192.168.100.1
+
+# settings for power management features.  optional.
+# see https://github.com/cobbler/cobbler/wiki/Power-management to learn more
+# choices (refer to codes.py):
+#    apc_snmp bladecenter bullpap drac ether_wake ilo integrity
+#    ipmilan ipmitool lpar rsa virsh wti
+power_management_default_type: 'ipmitool'
+
+# the commands used by the power management module are sourced
+# from what directory?
+power_template_dir: "/etc/cobbler/power"
+
+# if this setting is set to 1, cobbler systems that pxe boot
+# will request at the end of their installation to toggle the 
+# --netboot-enabled record in the cobbler system record.  This eliminates
+# the potential for a PXE boot loop if the system is set to PXE
+# first in it's BIOS order.  Enable this if PXE is first in your BIOS
+# boot order, otherwise leave this disabled.   See the manpage
+# for --netboot-enabled.
+pxe_just_once: 1
+
+# the templates used for PXE config generation are sourced
+# from what directory?
+pxe_template_dir: "/etc/cobbler/pxe"
+
+# Path to where system consoles are 
+consoles: "/var/consoles"
+
+# Are you using a Red Hat management platform in addition to Cobbler?
+# Cobbler can help you register to it.  Choose one of the following:
+#   "off"    : I'm not using Red Hat Network, Satellite, or Spacewalk
+#   "hosted" : I'm using Red Hat Network
+#   "site"   : I'm using Red Hat Satellite Server or Spacewalk
+# You will also want to read: https://github.com/cobbler/cobbler/wiki/Tips-for-RHN
+redhat_management_type: "off"
+
+# if redhat_management_type is enabled, choose your server
+#   "management.example.org" : For Satellite or Spacewalk
+#   "xmlrpc.rhn.redhat.com"  : For Red Hat Network
+# This setting is also used by the code that supports using Spacewalk/Satellite users/passwords
+# within Cobbler Web and Cobbler XMLRPC.  Using RHN Hosted for this is not supported.
+# This feature can be used even if redhat_management_type is off, you just have
+# to have authn_spacewalk selected in modules.conf
+redhat_management_server: "xmlrpc.rhn.redhat.com"
+
+# specify the default Red Hat authorization key to use to register
+# system.  If left blank, no registration will be attempted.  Similarly
+# you can set the --redhat-management-key to blank on any system to 
+# keep it from trying to register.
+redhat_management_key: ""
+
+# if using authn_spacewalk in modules.conf to let cobbler authenticate 
+# against Satellite/Spacewalk's auth system, by default it will not allow per user 
+# access into Cobbler Web and Cobbler XMLRPC.
+# in order to permit this, the following setting must be enabled HOWEVER
+# doing so will permit all Spacewalk/Satellite users of certain types to edit all
+# of cobbler's configuration.
+# these roles are:  config_admin and org_admin
+# users should turn this on only if they want this behavior and
+# do not have a cross-multi-org seperation concern.  If you have
+# a single org in your satellite, it's probably safe to turn this
+# on and then you can use CobblerWeb alongside a Satellite install.
+redhat_management_permissive: 0
+
+# if set to 1, allows /usr/bin/cobbler-register (part of the koan package)
+# to be used to remotely add new cobbler system records to cobbler.
+# this effectively allows for registration of new hardware from system
+# records.
+register_new_installs: 0
+
+# Flags to use for yum's reposync.  If your version of yum reposync
+# does not support -l, you may need to remove that option.
+reposync_flags: "-l -n -d"
+
+# These options will be used for an rsync initiated by cobbler replicate
+replicate_rsync_options: "-avzH"
+
+# when DHCP and DNS management are enabled, cobbler sync can automatically
+# restart those services to apply changes.  The exception for this is
+# if using ISC for DHCP, then omapi eliminates the need for a restart.
+# omapi, however, is experimental and not recommended for most configurations.
+# If DHCP and DNS are going to be managed, but hosted on a box that
+# is not on this server, disable restarts here and write some other
+# script to ensure that the config files get copied/rsynced to the destination
+# box.  This can be done by modifying the restart services trigger.
+# Note that if manage_dhcp and manage_dns are disabled, the respective
+# parameter will have no effect.  Most users should not need to change
+# this.
+restart_dns: 1
+restart_dhcp: 1
+
+# install triggers are scripts in /var/lib/cobbler/triggers/install
+# that are triggered in kickstart pre and post sections.  Any
+# executable script in those directories is run.  They can be used
+# to send email or perform other actions.  They are currently
+# run as root so if you do not need this functionality you can
+# disable it, though this will also disable "cobbler status" which
+# uses a logging trigger to audit install progress.
+run_install_triggers: 1
+
+# enables a trigger which version controls all changes to /var/lib/cobbler
+# when add, edit, or sync events are performed.  This can be used
+# to revert to previous database versions, generate RSS feeds, or for
+# other auditing or backup purposes. "git" and "hg" are currently suported, 
+# but git is the recommend SCM for use with this feature.
+scm_track_enabled: 0
+scm_track_mode: "git"
+
+# this is the address of the cobbler server -- as it is used
+# by systems during the install process, it must be the address
+# or hostname of the system as those systems can see the server.
+# if you have a server that appears differently to different subnets
+# (dual homed, etc), you need to read the --server-override section
+# of the manpage for how that works.
+server: 192.168.100.1
+
+# If set to 1, all commands will be forced to use the localhost address
+# instead of using the above value which can force commands like
+# cobbler sync to open a connection to a remote address if one is in the
+# configuration and would traceback.
+client_use_localhost: 0
+
+# If set to 1, all commands to the API (not directly to the XMLRPC
+# server) will go over HTTPS instead of plaintext. Be sure to change
+# the http_port setting to the correct value for the web server
+client_use_https: 0
+
+# this is a directory of files that cobbler uses to make
+# templating easier.  See the Wiki for more information.  Changing
+# this directory should not be required.
+snippetsdir: /var/lib/cobbler/snippets
+
+# Normally if a kickstart is specified at a remote location, this
+# URL will be passed directly to the kickstarting system, thus bypassing
+# the usual snippet templating Cobbler does for local kickstart files. If
+# this option is enabled, Cobbler will fetch the file contents internally
+# and serve a templated version of the file to the client.
+template_remote_kickstarts: 0
+
+# should new profiles for virtual machines default to auto booting with the physical host when the physical host reboots?
+# this can be overridden on each profile or system object.
+virt_auto_boot: 1
+
+# cobbler's web directory.  Don't change this setting -- see the
+# Wiki on "relocating your cobbler install" if your /var partition
+# is not large enough.
+webdir: /var/www/cobbler
+
+# cobbler's public XMLRPC listens on this port.  Change this only
+# if absolutely needed, as you'll have to start supplying a new
+# port option to koan if it is not the default.
+xmlrpc_port: 25151
+
+# "cobbler repo add" commands set cobbler up with repository
+# information that can be used during kickstart and is automatically
+# set up in the cobbler kickstart templates.  By default, these
+# are only available at install time.  To make these repositories
+# usable on installed systems (since cobbler makes a very convient)
+# mirror, set this to 1.  Most users can safely set this to 1.  Users
+# who have a dual homed cobbler server, or are installing laptops that
+# will not always have access to the cobbler server may wish to leave
+# this as 0.  In that case, the cobbler mirrored yum repos are still
+# accessable at http://cobbler.example.org/cblr/repo_mirror and yum
+# configuration can still be done manually.  This is just a shortcut.
+yum_post_install_mirror: 1
+
+# the default yum priority for all the distros.  This is only used
+# if yum-priorities plugin is used.  1=maximum.  Tweak with caution.
+yum_distro_priority: 1
+
+# Flags to use for yumdownloader.  Not all versions may support 
+# --resolve.
+yumdownloader_flags: "--resolve"
+
+# sort and indent JSON output to make it more human-readable
+serializer_pretty_json: 0
+
+# replication rsync options for distros, kickstarts, snippets set to override default value of "-avzH"
+replicate_rsync_options: "-avzH"
+
+# replication rsync options for repos set to override default value of "-avzH"
+replicate_repo_rsync_options: "-avzH"
diff --git a/docker/build/cobbler/conf/cobbler_web.conf b/docker/build/cobbler/conf/cobbler_web.conf
new file mode 100644
index 0000000..f03d4fe
--- /dev/null
+++ b/docker/build/cobbler/conf/cobbler_web.conf
@@ -0,0 +1,10 @@
+# This configuration file enables the cobbler web
+# interface (django version)
+
+# Force everything to go to https
+RewriteEngine on
+RewriteCond %{HTTPS} off
+RewriteCond %{REQUEST_URI} ^/cobbler_web
+# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+
+WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
diff --git a/docker/build/cobbler/conf/dhcp.template b/docker/build/cobbler/conf/dhcp.template
new file mode 100644
index 0000000..f18ec37
--- /dev/null
+++ b/docker/build/cobbler/conf/dhcp.template
@@ -0,0 +1,98 @@
+# ******************************************************************
+# Cobbler managed dhcpd.conf file
+#
+# generated from cobbler dhcp.conf template ($date)
+# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
+# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
+# overwritten.
+#
+# ******************************************************************
+
+ddns-update-style interim;
+
+allow booting;
+allow bootp;
+deny unknown-clients;
+local-address 192.168.100.100;
+log-facility local6;
+
+ignore client-updates;
+set vendorclass = option vendor-class-identifier;
+
+option pxe-system-type code 93 = unsigned integer 16;
+option space pxelinux;
+option pxelinux.magic      code 208 = string;
+option pxelinux.configfile code 209 = text;
+option pxelinux.pathprefix code 210 = text;
+option pxelinux.reboottime code 211 = unsigned integer 32;
+
+subnet 192.168.100.0 netmask 255.255.254.0 {
+     option routers 192.168.100.1;
+     option domain-name-servers 192.168.100.1;
+     option subnet-mask 255.255.254.0;
+     range dynamic-bootp 192.168.100.10 192.168.101.250;
+     default-lease-time 21600;
+     max-lease-time 43200;
+     next-server $next_server;
+     class "pxeclients" {
+          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+          if option pxe-system-type = 00:02 {
+                  filename "ia64/elilo.efi";
+          } else if option pxe-system-type = 00:06 {
+                  filename "grub/grub-x86.efi";
+          } else if option pxe-system-type = 00:07 {
+                  filename "grub/grub-x86_64.efi";
+          } else {
+                  filename "pxelinux.0";
+          }
+     }
+
+}
+
+#for dhcp_tag in $dhcp_tags.keys():
+    ## group could be subnet if your dhcp tags line up with your subnets
+    ## or really any valid dhcpd.conf construct ... if you only use the
+    ## default dhcp tag in cobbler, the group block can be deleted for a
+    ## flat configuration
+# group for Cobbler DHCP tag: $dhcp_tag
+group {
+        #for mac in $dhcp_tags[$dhcp_tag].keys():
+            #set iface = $dhcp_tags[$dhcp_tag][$mac]
+    host $iface.name {
+        hardware ethernet $mac;
+        site-option-space "pxelinux";
+        option pxelinux.magic f1:00:74:7e;
+        if exists dhcp-parameter-request-list {
+            # Always send the PXELINUX options (specified in hexadecimal)
+            option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,d0,d1,d2,d3);
+        }
+        option pxelinux.reboottime 30;
+        #if $iface.hostname:
+        option host-name "$iface.hostname";
+        #end if
+        #if $iface.netmask:
+        option subnet-mask $iface.netmask;
+        #end if
+        #if $iface.gateway:
+        option routers $iface.gateway;
+        #end if
+        #if $iface.enable_gpxe:
+        if exists user-class and option user-class = "gPXE" {
+            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
+        } else if exists user-class and option user-class = "iPXE" {
+            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
+        } else {
+            filename "undionly.kpxe";
+        }
+        #else
+        filename "$iface.filename";
+        #end if
+        ## Cobbler defaults to $next_server, but some users
+        ## may like to use $iface.system.server for proxied setups
+        next-server $next_server;
+        ## next-server $iface.next_server;
+    }
+        #end for
+}
+#end for
+
diff --git a/docker/build/cobbler/conf/distributions b/docker/build/cobbler/conf/distributions
new file mode 100644
index 0000000..7f61215
--- /dev/null
+++ b/docker/build/cobbler/conf/distributions
@@ -0,0 +1,8 @@
+Origin: ppa
+Label: ppa_repo
+Suite: stable
+Codename: ppa
+Version: 0.1
+Architectures: i386 amd64 source
+Components: main
+Description: ppa repo
diff --git a/docker/build/cobbler/conf/modules.conf b/docker/build/cobbler/conf/modules.conf
new file mode 100644
index 0000000..5c3b941
--- /dev/null
+++ b/docker/build/cobbler/conf/modules.conf
@@ -0,0 +1,84 @@
+# cobbler module configuration file
+# =================================
+
+# authentication: 
+# what users can log into the WebUI and Read-Write XMLRPC?
+# choices:
+#    authn_denyall    -- no one (default)
+#    authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
+#    authn_passthru   -- ask Apache to handle it (used for kerberos)
+#    authn_ldap       -- authenticate against LDAP
+#    authn_spacewalk  -- ask Spacewalk/Satellite (experimental)
+#    authn_pam        -- use PAM facilities
+#    authn_testing    -- username/password is always testing/testing (debug)
+#    (user supplied)  -- you may write your own module
+# WARNING: this is a security setting, do not choose an option blindly.
+# for more information:
+# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
+# https://github.com/cobbler/cobbler/wiki/Security-overview
+# https://github.com/cobbler/cobbler/wiki/Kerberos
+# https://github.com/cobbler/cobbler/wiki/Ldap
+
+[authentication]
+module = authn_configfile
+
+# authorization: 
+# once a user has been cleared by the WebUI/XMLRPC, what can they do?
+# choices:
+#    authz_allowall   -- full access for all authneticated users (default)
+#    authz_ownership  -- use users.conf, but add object ownership semantics
+#    (user supplied)  -- you may write your own module
+# WARNING: this is a security setting, do not choose an option blindly.
+# If you want to further restrict cobbler with ACLs for various groups,
+# pick authz_ownership.  authz_allowall does not support ACLs.  configfile
+# does but does not support object ownership which is useful as an additional
+# layer of control.
+
+# for more information:
+# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
+# https://github.com/cobbler/cobbler/wiki/Security-overview
+# https://github.com/cobbler/cobbler/wiki/Web-authorization
+
+[authorization]
+module = authz_allowall
+
+# dns:
+# chooses the DNS management engine if manage_dns is enabled
+# in /etc/cobbler/settings, which is off by default.
+# choices:
+#    manage_bind    -- default, uses BIND/named
+#    manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dhcp below
+# NOTE: more configuration is still required in /etc/cobbler
+# for more information:
+# https://github.com/cobbler/cobbler/wiki/Dns-management
+
+[dns]
+module = manage_bind
+
+# dhcp:
+# chooses the DHCP management engine if manage_dhcp is enabled
+# in /etc/cobbler/settings, which is off by default.
+# choices:
+#    manage_isc     -- default, uses ISC dhcpd
+#    manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dns above
+# NOTE: more configuration is still required in /etc/cobbler
+# for more information:
+# https://github.com/cobbler/cobbler/wiki/Dhcp-management
+  
+[dhcp]
+module = manage_isc
+
+# tftpd:
+# chooses the TFTP management engine if manage_tftp is enabled
+# in /etc/cobbler/settings, which is ON by default.
+#
+# choices:
+#    manage_in_tftpd -- default, uses the system's tftp server
+#    manage_tftpd_py -- uses cobbler's tftp server
+#
+  
+[tftpd]
+module = manage_in_tftpd
+
+#--------------------------------------------------
+
diff --git a/docker/build/cobbler/conf/setup.conf b/docker/build/cobbler/conf/setup.conf
new file mode 100755
index 0000000..db6e4b6
--- /dev/null
+++ b/docker/build/cobbler/conf/setup.conf
@@ -0,0 +1,25 @@
+#centos6.5
+NTP=http://mirror.centos.org/centos/6.6/os/x86_64/Packages/ntp-4.2.6p5-1.el6.centos.x86_64.rpm
+SSH_CLIENTS=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.5/x86_64/os/Packages/openssh-clients-5.3p1-94.el6.x86_64.rpm
+OPENSSH=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.3/x86_64/updates/security/openssh-5.3p1-94.el6.x86_64.rpm
+IPROUTE=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.5/x86_64/os/Packages/iproute-2.6.32-31.el6.x86_64.rpm
+WGET=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.5/x86_64/os/Packages/wget-1.12-1.8.el6.x86_64.rpm
+NTPDATE=http://mirror.centos.org/centos/6.6/os/x86_64/Packages/ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm
+YUM_PRIORITIES=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.3/i386/os/Packages/yum-plugin-priorities-1.1.30-14.el6.noarch.rpm
+JSONC=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/json-c-0.9-4.el6.x86_64.rpm
+LIBESTR=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/libestr-0.1.9-1.el6.x86_64.rpm
+LIBGT=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/libgt-0.3.11-1.el6.x86_64.rpm
+LIBLOGGING=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/liblogging-1.0.4-1.el6.x86_64.rpm
+RSYSLOG=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/rsyslog-7.6.3-1.el6.src.rpm
+CHEF_CLIENT_CENTOS=http://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.8.0-1.el6.x86_64.rpm
+
+#ubuntu12.04
+CHEF_CLIENT_UBUNTU=http://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.0-1.ubuntu.12.04_amd64.deb
+
+#iso
+CENTOS_ISO=https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/CentOS-6.5-x86_64.iso
+UBUNTU_ISO=http://releases.ubuntu.com/12.04/ubuntu-12.04.4-server-amd64.iso
+
+#repos
+EPEL7=http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
+ATOMIC=http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/atomic-release-1.0-19.el7.art.noarch.rpm
diff --git a/docker/build/cobbler/conf/ssl.conf b/docker/build/cobbler/conf/ssl.conf
new file mode 100644
index 0000000..07f1e22
--- /dev/null
+++ b/docker/build/cobbler/conf/ssl.conf
@@ -0,0 +1,221 @@
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these 
+# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+LoadModule ssl_module modules/mod_ssl.so
+
+#
+# When we also provide SSL we have to listen to the 
+# the HTTPS port in addition.
+#
+Listen 443
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog  builtin
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout  300
+
+#   Semaphore:
+#   Configure the path to the mutual exclusion semaphore the
+#   SSL engine uses internally for inter-process synchronization. 
+# SSLMutex default
+
+#   Pseudo Random Number Generator (PRNG):
+#   Configure one or more sources to seed the PRNG of the 
+#   SSL library. The seed data should be of good random quality.
+#   WARNING! On some platforms /dev/random blocks if not enough entropy
+#   is available. This means you then cannot use the /dev/random device
+#   because it would lead to very long connection times (as long as
+#   it requires to make more entropy available). But usually those
+#   platforms additionally provide a /dev/urandom device which doesn't
+#   block. So, if available, use this one instead. Read the mod_ssl User
+#   Manual for more details.
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   SSL Protocol support:
+# List the enable protocol levels with which clients will be able to
+# connect.  Disable SSLv2 access by default:
+SSLProtocol all -SSLv2
+
+#   SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+#   Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate.  If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase.  Note that a kill -HUP will prompt again.  A new
+# certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convinience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars
+</Files>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is send or allowed to received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is send and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+SetEnvIf User-Agent ".*MSIE.*" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
diff --git a/docker/build/cobbler/conf/tftpd.template b/docker/build/cobbler/conf/tftpd.template
new file mode 100644
index 0000000..31f4d36
--- /dev/null
+++ b/docker/build/cobbler/conf/tftpd.template
@@ -0,0 +1,21 @@
+# default: off
+# description: The tftp server serves files using the trivial file transfer \
+#       protocol.  The tftp protocol is often used to boot diskless \
+#       workstations, download configuration files to network-aware printers, \
+#       and to start the installation process for some operating systems.
+service tftp
+{
+        disable                 = no
+        log_type                = SYSLOG local5 info
+        socket_type             = dgram
+        protocol                = udp
+        wait                    = yes
+        user                    = $user
+        server                  = $binary
+        server_args             = -B 1380 -v -s $args
+        instances		= 1000
+        per_source              = 1000
+        cps                     = 1000 2
+        flags                   = IPv4
+}
+
diff --git a/docker/build/cobbler/scripts/start b/docker/build/cobbler/scripts/start
new file mode 100644
index 0000000..055ffe6
--- /dev/null
+++ b/docker/build/cobbler/scripts/start
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+service httpd start
+service cobblerd start
+
+# import distros
+cobbler import --path=/var/lib/cobbler/mount_point/CentOS-6.5-x86_64 --name=CentOS-6.5-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed=redhat
+cobbler import --path=/var/lib/cobbler/mount_point/Ubuntu-12.04-x86_64 --name=Ubuntu-12.04-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.seed --breed=ubuntu 
+
+# add profiles
+cobbler profile add --name=CentOS-6.5-x86_64 --repo=centos_ppa_repo --distro=CentOS-6.5-x86_64 --ksmeta="tree=http://10.145.89.200:8080/cobbler/ks_mirror/CentOS-6.5-x86_64 compass_server=10.145.89.200" --kickstart=/var/lib/cobbler/kickstarts/default.ks
+cobbler profile add --name=Ubuntu-12.04-x86_64 --repo=ubuntu_ppa_repo --distro=Ubuntu-12.04-x86_64 --ksmeta="tree=http://10.145.89.200:8080/cobbler/ks_mirror/Ubuntu-12.04-x86_64 compass_server=10.145.89.200" --kickstart=/var/lib/cobbler/kickstarts/default.seed --kopts="netcfg/choose_interface=auto"
+
+
+cobbler reposync
+cobbler sync
+cobbler check
diff --git a/docker/build/compass/Dockerfile b/docker/build/compass/Dockerfile
new file mode 100644
index 0000000..d31f11d
--- /dev/null
+++ b/docker/build/compass/Dockerfile
@@ -0,0 +1,137 @@
+FROM centos:centos7
+
+ADD conf/setup.conf /root/setup.conf
+RUN chmod +x /root/setup.conf
+## install yum repos and then packages
+RUN source /root/setup.conf && \
+    rpm -Uvh $EPEL7 >& /dev/null && \
+    sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo && \
+    rpm -Uvh $ATOMIC >& /dev/null && \
+    sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/atomic.repo
+RUN yum clean all >& /dev/null && \
+    yum update -y --skip-broken >&/dev/null && \
+    yum install -y rsyslog logrotate ntp iproute openssh-clients python python-devel git wget rabbitmq-server mod_wsgi httpd squid yum-utils gcc net-snmp-utils net-snmp net-snmp-python openssl openssl098e ca-certificates redis mariadb mariadb-server mariadb-devel python-virtualenv python-setuptools MySQL-python
+
+# set up pip and install python virtual environment
+RUN easy_install --upgrade pip
+RUN pip install virtualenvwrapper
+
+# get compass-core code
+WORKDIR /root
+RUN source /root/setup.conf && \
+    git clone $COMPASS_CORE
+WORKDIR /root/compass-core
+RUN mkdir /root/backup
+
+# update rsyslog conf
+RUN cp -rn /etc/rsyslog.conf /root/backup
+RUN rm -rf /etc/rsyslog.conf
+RUN cp -rf misc/rsyslog/rsyslog.conf /etc/rsyslog.conf
+RUN chmod 644 /etc/rsyslog.conf
+
+# update logrotate.d
+RUN cp -rn /etc/logrotate.d /root/backup
+RUN rm -rf /etc/logrotate.d/*
+RUN cp -rf misc/logrotate.d/* /etc/logrotate.d/
+RUN chmod 644 /etc/logrotate.d/*
+
+# grant permission to httpd and mysqld log dirs
+RUN mkdir /var/log/mysql
+RUN chmod 777 /var/log/httpd
+RUN chmod 777 /var/log/mysql
+
+# clone compass web
+WORKDIR /root
+RUN source /root/setup.conf && \
+    git clone $COMPASS_WEB
+
+# setup python requirements
+# remove 'mysql-python' from requirements as centos 7 supports the yum package
+WORKDIR /root/compass-core
+RUN sed -i 's/MySQL-python/#MySQL-python/g' requirements.txt
+RUN source `which virtualenvwrapper.sh` && \
+    mkvirtualenv --system-site-packages compass-core && \
+    workon compass-core && \
+    pip install -U -r requirements.txt
+
+# download local repo
+WORKDIR /tmp
+RUN source /root/setup.conf && \
+    wget $LOCAL_REPO
+
+# snmp
+# instead of moving mibs to /usr/local/share/snmp/mibs, centos7 puts mibs file at /usr/share/snmp/mibs/
+
+WORKDIR /root/compass-core
+RUN yes|cp -rf mibs/* /usr/share/snmp/mibs/
+RUN cp -rf misc/snmp/snmp.conf /etc/snmp/snmp.conf
+RUN chmod 644 /etc/snmp/snmp.conf
+RUN mkdir -p /var/lib/net-snmp/mib_indexes
+RUN chmod 755 /var/lib/net-snmp/mib_indexes
+
+# install compass-core
+WORKDIR /root/compass-core
+RUN mkdir -p /etc/compass
+RUN mkdir -p /opt/compass/bin
+RUN mkdir -p /var/log/compass
+RUN mkdir -p /var/log/chef
+RUN mkdir -p /var/www/compass
+
+RUN cp -rf misc/apache/ods-server.conf /etc/httpd/conf.d/ods-server.conf
+RUN cp -rf conf/* /etc/compass/
+RUN cp -rf bin/*.py /opt/compass/bin/
+RUN cp -rf bin/*.sh /opt/compass/bin/
+RUN cp -rf bin/compassd /usr/bin/
+RUN cp -rf bin/switch_virtualenv.py.template /opt/compass/bin/switch_virtualenv.py
+RUN ln -s -f /opt/compass/bin/compass_check.py /usr/bin/compass
+RUN ln -s -f /opt/compass/bin/compass_wsgi.py /var/www/compass/compass.wsgi
+RUN cp -rf bin/chef/* /opt/compass/bin/
+RUN cp -rf bin/cobbler/* /opt/compass/bin/
+RUN cp -rf /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so
+
+# setup compass-core and related confs
+RUN mkdir -p /opt/compass/db && \
+    chmod -R 777 /opt/compass/db
+RUN chmod -R 777 /var/log/compass
+RUN chmod -R 777 /var/log/chef
+RUN echo "export C_FORCE_ROOT=1" > /etc/profile.d/celery_env.sh
+RUN chmod +x /etc/profile.d/celery_env.sh
+WORKDIR /root/compass-core
+RUN source `which virtualenvwrapper.sh` && \
+    workon compass-core && \
+    python setup.py install
+
+# compass web
+WORKDIR /root/compass-web
+RUN yum -y install tar
+RUN mkdir -p /var/www/compass_web
+RUN cp -rf v2 /var/www/compass_web/
+WORKDIR /tmp
+RUN tar -xzvf local_repo.tar.gz
+RUN mv -f local_repo/* /var/www/compass_web/v2/
+
+# enable start-up script
+ADD scripts/sample_start /root/sample_start
+RUN chmod +x /root/sample_start
+
+# start: perform some post-installation tasks
+# modify compass refresh to make it work in containers
+ADD scripts/refresh.sh /opt/compass/bin/refresh.sh
+RUN chmod +x /opt/compass/bin/refresh.sh
+
+# set python home for virtualenv
+RUN sed -i "s|\$PythonHome|\/root\/\.virtualenvs\/compass-core|g" /opt/compass/bin/switch_virtualenv.py
+
+# add apache to root group
+RUN usermod -a -G `groups root|awk '{print$3}'` apache
+
+# configure mysql
+RUN /usr/bin/mysql_install_db && \
+    chown -R mysql:mysql /var/lib/mysql
+
+# CMD ["/root/sample_start"]
+
+EXPOSE 80
+EXPOSE 22
+EXPOSE 123
+EXPOSE 3306
diff --git a/docker/build/compass/conf/setup.conf b/docker/build/compass/conf/setup.conf
new file mode 100644
index 0000000..429eaab
--- /dev/null
+++ b/docker/build/compass/conf/setup.conf
@@ -0,0 +1,5 @@
+LOCAL_REPO="https://s3-us-west-1.amazonaws.com/compass-local-repo/local_repo.tar.gz"
+EPEL7="http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm"
+ATOMIC="http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/atomic-release-1.0-19.el7.art.noarch.rpm"
+COMPASS_CORE="https://git.openstack.org/stackforge/compass-core.git"
+COMPASS_WEB="https://git.openstack.org/stackforge/compass-web.git"
diff --git a/docker/build/compass/scripts/refresh.sh b/docker/build/compass/scripts/refresh.sh
new file mode 100644
index 0000000..8da8788
--- /dev/null
+++ b/docker/build/compass/scripts/refresh.sh
@@ -0,0 +1,9 @@
+#/bin/bash
+set -e
+/opt/compass/bin/manage_db.py createdb
+# /opt/compass/bin/clean_installers.py
+# /opt/compass/bin/clean_installation_logs.py
+/usr/sbin/apachectl -D NO_DETACH -D FOREGROUND
+/usr/bin/redis-server &
+CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log &
+/opt/compass/bin/progress_update.py &> /tmp/progress_update.log
diff --git a/docker/build/compass/scripts/sample_start b/docker/build/compass/scripts/sample_start
new file mode 100644
index 0000000..71d0159
--- /dev/null
+++ b/docker/build/compass/scripts/sample_start
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# set python home
+# sed -i "s|\$PythonHome|\/root\/\.virtualenvs\/compass-core|g" /opt/compass/bin/switch_virtualenv.py
+
+# add apache to root user group
+# usermod -a -G `groups root|awk '{print$3}'` apache
+
+# activate virtualenv
+source `which virtualenvwrapper.sh`
+workon compass-core
+
+## mysql
+# install db
+# grant permission to mysql data dir
+# /usr/bin/mysql_install_db
+# chown mysql:mysql /var/lib/mysql
+# chown mysql:mysql /var/lib/mysql/*
+# chown mysql:mysql /var/lib/mysql/mysql/*
+# chown mysql:mysql /var/lib/mysql/performance_schema/*
+
+# start mysqld service, push it to bg
+/usr/bin/mysqld_safe > /dev/null 2>&1 &
+
+RET=1
+while [[ RET -ne 0 ]]; do
+    echo "waiting for mariadb to startup"
+    sleep 5
+    mysql -uroot -e "status" > /dev/null 2>&1
+    RET=$?
+done
+
+echo "mariadb started"
+
+# set mysql with default username and password
+mysqladmin -h127.0.0.1 --port=3306 -u root password root
+
+# create db 'compass'
+mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass"
+
+## virtualenv
+# create virtualenv
+# source `which virtualenvwrapper.sh`
+# mkvirtualenv --system-site-packages compass-core 
+
+# install compass requirements
+
+# start compass services
+/opt/compass/bin/manage_db.py createdb
+/usr/sbin/apachectl -k start
+/usr/sbin/rabbitmq-server &
+/usr/bin/redis-server &
+ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery
+CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log &
+/opt/compass/bin/progress_update.py &> /tmp/progress_update.log &
+tail -f /dev/null
diff --git a/examples/Dockerfile b/examples/Dockerfile
new file mode 100644
index 0000000..d13c631
--- /dev/null
+++ b/examples/Dockerfile
@@ -0,0 +1,13 @@
+FROM compassindocker/compass:test
+
+ADD scripts/start /root/start
+ADD conf/compass.setting /etc/compass/setting
+ADD conf/cobbler.conf /etc/compass/os_installer/cobbler.conf
+ADD conf/chef-icehouse.conf /etc/compass/package_installer/chef-icehouse.conf
+ADD conf/chef-client.pem /etc/chef-client.pem
+
+RUN chmod +x /root/start
+
+CMD ["/root/start"]
+EXPOSE 80
+EXPOSE 123
diff --git a/examples/conf/chef-client.pem b/examples/conf/chef-client.pem
new file mode 100644
index 0000000..aaf83ec
--- /dev/null
+++ b/examples/conf/chef-client.pem
@@ -0,0 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA16JNckh4jk4B/yuw42OkHTix7cFWr7DLvpUOFHecmw6IcfP2
+mLvY2FI+RFFtM91/hWy648TtNzK5/iUJeTNLjGAuthzGeTfGS9SR8rSfVjDd6zHt
+gbHBTPPCeAydy9TfJpOhXWy8DHNiGjQKQd/RM8Sgzbp0JW1yMqSg+o64MgR8VFLL
+VMG6kA1VFzLs+/3W14vaHZqF0y8N0ZQeAXnsx51zNQL2rlEpF3PMMAhgyJIZ+UZk
+vDPu+i6wcabrq7yfmYg5B9OzAHkccAacCLjMz/2KCxHysuxkiElZ5g6qpHAlBQCw
+yt/GY6+UYBWtKd7UrHCN9+k5a4hXom1VbSYmGQIDAQABAoIBAQDQtT7QhmRpGAfG
+ursS27ZUsjNFNAR7OFt7szlVhhAF5CMcaE0dt3NCrReneEiCErkCoyKgolIXQvnS
+inaI4KUW0WFk0qUnXlyHuM8qYrh17AZfRovjI/E8UhK/rzZruzXhWLKugjfgtS0W
+v5fN+pu5x278sKMKNsx5R+6nlMujW/ztk6zFh4XQPH4WjbpEwNbGWtwktUu1ogTu
+AKLUZUvjNej+qBo/rxaTvKnUw9YW7KRNmD97CJwiyATEMW3uCs/K+S1gMIW/pkOt
+Nl3cokF94FwPxcSuJZMc6ZuGJrdjuUiwExO5Q9x5pxskbwYfK6Sq/cLy9ssqV8aL
+Mam7xkKBAoGBAPR2Q+br5TXZHYv3y4FCKo6tcALloIdHAoVLrfSXeKe81b70j/Za
+hGE9Wm5F0hbMK70l+NgDJnSbUUKmwDeU4eJbhrW68xuu8XP1jblwWLZ/RrqX4w8F
+WqNbN4LokEu285xTZc2/MGyI4E7IB0LzCh7YvNyD8Mw5hoQeZqne76yNAoGBAOHP
+uHOgu2lFokW8hvYg1tG1WqDAxNEThz+F6K1AhCh/rrKFqsns5baAr0A0nBOzfF52
+hnuQwjivoQ4LxapwDyYmbs0qmPSgOnKUAKuAlGYgiPzoqqAu7rPU6IsmbIa6Jex0
+JgbNNlFflvogQ7Ws1MJkVflBXtCRmIEC+dUeX0q9AoGBAM1H1oM+Sc6rEDWuEnTr
+lAMVvz6fhuqyBXrbbys6WvY4CyF8CrvrjMh/FcYN2XqNXplKHql+E7fNiTI4Bqdl
+3T0QcJGAeI8hm94tMCKtJcGyJTmhO+ksLM2KVpYWJr191xnJqm5YgxhQ5FMjg32D
+y1bV19ow7W8BS2T8hmdVLtwtAoGAdf/9THcW2EkqJjUBdcbtWwLhDBYQA42n5HsO
+ftKy/RLT8LhG6mQgGkGe0vdrBCSL/jUDy7h2tfaZO+TM82bBk9cLma0D5vl/8XYD
+75sucTvZOgg/eZts446DwotetPy7ape7c1xzYQyJscWAfISHXdnez3TonicnQWuT
+sFnBxCUCgYAmFe++2rfIDyTn/gYcZcTQeF9Ei9jAo8fGXuS/mqBNBwRLuctqoWsX
+Qw4XZ+sMZQ2nQED9mC5skEpSKdetXZ0eMLd/JfnJhyqSlGqEbauD01mEdV/POYxG
+oxpSg7bPw05mpaIzUCXw1mQpq7bZ/dQRArNs0wJwFi7sL1Pkf+/AHg==
+-----END RSA PRIVATE KEY-----
+
diff --git a/examples/conf/chef-icehouse.conf b/examples/conf/chef-icehouse.conf
new file mode 100644
index 0000000..8cb6e85
--- /dev/null
+++ b/examples/conf/chef-icehouse.conf
@@ -0,0 +1,11 @@
+NAME = 'chef_installer'
+INSTANCE_NAME = 'chef_installer'
+SETTINGS = {
+    'chef_url': 'https://10.145.89.140',
+    'chef_server_ip': '10.145.89.140',
+    'chef_server_dns': 'compass',
+    'key_dir': '/etc/chef-client.pem',
+    'client_name': 'docker-controller',
+    'databags': []
+}
+
diff --git a/examples/conf/cobbler.conf b/examples/conf/cobbler.conf
new file mode 100644
index 0000000..3928d6b
--- /dev/null
+++ b/examples/conf/cobbler.conf
@@ -0,0 +1,9 @@
+NAME = 'cobbler'
+INSTANCE_NAME = 'cobbler'
+SETTINGS = {
+    'cobbler_url': 'http://10.145.89.140/cobbler_api',
+    'credentials': {
+        'username': 'cobbler',
+        'password': 'cobbler'
+    }
+}
diff --git a/examples/conf/compass.setting b/examples/conf/compass.setting
new file mode 100644
index 0000000..e4b2aaa
--- /dev/null
+++ b/examples/conf/compass.setting
@@ -0,0 +1,33 @@
+CONFIG_DIR = '/etc/compass'
+DATABASE_TYPE = 'mysql'
+DATABASE_USER = 'root'
+DATABASE_PASSWORD = 'root'
+DATABASE_SERVER = '127.0.0.1:3306'
+DATABASE_NAME = 'compass'
+SQLALCHEMY_DATABASE_URI = '%s://%s:%s@%s/%s' % (DATABASE_TYPE, DATABASE_USER, DATABASE_PASSWORD, DATABASE_SERVER, DATABASE_NAME)
+SQLALCHEMY_DATABASE_POOL_TYPE = 'instant'
+INSTALLATION_LOGDIR = {
+    'CobblerInstaller': '/var/log/cobbler/anamon',
+    'ChefInstaller': '/var/log/chef'
+}
+DEFAULT_LOGLEVEL = 'info'
+DEFAULT_LOGDIR = '/var/log/compass'
+DEFAULT_LOGINTERVAL = 6
+DEFAULT_LOGINTERVAL_UNIT = 'h'
+DEFAULT_LOGFORMAT = '%(asctime)s - %(filename)s - %(lineno)d - %(levelname)s - %(message)s'
+WEB_LOGFILE = 'compass.log'
+CELERY_LOGFILE = 'celery.log'
+CELERYCONFIG_DIR = '/etc/compass'
+CELERYCONFIG_FILE = 'celeryconfig'
+PROGRESS_UPDATE_INTERVAL=30
+POLLSWITCH_INTERVAL=60
+SWITCHES = [
+]
+TMPL_DIR = '/etc/compass/templates'
+COMPASS_SUPPORTED_PROXY = 'http://10.145.89.140:3128'
+COMPASS_SUPPORTED_DEFAULT_NOPROXY = ['127.0.0.1','10.145.89.140','comapss']
+COMPASS_SUPPORTED_NTP_SERVER = '10.145.89.140'
+COMPASS_SUPPORTED_DNS_SERVERS = ['10.145.89.140']
+COMPASS_SUPPORTED_DOMAINS = ['ods.com']
+COMPASS_SUPPORTED_DEFAULT_GATEWAY = '10.145.88.1'
+COMPASS_SUPPORTED_LOCAL_REPO = 'http://10.145.89.140'
diff --git a/examples/scripts/start b/examples/scripts/start
new file mode 100644
index 0000000..767b1ec
--- /dev/null
+++ b/examples/scripts/start
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# activate virtualenv
+source `which virtualenvwrapper.sh`
+workon compass-core
+
+# start mysqld service, push it to bg
+/usr/bin/mysqld_safe > /dev/null 2>&1 &
+
+RET=1
+while [[ RET -ne 0 ]]; do
+    echo "waiting for mariadb to startup"
+    sleep 5
+    mysql -uroot -e "status" > /dev/null 2>&1
+    RET=$?
+done
+
+echo "mariadb started"
+
+# set mysql with default username and password
+mysqladmin -h127.0.0.1 --port=3306 -u root password root
+
+# create db 'compass'
+mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass"
+
+# start compass services
+/opt/compass/bin/manage_db.py createdb
+/usr/sbin/apachectl -k start
+/usr/sbin/rabbitmq-server &
+/usr/bin/redis-server &
+/usr/sbin/ntpd &
+ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery
+CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log &
+/opt/compass/bin/progress_update.py &> /tmp/progress_update.log &
+touch /var/log/compass/celery.log
+tail -f /var/log/compass/celery.log
diff --git a/install/allinone.yml b/install/allinone.yml
new file mode 100644
index 0000000..3da3c93
--- /dev/null
+++ b/install/allinone.yml
@@ -0,0 +1,9 @@
+---
+
+- hosts: allinone
+  sudo: True
+  roles:
+    - common
+    - chef
+    - cobbler
+    - compass
diff --git a/install/allinone_nochef.yml b/install/allinone_nochef.yml
new file mode 100644
index 0000000..3ad8e08
--- /dev/null
+++ b/install/allinone_nochef.yml
@@ -0,0 +1,8 @@
+---
+
+- hosts: compass_vm
+  sudo: True
+  roles:
+    - common
+    - cobbler
+    - compass
diff --git a/install/cobbler_nodocker.yml b/install/cobbler_nodocker.yml
new file mode 100644
index 0000000..110b374
--- /dev/null
+++ b/install/cobbler_nodocker.yml
@@ -0,0 +1,7 @@
+---
+
+- hosts: cobbler_ansible_test
+  sudo: True
+  roles:
+    - common
+    - cobbler
diff --git a/install/compass_nodocker.yml b/install/compass_nodocker.yml
new file mode 100644
index 0000000..9f59262
--- /dev/null
+++ b/install/compass_nodocker.yml
@@ -0,0 +1,10 @@
+---
+
+- hosts: compass_nodocker
+  sudo: True
+  roles:
+    - common
+    - cobbler
+    - compass
+  vars:
+    - dockerized: False
diff --git a/install/group_vars/all b/install/group_vars/all
new file mode 100644
index 0000000..47eea89
--- /dev/null
+++ b/install/group_vars/all
@@ -0,0 +1,225 @@
+---
+
+# Once rebuild is marked as True, all docker images and/or packages will be destroyed and re-established
+rebuild: True
+
+# Auto-generated IP values
+chef_server: "10.145.89.139"
+cobbler_server: "{{ mgmt_next_ip }}"
+compass-server: "{{ mgmt_next_ip }}"
+
+internal_nic: eth1
+internal_interface: "ansible_{{ internal_nic }}"
+internal_ip: "{{ hostvars[inventory_hostname][internal_interface]['ipv4']['address'] }}"
+
+# Auto-generated
+dockerized_cobbler: True
+dockerized_chef: False
+
+# shared_dir on local machine
+shared_dir: "~/compass/shared"
+
+# pkg installer
+pkg_installer: ['ansible']
+
+## default urls
+
+# centos
+epel_6: "https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm"
+
+# compass adapters
+compass_adapters: "git://git.openstack.org/stackforge/compass-adapters.git"
+
+## cobbler
+# cidr for docker bridge: compass0
+compass0_subnet: "192.168.100.1/24"
+
+# subnet ip for docker bridge: compass0
+compass0_subnet_ip: "192.168.100.0"
+
+# subnet mask for docker bridge: compass0
+compass0_subnet_mask: "255.255.255.0"
+
+# router ip for docker bridge: compass0
+compass0_router: "192.168.100.1"
+
+# dhcp range for docker bridge: compass0
+compass0_dhcp_range: "192.168.100.150 192.168.100.160"
+
+# management nic
+mgmt_nic: "eth1"
+mgmt_nic_ip: "hostvars[inventory_hostname][ansible_{{ mgmt_nic }}]['ipv4']['address']"
+# management pxe server
+mgmt_next_ip: "10.1.0.12"
+
+# management subnet ip of the cluster you want to deploy
+mgmt_subnet_ip: "10.1.0.0"
+
+# mangement cidr of the cluster you want to deploy
+mgmt_subnet: "10.1.0.0/24"
+
+# management subnet router ip
+mgmt_router: "10.1.0.1"
+
+# management subnet subnet mask
+mgmt_subnet_mask: "255.255.255.0"
+
+# management subnet dhcp range
+mgmt_dhcp_range: "10.1.0.100 10.1.0.150"
+
+
+
+## ports for cobbler ##
+
+# http port on host that maps to the cobbler container
+cobbler_mapped_http_port_on_host: "8080"
+
+# rsyslog port on host that maps to the compass container
+rsyslog_port_mapped_on_host: "12514"
+
+# tftp port on host that maps to the cobbler container
+tftp_port: "69"
+
+# xmlrpc port on host that maps to the cobbler container
+xmlrpc_port: "25151"
+
+# dns port on host that maps to the cobbler container
+dns_port: "53"
+
+# mysql port
+mysql_port: "3306"
+
+# port mapping as a paramter for running cobbler container
+cobbler_port_mapping: -p {{ cobbler_mapped_http_port_on_host }}:80 -p {{ tftp_port }}:69/udp -p {{ dns_port }}:53/udp -p {{ xmlrpc_port }}:25151 -p {{ rsyslog_port_mapped_on_host }}:514
+
+
+
+## ports for compass ##
+
+# http port on host that maps to the compass container
+compass_mapped_http_port_on_host: "5000"
+
+# ntp port on host that maps to the compass container
+ntp_port: "123"
+
+# squid proxy port on host that maps to the compass container
+proxy_port: "3128"
+
+# port mapping as a parameter for running compass container
+compass_port_mapping: -p {{ compass_mapped_http_port_on_host }}:80 -p {{ ntp_port }}:123 -p {{ proxy_port }}:3128 -p {{ mysql_port }}:3306
+
+
+## isos
+# centos iso url
+centos_url: "{{ centos_65_url }}"
+
+# ubuntu iso url
+ubuntu_url: "{{ ubuntu_1204_url }}"
+
+# centos 6.5 url
+centos_65_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/CentOS-6.5-x86_64.iso"
+
+# ubuntu 12.04 url
+ubuntu_1204_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/12.04/Ubuntu-12.04-x86_64.iso"
+
+# os name of centos
+centos: "{{ centos_65 }}"
+
+# os name of ubuntu
+ubuntu: "{{ ubuntu_1204 }}"
+
+# centos 6.5 os name
+centos_65: "CentOS-6.5-x86_64"
+
+# ubuntu 12.04 os name
+ubuntu_1204: "Ubuntu-12.04-x86_64"
+
+# ubuntu 14.04 url
+ubuntu_1404_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/Ubuntu-14.04-x86_64.iso"
+
+# ubuntu 14.04 os name
+ubuntu_1404: "Ubuntu-14.04-x86_64"
+
+region: "lab"
+
+distros:
+  - {
+      name: "Ubuntu-14.04-x86_64",
+      iso_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/Ubuntu-14.04-x86_64.iso",
+      ppa_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/ubuntu_14_04_ppa_repo.tar.gz",
+      iso_lab_url: "http://192.168.120.2/cobbler/iso/ubuntu/Ubuntu-14.04-x86_64.iso",
+      ppa_lab_url: "http://192.168.120.2/cobbler/ppa_repo/ubuntu_14_04_ppa_repo.tar.gz",
+      ppa_repo_name: "ubuntu_14_04_ppa_repo",
+      breed: "ubuntu",
+      kickstart: "default.seed",
+      kopts: "netcfg/choose_interface=auto"
+    }
+
+  - {
+      name: "CentOS-6.5-x86_64",
+      iso_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/CentOS-6.5-x86_64.iso",
+      ppa_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/centos_6_5_ppa_repo.tar.gz",
+      iso_lab_url: "http://192.168.120.2/cobbler/iso/centos/CentOS-6.5-x86_64.iso",
+      ppa_lab_url: "http://192.168.120.2/cobbler/ppa_repo/centos_6_5_ppa_repo.tar.gz",
+      ppa_repo_name: "centos_6_5_ppa_repo",
+      breed: "redhat",
+      kickstart: "default.ks",
+      kopts: ""
+    }
+
+##  volume mapping for cobbler ##
+
+# mount point for isos on cobbler host
+host_mount_point: "/root/docker-cobbler/images"
+
+# mount point inside cobbler container
+container_mount_point: "/var/lib/cobbler/mount_point"
+
+# combined mount syntax for docker run
+image_volume_mapping: "-v {{ host_mount_point }}:{{ container_mount_point }}"
+
+# log dir on cobbler host
+cobbler_host_log_dir: "/var/log/cobbler"
+
+# log dir inside cobbler container
+cobbler_container_log_dir: "/var/log/cobbler"
+
+# log the logs from container into host for future use
+log_volume_mapping: "-v {{ cobbler_host_log_dir }}:{{ cobbler_container_log_dir }}"
+
+
+
+##  volume mapping for compass ##
+
+# log dir on compass host
+compass_host_log_dir: "/var/log/compass"
+
+# log dir on inside compass container
+compass_container_log_dir: "/var/log/cobbler"
+
+# sync logs inside out of the container
+compass_volume_mapping: "-v {{ compass_host_log_dir }}:{{ compass_container_log_dir }}"
+
+
+
+## docker ##
+
+# install docker on ubuntu
+docker_apt_key_server: hkp://keyserver.ubuntu.com:80
+docker_apt_key: 36A1D7869245C8950F966E92D8576A8BA88D21E9
+
+# epel version
+epel_file_name: epel-release-6-8.noarch.rpm
+epel_base_url: http://download.fedoraproject.org/pub/epel/6/x86_64/
+
+# atomic version
+atomic_file_name: atomic-release-1.0-19.el6.art.noarch.rpm
+atomic_base_url: http://www6.atomicorp.com/channels/atomic/centos/6/x86_64/RPMS/
+
+# pxe boot macs
+#pxe_boot_macs: ['00:00:37:ed:95:4e', '00:00:79:ad:ce:6b', '00:00:0a:f6:6e:d7']
+#test: true
+
+# the key to be authorized on pxe boot machines so passwordless login can be
+# done from the machine where you grab the key.
+#push_ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUuKnIXwxS9w+Rxb4+CL3iqNQXB+kriQyr89YeLg5X7B0h+r91okw2bgodVvoynH8n7d7afHYew4KH7pMc5a3QMf/gwhhnlfoeyimQg0IOTQ6pvNxifRi5IN9xa3mB3kL9/xVmfo9rUE6ZZ4dNQ91As706SLBzEJWUuICT7fFJqCqHbxNT9aO//TWcoJJH+d+GLfLagyfVxBHb8DcoNSKTq1rFjZCFVs9pg6aO0d6Z3FcyICxOaacsAoRZOsx8+2WsHaZRk6udbqZJHt7LBs9Bc38+YCRhc31Q2jyrm37xT3QchRl4sihqq38N03cTYBksuRfV1dJaso9MUQapa/Lv root@host-1"
diff --git a/install/inventories/allinone b/install/inventories/allinone
new file mode 100644
index 0000000..ea3dcbf
--- /dev/null
+++ b/install/inventories/allinone
@@ -0,0 +1,2 @@
+[allinone]
+xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root type=allinone
diff --git a/install/inventories/chef b/install/inventories/chef
new file mode 100644
index 0000000..1f866bc
--- /dev/null
+++ b/install/inventories/chef
@@ -0,0 +1,2 @@
+[chefnodes]
+xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root dockerized=False type=chef
diff --git a/install/inventories/cobbler b/install/inventories/cobbler
new file mode 100644
index 0000000..e739247
--- /dev/null
+++ b/install/inventories/cobbler
@@ -0,0 +1,2 @@
+[cobblernodes]
+docker-base ansible_ssh_host=10.145.89.139 ansible_ssh_user=root ansible_ssh_pass=root dockerized=True container_name=cobbler-dev type=cobbler
diff --git a/install/inventories/compass b/install/inventories/compass
new file mode 100644
index 0000000..9fa8fa4
--- /dev/null
+++ b/install/inventories/compass
@@ -0,0 +1,2 @@
+[compassnodes]
+xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root dockerized=True container_name=compass-dev type=compass
diff --git a/install/inventories/hosts_test b/install/inventories/hosts_test
new file mode 100644
index 0000000..9bacea2
--- /dev/null
+++ b/install/inventories/hosts_test
@@ -0,0 +1,6 @@
+[chefnodes]
+xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=chef
+[cobblernodes]
+xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root type=cobbler
+[compassnodes]
+xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=compass
diff --git a/install/inventories/ubuntu_test b/install/inventories/ubuntu_test
new file mode 100644
index 0000000..3a5953a
--- /dev/null
+++ b/install/inventories/ubuntu_test
@@ -0,0 +1,6 @@
+# [chefnodes]
+# xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=chef
+[cobblernodes]
+xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=cobbler
+[compassnodes]
+xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=compass
diff --git a/install/precheck.yml b/install/precheck.yml
new file mode 100644
index 0000000..939fb81
--- /dev/null
+++ b/install/precheck.yml
@@ -0,0 +1,16 @@
+---
+
+- hosts: chefnodes
+  sudo: True
+  roles:
+    - precheck
+
+- hosts: cobblernodes
+  sudo: True
+  roles:
+    - precheck
+
+- hosts: compassnodes
+  sudo: True
+  roles:
+    - precheck
diff --git a/install/regtest.yml b/install/regtest.yml
new file mode 100644
index 0000000..4d88328
--- /dev/null
+++ b/install/regtest.yml
@@ -0,0 +1,45 @@
+---
+
+- hosts: regtest_vm
+  sudo: True
+  roles:
+    - regtest-compass
+#    - regtest-ansible-openstack
+  vars:
+    - COMPASS_PATH: "/opt/compass-core"
+    - COMPASS_SERVER_URL: "http://10.1.0.11:5000/api"
+    - COMPASS_USER_EMAIL: "admin@huawei.com"
+    - COMPASS_USER_PASSWORD: "admin"
+    - CLUSTER_NAME: "opnfv"
+    - LANGUAGE: "EN"
+    - TIMEZONE: "America/Los_Angeles"
+    - HOSTNAMES: "allinone"
+    - NTP_SERVER: "10.1.0.11"
+    - NAMESERVERS: "10.1.0.11"
+    - DOMAIN: "ods.com"
+    - PARTITIONS: "/home=5%,/tmp=5%,/var=20%"
+    - SUBNETS: "10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24"
+    - ADAPTER_OS_PATTERN: '"(?i)ubuntu-14\.04.*"'
+    - ADAPTER_NAME: "os_only"
+    - ADAPTER_TARGET_SYSTEM_PATTERN: ""
+    - ADAPTER_FLAVOR_PATTERN: ""
+    - PROXY: ""
+    - IGNORE_PROXY: ""
+    - SEARCH_PATH: "ods.com"
+    - GATEWAY: "10.1.0.1"
+    - SERVER_CREDENTIAL: "root"
+    - LOCAL_REPO_URL: ""
+    - OS_CONFIG_FILENAME: ""
+    - SERVICE_CREDENTIALS: "service"
+    - CONSOLE_CREDENTIALS: "console"
+    - HOST_NETWORKS: "allinone:eth0=10.1.0.100|is_mgmt,eth1=172.16.2.100,eth2=172.16.3.100,eth3=172.16.4.100"
+    - NETWORK_MAPPING: "management=eth0,tenant=eth1,storage=eth3,external=eth2"
+    - PACKAGE_CONFIG_FILENAME: ""
+    - HOST_ROLES: ""
+    - DEFAULT_ROLES: ""
+    - SWITCH_IPS: "1.1.1.1"
+    - MACHINES: ""
+    - SWITCH_CREDENTIAL: "version=2c,community=public"
+    - DEPLOYMENT_TIMEOUT: "90"
+    - POLL_SWITCHES_FLAG: "nopoll_switches"
+    - DASHBOARD_URL: ""
diff --git a/install/roles/chef/files/chef-server.rb b/install/roles/chef/files/chef-server.rb
new file mode 100644
index 0000000..b0f1851
--- /dev/null
+++ b/install/roles/chef/files/chef-server.rb
@@ -0,0 +1,4 @@
+nginx['non_ssl_port'] = 80
+nginx['enable_non_ssl'] = true
+nginx['ssl_port'] = 443
+nginx['url'] = "https://#{node['fqdn']}"
diff --git a/install/roles/chef/files/compass.json b/install/roles/chef/files/compass.json
new file mode 100644
index 0000000..9eeba78
--- /dev/null
+++ b/install/roles/chef/files/compass.json
@@ -0,0 +1,8 @@
+{
+  "name": "compass",
+  "public_key": null,
+  "validator": false,
+  "admin": true,
+  "json_class": "Chef::ApiClient",
+  "chef_type": "client"
+}
diff --git a/install/roles/chef/files/knife.rb b/install/roles/chef/files/knife.rb
new file mode 100644
index 0000000..834e4a1
--- /dev/null
+++ b/install/roles/chef/files/knife.rb
@@ -0,0 +1,9 @@
+log_level                :info
+log_location             STDOUT
+node_name                'admin'
+client_key               '/etc/chef-server/admin.pem'
+validation_client_name   'chef-validator'
+validation_key           '/etc/chef-server/chef-validator.pem'
+chef_server_url          'https://localhost:443'
+syntax_check_cache_path  '/root/.chef/syntax_check_cache'
+cookbook_path [ '/root/chef-repo/cookbooks' ]
diff --git a/install/roles/chef/files/knife.sh b/install/roles/chef/files/knife.sh
new file mode 100644
index 0000000..8e3145a
--- /dev/null
+++ b/install/roles/chef/files/knife.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+knife  configure -y -i --defaults -r ~/chef-repo -s https://localhost:443 -u root --admin-client-name admin --admin-client-key /etc/chef-server/admin.pem --validation-client-name chef-validator --validation-key /etc/chef-server/chef-validator.pem<<EOF
+'thisisarandomstring'
+EOF
diff --git a/install/roles/chef/tasks/Debian.yml b/install/roles/chef/tasks/Debian.yml
new file mode 100644
index 0000000..90c6e82
--- /dev/null
+++ b/install/roles/chef/tasks/Debian.yml
@@ -0,0 +1,30 @@
+---
+
+- name: install git
+  apt: name=git
+       state=installed
+       update_cache=yes
+
+- name: fact of chef-server
+  shell: dpkg -l
+  register: packages
+
+# get precise chef-server deb pkg if ubuntu is 12.04
+- name: get chef-server
+  get_url: url={{ chef_server_precise }}
+           dest=/tmp/chef-server.deb
+  when: "'chef-server' not in packages.stdout and ansible_distribution_major_version == '12'"
+
+- name: install chef-server
+  apt: deb=/tmp/chef-server.deb
+       state=installed
+
+- name: get chef-client
+  get_url: url={{ chef_client_precise }}
+           dest=/tmp/chef-client.rpm
+  when: "'chef' not in packages.stdout and ansbile_distribution_major_version == '12'"
+
+- name: install chef-client
+  apt: deb=/tmp/chef-client.deb
+       state=installed
+  when: "'chef' not in packages.stdout"
diff --git a/install/roles/chef/tasks/RedHat.yml b/install/roles/chef/tasks/RedHat.yml
new file mode 100644
index 0000000..c4e146e
--- /dev/null
+++ b/install/roles/chef/tasks/RedHat.yml
@@ -0,0 +1,30 @@
+---
+
+- name: fact of chef-server
+  command: rpm -qa | grep -q chef-server
+  register: is_installed
+
+- name: get chef-server
+  get_url: url={{ chef_server_el6_rpm }}
+           dest=/tmp/chef-server.rpm
+  when: is_installed.stdout.find('chef-server') == -1 and ansible_distribution_major_version == '6'
+
+- name: install chef-server
+  shell: rpm -Uvh /tmp/chef-server.rpm
+  when: "'chef-server' not in is_installed.stdout"
+
+- name: is chef-client installed
+  command: rpm -q chef
+  register: chefclient_installed
+
+- name: get chef-client
+  get_url: url={{ chef_client_el6_rpm }}
+           dest=/tmp/chef-client.rpm
+  when: chefclient_installed.stdout.find('chef') == -1 and ansible_distribution_major_version == '6'
+
+- name: install chef-client
+  shell: rpm -Uvh /tmp/chef-client.rpm
+  when: chefclient_installed.stdout.find('chef') == -1
+
+- name: install git
+  yum: name=git
diff --git a/install/roles/chef/tasks/chef-server.yml b/install/roles/chef/tasks/chef-server.yml
new file mode 100644
index 0000000..5722dea
--- /dev/null
+++ b/install/roles/chef/tasks/chef-server.yml
@@ -0,0 +1,14 @@
+- name: chef-server cleanse
+  shell: chef-server-ctl cleanse
+
+- name: create chef-server directory
+  file: path=/etc/chef-server state=directory
+
+- name: copy chef-server.rb
+  copy: src=chef-server.rb dest=/etc/chef-server/chef-server.rb mode=644 backup=yes
+
+- name: reconfigure chef-server
+  shell: chef-server-ctl reconfigure
+
+- name: test chef-server
+  shell: chef-server-ctl test
diff --git a/install/roles/chef/tasks/compass.yml b/install/roles/chef/tasks/compass.yml
new file mode 100644
index 0000000..2e5b36e
--- /dev/null
+++ b/install/roles/chef/tasks/compass.yml
@@ -0,0 +1,60 @@
+---
+
+- name: create backup dir
+  file: path=/root/backup state=directory
+
+- name: create cookbook directory
+  file: path=/var/chef/cookbooks state=directory
+
+- name: backup cookbooks
+  shell: cp -rf /var/chef/cookbooks /root/backup/cookbooks
+
+- name: remove cookbooks
+  shell: rm -rf /var/chef/cookbooks/*
+
+- name: clone compass-adapters
+  git: repo={{ compass_adapters }} dest=/root/compass-adapters version=dev/experimental accept_hostkey=yes recursive=no
+ 
+- name: copy cookbooks to its directory
+  shell: cp -rf /root/compass-adapters/chef/cookbooks/* /var/chef/cookbooks/
+
+- name: upload cookbooks using knife
+  shell: knife cookbook upload -o /var/chef/cookbooks --all
+
+- name: create roles directory
+  file: path=/var/chef/roles state=directory
+
+- name: backup roles
+  shell: cp -rf /var/chef/roles /root/backup/roles
+
+- name: remove roles
+  shell: rm -rf /var/chef/roles/*
+
+- name: copy roles to its directory
+  shell: cp -rf /root/compass-adapters/chef/roles/* /var/chef/roles/
+
+- name: upload roles from file
+  shell: knife role from file /var/chef/roles/*.json
+
+- name: copy compass admin knife client config to chef server
+  copy: src=compass.json dest=/var/chef/compass.json mode=0644
+
+- name: check if compass client exists
+  command: knife client list
+  register: result
+
+- name: remove compass client if it exists
+  shell: knife client delete compass -y
+  when: result.stdout.find('compass') != -1
+
+- name: create chef admin client for remote control
+  shell: knife client create -a compass -f /tmp/compass.pem -y -d
+
+- name: fetch compass.pem
+  fetch: src=/tmp/compass.pem dest={{ shared_dir }}/keys/compass.pem flat=yes
+
+- name: fetch chef admin.pem
+  fetch: src=/etc/chef-server/admin.pem dest={{ shared_dir }}/keys/admin.pem flat=yes
+
+- name: fetch chef validator.pem
+  fetch: src=/etc/chef-server/chef-validator.pem dest={{ shared_dir }}/keys/chef-validator.pem flat=yes
diff --git a/install/roles/chef/tasks/docker-debian.yml b/install/roles/chef/tasks/docker-debian.yml
new file mode 100644
index 0000000..e69de29
diff --git a/install/roles/chef/tasks/docker-redhat.yml b/install/roles/chef/tasks/docker-redhat.yml
new file mode 100644
index 0000000..e69de29
diff --git a/install/roles/chef/tasks/docker.yml b/install/roles/chef/tasks/docker.yml
new file mode 100644
index 0000000..a82e322
--- /dev/null
+++ b/install/roles/chef/tasks/docker.yml
@@ -0,0 +1,4 @@
+---
+
+- name: hello world
+  shell: echo hello world
diff --git a/install/roles/chef/tasks/knife.yml b/install/roles/chef/tasks/knife.yml
new file mode 100644
index 0000000..a124976
--- /dev/null
+++ b/install/roles/chef/tasks/knife.yml
@@ -0,0 +1,17 @@
+--- 
+- name: make knife directory
+  file: path=~/.chef state=directory
+
+- name: copy knife setup script
+  copy: src=knife.sh dest=/tmp/knife.sh mode=0755
+
+- name: check if knife is already configured
+  command: ls ~/.chef
+  register: result
+
+- name: run knife setup script
+  shell: /tmp/knife.sh >> knife.txt chdir=/tmp/
+  when: result.stdout.find('root') == -1
+
+- name: replace knife config file
+  copy: src=knife.rb dest=/root/.chef/knife.rb mode=0644
diff --git a/install/roles/chef/tasks/main.yml b/install/roles/chef/tasks/main.yml
new file mode 100644
index 0000000..3e3ff04
--- /dev/null
+++ b/install/roles/chef/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+
+- include: RedHat.yml
+  when: ansible_os_family == 'RedHat' and not dockerized
+
+- include: Debian.yml
+  when: ansible_os_family == 'Debian' and not dockerized
+
+- include: docker-redhat.yml
+  when: ansible_os_family == 'Redhat' and dockerized
+
+- include: docker-debian.yml
+  when: ansible_os_family == 'Debian' and dockerized
+
+- include: chef-server.yml
+  when: not dockerized
+
+- include: knife.yml
+  when: not dockerized
+
+- include: compass.yml
+  when: not dockerized
diff --git a/install/roles/chef/vars/main.yml b/install/roles/chef/vars/main.yml
new file mode 100644
index 0000000..2ae4e12
--- /dev/null
+++ b/install/roles/chef/vars/main.yml
@@ -0,0 +1,16 @@
+---
+
+# chef server specific environment variables
+
+chef_server_el6_rpm: "https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.8-1.el6.x86_64.rpm"
+# open source chef server does not support centos7/el7 yet
+chef_server_el7_rpm: ""
+chef_server_precise: "https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.8-1.ubuntu.12.04_amd64.deb"
+chef_server_trusty: ""
+
+# chef client rpm
+chef_client_el6_rpm: "https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.8.0-1.el6.x86_64.rpm" 
+
+dockerized: False
+
+
diff --git a/install/roles/cobbler/files/cobbler_web.conf b/install/roles/cobbler/files/cobbler_web.conf
new file mode 100644
index 0000000..f03d4fe
--- /dev/null
+++ b/install/roles/cobbler/files/cobbler_web.conf
@@ -0,0 +1,10 @@
+# This configuration file enables the cobbler web
+# interface (django version)
+
+# Force everything to go to https
+RewriteEngine on
+RewriteCond %{HTTPS} off
+RewriteCond %{REQUEST_URI} ^/cobbler_web
+# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+
+WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
diff --git a/install/roles/cobbler/files/debmirror.conf b/install/roles/cobbler/files/debmirror.conf
new file mode 100644
index 0000000..dbd187f
--- /dev/null
+++ b/install/roles/cobbler/files/debmirror.conf
@@ -0,0 +1,79 @@
+# Default config for debmirror
+
+# The config file is a perl script so take care to follow perl syntax.
+# Any setting in /etc/debmirror.conf overrides these defaults and
+# ~/.debmirror.conf overrides those again. Take only what you need.
+#
+# The syntax is the same as on the command line and variable names
+# loosely match option names. If you don't recognize something here
+# then just stick to the command line.
+#
+# Options specified on the command line override settings in the config
+# files.
+
+# Location of the local mirror (use with care)
+# $mirrordir="/path/to/mirrordir"
+
+# Output options
+$verbose=0;
+$progress=0;
+$debug=0;
+
+# Download options
+$host="ftp.debian.org";
+$user="anonymous";
+$passwd="anonymous@";
+$remoteroot="debian";
+$download_method="ftp";
+# @dists="sid";
+@sections="main,main/debian-installer,contrib,non-free";
+# @arches="i386";
+# @ignores="";
+# @excludes="";
+# @includes="";
+# @excludes_deb_section="";
+# @limit_priority="";
+$omit_suite_symlinks=0;
+$skippackages=0;
+# @rsync_extra="doc,tools";
+$i18n=0;
+$getcontents=0;
+$do_source=1;
+$max_batch=0;
+
+# @di_dists="dists";
+# @di_archs="arches";
+
+# Save mirror state between runs; value sets validity of cache in days
+$state_cache_days=0;
+
+# Security/Sanity options
+$ignore_release_gpg=0;
+$ignore_release=0;
+$check_md5sums=0;
+$ignore_small_errors=0;
+
+# Cleanup
+$cleanup=0;
+$post_cleanup=1;
+
+# Locking options
+$timeout=300;
+
+# Rsync options
+$rsync_batch=200;
+$rsync_options="-aIL --partial";
+
+# FTP/HTTP options
+$passive=0;
+# $proxy="http://proxy:port/";
+
+# Dry run
+$dry_run=0;
+
+# Don't keep diff files but use them
+$diff_mode="use";
+
+# The config file must return true or perl complains.
+# Always copy this.
+1;
diff --git a/install/roles/cobbler/files/distributions b/install/roles/cobbler/files/distributions
new file mode 100644
index 0000000..7f61215
--- /dev/null
+++ b/install/roles/cobbler/files/distributions
@@ -0,0 +1,8 @@
+Origin: ppa
+Label: ppa_repo
+Suite: stable
+Codename: ppa
+Version: 0.1
+Architectures: i386 amd64 source
+Components: main
+Description: ppa repo
diff --git a/install/roles/cobbler/files/rsync b/install/roles/cobbler/files/rsync
new file mode 100644
index 0000000..1f8b9b1
--- /dev/null
+++ b/install/roles/cobbler/files/rsync
@@ -0,0 +1,14 @@
+# default: off
+# description: The rsync server is a good addition to an ftp server, as it \
+#	allows crc checksumming etc.
+service rsync
+{
+	disable	= no
+	flags		= IPv6
+	socket_type     = stream
+	wait            = no
+	user            = root
+	server          = /usr/bin/rsync
+	server_args     = --daemon
+	log_on_failure  += USERID
+}
diff --git a/install/roles/cobbler/files/ssl.conf b/install/roles/cobbler/files/ssl.conf
new file mode 100644
index 0000000..73220d3
--- /dev/null
+++ b/install/roles/cobbler/files/ssl.conf
@@ -0,0 +1,221 @@
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these 
+# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+LoadModule ssl_module modules/mod_ssl.so
+
+#
+# When we also provide SSL we have to listen to the 
+# the HTTPS port in addition.
+#
+Listen 443
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog  builtin
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout  300
+
+#   Semaphore:
+#   Configure the path to the mutual exclusion semaphore the
+#   SSL engine uses internally for inter-process synchronization. 
+# SSLMutex default
+
+#   Pseudo Random Number Generator (PRNG):
+#   Configure one or more sources to seed the PRNG of the 
+#   SSL library. The seed data should be of good random quality.
+#   WARNING! On some platforms /dev/random blocks if not enough entropy
+#   is available. This means you then cannot use the /dev/random device
+#   because it would lead to very long connection times (as long as
+#   it requires to make more entropy available). But usually those
+#   platforms additionally provide a /dev/urandom device which doesn't
+#   block. So, if available, use this one instead. Read the mod_ssl User
+#   Manual for more details.
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   SSL Protocol support:
+# List the enable protocol levels with which clients will be able to
+# connect.  Disable SSLv2 access by default:
+SSLProtocol all -SSLv2
+
+#   SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+#   Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate.  If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase.  Note that a kill -HUP will prompt again.  A new
+# certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convinience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars
+</Files>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is send or allowed to received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is send and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+SetEnvIf User-Agent ".*MSIE.*" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost> 
diff --git a/install/roles/cobbler/handlers/main.yml b/install/roles/cobbler/handlers/main.yml
new file mode 100644
index 0000000..a382468
--- /dev/null
+++ b/install/roles/cobbler/handlers/main.yml
@@ -0,0 +1,12 @@
+---
+- name: restart dhcp-relay
+  shell: service isc-dhcp-relay restart
+
+- name: restart httpd
+  service: name=httpd state=restarted enabled=yes
+
+- name: restart cobbler
+  service: name=cobblerd state=restarted enabled=yes
+
+- name: cobbler sync
+  command: cobbler sync
diff --git a/install/roles/cobbler/tasks/Debian.yml b/install/roles/cobbler/tasks/Debian.yml
new file mode 100644
index 0000000..e69de29
diff --git a/install/roles/cobbler/tasks/RedHat.yml b/install/roles/cobbler/tasks/RedHat.yml
new file mode 100644
index 0000000..ef7ad39
--- /dev/null
+++ b/install/roles/cobbler/tasks/RedHat.yml
@@ -0,0 +1,321 @@
+---
+
+- name: install base packages
+  yum: name={{ item }} state=present
+  with_items:
+    - wget
+    - git
+
+- name: check epel presence
+  command: rpm -q epel-release
+  register: epel_presence
+  ignore_errors: yes
+
+- name: check atomic repo presence
+  command: rpm -q atomic-release
+  register: atomic_presence
+  ignore_errors: yes
+
+#- name: get epel version
+#  command: > 
+#    wget -q {{ epel_base_url }} -O - | grep -oE "(href=\"epel-release-6-[0-9,.].*)" | cut -d\" -f2
+#  register: epel_file_name
+#  when: epel_presence.rc != 0
+
+- name: install epel
+  yum: name={{ epel_base_url }}/{{ epel_file_name }} state=present
+  when: epel_presence.rc != 0
+
+- name: install atomic repo
+  yum: name={{ atomic_base_url }}/{{ atomic_file_name }} state=present
+  when: atomic_presence.rc != 0
+
+- name: yum update
+  yum: name=* state=latest update_cache=yes
+
+- name: install related packages
+  yum: name={{ item }} state=present
+  with_items:
+    - cobbler
+    - cobbler-web
+    - createrepo
+    - mkisofs
+    - syslinux
+    - debmirror
+    - pykickstart
+    - cman 
+    - bind
+    - rsync
+    - dhcp
+    - xinetd
+    - tftp-server
+    - gcc
+    - httpd
+    - libselinux-python
+
+- name: turn off iptables
+  service: name=iptables state=stopped enabled=no
+
+- name: replace config files
+  copy: src={{ item.name }} dest={{ item.dest }}
+  with_items:
+    - { name: rsync, dest: /etc/xinetd.d/rsync }
+    - { name: debmirror.conf, dest: /etc/debmirror.conf }
+
+- name: restart xinetd service
+  service: name=xinetd state=restarted enabled=yes
+
+- name: configure interface for dhcp
+  command: ifconfig {{ mgmt_nic }}:1 {{ mgmt_next_ip }} netmask {{ mgmt_subnet_mask }}
+  when: not mgmt_ip_same 
+
+- name: copy httpd configuration files
+  file: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} mode=0644
+  with_items:
+    - cobbler_web.conf
+    - ssl.conf
+  notify:
+    restart httpd
+
+- name: disable selinux
+  selinux: state=disabled
+
+- name: disable selinux real time
+  shell: echo 0 > /selinux/enforce
+
+- name: copy cobbler configuration files
+  template: src={{ item.name }} dest=/etc/cobbler/{{ item.file_name }} mode=0644
+  with_items:
+    - { name: tftpd.template, file_name: tftpd.template }
+    - { name: modules.conf, file_name: modules.conf }
+    - { name: dhcp.template.nodocker.j2, file_name: dhcp.template }
+    - { name: named.template.nodocker.j2, file_name: named.template }
+    - { name: settings.j2, file_name: settings }
+  notify:
+    - restart cobbler
+    - cobbler sync
+
+- meta: flush_handlers
+
+- name: clone snippets
+  git: repo={{ compass_adapter_source }}
+       dest=/opt/compass-adapters
+       version={{ compass_adapter_version }}
+       update=yes
+       force=yes
+
+- name: remove old cobbler folders
+  shell: rm -rf path=/var/lib/cobbler/{{ item }}
+  with_items:
+    - snippets
+    - scripts
+    - triggers
+    - kickstarts
+
+- name: create cobbler folders
+  file: path=/var/lib/cobbler/{{ item }} state=directory mode=0755
+  with_items:
+    - snippets
+    - scripts
+    - triggers
+    - kickstarts
+
+- name: copy snippets to cobbler folder
+  shell: cp -rf /opt/compass-adapters/cobbler/{{ item }}/* /var/lib/cobbler/{{ item }}/
+  with_items:
+    - snippets
+    - scripts
+    - triggers
+    - kickstarts
+  notify:
+    cobbler sync
+
+- name: change snippets mode
+  file: path=/var/lib/cobbler mode=0755 recurse=yes
+
+- name: create cblr_ks folder
+  file: path=/var/www/cblr_ks mode=0755 state=directory
+
+- name: change kickstart mode
+  file: path=/var/lib/cobbler/kickstarts mode=0666 recurse=yes
+
+- name: disable selinux
+  selinux: state=disabled
+
+- name: disable selinux real time
+  command: echo 0 > /selinux/enforce
+
+- name: clean cobbler log folder
+  file: path=/var/log/cobbler state=absent
+
+- name: create cobbler log directories
+  file: path={{ item }} mode=0777 state=directory recurse=yes
+  with_items:
+    - /var/log/cobbler
+    - /var/log/cobbler/anamon
+    - /var/log/cobbler/tasks
+
+- name: create cobbler ppa repo dir
+  file: path=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}/conf
+        state=directory
+        mode=0644
+        recurse=yes
+  with_items: distros
+
+- name: copy distributions to ubuntu ppa repo
+  template: src=distributions
+        dest=/var/lib/cobbler/repo_mirror/ubuntu_12_04_ppa_repo/conf/distributions
+        mode=0644
+  when: ubuntu_1204 in distros
+
+- name: copy distribution to ubuntu 14.04 ppa repo
+  template: src=distributions
+        dest=/var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf/distributions
+        mode=0644
+  when: ubuntu_1404 in distros
+
+- name: start cobbler and httpd services
+  service: name={{ item }} state=restarted enabled=yes
+  with_items:
+    - httpd
+    - cobblerd
+
+- name: download ppa repo images
+  get_url: url={{ item.ppa_lab_url }} dest=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}.tar.gz
+  with_items: distros
+  when: region == "lab"
+
+- name: download ppa repo images
+  get_url: url={{ item.ppa_us_url }} dest=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}.tar.gz
+  with_items: distros
+  when: region == "us"
+
+- name: untar ppa repo images
+  unarchive: src=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}.tar.gz
+             dest=/var/lib/cobbler/repo_mirror/
+             copy=no
+  with_items: distros
+
+- name: add repos
+  command: cobbler repo add --name {{ item.ppa_repo_name }} --mirror=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }} --mirror-locally=Y --arch=x86_64
+  with_items: distros
+  args:
+    creates: /opt/repo_added.txt
+  ignore_errors: yes
+  run_once: True
+
+- name: remove ubuntu default repo
+  command: cobbler repo remove --name {{ item }}
+  with_items:
+    - "{{ ubuntu }}"
+    - "{{ ubuntu_1404 }}"
+  ignore_errors: yes
+
+- name: cobbler repo sync
+  command: cobbler reposync
+
+- name: download loader files
+  get_url: url={{ cobbler_loaders_url }} dest=/var/lib/cobbler/
+
+- name: untar loaders file
+  unarchive: src=/var/lib/cobbler/loaders.tar.gz dest=/var/lib/cobbler/ 
+             copy=no
+ 
+- name: cobbler get loaders
+  command: cobbler get-loaders
+
+- name: create directory for images
+  file: path=/var/lib/cobbler/iso state=directory
+
+- name: download images
+  get_url: url={{ item.iso_lab_url }} dest=/var/lib/cobbler/iso/{{ item.name }}.iso mode=0644
+  with_items: distros
+  when: region == "lab"
+
+- name: download images
+  get_url: url={{ item.iso_us_url }} dest=/var/lib/cobbler/iso/{{ item.name }}.iso mode=0644
+  with_items: distros
+  when: region == "us"
+
+- name: mount_info
+  command: mount
+  register: mount_info
+
+- name: create mount point
+  file: name=/mnt/{{ item.name }} state=directory
+  with_items: distros
+  when: mount_info.stdout.find('CentOS') == -1 and mount_info.stdout.find('Ubuntu') == -1
+  ignore_errors: yes
+
+- name: mount images
+  shell: mount -o loop /var/lib/cobbler/iso/{{ item.name }}.iso /mnt/{{ item.name }}
+  with_items: distros
+  when: mount_info.stdout.find('CentOS') == -1 and mount_info.stdout.find('Ubuntu') == -1
+  args:
+    creates: /opt/image_mounted.txt
+  ignore_errors: yes
+  run_once: True
+
+- name: import distros
+  command: cobbler import --path=/mnt/{{ item.name }} --name {{ item.name }} --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed={{ item.breed }}
+  with_items: distros
+  args:
+    creates: /opt/distro_imported.txt
+  ignore_errors: yes
+  run_once: True
+
+#- name: add profiles
+#  command: cobbler profile add --name={{ item.name }} --repo={{ item.ppa_repo_name }} --distro={{ item.name }} --ksmeta="tree=http://{{ mgmt_next_ip }}/cobbler/ks_mirror/{{ item.name }}" --kickstart=/var/lib/cobbler/kickstarts/{{ item.kickstart }} --kopts="{{ item.kopts }}"
+#  with_items: distros
+#  args:
+#    creates: /opt/profile_added.txt
+#  ignore_errors: yes
+#  run_once: True
+
+- name: generate public key file for ssh
+  template: src=id_rsa.pub.j2 dest=/var/lib/cobbler/id_rsa.pub
+  when: push_ssh_key is defined
+
+- name: generate ssh key for root
+  user: name=root generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
+  when: push_ssh_key is not defined
+
+- name: edit profiles
+  shell: cobbler profile edit --name={{ item.name }} --repo={{ item.ppa_repo_name }} --distro={{ item.name }} --ksmeta="tree=http://{{ mgmt_next_ip }}/cobbler/ks_mirror/{{ item.name }}" --kickstart=/var/lib/cobbler/kickstarts/{{ item.kickstart }} --kopts="{{ item.kopts }}"
+  with_items: distros
+
+- name: edit profiles with push ssh key option
+  shell: cobbler profile edit --name={{ item.name }} --repo={{ item.ppa_repo_name }} --distro={{ item.name }} --ksmeta="tree=http://{{ mgmt_next_ip }}/cobbler/ks_mirror/{{ item.name }} push_ssh_keys=/var/lib/cobbler/id_rsa.pub" --kickstart=/var/lib/cobbler/kickstarts/{{ item.kickstart }} --kopts="{{ item.kopts }}"
+  with_items: distros
+  when: push_ssh_key is defined
+
+- name: remove ubuntu default repo
+  command: cobbler repo remove --name {{ item }}
+  with_items:
+    - "{{ ubuntu }}"
+    - "{{ ubuntu_1404 }}"
+  ignore_errors: yes
+
+- name: cobbler repo sync again
+  shell: cobbler reposync
+
+- name: cobbler sync
+  shell: cobbler sync
+
+- name: restart xinetd
+  service: name=xinetd state=restarted
+
+- name: restart dhcpd
+  service: name=dhcpd state=restarted enabled=yes
+
+- name: cobbler check
+  shell: cobbler check
+
+- name: get all systems
+  shell: cobbler system list
+  register: cobbler_systems
+
+- name: remove all systems
+  shell: cobbler system remove --name {{ item }}
+  with_items: cobbler_systems.stdout_lines
+  when: cobbler_systems and test is defined and test == True
diff --git a/install/roles/cobbler/tasks/dhcp-relay-debian.yml b/install/roles/cobbler/tasks/dhcp-relay-debian.yml
new file mode 100644
index 0000000..6467a91
--- /dev/null
+++ b/install/roles/cobbler/tasks/dhcp-relay-debian.yml
@@ -0,0 +1,11 @@
+---
+
+- name: get isc-dhcp-relay agent
+  apt: pkg=isc-dhcp-relay state=installed
+
+- name: make dhcp-relay agent listen to cobbler
+  lineinfile: dest=/etc/default/isc-dhcp-relay
+              regexp='^SERVERS'
+              line='SERVERS="{{ cobbler_docker_ip }}"'
+  notify:
+      restart dhcp-relay
diff --git a/install/roles/cobbler/tasks/dhcp-relay-redhat.yml b/install/roles/cobbler/tasks/dhcp-relay-redhat.yml
new file mode 100644
index 0000000..d3d0ce5
--- /dev/null
+++ b/install/roles/cobbler/tasks/dhcp-relay-redhat.yml
@@ -0,0 +1,6 @@
+- name: install dhcp on cobbler host for relay
+  yum: pkg=dhcp state=installed
+  when: ansible_os_family == "RedHat"
+
+- name: configure dhcprelay
+  shell: dhcrelay {{ cobbler_docker_ip }}
diff --git a/install/roles/cobbler/tasks/docker.yml b/install/roles/cobbler/tasks/docker.yml
new file mode 100644
index 0000000..be94503
--- /dev/null
+++ b/install/roles/cobbler/tasks/docker.yml
@@ -0,0 +1,133 @@
+---
+
+- name: install mkisofs
+  yum: pkg=mkisofs state=installed
+  when: ansible_os_family == "Redhat"
+
+- name: install mkisofs in debian
+  apt: pkg=mkisofs state=installed
+  when: ansible_os_family == "Debian"
+
+- name: clean up docker directory
+  file: path=~/docker-cobbler/{{ item }} state=absent
+  with_items:
+    - Dockerfile
+    - files
+
+- name: clean up log directory
+  file: path=/var/log/cobbler state=absent
+
+- name: create directory for docker and files
+  file: path=~/docker-cobbler/files state=directory
+
+- name: create directories for images
+  file: path=~/docker-cobbler/images/{{ item }} state=directory
+  with_items:
+    - "{{ centos }}"
+    - "{{ ubuntu }}"
+    - "{{ ubuntu_1404 }}"
+
+- name: download images
+  get_url: url={{ item.name }} dest=/tmp/{{ item.filename }} mode=0644
+  with_items:
+    - { name: "{{ centos_url }}", filename: "{{ centos }}.iso" }
+    - { name: "{{ ubuntu_url }}", filename: "{{ ubuntu }}.iso" }
+    - { name: "{{ ubuntu_1404_url }}", filename: "{{ ubuntu_1404 }}.iso" }
+
+- name: mount info
+  command: mount
+  register: mount_info
+
+- name: mount images
+  shell: mount -o loop /tmp/{{ item }}.iso ~/docker-cobbler/images/{{ item }}
+#  mount: name=~/docker-cobbler/images/{{ item }} src=/tmp/{{ item }}.iso opts=loop fstype=iso9660 state=mounted
+  with_items:
+    - "{{ centos }}"
+    - "{{ ubuntu }}"
+    - "{{ ubuntu_1404 }}"
+  when: mount_info.stdout.find('CentOS') == -1
+
+- name: copy Dockerfile to ~/docker-cobbler
+  template: src=Dockerfile.j2 dest=~/docker-cobbler/Dockerfile mode=0644
+
+- name: copy dhcp.template
+  template: src=dhcp.template.j2
+            dest=~/docker-cobbler/files/dhcp.template
+            mode=0644
+
+- name: copy named.template
+  template: src=named.template.j2
+            dest=~/docker-cobbler/files/named.template
+            mode=0644
+
+- name: copy start script
+  template: src=start.sh.j2
+            dest=~/docker-cobbler/files/start.sh
+            mode=0755
+
+- name: copy post sync script
+  template: src=fix_ks_server.py.j2
+            dest=~/docker-cobbler/files/fix_ks_server.py
+            mode=0755
+
+- name: copy admin key
+  copy: src={{ shared_dir }}/keys/admin.pem
+        dest=~/docker-cobbler/files/admin.pem
+        mode=0644
+  when: "'chef' in {{ pkg_installer }}"
+
+- name: copy chef validator key
+  copy: src={{ shared_dir }}/keys/chef-validator.pem
+        dest=~/docker-cobbler/files/chef-validator.pem
+        mode=0644 
+  when: "'chef' in {{ pkg_installer }}" 
+
+- name: cobbler container?
+  command: docker ps -a
+  register: containers
+
+- name: remove cobbler container if any
+  shell: docker rm -f cobbler-dev
+  when: containers.stdout.find('cobbler-dev') != -1
+
+- name: check if 'cobbler' image already exists
+  command: docker images cobbler
+  register: image
+
+- name: remove image 'cobbler' if it exists and --rebuild is specified
+  shell: docker rmi -f cobbler
+  when: image.stdout.find('cobbler') != -1 and rebuild
+
+- name: restart docker daemon if debian
+  service: name=docker state=restarted
+  when: ansible_os_family == "Debian"
+
+- name: build a docker image for cobbler
+  shell: docker build -t cobbler ~/docker-cobbler
+  when: image.stdout.find('cobbler') == -1 or rebuild
+
+- name: fork image and run a new cobbler container
+  shell: docker run --name=cobbler-dev -d {{ cobbler_port_mapping }} {{ image_volume_mapping }} -i -t cobbler
+  notify:
+      restart dhcp-relay
+
+- name: extract cobbler ip info
+  shell: echo `docker inspect cobbler-dev | awk -F '"' '/IPAdd/ {print $4}'` > /tmp/ip
+
+- name: quote the ip first
+  shell: echo `sed 's/\(.*\)/"\1"/g' /tmp/ip` > /tmp/dynamic.yml
+
+- name: add cobbler_docker_ip before cobbler ip
+  shell: "echo `sed '/^/ s/^/cobbler_docker_ip: /' /tmp/dynamic.yml` > /tmp/dynamic.yml"
+
+- name: write cobbler_ip to local var
+  fetch: src=/tmp/dynamic.yml dest={{ shared_dir }}/dynamic.yml mode=0644 flat=yes
+
+- name: include cobbler dynamic vars
+  include_vars: "{{ shared_dir }}/dynamic.yml"
+
+- include: dhcp-relay-redhat.yml
+  when: ansible_os_family == "Redhat"
+
+- include: dhcp-relay-debian.yml
+  when: ansible_os_family == "Debian"
diff --git a/install/roles/cobbler/tasks/main.yml b/install/roles/cobbler/tasks/main.yml
new file mode 100644
index 0000000..0e2c0a8
--- /dev/null
+++ b/install/roles/cobbler/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- include: RedHat.yml
+  when: ansible_os_family == 'RedHat' and not dockerized
+
+- include: Debian.yml
+  when: ansible_os_family == 'Debian' and not dockerized
+
+- include: docker.yml
+  when: dockerized
diff --git a/install/roles/cobbler/templates/Dockerfile.j2 b/install/roles/cobbler/templates/Dockerfile.j2
new file mode 100644
index 0000000..8c32ca5
--- /dev/null
+++ b/install/roles/cobbler/templates/Dockerfile.j2
@@ -0,0 +1,21 @@
+FROM compassindocker/cobbler
+
+ADD files/dhcp.template /etc/cobbler/dhcp.template
+ADD files/named.template /etc/cobbler/named.template
+ADD files/start.sh /root/start.sh
+{% if 'chef' in pkg_installer %}
+ADD files/admin.pem /etc/cobbler/admin.pem
+ADD files/chef-validator.pem /etc/cobbler/chef-validator.pem
+{% endif %}
+ADD files/fix_ks_server.py /var/lib/cobbler/triggers/sync/post/fix_ks_server.py
+
+RUN chmod +x /root/start.sh
+CMD ["/root/start.sh"]
+
+EXPOSE 80
+EXPOSE 67 67/udp
+EXPOSE 69 69/udp
+EXPOSE 53 53/udp
+EXPOSE 25151
+EXPOSE 443
+EXPOSE 873
diff --git a/install/roles/cobbler/templates/dhcp.template.j2 b/install/roles/cobbler/templates/dhcp.template.j2
new file mode 100644
index 0000000..3e899d6
--- /dev/null
+++ b/install/roles/cobbler/templates/dhcp.template.j2
@@ -0,0 +1,121 @@
+# ******************************************************************
+# Cobbler managed dhcpd.conf file
+#
+# generated from cobbler dhcp.conf template ($date)
+# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
+# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
+# overwritten.
+#
+# ******************************************************************
+
+ddns-update-style interim;
+
+allow booting;
+allow bootp;
+deny unknown-clients;
+local-address 192.168.100.100;
+log-facility local6;
+
+ignore client-updates;
+set vendorclass = option vendor-class-identifier;
+
+option pxe-system-type code 93 = unsigned integer 16;
+option space pxelinux;
+option pxelinux.magic      code 208 = string;
+option pxelinux.configfile code 209 = text;
+option pxelinux.pathprefix code 210 = text;
+option pxelinux.reboottime code 211 = unsigned integer 32;
+
+subnet {{ compass0_subnet_ip }} netmask {{ compass0_subnet_mask }} {
+     option routers {{ compass0_router }};
+     option domain-name-servers {{ compass0_router }};
+     option subnet-mask {{ compass0_subnet_mask }};
+     range dynamic-bootp {{ compass0_dhcp_range }};
+     default-lease-time 21600;
+     max-lease-time 43200;
+     next-server $next_server;
+     class "pxeclients" {
+          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+          if option pxe-system-type = 00:02 {
+                  filename "ia64/elilo.efi";
+          } else if option pxe-system-type = 00:06 {
+                  filename "grub/grub-x86.efi";
+          } else if option pxe-system-type = 00:07 {
+                  filename "grub/grub-x86_64.efi";
+          } else {
+                  filename "pxelinux.0";
+          }
+     }
+
+}
+
+subnet {{ mgmt_subnet_ip }} netmask {{ mgmt_subnet_mask }} {
+     option routers {{ mgmt_router }};
+     option domain-name-servers {{ mgmt_router }};
+     option subnet-mask {{ mgmt_subnet_mask }};
+     range dynamic-bootp {{ mgmt_dhcp_range }};
+     default-lease-time 21600;
+     max-lease-time 43200;
+     next-server $next_server;
+     class "pxeclients" {
+          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+          if option pxe-system-type = 00:02 {
+                  filename "ia64/elilo.efi";
+          } else if option pxe-system-type = 00:06 {
+                  filename "grub/grub-x86.efi";
+          } else if option pxe-system-type = 00:07 {
+                  filename "grub/grub-x86_64.efi";
+          } else {
+                  filename "pxelinux.0";
+          }
+     }
+
+}
+
+#for dhcp_tag in $dhcp_tags.keys():
+    ## group could be subnet if your dhcp tags line up with your subnets
+    ## or really any valid dhcpd.conf construct ... if you only use the
+    ## default dhcp tag in cobbler, the group block can be deleted for a
+    ## flat configuration
+# group for Cobbler DHCP tag: $dhcp_tag
+group {
+        #for mac in $dhcp_tags[$dhcp_tag].keys():
+            #set iface = $dhcp_tags[$dhcp_tag][$mac]
+    host $iface.name {
+        hardware ethernet $mac;
+        site-option-space "pxelinux";
+        option pxelinux.magic f1:00:74:7e;
+        if exists dhcp-parameter-request-list {
+            # Always send the PXELINUX options (specified in hexadecimal)
+            option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,d0,d1,d2,d3);
+        }
+        option pxelinux.reboottime 30;
+        #if $iface.hostname:
+        option host-name "$iface.hostname";
+        #end if
+        #if $iface.netmask:
+        option subnet-mask $iface.netmask;
+        #end if
+        #if $iface.gateway:
+        option routers $iface.gateway;
+        #end if
+        #if $iface.enable_gpxe:
+        if exists user-class and option user-class = "gPXE" {
+            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
+        } else if exists user-class and option user-class = "iPXE" {
+            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
+        } else {
+            filename "undionly.kpxe";
+        }
+        #else
+        filename "$iface.filename";
+        #end if
+        ## Cobbler defaults to $next_server, but some users
+        ## may like to use $iface.system.server for proxied setups
+        next-server $next_server;
+        ## next-server $iface.next_server;
+    }
+        #end for
+}
+#end for
+
diff --git a/install/roles/cobbler/templates/dhcp.template.nodocker.j2 b/install/roles/cobbler/templates/dhcp.template.nodocker.j2
new file mode 100644
index 0000000..ef90eb3
--- /dev/null
+++ b/install/roles/cobbler/templates/dhcp.template.nodocker.j2
@@ -0,0 +1,123 @@
+# ******************************************************************
+# Cobbler managed dhcpd.conf file
+#
+# generated from cobbler dhcp.conf template ($date)
+# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
+# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
+# overwritten.
+#
+# ******************************************************************
+
+ddns-update-style interim;
+
+allow booting;
+allow bootp;
+deny unknown-clients;
+local-address {{ cobbler_server }};
+log-facility local6;
+
+ignore client-updates;
+set vendorclass = option vendor-class-identifier;
+
+option pxe-system-type code 93 = unsigned integer 16;
+option space pxelinux;
+option pxelinux.magic      code 208 = string;
+option pxelinux.configfile code 209 = text;
+option pxelinux.pathprefix code 210 = text;
+option pxelinux.reboottime code 211 = unsigned integer 32;
+
+{% if dockerized %}
+subnet {{ compass0_subnet_ip }} netmask {{ compass0_subnet_mask }} {
+     option routers {{ compass0_router }};
+     option domain-name-servers {{ compass0_router }};
+     option subnet-mask {{ compass0_subnet_mask }};
+     range dynamic-bootp {{ compass0_dhcp_range }};
+     default-lease-time 21600;
+     max-lease-time 43200;
+     next-server $next_server;
+     class "pxeclients" {
+          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+          if option pxe-system-type = 00:02 {
+                  filename "ia64/elilo.efi";
+          } else if option pxe-system-type = 00:06 {
+                  filename "grub/grub-x86.efi";
+          } else if option pxe-system-type = 00:07 {
+                  filename "grub/grub-x86_64.efi";
+          } else {
+                  filename "pxelinux.0";
+          }
+     }
+
+}
+{% endif %}
+
+subnet {{ mgmt_subnet_ip }} netmask {{ mgmt_subnet_mask }} {
+     option routers {{ mgmt_router }};
+     option domain-name-servers {{ mgmt_router }};
+     option subnet-mask {{ mgmt_subnet_mask }};
+     range dynamic-bootp {{ mgmt_dhcp_range }};
+     default-lease-time 21600;
+     max-lease-time 43200;
+     next-server {{ mgmt_next_ip }};
+     class "pxeclients" {
+          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+          if option pxe-system-type = 00:02 {
+                  filename "ia64/elilo.efi";
+          } else if option pxe-system-type = 00:06 {
+                  filename "grub/grub-x86.efi";
+          } else if option pxe-system-type = 00:07 {
+                  filename "grub/grub-x86_64.efi";
+          } else {
+                  filename "pxelinux.0";
+          }
+     }
+
+}
+
+#for dhcp_tag in $dhcp_tags.keys():
+    ## group could be subnet if your dhcp tags line up with your subnets
+    ## or really any valid dhcpd.conf construct ... if you only use the
+    ## default dhcp tag in cobbler, the group block can be deleted for a
+    ## flat configuration
+# group for Cobbler DHCP tag: $dhcp_tag
+group {
+        #for mac in $dhcp_tags[$dhcp_tag].keys():
+            #set iface = $dhcp_tags[$dhcp_tag][$mac]
+    host $iface.name {
+        hardware ethernet $mac;
+        site-option-space "pxelinux";
+        option pxelinux.magic f1:00:74:7e;
+        if exists dhcp-parameter-request-list {
+            # Always send the PXELINUX options (specified in hexadecimal)
+            option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,d0,d1,d2,d3);
+        }
+        option pxelinux.reboottime 30;
+        #if $iface.hostname:
+        option host-name "$iface.hostname";
+        #end if
+        #if $iface.netmask:
+        option subnet-mask $iface.netmask;
+        #end if
+        #if $iface.gateway:
+        option routers $iface.gateway;
+        #end if
+        #if $iface.enable_gpxe:
+        if exists user-class and option user-class = "gPXE" {
+            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
+        } else if exists user-class and option user-class = "iPXE" {
+            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
+        } else {
+            filename "undionly.kpxe";
+        }
+        #else
+        filename "$iface.filename";
+        #end if
+        ## Cobbler defaults to $next_server, but some users
+        ## may like to use $iface.system.server for proxied setups
+        next-server $next_server;
+        ## next-server $iface.next_server;
+    }
+        #end for
+}
+#end for
+
diff --git a/install/roles/cobbler/templates/distributions b/install/roles/cobbler/templates/distributions
new file mode 100644
index 0000000..7f61215
--- /dev/null
+++ b/install/roles/cobbler/templates/distributions
@@ -0,0 +1,8 @@
+Origin: ppa
+Label: ppa_repo
+Suite: stable
+Codename: ppa
+Version: 0.1
+Architectures: i386 amd64 source
+Components: main
+Description: ppa repo
diff --git a/install/roles/cobbler/templates/fix_ks_server.py.j2 b/install/roles/cobbler/templates/fix_ks_server.py.j2
new file mode 100644
index 0000000..e893ead
--- /dev/null
+++ b/install/roles/cobbler/templates/fix_ks_server.py.j2
@@ -0,0 +1,18 @@
+#!/usr/bin/python
+import logging
+
+from cobbler import api
+from subprocess import call
+
+SERVER='{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}'
+
+def main():
+    """main entry"""
+    cobbler_api = api.BootAPI()
+    for system in cobbler_api.systems():
+        sys_name = system.name
+        call(["cobbler", "system", "edit", "--name=%s" % sys_name, "--server=%s" % SERVER])
+    return
+
+if __name__ == '__main__':
+    main()
diff --git a/install/roles/cobbler/templates/id_rsa.pub.j2 b/install/roles/cobbler/templates/id_rsa.pub.j2
new file mode 100644
index 0000000..1aac40e
--- /dev/null
+++ b/install/roles/cobbler/templates/id_rsa.pub.j2
@@ -0,0 +1 @@
+{{ push_ssh_key }}
diff --git a/install/roles/cobbler/templates/modules.conf b/install/roles/cobbler/templates/modules.conf
new file mode 100644
index 0000000..8087910
--- /dev/null
+++ b/install/roles/cobbler/templates/modules.conf
@@ -0,0 +1,83 @@
+# cobbler module configuration file
+# =================================
+
+# authentication: 
+# what users can log into the WebUI and Read-Write XMLRPC?
+# choices:
+#    authn_denyall    -- no one (default)
+#    authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
+#    authn_passthru   -- ask Apache to handle it (used for kerberos)
+#    authn_ldap       -- authenticate against LDAP
+#    authn_spacewalk  -- ask Spacewalk/Satellite (experimental)
+#    authn_pam        -- use PAM facilities
+#    authn_testing    -- username/password is always testing/testing (debug)
+#    (user supplied)  -- you may write your own module
+# WARNING: this is a security setting, do not choose an option blindly.
+# for more information:
+# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
+# https://github.com/cobbler/cobbler/wiki/Security-overview
+# https://github.com/cobbler/cobbler/wiki/Kerberos
+# https://github.com/cobbler/cobbler/wiki/Ldap
+
+[authentication]
+module = authn_configfile
+
+# authorization: 
+# once a user has been cleared by the WebUI/XMLRPC, what can they do?
+# choices:
+#    authz_allowall   -- full access for all authneticated users (default)
+#    authz_ownership  -- use users.conf, but add object ownership semantics
+#    (user supplied)  -- you may write your own module
+# WARNING: this is a security setting, do not choose an option blindly.
+# If you want to further restrict cobbler with ACLs for various groups,
+# pick authz_ownership.  authz_allowall does not support ACLs.  configfile
+# does but does not support object ownership which is useful as an additional
+# layer of control.
+
+# for more information:
+# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
+# https://github.com/cobbler/cobbler/wiki/Security-overview
+# https://github.com/cobbler/cobbler/wiki/Web-authorization
+
+[authorization]
+module = authz_allowall
+
+# dns:
+# chooses the DNS management engine if manage_dns is enabled
+# in /etc/cobbler/settings, which is off by default.
+# choices:
+#    manage_bind    -- default, uses BIND/named
+#    manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dhcp below
+# NOTE: more configuration is still required in /etc/cobbler
+# for more information:
+# https://github.com/cobbler/cobbler/wiki/Dns-management
+
+[dns]
+module = manage_bind
+
+# dhcp:
+# chooses the DHCP management engine if manage_dhcp is enabled
+# in /etc/cobbler/settings, which is off by default.
+# choices:
+#    manage_isc     -- default, uses ISC dhcpd
+#    manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dns above
+# NOTE: more configuration is still required in /etc/cobbler
+# for more information:
+# https://github.com/cobbler/cobbler/wiki/Dhcp-management
+  
+[dhcp]
+module = manage_isc
+
+# tftpd:
+# chooses the TFTP management engine if manage_tftp is enabled
+# in /etc/cobbler/settings, which is ON by default.
+#
+# choices:
+#    manage_in_tftpd -- default, uses the system's tftp server
+#    manage_tftpd_py -- uses cobbler's tftp server
+#
+  
+[tftpd]
+module = manage_in_tftpd
+
+#--------------------------------------------------
diff --git a/install/roles/cobbler/templates/named.template.j2 b/install/roles/cobbler/templates/named.template.j2
new file mode 100644
index 0000000..6ddb30c
--- /dev/null
+++ b/install/roles/cobbler/templates/named.template.j2
@@ -0,0 +1,31 @@
+options {
+          listen-on port 53 { $listen_ip; };
+          directory       "/var/named";
+          dump-file       "/var/named/data/cache_dump.db";
+          statistics-file "/var/named/data/named_stats.txt";
+          memstatistics-file "/var/named/data/named_mem_stats.txt";
+          allow-query { 127.0.0.0/8; {{ compass0_subnet }}; };
+          recursion yes;
+};
+
+logging {
+        channel default_debug {
+                file "data/named.run";
+                severity dynamic;
+        };
+};
+
+#for $zone in $forward_zones
+zone "${zone}." {
+    type master;
+    file "$zone";
+};
+
+#end for
+#for $zone, $arpa in $reverse_zones
+zone "${arpa}." {
+    type master;
+    file "$zone";
+};
+
+#end for
diff --git a/install/roles/cobbler/templates/named.template.nodocker.j2 b/install/roles/cobbler/templates/named.template.nodocker.j2
new file mode 100644
index 0000000..74344fd
--- /dev/null
+++ b/install/roles/cobbler/templates/named.template.nodocker.j2
@@ -0,0 +1,31 @@
+options {
+          listen-on port 53 { {{ cobbler_server }}; };
+          directory       "/var/named";
+          dump-file       "/var/named/data/cache_dump.db";
+          statistics-file "/var/named/data/named_stats.txt";
+          memstatistics-file "/var/named/data/named_mem_stats.txt";
+          allow-query { 127.0.0.0/8; {{ mgmt_subnet }}; };
+          recursion yes;
+};
+
+logging {
+        channel default_debug {
+                file "data/named.run";
+                severity dynamic;
+        };
+};
+
+#for $zone in $forward_zones
+zone "${zone}." {
+    type master;
+    file "$zone";
+};
+
+#end for
+#for $zone, $arpa in $reverse_zones
+zone "${arpa}." {
+    type master;
+    file "$zone";
+};
+
+#end for
diff --git a/install/roles/cobbler/templates/settings.j2 b/install/roles/cobbler/templates/settings.j2
new file mode 100644
index 0000000..bd3201c
--- /dev/null
+++ b/install/roles/cobbler/templates/settings.j2
@@ -0,0 +1,450 @@
+---
+# cobbler settings file
+# restart cobblerd and run "cobbler sync" after making changes
+# This config file is in YAML 1.0 format
+# see http://yaml.org
+# ==========================================================
+# if 1, cobbler will allow insertions of system records that duplicate
+# the --dns-name information of other system records.  In general,
+# this is undesirable and should be left 0.
+allow_duplicate_hostnames: 0
+
+# if 1, cobbler will allow insertions of system records that duplicate
+# the ip address information of other system records.  In general,
+# this is undesirable and should be left 0.
+allow_duplicate_ips: 0
+
+# if 1, cobbler will allow insertions of system records that duplicate
+# the mac address information of other system records.  In general,
+# this is undesirable.
+allow_duplicate_macs: 0
+
+# if 1, cobbler will allow settings to be changed dynamically without
+# a restart of the cobblerd daemon. You can only change this variable
+# by manually editing the settings file, and you MUST restart cobblerd
+# after changing it.
+allow_dynamic_settings: 0
+
+# by default, installs are *not* set to send installation logs to the cobbler
+# # # server.  With 'anamon_enabled', kickstart templates may use the pre_anamon
+# # # snippet to allow remote live monitoring of their installations from the
+# # # cobbler server.  Installation logs will be stored under
+# # # /var/log/cobbler/anamon/.  NOTE: This does allow an xmlrpc call to send logs
+# # # to this directory, without authentication, so enable only if you are
+# # # ok with this limitation.
+anamon_enabled: 1
+
+# If using authn_pam in the modules.conf, this can be configured
+# to change the PAM service authentication will be tested against.
+# The default value is "login".
+authn_pam_service: "login"
+
+# Email out a report when cobbler finishes installing a system.
+# enabled: set to 1 to turn this feature on
+# sender: optional
+# email: which addresses to email
+# smtp_server: used to specify another server for an MTA
+# subject: use the default subject unless overridden
+build_reporting_enabled: 0
+build_reporting_sender: ""
+build_reporting_email: [ 'root@localhost' ]
+build_reporting_smtp_server: "localhost"
+build_reporting_subject: ""
+
+# Cheetah-language kickstart templates can import Python modules.
+# while this is a useful feature, it is not safe to allow them to 
+# import anything they want. This whitelists which modules can be 
+# imported through Cheetah.  Users can expand this as needed but
+# should never allow modules such as subprocess or those that
+# allow access to the filesystem as Cheetah templates are evaluated
+# by cobblerd as code.
+cheetah_import_whitelist:
+ - "random"
+ - "re"
+ - "time"
+
+# Default createrepo_flags to use for new repositories. If you have
+# createrepo >= 0.4.10, consider "-c cache --update -C", which can
+# dramatically improve your "cobbler reposync" time.  "-s sha"
+# enables working with Fedora repos from F11/F12 from EL-4 or
+# EL-5 without python-hashlib installed (which is not available
+# on EL-4)
+createrepo_flags: "-c cache -s sha"
+
+# if no kickstart is specified to profile add, use this template
+default_kickstart: /var/lib/cobbler/kickstarts/default.ks
+
+# configure all installed systems to use these nameservers by default
+# unless defined differently in the profile.  For DHCP configurations
+# you probably do /not/ want to supply this.
+default_name_servers: ['10.145.89.100']
+
+# if using the authz_ownership module (see the Wiki), objects
+# created without specifying an owner are assigned to this
+# owner and/or group.  Can be a comma seperated list.
+default_ownership:
+ - "admin"
+
+# cobbler has various sample kickstart templates stored
+# in /var/lib/cobbler/kickstarts/.  This controls
+# what install (root) password is set up for those
+# systems that reference this variable.  The factory
+# default is "cobbler" and cobbler check will warn if
+# this is not changed.
+# The simplest way to change the password is to run 
+# openssl passwd -1
+# and put the output between the "" below.
+default_password_crypted: "$1$huawei$9OkoVJwO4W8vavlXd1bUS/"
+
+# the default template type to use in the absence of any
+# other detected template. If you do not specify the template 
+# with '#template=<template_type>' on the first line of your
+# templates/snippets, cobbler will assume try to use the
+# following template engine to parse the templates.
+#
+# Current valid values are: cheetah, jinja2
+default_template_type: "cheetah"
+
+# for libvirt based installs in koan, if no virt bridge
+# is specified, which bridge do we try?  For EL 4/5 hosts
+# this should be xenbr0, for all versions of Fedora, try
+# "virbr0".  This can be overriden on a per-profile
+# basis or at the koan command line though this saves
+# typing to just set it here to the most common option.
+default_virt_bridge: xenbr0
+
+# use this as the default disk size for virt guests (GB)
+default_virt_file_size: 5
+
+# use this as the default memory size for virt guests (MB)
+default_virt_ram: 512
+
+# if koan is invoked without --virt-type and no virt-type
+# is set on the profile/system, what virtualization type
+# should be assumed?  Values: xenpv, xenfv, qemu, vmware
+# (NOTE: this does not change what virt_type is chosen by import)
+default_virt_type: xenpv
+
+# enable gPXE booting? Enabling this option will cause cobbler
+# to copy the undionly.kpxe file to the tftp root directory, 
+# and if a profile/system is configured to boot via gpxe it will 
+# chain load off pxelinux.0.
+# Default: 0
+enable_gpxe: 0
+
+# controls whether cobbler will add each new profile entry to the default
+# PXE boot menu.  This can be over-ridden on a per-profile
+# basis when adding/editing profiles with --enable-menu=0/1.  Users
+# should ordinarily leave this setting enabled unless they are concerned
+# with accidental reinstalls from users who select an entry at the PXE
+# boot menu.  Adding a password to the boot menus templates 
+# may also be a good solution to prevent unwanted reinstallations
+enable_menu: 0
+
+# enable Func-integration?  This makes sure each installed machine is set up
+# to use func out of the box, which is a powerful way to script and control
+# remote machines.  
+# Func lives at http://fedorahosted.org/func
+# read more at https://github.com/cobbler/cobbler/wiki/Func-integration
+# you will need to mirror Fedora/EPEL packages for this feature, so see
+# https://github.com/cobbler/cobbler/wiki/Manage-yum-repos if you want cobbler
+# to help you with this
+func_auto_setup: 0
+func_master: overlord.example.org
+
+# change this port if Apache is not running plaintext on port
+# 80.  Most people can leave this alone.
+http_port: 80
+
+# kernel options that should be present in every cobbler installation.
+# kernel options can also be applied at the distro/profile/system
+# level.
+kernel_options:
+ ksdevice: bootif
+ lang: ' '
+ text: ~
+
+# s390 systems require additional kernel options in addition to the
+# above defaults
+kernel_options_s390x:
+ RUNKS: 1
+ ramdisk_size: 40000
+ root: /dev/ram0
+ ro: ~
+ ip: off
+ vnc: ~
+
+# configuration options if using the authn_ldap module. See the
+# the Wiki for details.  This can be ignored if you are not using
+# LDAP for WebUI/XMLRPC authentication.
+ldap_server: "ldap.example.com"
+ldap_base_dn: "DC=example,DC=com"
+ldap_port: 389
+ldap_tls: 1
+ldap_anonymous_bind: 1
+ldap_search_bind_dn: ''
+ldap_search_passwd: ''
+ldap_search_prefix: 'uid='
+ldap_tls_cacertfile: ''
+ldap_tls_keyfile: ''
+ldap_tls_certfile: ''
+
+# cobbler has a feature that allows for integration with config management
+# systems such as Puppet.  The following parameters work in conjunction with 
+# --mgmt-classes  and are described in furhter detail at:
+# https://github.com/cobbler/cobbler/wiki/Using-cobbler-with-a-configuration-management-system
+mgmt_classes: []
+mgmt_parameters:
+ from_cobbler: 1
+
+# if enabled, this setting ensures that puppet is installed during
+# machine provision, a client certificate is generated and a
+# certificate signing request is made with the puppet master server
+puppet_auto_setup: 0
+
+# when puppet starts on a system after installation it needs to have
+# its certificate signed by the puppet master server. Enabling the
+# following feature will ensure that the puppet server signs the
+# certificate after installation if the puppet master server is
+# running on the same machine as cobbler. This requires
+# puppet_auto_setup above to be enabled
+sign_puppet_certs_automatically: 0
+
+# location of the puppet executable, used for revoking certificates
+puppetca_path: "/usr/bin/puppet"
+
+# when a puppet managed machine is reinstalled it is necessary to
+# remove the puppet certificate from the puppet master server before a
+# new certificate is signed (see above). Enabling the following
+# feature will ensure that the certificate for the machine to be
+# installed is removed from the puppet master server if the puppet
+# master server is running on the same machine as cobbler. This
+# requires puppet_auto_setup above to be enabled
+remove_old_puppet_certs_automatically: 0
+
+# choose a --server argument when running puppetd/puppet agent during kickstart
+#puppet_server: 'puppet'
+
+# let cobbler know that you're using a newer version of puppet
+# choose version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'
+#puppet_version: 2
+
+# choose whether to enable puppet parameterized classes or not.
+# puppet versions prior to 2.6.5 do not support parameters
+#puppet_parameterized_classes: 1
+
+# set to 1 to enable Cobbler's DHCP management features.
+# the choice of DHCP management engine is in /etc/cobbler/modules.conf
+manage_dhcp: 1
+
+# set to 1 to enable Cobbler's DNS management features.
+# the choice of DNS mangement engine is in /etc/cobbler/modules.conf
+manage_dns: 1
+
+# set to path of bind chroot to create bind-chroot compatible bind
+# configuration files.  This should be automatically detected.
+bind_chroot_path: ""
+
+# set to the ip address of the master bind DNS server for creating secondary
+# bind configuration files
+bind_master: 127.0.0.1
+
+# set to 1 to enable Cobbler's TFTP management features.
+# the choice of TFTP mangement engine is in /etc/cobbler/modules.conf
+manage_tftpd: 1
+
+# set to 1 to enable Cobbler's RSYNC management features.
+manage_rsync: 0
+
+# if using BIND (named) for DNS management in /etc/cobbler/modules.conf
+# and manage_dns is enabled (above), this lists which zones are managed
+# See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info
+manage_forward_zones: ['ods.com']
+manage_reverse_zones: ['10','172.16']
+
+# if using cobbler with manage_dhcp, put the IP address
+# of the cobbler server here so that PXE booting guests can find it
+# if you do not set this correctly, this will be manifested in TFTP open timeouts.
+next_server: {{ cobbler_server }}
+
+# settings for power management features.  optional.
+# see https://github.com/cobbler/cobbler/wiki/Power-management to learn more
+# choices (refer to codes.py):
+#    apc_snmp bladecenter bullpap drac ether_wake ilo integrity
+#    ipmilan ipmitool lpar rsa virsh wti
+power_management_default_type: 'ipmitool'
+
+# the commands used by the power management module are sourced
+# from what directory?
+power_template_dir: "/etc/cobbler/power"
+
+# if this setting is set to 1, cobbler systems that pxe boot
+# will request at the end of their installation to toggle the 
+# --netboot-enabled record in the cobbler system record.  This eliminates
+# the potential for a PXE boot loop if the system is set to PXE
+# first in it's BIOS order.  Enable this if PXE is first in your BIOS
+# boot order, otherwise leave this disabled.   See the manpage
+# for --netboot-enabled.
+pxe_just_once: 1
+
+# the templates used for PXE config generation are sourced
+# from what directory?
+pxe_template_dir: "/etc/cobbler/pxe"
+
+# Path to where system consoles are 
+consoles: "/var/consoles"
+
+# Are you using a Red Hat management platform in addition to Cobbler?
+# Cobbler can help you register to it.  Choose one of the following:
+#   "off"    : I'm not using Red Hat Network, Satellite, or Spacewalk
+#   "hosted" : I'm using Red Hat Network
+#   "site"   : I'm using Red Hat Satellite Server or Spacewalk
+# You will also want to read: https://github.com/cobbler/cobbler/wiki/Tips-for-RHN
+redhat_management_type: "off"
+
+# if redhat_management_type is enabled, choose your server
+#   "management.example.org" : For Satellite or Spacewalk
+#   "xmlrpc.rhn.redhat.com"  : For Red Hat Network
+# This setting is also used by the code that supports using Spacewalk/Satellite users/passwords
+# within Cobbler Web and Cobbler XMLRPC.  Using RHN Hosted for this is not supported.
+# This feature can be used even if redhat_management_type is off, you just have
+# to have authn_spacewalk selected in modules.conf
+redhat_management_server: "xmlrpc.rhn.redhat.com"
+
+# specify the default Red Hat authorization key to use to register
+# system.  If left blank, no registration will be attempted.  Similarly
+# you can set the --redhat-management-key to blank on any system to 
+# keep it from trying to register.
+redhat_management_key: ""
+
+# if using authn_spacewalk in modules.conf to let cobbler authenticate 
+# against Satellite/Spacewalk's auth system, by default it will not allow per user 
+# access into Cobbler Web and Cobbler XMLRPC.
+# in order to permit this, the following setting must be enabled HOWEVER
+# doing so will permit all Spacewalk/Satellite users of certain types to edit all
+# of cobbler's configuration.
+# these roles are:  config_admin and org_admin
+# users should turn this on only if they want this behavior and
+# do not have a cross-multi-org seperation concern.  If you have
+# a single org in your satellite, it's probably safe to turn this
+# on and then you can use CobblerWeb alongside a Satellite install.
+redhat_management_permissive: 0
+
+# if set to 1, allows /usr/bin/cobbler-register (part of the koan package)
+# to be used to remotely add new cobbler system records to cobbler.
+# this effectively allows for registration of new hardware from system
+# records.
+register_new_installs: 0
+
+# Flags to use for yum's reposync.  If your version of yum reposync
+# does not support -l, you may need to remove that option.
+reposync_flags: "-l -n -d"
+
+# These options will be used for an rsync initiated by cobbler replicate
+replicate_rsync_options: "-avzH"
+
+# when DHCP and DNS management are enabled, cobbler sync can automatically
+# restart those services to apply changes.  The exception for this is
+# if using ISC for DHCP, then omapi eliminates the need for a restart.
+# omapi, however, is experimental and not recommended for most configurations.
+# If DHCP and DNS are going to be managed, but hosted on a box that
+# is not on this server, disable restarts here and write some other
+# script to ensure that the config files get copied/rsynced to the destination
+# box.  This can be done by modifying the restart services trigger.
+# Note that if manage_dhcp and manage_dns are disabled, the respective
+# parameter will have no effect.  Most users should not need to change
+# this.
+restart_dns: 1
+restart_dhcp: 1
+
+# install triggers are scripts in /var/lib/cobbler/triggers/install
+# that are triggered in kickstart pre and post sections.  Any
+# executable script in those directories is run.  They can be used
+# to send email or perform other actions.  They are currently
+# run as root so if you do not need this functionality you can
+# disable it, though this will also disable "cobbler status" which
+# uses a logging trigger to audit install progress.
+run_install_triggers: 1
+
+# enables a trigger which version controls all changes to /var/lib/cobbler
+# when add, edit, or sync events are performed.  This can be used
+# to revert to previous database versions, generate RSS feeds, or for
+# other auditing or backup purposes. "git" and "hg" are currently suported, 
+# but git is the recommend SCM for use with this feature.
+scm_track_enabled: 0
+scm_track_mode: "git"
+
+# this is the address of the cobbler server -- as it is used
+# by systems during the install process, it must be the address
+# or hostname of the system as those systems can see the server.
+# if you have a server that appears differently to different subnets
+# (dual homed, etc), you need to read the --server-override section
+# of the manpage for how that works.
+server: {{ cobbler_server }}
+
+# If set to 1, all commands will be forced to use the localhost address
+# instead of using the above value which can force commands like
+# cobbler sync to open a connection to a remote address if one is in the
+# configuration and would traceback.
+client_use_localhost: 0
+
+# If set to 1, all commands to the API (not directly to the XMLRPC
+# server) will go over HTTPS instead of plaintext. Be sure to change
+# the http_port setting to the correct value for the web server
+client_use_https: 0
+
+# this is a directory of files that cobbler uses to make
+# templating easier.  See the Wiki for more information.  Changing
+# this directory should not be required.
+snippetsdir: /var/lib/cobbler/snippets
+
+# Normally if a kickstart is specified at a remote location, this
+# URL will be passed directly to the kickstarting system, thus bypassing
+# the usual snippet templating Cobbler does for local kickstart files. If
+# this option is enabled, Cobbler will fetch the file contents internally
+# and serve a templated version of the file to the client.
+template_remote_kickstarts: 0
+
+# should new profiles for virtual machines default to auto booting with the physical host when the physical host reboots?
+# this can be overridden on each profile or system object.
+virt_auto_boot: 1
+
+# cobbler's web directory.  Don't change this setting -- see the
+# Wiki on "relocating your cobbler install" if your /var partition
+# is not large enough.
+webdir: /var/www/cobbler
+
+# cobbler's public XMLRPC listens on this port.  Change this only
+# if absolutely needed, as you'll have to start supplying a new
+# port option to koan if it is not the default.
+xmlrpc_port: 25151
+
+# "cobbler repo add" commands set cobbler up with repository
+# information that can be used during kickstart and is automatically
+# set up in the cobbler kickstart templates.  By default, these
+# are only available at install time.  To make these repositories
+# usable on installed systems (since cobbler makes a very convient)
+# mirror, set this to 1.  Most users can safely set this to 1.  Users
+# who have a dual homed cobbler server, or are installing laptops that
+# will not always have access to the cobbler server may wish to leave
+# this as 0.  In that case, the cobbler mirrored yum repos are still
+# accessable at http://cobbler.example.org/cblr/repo_mirror and yum
+# configuration can still be done manually.  This is just a shortcut.
+yum_post_install_mirror: 1
+
+# the default yum priority for all the distros.  This is only used
+# if yum-priorities plugin is used.  1=maximum.  Tweak with caution.
+yum_distro_priority: 1
+
+# Flags to use for yumdownloader.  Not all versions may support 
+# --resolve.
+yumdownloader_flags: "--resolve"
+
+# sort and indent JSON output to make it more human-readable
+serializer_pretty_json: 0
+
+# replication rsync options for distros, kickstarts, snippets set to override default value of "-avzH"
+replicate_rsync_options: "-avzH"
+
+# replication rsync options for repos set to override default value of "-avzH"
+replicate_repo_rsync_options: "-avzH"
diff --git a/install/roles/cobbler/templates/start.sh.j2 b/install/roles/cobbler/templates/start.sh.j2
new file mode 100644
index 0000000..023a479
--- /dev/null
+++ b/install/roles/cobbler/templates/start.sh.j2
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+export ipaddr=$(ip addr show eth0 | grep 'inet ' | awk '{ print $2}'|cut -d/ -f1)
+sed -i "/^local-address/c\local-address $ipaddr;" /etc/cobbler/dhcp.template
+sed -i "s/listen-on port 53 { \$listen_ip; }/listen-on port 53 \{ $ipaddr; \}/g" /etc/cobbler/named.template
+sed -i "/^server/c\server: $ipaddr" /etc/cobbler/settings 
+sed -i "/^next_server/c\next_server: {{ cobbler_server }}" /etc/cobbler/settings
+sed -i "s/http_server/server/g" /var/lib/cobbler/snippets/preseed_apt_repo_config
+sed -i "/^manage_dhcp/c\manage_dhcp: 1" /etc/cobbler/settings
+
+service httpd restart
+service cobblerd restart
+
+# import distros
+cobbler import --path=/var/lib/cobbler/mount_point/CentOS-6.5-x86_64 --name=CentOS-6.5-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed=redhat
+cobbler import --path=/var/lib/cobbler/mount_point/Ubuntu-12.04-x86_64 --name=Ubuntu-12.04-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.seed --breed=ubuntu 
+cobbler import --path=/var/lib/cobbler/mount_point/Ubuntu-14.04-x86_64 --name=Ubuntu-14.04-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.seed --breed=ubuntu
+
+# add profiles
+cobbler profile edit --name=CentOS-6.5-x86_64 --repo=centos_ppa_repo --distro=CentOS-6.5-x86_64 --ksmeta="tree=http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler/ks_mirror/CentOS-6.5-x86_64 http_port={{ cobbler_mapped_http_port_on_host }} cblr_server={{ cobbler_server }} rsyslog_port={{ rsyslog_port_mapped_on_host }} chef_validation_file=/etc/cobbler/chef-validator.pem chef_admin_file=/etc/cobbler/admin.pem" --kickstart=/var/lib/cobbler/kickstarts/default.ks
+cobbler profile edit --name=Ubuntu-12.04-x86_64 --repo=ubuntu_ppa_repo --distro=Ubuntu-12.04-x86_64 --ksmeta="tree=http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler/ks_mirror/Ubuntu-12.04-x86_64 http_port={{ cobbler_mapped_http_port_on_host }} cblr_server={{ cobbler_server }} rsyslog_port={{ rsyslog_port_mapped_on_host }} chef_validation_file=/etc/cobbler/chef-validator.pem chef_admin_file=/etc/cobbler/admin.pem" --kickstart=/var/lib/cobbler/kickstarts/default.seed --kopts="netcfg/choose_interface=auto"
+cobbler profile edit --name=Ubuntu-14.04-x86_64 --repo=ubuntu_14_04_ppa_repo --distro=Ubuntu-14.04-x86_64 --ksmeta="tree=http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler/ks_mirror/Ubuntu-14.04-x86_64 http_port={{ cobbler_mapped_http_port_on_host }} cblr_server={{ cobbler_server }} rsyslog_port={{ rsyslog_port_mapped_on_host }} chef_validation_file=/etc/cobbler/chef-validator.pem chef_admin_file=/etc/cobbler/admin.pem" --kickstart=/var/lib/cobbler/kickstarts/default.seed --kopts="netcfg/choose_interface=auto"
+
+
+cobbler sync
+cobbler check
+service xinetd restart
+
+if [ ! -e /root/.ssh/id_rsa.pub ]; then
+    rm -rf /root/.ssh/id_rsa
+    ssh-keygen -t rsa -f /root/.ssh/id_rsa -q -N ''
+fi
+
+tail -f /var/log/cobbler/cobbler.log
diff --git a/install/roles/cobbler/templates/tftpd.template b/install/roles/cobbler/templates/tftpd.template
new file mode 100644
index 0000000..0651a4f
--- /dev/null
+++ b/install/roles/cobbler/templates/tftpd.template
@@ -0,0 +1,20 @@
+# default: off
+# description: The tftp server serves files using the trivial file transfer \
+#       protocol.  The tftp protocol is often used to boot diskless \
+#       workstations, download configuration files to network-aware printers, \
+#       and to start the installation process for some operating systems.
+service tftp
+{
+        disable                 = no
+        log_type                = SYSLOG local5 info
+        socket_type             = dgram
+        protocol                = udp
+        wait                    = yes
+        user                    = $user
+        server                  = $binary
+        server_args             = -B 1380 -v -s $args
+        instances		= 1000
+        per_source              = 1000
+        cps                     = 1000 2
+        flags                   = IPv4
+}
diff --git a/install/roles/cobbler/vars/main.yml b/install/roles/cobbler/vars/main.yml
new file mode 100644
index 0000000..d25e134
--- /dev/null
+++ b/install/roles/cobbler/vars/main.yml
@@ -0,0 +1,15 @@
+#dockerized: True
+compass_adapter_source: http://git.openstack.org/stackforge/compass-adapters
+compass_adapter_version: dev/experimental
+epel_file_name: epel-release-6-8.noarch.rpm
+epel_base_url: http://download.fedoraproject.org/pub/epel/6/x86_64/
+epel7_base_url: http://download.fedoraproject.org/pub/epel/7/x86_64/e/
+cobbler_loaders_url: http://192.168.120.2/cobbler/loaders/loaders.tar.gz
+ubuntu_14_04_ppa_repo_url: https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/ubuntu_14_04_ppa_repo.tar.gz
+ubuntu_12_04_ppa_repo_url: https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/12.04/ubuntu_12_04_ppa_repo.tar.gz
+centos_6_5_ppa_repo_url: https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/centos_6_5_ppa_repo.tar.gz
+mgmt_nic_ip: "{{ hostvars[inventory_hostname][mgmt_ansible_interface]['ipv4']['address'] }}"
+mgmt_ansible_interface: "ansible_{{ mgmt_nic }}"
+mgmt_ip_same: "{{ mgmt_nic_ip == mgmt_next_ip }}"
+ppa_repo_url: "ppa_repo_{{ region }}_url"
+iso_url: "iso_{{ region }}_url"
diff --git a/install/roles/common/files/docker.list b/install/roles/common/files/docker.list
new file mode 100644
index 0000000..0ee9ae0
--- /dev/null
+++ b/install/roles/common/files/docker.list
@@ -0,0 +1 @@
+deb https://get.docker.com/ubuntu docker main
diff --git a/install/roles/common/tasks/Debian.yml b/install/roles/common/tasks/Debian.yml
new file mode 100644
index 0000000..e69de29
diff --git a/install/roles/common/tasks/RedHat.yml b/install/roles/common/tasks/RedHat.yml
new file mode 100644
index 0000000..e69de29
diff --git a/install/roles/common/tasks/docker-common.yml b/install/roles/common/tasks/docker-common.yml
new file mode 100644
index 0000000..9043763
--- /dev/null
+++ b/install/roles/common/tasks/docker-common.yml
@@ -0,0 +1,48 @@
+- name: get all bridges
+  command: brctl show
+  register: bridges
+
+- name: bring down docker0 if found
+  shell: ip link set dev docker0 down
+  when: bridges.stdout.find('docker0') != -1
+
+- name: remove docker0 if found
+  shell: brctl delbr docker0
+  when: bridges.stdout.find('docker0') != -1
+
+- name: bring down compass0 if found
+  shell: ip link set dev compass0 down
+  when: bridges.stdout.find('compass0') != -1
+
+- name: remove compass0 if found
+  shell: brctl delbr compass0
+  when: bridges.stdout.find('compass0') != -1
+  
+- name: add bridge compass0
+  shell: brctl addbr compass0
+
+- name: get compass0 info
+  command: ip addr 
+  register: compass0_info 
+
+- name: add ip addr to  compass0
+  shell: ip addr add {{ compass0_subnet }} dev compass0
+  when: compass0_info.stdout.find("{{ compass0_subnet }}") == -1
+
+- name: bring up compass0
+  shell: ip link set dev compass0 up
+
+- name: register compass0 to docker daemon
+  lineinfile: dest=/etc/sysconfig/docker regexp=^other_args line=other_args=-b=compass0
+  when: ansible_os_family == 'RedHat'
+
+- name: register compass0 when it's debian
+  lineinfile: dest=/etc/default/docker line=DOCKER_OPTS=-b=compass0
+  when: ansible_os_family == 'Debian'
+
+- name: start docker daemon
+  service: name=docker state=started
+
+- name: remove all containers
+  shell: docker rm -f $(docker ps -aq)
+  ignore_errors: yes
diff --git a/install/roles/common/tasks/docker-debian-precise.yml b/install/roles/common/tasks/docker-debian-precise.yml
new file mode 100644
index 0000000..fb56f93
--- /dev/null
+++ b/install/roles/common/tasks/docker-debian-precise.yml
@@ -0,0 +1,28 @@
+- name: apt-get update
+  apt: update_cache=yes
+
+- name: find out if https exists in apt methods
+  stat: path=/usr/lib/apt/methods/https
+  register: existence
+
+- name: install apt-transport-https if https not in methods
+  apt: name=apt-transport-https
+       state=present
+  when: not existence.stat.exists
+
+- name: add docker repository key
+  shell: apt-key adv --keyserver {{ docker_apt_key_server }} --recv-keys {{ docker_apt_key }}
+
+- name: add a docker.list file to apt source list
+  copy: src=docker.list dest=/etc/apt/sources.list.d/docker.list
+        mode=0644
+
+- name: update again
+  apt: update_cache=yes
+
+- name: get docker and brctl
+  apt: name={{ item }}
+       state=installed
+  with_items:
+    - lxc-docker
+    - bridge-utils
diff --git a/install/roles/common/tasks/docker-debian-trusty.yml b/install/roles/common/tasks/docker-debian-trusty.yml
new file mode 100644
index 0000000..e69de29
diff --git a/install/roles/common/tasks/docker-debian.yml b/install/roles/common/tasks/docker-debian.yml
new file mode 100644
index 0000000..b93cf62
--- /dev/null
+++ b/install/roles/common/tasks/docker-debian.yml
@@ -0,0 +1,5 @@
+- include: docker-debian-precise.yml
+  when: ansible_distribution_major_version == '12'
+
+- include: docker-debian-trusty.yml
+  when: ansible_distribution_major_version == '14'
diff --git a/install/roles/common/tasks/docker-prepare.yml b/install/roles/common/tasks/docker-prepare.yml
new file mode 100644
index 0000000..e69de29
diff --git a/install/roles/common/tasks/docker-redhat.yml b/install/roles/common/tasks/docker-redhat.yml
new file mode 100644
index 0000000..0e51bda
--- /dev/null
+++ b/install/roles/common/tasks/docker-redhat.yml
@@ -0,0 +1,31 @@
+---
+
+- name: get epel 6
+  yum: name={{ epel_6 }} state=present
+  when: ansible_distribution_major_version == '6'
+
+# I've tried to do a "variable in variable" to dynamically load
+# major version, so that getting the correct epel url is way easier.
+# but ansible is not friendly with it, will need to dive more into
+# it to see if there is a way.
+- name: get epel 7
+  yum: name={{ epel_7 }} state=present
+  when: ansible_distribution_major_version == '7'
+
+- name: get docker
+  yum: pkg=docker-io state=installed
+  when: ansible_distribution_major_version == '6'
+
+- name: get docker if el7
+  yum: pkg=docker state=installed
+  when: ansible_distribution_major_version == '7'
+
+# install bridge util/python-pip package
+- name: install brctl
+  yum: pkg={{ item }} state=installed
+  with_items:
+    - bridge-utils
+    - python-pip
+
+- name: pip install dockerpy
+  pip: name=docker-py
diff --git a/install/roles/common/tasks/main.yml b/install/roles/common/tasks/main.yml
new file mode 100644
index 0000000..a31e387
--- /dev/null
+++ b/install/roles/common/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+
+- include: RedHat.yml
+  when: ansible_os_family == 'RedHat' and not dockerized
+
+- include: Debian.yml
+  when: ansible_os_family == 'Debian' and not dockerized
+
+- include: docker-redhat.yml
+  when: ansible_os_family == 'RedHat' and dockerized
+
+- include: docker-debian.yml
+  when: ansible_os_family == 'Debian' and dockerized
+
+- include: docker-common.yml
+  when: dockerized
diff --git a/install/roles/compass/files/ods-server.conf b/install/roles/compass/files/ods-server.conf
new file mode 100644
index 0000000..a313dd8
--- /dev/null
+++ b/install/roles/compass/files/ods-server.conf
@@ -0,0 +1,18 @@
+# Apache config for ods server
+#
+# Specify python path if you use virtualenv
+
+WSGIDaemonProcess compass threads=4 display-name=%{GROUP}
+WSGIProcessGroup compass
+WSGIScriptAlias /api /var/www/compass/compass.wsgi
+WSGISocketPrefix /var/run/wsgi
+
+<VirtualHost *:80>
+  DocumentRoot /var/www/compass_web/v2
+
+  <Directory "/var/www/compass_web/v2">
+    Options Indexes FollowSymLinks
+    Order allow,deny
+    Allow from all
+  </Directory>
+</VirtualHost>
diff --git a/install/roles/compass/files/start.sh b/install/roles/compass/files/start.sh
new file mode 100644
index 0000000..767b1ec
--- /dev/null
+++ b/install/roles/compass/files/start.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# activate virtualenv
+source `which virtualenvwrapper.sh`
+workon compass-core
+
+# start mysqld service, push it to bg
+/usr/bin/mysqld_safe > /dev/null 2>&1 &
+
+RET=1
+while [[ RET -ne 0 ]]; do
+    echo "waiting for mariadb to startup"
+    sleep 5
+    mysql -uroot -e "status" > /dev/null 2>&1
+    RET=$?
+done
+
+echo "mariadb started"
+
+# set mysql with default username and password
+mysqladmin -h127.0.0.1 --port=3306 -u root password root
+
+# create db 'compass'
+mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass"
+
+# start compass services
+/opt/compass/bin/manage_db.py createdb
+/usr/sbin/apachectl -k start
+/usr/sbin/rabbitmq-server &
+/usr/bin/redis-server &
+/usr/sbin/ntpd &
+ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery
+CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log &
+/opt/compass/bin/progress_update.py &> /tmp/progress_update.log &
+touch /var/log/compass/celery.log
+tail -f /var/log/compass/celery.log
diff --git a/install/roles/compass/handlers/main.yml b/install/roles/compass/handlers/main.yml
new file mode 100644
index 0000000..77340d6
--- /dev/null
+++ b/install/roles/compass/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: restart compass service
+  service: name={{ item }} state=restarted enabled=yes
+  with_items:
+    - compass-celeryd
+    - compass-progress-updated
+
+- name: restart http service
+  service: name=httpd state=restarted enabled=yes
diff --git a/install/roles/compass/tasks/Debian.yml b/install/roles/compass/tasks/Debian.yml
new file mode 100644
index 0000000..e69de29
diff --git a/install/roles/compass/tasks/RedHat.yml b/install/roles/compass/tasks/RedHat.yml
new file mode 100644
index 0000000..2ebffe9
--- /dev/null
+++ b/install/roles/compass/tasks/RedHat.yml
@@ -0,0 +1,231 @@
+---
+
+- name: install base packages
+  yum: name={{ item }} state=present
+  with_items:
+    - wget
+    - git
+
+- name: check epel presence
+  command: rpm -q epel-release
+  register: epel_presence
+  ignore_errors: yes
+
+- name: check atomic repo presence
+  command: rpm -q atomic-release
+  register: atomic_presence
+  ignore_errors: yes
+
+#- name: get epel version
+#  command: 'wget -q {{ epel_base_url }} -O - |grep -oE "(href=\"epel-release-6-[0-9,.].*)" | cut -d'"' -f2'
+#  register: epel_file_name
+#  when: epel_presence.rc != 0
+
+- name: install epel
+  yum: name={{ epel_base_url }}/{{ epel_file_name }} state=present
+  when: epel_presence.rc != 0
+
+- name: install atomic repo
+  yum: name={{ atomic_base_url }}/{{ atomic_file_name }} state=present
+  when: atomic_presence.rc != 0
+
+- name: yum update
+  yum: name=* state=latest
+
+- name: install essentials
+  yum: name={{ item }} state=present
+  with_items:
+    - git
+    - python-setuptools
+    - python-devel
+    - mysql-devel
+    - httpd
+    - mysql-server
+    - mysql
+    - MySQL-python
+    - redis
+    - mod_wsgi
+    - rabbitmq-server
+
+- name: stop iptables
+  service: name=iptables state=stopped enabled=no
+
+- name: disable selinux
+  selinux: state=disabled
+
+- name: disable selinux real time
+  shell: echo 0 > /selinux/enforce
+
+# TODO: currently compass use root user and group, apache has to
+# be in root group to write wsgi logs in /var/log/compass/, need
+# to run compass as its own user in the future.
+# - name: append compass group to apache user groups
+#  user: name=apache groups=root append=yes
+
+- name: start mysqld
+  service: name=mysqld state=started enabled=yes
+
+- name: start rabbitmq server
+  service: name=rabbitmq-server state=started enabled=yes
+
+- name: initialize mysql password
+  mysql_user: user={{ compass_db_user }} password={{ compass_db_pass }}
+              priv=compass.*:ALL,GRANT state=present
+ 
+- name: create compass database
+  mysql_db: name=compass state=present
+
+- name: install pip
+  easy_install: name=pip
+
+- name: install virtualenv
+  pip: name=virtualenv extra_args='-i http://pypi.douban.com/simple/'
+
+- name: cloning compass-core
+  git: repo=http://git.openstack.org/stackforge/compass-core.git
+       dest={{ COMPASS_PATH }}
+       version=dev/experimental
+       force=yes
+
+- name: pip install compass into virtualenv
+  pip: name={{ COMPASS_PATH }} virtualenv={{ COMPASS_PATH }}/venv
+       extra_args='-i http://pypi.douban.com/simple/'
+
+- name: pip install latest setuptools
+  pip: name=setuptools
+       extra_args='-i http://pypi.douban.com/simple/'
+       state=latest
+
+- name: pip install latest setuptools2
+  pip: name=setuptools
+       extra_args='-i http://pypi.douban.com/simple/'
+       state=latest
+
+- name: pip install ansible
+  pip: name=ansible
+       extra_args='-i http://pypi.douban.com/simple/'
+       state=latest
+
+- name: create compass directories
+  file: path={{ item }} state=directory
+  with_items:
+    - /etc/compass
+    - /opt/compass/bin
+    - /var/www/compass
+    - /var/www/compass_web
+
+- name: create /var/log/compass
+  file: path=/var/log/compass mode=0777 state=directory
+
+- name: create ansible folder
+  file: path=/var/ansible/run state=directory
+  when: "'ansible' in {{ pkg_installer }}"
+
+- name: clone recipes
+  git: repo={{ compass_adapter_source }}
+       dest=/opt/compass-adapters
+       version={{ compass_adapter_version }}
+       update=yes
+       force=yes
+
+- name: copy ansible scripts into ansible folder
+  shell: cp -rf /opt/compass-adapters/ansible/openstack_juno /var/ansible/.
+  when: "'ansible' in {{ pkg_installer }}"
+
+- name: write python home into switch virtualenv
+  lineinfile: dest={{ COMPASS_PATH }}/bin/switch_virtualenv.py.template
+              regexp="^virtual\_env\ \=\ \'\$PythonHome\'"
+              line="virtual_env = '/opt/compass-core/venv'"
+
+- name: rename switch_virtualenv template
+  command: cp {{ COMPASS_PATH }}/bin/switch_virtualenv.py.template {{ COMPASS_PATH }}/bin/switch_virtualenv.py
+
+- name: copy compass config files
+  shell: cp -rf {{ COMPASS_PATH }}/conf/* /etc/compass/
+
+- name: copy service init file
+  shell: cp -rf {{ COMPASS_PATH }}/service/* /etc/init.d/
+
+- name: copy compass bin file
+  shell: cp -rf {{ COMPASS_PATH }}/bin/*.py /opt/compass/bin/
+
+- name: copy compass shell script
+  shell: cp -rf {{ COMPASS_PATH }}/bin/*.sh /opt/compass/bin/
+
+- name: copy compass ansible callback
+  shell: cp -rf {{ COMPASS_PATH }}/bin/ansible_callbacks /opt/compass/bin/
+
+- name: copy compass executable
+  shell: cp {{ COMPASS_PATH }}/bin/compassd /usr/bin/
+
+- name: link compass check
+  file: src=/opt/compass/bin/compass_check.py dest=/usr/bin/compass state=link
+
+- name: link compass wsgi
+  file: src=/opt/compass/bin/compass_wsgi.py dest=/var/www/compass/compass.wsgi state=link
+
+- name: change celery env
+  shell: echo "export C_FORCE_ROOT=1" > /etc/profile.d/celery_env.sh
+
+- name: change file mode
+  file: path=/etc/profile.d/celery_env.sh mode=0755
+
+- name: add compass setting
+  template: src=compass.setting.j2 dest=/etc/compass/setting
+  notify:
+    - restart compass service
+    - restart http service
+
+- name: add cobbler setting
+  template: src=cobbler.conf.nodocker.j2 dest=/etc/compass/os_installer/cobbler.conf
+  notify:
+    - restart compass service
+    - restart http service
+
+- name: link celery bin file
+  file: src={{ COMPASS_PATH }}/venv/bin/celery dest=/opt/compass/bin/celery state=link
+  notify:
+    - restart compass service
+    - restart http service
+
+- name: create redis folders
+  file: path={{ item }} state=directory owner=redis group=root
+  with_items:
+    - /var/log/redis
+    - /var/lib/redis
+    - /var/run/redis
+
+- name: make sure redis service not running
+  command: killall -9 redis-server
+  ignore_errors: yes
+
+- name: restart redis service
+  service: name=redis state=restarted enabled=yes
+
+- name: initialize db for compass
+  shell: /opt/compass/bin/manage_db.py createdb
+  run_once: True
+
+- name: copy ods-server httpd config
+  copy: src=ods-server.conf dest=/etc/httpd/conf.d/ods-server.conf
+  notify:
+    restart http service
+
+- name: clone compass web
+  git: repo=http://git.openstack.org/stackforge/compass-web.git
+       dest=/opt/compass-web
+       force=yes
+
+- name: copy web ui files
+  shell: cp -rf /opt/compass-web/v2 /var/www/compass_web/
+
+- name: create switch file if test mode enabled
+  template: src=switch_machines_file.j2
+            dest=/etc/compass/switch_machines_file
+  when: test is defined and test == True
+
+- name: inject switches and mac addresses
+  shell: /opt/compass/bin/manage_db.py set_switch_machines --switch_machines_file /etc/compass/switch_machines_file
+  when: test is defined and test == True
+#- name: run compass check
+#  command: compass check
diff --git a/install/roles/compass/tasks/docker.yml b/install/roles/compass/tasks/docker.yml
new file mode 100644
index 0000000..672fadd
--- /dev/null
+++ b/install/roles/compass/tasks/docker.yml
@@ -0,0 +1,72 @@
+---
+
+# - name: load dynamic variable
+#  include_vars: "{{ shared_dir }}/dynamic.yml"
+
+- name: clean up docker directory
+  file: path=~/docker-compass state=absent
+
+- name: clean up log directory
+  file: path=/var/log/compass state=absent
+ 
+- name: create directory for docker and files
+  file: path=~/docker-compass/files state=directory
+
+- name: copy Dockerfile
+  template: src=Dockerfile.j2 dest=~/docker-compass/Dockerfile mode=0644
+
+- name: copy switch machines file
+  template: src=switch_machines_file.j2 dest=~/docker-compass/files/switch_machines_file mode=0644
+  when: test
+
+- name: copy start script
+  template: src=start.sh.j2
+        dest=~/docker-compass/files/start.sh
+        mode=0755
+
+- name: copy compass.pem
+  copy: src={{ shared_dir }}/keys/compass.pem
+        dest=~/docker-compass/files/compass.pem
+        mode=0644  
+  when: "'chef' in {{ pkg_installer }}"
+
+- name: copy chef config
+  template: src=chef-icehouse.conf.j2 dest=~/docker-compass/files/chef-icehouse.conf
+            mode=0644
+
+- name: copy cobber conf
+  template: src=cobbler.conf.j2 dest=~/docker-compass/files/cobbler.conf
+            mode=0644
+
+- name: copy compass setting
+  template: src=compass.setting.j2 dest=~/docker-compass/files/compass.setting
+            mode=0644
+
+- name: get containers
+  command: docker ps -a
+  register: containers
+
+- name: remove compass container if any
+  shell: docker rm compass-dev
+  when: containers.stdout.find('compass-dev') != -1
+
+- name: check if compass image already exists
+  command: docker images compass
+  register: image
+
+- name: remove image 'compass' if it exists and --rebuild is specified
+  shell: docker rmi -f compass
+  when: image.stdout.find('compass') != -1 and rebuild
+
+- name: build a docker image for compass
+  shell: docker build -t compass ~/docker-compass
+  when: image.stdout.find('compass') == -1 or rebuild
+
+- name: fork image and run a new compass container
+  shell: docker run --name=compass-dev -d {{ compass_port_mapping }} -i -t compass
+
+- name: remove dynamic generated vars
+  local_action: file path={{ shared_dir }}/{{ item }} state=absent
+  with_items:
+    - dynamic.yml
+    - keys
diff --git a/install/roles/compass/tasks/main.yml b/install/roles/compass/tasks/main.yml
new file mode 100644
index 0000000..0e2c0a8
--- /dev/null
+++ b/install/roles/compass/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- include: RedHat.yml
+  when: ansible_os_family == 'RedHat' and not dockerized
+
+- include: Debian.yml
+  when: ansible_os_family == 'Debian' and not dockerized
+
+- include: docker.yml
+  when: dockerized
diff --git a/install/roles/compass/templates/Dockerfile.j2 b/install/roles/compass/templates/Dockerfile.j2
new file mode 100644
index 0000000..1188823
--- /dev/null
+++ b/install/roles/compass/templates/Dockerfile.j2
@@ -0,0 +1,17 @@
+FROM compassindocker/compass
+
+ADD files/start.sh /root/start.sh
+ADD files/compass.setting /etc/compass/setting
+ADD files/cobbler.conf /etc/compass/os_installer/cobbler.conf
+{% if test%}
+ADD files/switch_machines_file /etc/compass/switch_machines_file
+{% endif %}
+{% if 'chef' in pkg_installer %}
+ADD files/chef-icehouse.conf /etc/compass/package_installer/chef-icehouse.conf
+ADD files/compass.pem /etc/compass.pem
+{% endif %}
+
+CMD ["/root/start.sh"]
+EXPOSE 80
+EXPOSE 123
+EXPOSE 3128
diff --git a/install/roles/compass/templates/chef-icehouse.conf.j2 b/install/roles/compass/templates/chef-icehouse.conf.j2
new file mode 100644
index 0000000..eeab424
--- /dev/null
+++ b/install/roles/compass/templates/chef-icehouse.conf.j2
@@ -0,0 +1,10 @@
+NAME = 'chef_installer'
+INSTANCE_NAME = 'chef_installer'
+SETTINGS = {
+    'chef_url': 'https://{{ chef_server }}',
+    'chef_server_ip': '{{ chef_server }}',
+    'chef_server_dns': 'compass',
+    'key_dir': '/etc/compass.pem',
+    'client_name': 'compass',
+    'databags': []
+}
diff --git a/install/roles/compass/templates/cobbler.conf.j2 b/install/roles/compass/templates/cobbler.conf.j2
new file mode 100644
index 0000000..36002c4
--- /dev/null
+++ b/install/roles/compass/templates/cobbler.conf.j2
@@ -0,0 +1,9 @@
+NAME = 'cobbler'
+INSTANCE_NAME = 'cobbler'
+SETTINGS = {
+    'cobbler_url': 'http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler_api',
+    'credentials': {
+        'username': 'cobbler',
+        'password': 'cobbler'
+    }
+}
diff --git a/install/roles/compass/templates/cobbler.conf.nodocker.j2 b/install/roles/compass/templates/cobbler.conf.nodocker.j2
new file mode 100644
index 0000000..ee6cfc2
--- /dev/null
+++ b/install/roles/compass/templates/cobbler.conf.nodocker.j2
@@ -0,0 +1,9 @@
+NAME = 'cobbler'
+INSTANCE_NAME = 'cobbler'
+SETTINGS = {
+    'cobbler_url': 'http://{{ cobbler_server }}/cobbler_api',
+    'credentials': {
+        'username': 'cobbler',
+        'password': 'cobbler'
+    }
+}
diff --git a/install/roles/compass/templates/compass.setting.j2 b/install/roles/compass/templates/compass.setting.j2
new file mode 100644
index 0000000..a8d79c6
--- /dev/null
+++ b/install/roles/compass/templates/compass.setting.j2
@@ -0,0 +1,33 @@
+CONFIG_DIR = '/etc/compass'
+DATABASE_TYPE = 'mysql'
+DATABASE_USER = '{{ compass_db_user }}'
+DATABASE_PASSWORD = '{{ compass_db_pass }}'
+DATABASE_SERVER = '127.0.0.1:3306'
+DATABASE_NAME = 'compass'
+SQLALCHEMY_DATABASE_URI = '%s://%s:%s@%s/%s' % (DATABASE_TYPE, DATABASE_USER, DATABASE_PASSWORD, DATABASE_SERVER, DATABASE_NAME)
+SQLALCHEMY_DATABASE_POOL_TYPE = 'instant'
+INSTALLATION_LOGDIR = {
+    'CobblerInstaller': '/var/log/cobbler/anamon',
+    'ChefInstaller': '/var/log/chef'
+}
+DEFAULT_LOGLEVEL = 'debug'
+DEFAULT_LOGDIR = '/var/log/compass'
+DEFAULT_LOGINTERVAL = 6
+DEFAULT_LOGINTERVAL_UNIT = 'h'
+DEFAULT_LOGFORMAT = '%(asctime)s - %(filename)s - %(lineno)d - %(levelname)s - %(message)s'
+WEB_LOGFILE = 'compass.log'
+CELERY_LOGFILE = 'celery.log'
+CELERYCONFIG_DIR = '/etc/compass'
+CELERYCONFIG_FILE = 'celeryconfig'
+PROGRESS_UPDATE_INTERVAL=30
+POLLSWITCH_INTERVAL=60
+SWITCHES = [
+]
+TMPL_DIR = '/etc/compass/templates'
+#COMPASS_SUPPORTED_PROXY = 'http://{{ ansible_ssh_host }}:3128'
+#COMPASS_SUPPORTED_DEFAULT_NOPROXY = ['127.0.0.1','{{ ansible_ssh_host }}','compass']
+#COMPASS_SUPPORTED_NTP_SERVER = '{{ ansible_ssh_host }}'
+#COMPASS_SUPPORTED_DNS_SERVERS = ['{{ ansible_ssh_host }}']
+#COMPASS_SUPPORTED_DOMAINS = ['ods.com']
+#COMPASS_SUPPORTED_DEFAULT_GATEWAY = '{{ mgmt_router }}'
+#COMPASS_SUPPORTED_LOCAL_REPO = 'http://{{ ansible_ssh_host }}'
diff --git a/install/roles/compass/templates/start.sh.j2 b/install/roles/compass/templates/start.sh.j2
new file mode 100644
index 0000000..87dc01f
--- /dev/null
+++ b/install/roles/compass/templates/start.sh.j2
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# activate virtualenv
+source `which virtualenvwrapper.sh`
+workon compass-core
+
+# start mysqld service, push it to bg
+/usr/bin/mysqld_safe > /dev/null 2>&1 &
+
+RET=1
+while [[ RET -ne 0 ]]; do
+    echo "waiting for mariadb to startup"
+    sleep 5
+    mysql -uroot -e "status" > /dev/null 2>&1
+    RET=$?
+done
+
+echo "mariadb started"
+
+# set mysql with default username and password
+mysqladmin -h127.0.0.1 --port=3306 -u root password root
+
+# create db 'compass'
+mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass"
+
+# start compass services
+/opt/compass/bin/manage_db.py createdb
+
+# insert pxe boot machines for test
+{% if test %}
+/opt/compass/bin/manage_db.py set_switch_machines --switch_machines_file /etc/compass/switch_machines_file
+{% endif %}
+
+/usr/sbin/apachectl -k start
+/usr/sbin/rabbitmq-server &
+/usr/bin/redis-server &
+/usr/sbin/ntpd &
+ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery
+CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log &
+/opt/compass/bin/progress_update.py &> /tmp/progress_update.log &
+touch /var/log/compass/celery.log
+tail -f /var/log/compass/celery.log
diff --git a/install/roles/compass/templates/switch_machines_file.j2 b/install/roles/compass/templates/switch_machines_file.j2
new file mode 100644
index 0000000..489befc
--- /dev/null
+++ b/install/roles/compass/templates/switch_machines_file.j2
@@ -0,0 +1,4 @@
+switch,1.1.1.1,huawei,2c,public,under_monitoring
+{% for mac in pxe_boot_macs %}
+machine,1.1.1.1,8,{{ mac }}
+{% endfor %}
diff --git a/install/roles/compass/vars/main.yml b/install/roles/compass/vars/main.yml
new file mode 100644
index 0000000..17cee8f
--- /dev/null
+++ b/install/roles/compass/vars/main.yml
@@ -0,0 +1,4 @@
+dockerized: False
+compass_db_user: compass
+compass_db_pass: compass
+COMPASS_PATH: /opt/compass-core
diff --git a/install/roles/precheck/tasks/chef.yml b/install/roles/precheck/tasks/chef.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/install/roles/precheck/tasks/chef.yml
@@ -0,0 +1 @@
+---
diff --git a/install/roles/precheck/tasks/cobbler.yml b/install/roles/precheck/tasks/cobbler.yml
new file mode 100644
index 0000000..e69de29
diff --git a/install/roles/precheck/tasks/compass.yml b/install/roles/precheck/tasks/compass.yml
new file mode 100644
index 0000000..e69de29
diff --git a/install/roles/precheck/tasks/docker.yml b/install/roles/precheck/tasks/docker.yml
new file mode 100644
index 0000000..1201483
--- /dev/null
+++ b/install/roles/precheck/tasks/docker.yml
@@ -0,0 +1,14 @@
+---
+
+- name: check if docker is running
+  command: ps -ef
+  register: processes
+
+- name: check if there is containers if docker is running
+  command: docker ps -a
+  register: containers
+  when: processes.stdout.find("docker") != -1
+
+- name: write files if container exists
+  local_action: file path="/tmp/{{ container_name }}" mode=0644 state=touch
+  when: processes.stdout.find("docker") != -1 and containers.stdout.find("{{ container_name }}") != -1
diff --git a/install/roles/precheck/tasks/main.yml b/install/roles/precheck/tasks/main.yml
new file mode 100644
index 0000000..90ee914
--- /dev/null
+++ b/install/roles/precheck/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+
+- include: no-docker.yml
+  when: not dockerized
+
+- include: docker.yml
+  when: dockerized
diff --git a/install/roles/precheck/tasks/no-docker.yml b/install/roles/precheck/tasks/no-docker.yml
new file mode 100644
index 0000000..1181fa2
--- /dev/null
+++ b/install/roles/precheck/tasks/no-docker.yml
@@ -0,0 +1,10 @@
+---
+
+- include: chef.yml
+  when: type == "chef"
+
+- include: cobbler.yml
+  when: type == "cobbler"
+
+- include: compass.yml
+  when: type == "compass"
diff --git a/install/roles/regtest-compass/files/setting b/install/roles/regtest-compass/files/setting
new file mode 100644
index 0000000..1ac04da
--- /dev/null
+++ b/install/roles/regtest-compass/files/setting
@@ -0,0 +1,5 @@
+DEFAULT_LOGLEVEL = 'info'
+DEFAULT_LOGDIR = '/var/log/compass'
+DEFAULT_LOGINTERVAL = 6
+DEFAULT_LOGINTERVAL_UNIT = 'h'
+DEFAULT_LOGFORMAT = '%(asctime)s - %(filename)s - %(lineno)d - %(levelname)s - %(message)s'
diff --git a/install/roles/regtest-compass/tasks/main.yml b/install/roles/regtest-compass/tasks/main.yml
new file mode 100644
index 0000000..f5812e8
--- /dev/null
+++ b/install/roles/regtest-compass/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+
+- name: install essentials
+  yum: name={{ item }} state=present
+  with_items:
+    - git
+    - python-setuptools
+    - python-devel
+    - mysql-devel
+
+- name: install pip
+  easy_install: name=pip
+
+- name: install virtualenv
+  pip: name=virtualenv
+
+- name: cloning compass-core
+  git: repo=http://git.openstack.org/stackforge/compass-core.git
+       dest={{ COMPASS_PATH }}
+       version=dev/experimental
+
+- name: pip install compass into virtualenv
+  pip: name={{ COMPASS_PATH }} virtualenv={{ COMPASS_PATH }}/venv
+
+- name: write compass setting file
+  copy: src=setting dest=/etc/compass/setting
+
+- name: create log dir
+  file: path=/var/log/compass state=directory
+
+- name: write python home into switch virtualenv
+  lineinfile: dest={{ COMPASS_PATH }}/bin/switch_virtualenv.py.template
+              regexp="^virtual\_env\ \=\ \'\$PythonHome\'"
+              line="virtual_env = '/opt/compass-core/venv'"
+
+- name: rename switch_virtualenv template
+  command: mv {{ COMPASS_PATH }}/bin/switch_virtualenv.py.template {{ COMPASS_PATH }}/bin/switch_virtualenv.py
+
+- name: copy client script
+  template: src=client.sh.j2 dest=/opt/client.sh mode=0755
+
+- name: initiate deployment
+  shell: /opt/client.sh > /var/log/regtest.log
+  async: 360
+  poll: 60
diff --git a/install/roles/regtest-compass/templates/client.sh.j2 b/install/roles/regtest-compass/templates/client.sh.j2
new file mode 100644
index 0000000..2aebccd
--- /dev/null
+++ b/install/roles/regtest-compass/templates/client.sh.j2
@@ -0,0 +1,17 @@
+{{ COMPASS_PATH }}/bin/client.py --logfile= --loglevel=debug --logdir= --compass_server={{ COMPASS_SERVER_URL }} \
+--compass_user_email={{ COMPASS_USER_EMAIL }} --compass_user_password={{ COMPASS_USER_PASSWORD }} \
+--cluster_name={{ CLUSTER_NAME }} --language={{ LANGUAGE }} --timezone={{ TIMEZONE }} \
+--hostnames={{ HOSTNAMES }} --partitions={{ PARTITIONS }} --subnets={{ SUBNETS }} \
+--adapter_os_pattern={{ ADAPTER_OS_PATTERN }} --adapter_name={{ ADAPTER_NAME }} \
+--adapter_target_system_pattern={{ ADAPTER_TARGET_SYSTEM_PATTERN }} \
+--adapter_flavor_pattern={{ ADAPTER_FLAVOR_PATTERN }} \
+--http_proxy={{ PROXY }} --https_proxy={{ PROXY }} --no_proxy={{ IGNORE_PROXY }} \
+--ntp_server={{ NTP_SERVER }} --dns_servers={{ NAMESERVERS }} --domain={{ DOMAIN }} \
+--search_path={{ SEARCH_PATH }} --default_gateway={{ GATEWAY }} \
+--server_credential={{ SERVER_CREDENTIAL }} --local_repo_url={{ LOCAL_REPO_URL }} \
+--os_config_json_file={{ OS_CONFIG_FILENAME }} --service_credentials={{ SERVICE_CREDENTIALS }} \
+--console_credentials={{ CONSOLE_CREDENTIALS }} --host_networks={{ HOST_NETWORKS }} \
+--network_mapping={{ NETWORK_MAPPING }} --package_config_json_file={{ PACKAGE_CONFIG_FILENAME }} \
+--host_roles={{ HOST_ROLES }} --default_roles={{ DEFAULT_ROLES }} --switch_ips={{ SWITCH_IPS }} \
+--machines={{ pxe_boot_macs |join(',') }} --switch_credential={{ SWITCH_CREDENTIAL }} \
+--deployment_timeout={{ DEPLOYMENT_TIMEOUT }} --${POLL_SWITCHES_FLAG} --dashboard_url={{ DASHBOARD_URL }}
diff --git a/install/site.yml b/install/site.yml
new file mode 100644
index 0000000..389987d
--- /dev/null
+++ b/install/site.yml
@@ -0,0 +1,18 @@
+---
+
+- hosts: chefnodes
+  sudo: True
+  roles:
+    - chef
+
+- hosts: cobblernodes
+  sudo: True
+  roles:
+    - common
+    - cobbler
+
+- hosts: compassnodes
+  sudo: True
+  roles:
+    - common
+    - compass