diff --git a/.gitignore b/.gitignore
index f6fde681935436de1bc119f47b3b07c2bf2a1370..5b93be86af4d7311b8290af5ef7af8e53493e0b5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,5 +2,4 @@
 .DS_Store
 setup.sh
 .*.sw?
-hostcert.pem
-hostkey.pem
+roles/has_certificate/files/*.key
diff --git a/README.md b/README.md
index e7a06fea97c243ff667404797f3621d09441134c..503d030f6f6810cdd1100dbe8457632c486c9185 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,14 @@
 # ARGO via Ansible
 
+This repository contains a collection of Ansible roles and playbooks that aim at easing the deployment procedure of ARGO products. The goal for these roles and playbooks has been to be as generic as possible so that they are easily adaptable to different environments and e-Infrastructure requirements. Hence most of the variables used by default in these roles reside under the `roles/{role_name}/defaults/main.yml` files. 
+
+The administrator of the ARGO product being deployed via these Ansible playbooks may use any of the following places in order to successfully overwrite the default values of the variables and adapt the ARGO product to the specific environment and requirements:
+- `roles/{role_name}/vars/main.yml`
+- `groups_vars/{groups_name}`
+- `host_vars/{inventory_hostname}`
+
+Per ARGO product more details on prerequisites and variables are given in the following subsections.
+
 ## WebAPI deployment
 
 Contains Ansible playbook for the deployment of the ARGO datastore and API service. The play is split into four (4) roles:
@@ -10,7 +19,7 @@ Contains Ansible playbook for the deployment of the ARGO datastore and API servi
 
 ### Things to do before deployment
 
-- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `hostkey.pem` and `hostcert.pem` respectively.
+- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file. 
 - Edit inventory and replace `webapi.node` with the hostname that you intend to deploy the API onto. 
 
 ### Prerequisites
@@ -25,6 +34,61 @@ Contains Ansible playbook for the deployment of the ARGO datastore and API servi
 $ ansible-playbook -v webapi.yml
 ```
 
+
+## Web UI deployment
+
+Contains Ansible playbook for the deployment of the ARGO Web UI service. The play is split into four (4) roles:
+- firewall (configures iptables firewall rules)
+- repos (includes tasks for the installation of the required repository definitions)
+- has_certificate (task for uploading the certificate file onto the host under the appropriate path)
+- webui (installation and bootstrap of ARGO Web UI service)
+
+### Things to do before deployment
+
+- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file. 
+- Edit inventory and replace `webui.node` with the hostname that you intend to deploy the Web UI onto. 
+- Edit `roles/webui/vars/main.yml` file and change the values of the `certificate_password` and `keystore_password` variables to a stronger value.
+
+- Note that by default the EGI based web UI will be deployed on your target node. To change this behaviour use the `argo_web` and `branch_name` variables within the `roles/webui/vars/main.yml` file to point to another upstream lavoisier repository. 
+
+### Prerequisites
+
+- Deploy against CentOS 7.x node
+- Ansible version used is `1.9.2`
+
+### How to deploy
+
+```bash
+$ ansible-playbook -v webui.yml
+```
+
+## POEM deployment
+
+Contains Ansible playbook for the deployment of the ARGO POEM service. The play is split into four (4) roles:
+- firewall (configures iptables firewall rules)
+- repos (includes tasks for the installation of the required repository definitions)
+- has_certificate (task for uploading the certificate file onto the host under the appropriate path)
+- poem (installs and bootstraps poem service)
+
+### Things to do before deployment
+
+- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file. 
+- Edit inventory and replace `poem.node` with the hostname that you intend to deploy the POEM service onto. 
+- Create a `host_vars/{{inventory_hostname}}` file and place therein the variables found within the `roles/poem/defaults/main.yml` file in order to overwrite them. 
+  - In order to generate a uuid to be used in the place of the `poem_secret` variable you may use the `uuidgen` linux cli utility. 
+
+### Prerequisites
+
+- Deploy against CentOS 6.x node
+- Make sure `libselinux-python` is installed on the target node
+- Ansible version used is `1.9.2`
+
+### How to deploy
+
+```bash
+$ ansible-playbook -v poem.yml
+```
+
 ## Full standalone deployment
 
 Contains Ansible playbook for the deployment of all ARGO components. The play is split into six (6) roles:
@@ -37,7 +101,7 @@ Contains Ansible playbook for the deployment of all ARGO components. The play is
 
 ### Things to do before deployment
 
-- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `hostkey.pem` and `hostcert.pem` respectively.
+- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file. 
 - Edit inventory and replace `standalone.node` with the hostname that you intend to deploy the complete ARGO stack onto. 
 
 ### Prerequisites
@@ -51,3 +115,8 @@ Contains Ansible playbook for the deployment of all ARGO components. The play is
 ```bash
 $ ansible-playbook -v standalone.yml
 ```
+
+
+## Monitoring your services
+
+In case you are using Nagios or Icinga for health monitoring purposes a minimal `is_monitored` role is included in the repo. The puspose of this role is to install and configure the nrpe service on your target machines. Modify the remote host variable within the `roles/is_monitored/defaults/main.yml` file and include it in your playbooks. 
diff --git a/group_vars/all b/group_vars/all
index 117bb1cd391ef3b7eb21aee8245b3bfa08658713..f794b2b5ff84bdb11fac898ca401ee963f75c5ec 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -1,7 +1,8 @@
 ---
 
-epel_release_url: http://ftp.ntua.gr/pub/linux/fedora-epel/6/i386/
-epel_release_name: epel-release-6-8.noarch.rpm
+# Variable enabled_argo_repo specifies which RPM repository to use.
+# To use the development repository set its value to argo-devel
 
-arstats_release_url: http://rpm.hellasgrid.gr/mash/centos6-arstats/i386/
-arstats_release_name: ar-release-1.0.0-3.el6.noarch.rpm
+enabled_argo_repo: argo-prod
+
+cert_dir: /etc/grid-security
diff --git a/group_vars/monitoring_engine b/group_vars/monitoring_engine
new file mode 100644
index 0000000000000000000000000000000000000000..fb2eac8f1d753b6b9ab049beba8556f3dcd7785a
--- /dev/null
+++ b/group_vars/monitoring_engine
@@ -0,0 +1,18 @@
+---
+cert_path: /etc/pki/tls/certs/localhost.crt
+key_path: /etc/pki/tls/private/localhost.key
+ca_path: /etc/pki/tls/certs/ca-bundle.crt
+
+iptables_rules:
+  input:
+    - { dport: "80",   proto: "tcp", policy: "accept"}
+    - { dport: "443",  proto: "tcp", policy: "accept"}
+
+nagios_plugins:
+  - { name: nagios-plugins-tcp                , repo: "" }
+  - { name: nagios-plugins-disk               , repo: "" }
+  - { name: nagios-plugins-http               , repo: "" }
+  - { name: nagios-plugins                    , repo: "" }
+  - { name: nagios-plugins-dummy              , repo: "" }
+  - { name: nagios-plugins-procs              , repo: "" }
+  - { name: nagios-plugins-ping               , repo: "" }
\ No newline at end of file
diff --git a/group_vars/poem b/group_vars/poem
new file mode 100644
index 0000000000000000000000000000000000000000..4d6c1a3c38e5689f37d464017425a9aff45206fb
--- /dev/null
+++ b/group_vars/poem
@@ -0,0 +1,5 @@
+---
+
+iptables_rules:
+  input:
+    - { dport: "443",   proto: "tcp", policy: "accept"}
diff --git a/group_vars/standalone b/group_vars/standalone
index fd55012b1c48b6be0b25dbf319ab1d1b50c2feba..1c863c2ad91ecf50f19ec27989e14769382b133d 100644
--- a/group_vars/standalone
+++ b/group_vars/standalone
@@ -1,6 +1,6 @@
 ---
 
-mongo_bind_interface: 127.0.0.1
+mongo_bind_interfaces: 127.0.0.1
 
 cert_path: /etc/grid-security/hostcert.pem
 key_path: /etc/grid-security/hostkey.pem
diff --git a/group_vars/webapi b/group_vars/webapi
index 9265696c7d20f4921f2ad8fcf235026675aa853c..0ad6b2ddaf4e787bc26825f1ac155d705c784759 100644
--- a/group_vars/webapi
+++ b/group_vars/webapi
@@ -1,6 +1,6 @@
 ---
 
-mongo_bind_interface: 0.0.0.0
+mongo_bind_interfaces: 0.0.0.0
 
 cert_path: /etc/pki/tls/certs/localhost.crt
 key_path: /etc/pki/tls/private/localhost.key
@@ -8,4 +8,4 @@ key_path: /etc/pki/tls/private/localhost.key
 iptables_rules:
   input:
     - { dport: "443",   proto: "tcp", policy: "accept"}
-    - { dport: "27017", proto: "tcp", policy: "accept"}
\ No newline at end of file
+    - { dport: "27017", proto: "tcp", policy: "accept"}
diff --git a/inventory b/inventory
index cec250885b51e2d0ad3a8e9774a265261f5a2100..70a9fc3226b892c8e6765cc35fb5422e5ee0cab2 100644
--- a/inventory
+++ b/inventory
@@ -4,3 +4,12 @@ webapi.node
 
 [standalone]
 standalone.node
+
+[poem]
+poem.node
+
+[webui]
+webui.node
+
+[monitoring_engine]
+monitoring_engine.node
\ No newline at end of file
diff --git a/monitoring_engine.yml b/monitoring_engine.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4cb717e126fc97659bcccd3011acb6d96a893418
--- /dev/null
+++ b/monitoring_engine.yml
@@ -0,0 +1,10 @@
+---
+
+- hosts: monitoring_engine
+  sudo: true
+  roles:
+    - { role: firewall,           tags: firewall }
+    - { role: repos,              tags: repos    }
+    - { role: ca_bundle,          when: ca_bundle_install,   tags: ca_bundle }
+    - { role: has_certificate,    tags: certificate }
+    - { role: monitoring_engine,  tags: monitoring_engine }
diff --git a/poem.yml b/poem.yml
new file mode 100644
index 0000000000000000000000000000000000000000..daf89061c8170499c73e544b22833ac7f57bd112
--- /dev/null
+++ b/poem.yml
@@ -0,0 +1,9 @@
+---
+
+- hosts: poem
+  sudo: true
+  roles:
+    - { role: firewall, tags: firewall }
+    - { role: repos,    tags: repos    }
+    - { role: has_certificate, tags: certificate }
+    - { role: poem,     tags: poem     }
diff --git a/private_files b/private_files
new file mode 120000
index 0000000000000000000000000000000000000000..c8c1fb9238747f863d2f84de72bb6d7b31bc704f
--- /dev/null
+++ b/private_files
@@ -0,0 +1 @@
+../private_files
\ No newline at end of file
diff --git a/roles/consumer/defaults/main.yml b/roles/consumer/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..986e48310d3a40ba7ccc1ad4e4ee35e08e99127a
--- /dev/null
+++ b/roles/consumer/defaults/main.yml
@@ -0,0 +1,73 @@
+---
+
+tenants:
+  TenantA:
+    topics:
+      - "probe.metricOutput.tenantA.ngi.*"
+      - "probe.metricOutput.tenantA.roc.*"
+      - "probe.metricOutput.tenantA.opsmonitor.*"
+      - "probe.metricOutput.tenantA.project.*"
+      - "probe.metricOutput.tenantA.vo.*"
+    brokers:
+      - "broker1.example.com"
+      - "broker2.example.com"
+    outputdir: "/var/lib/argo-connectors/TenantA/"
+    jobs_all: "JOB_TenantA_ALL, JOB_TenantA_PART"
+    prefilter: "prefilter-tenantA.py"
+    jobs_details:
+      - name: "JOB_TenantA_ALL"
+        Directory: "TenantA_ALL"
+        Profiles: "ALL_SERVICES"
+        TopoType: "GOCDB"
+        TopoFeed: "https://goc.example.com/gocdbpi/"
+        TopoFetchType: "Sites"
+        TopoSelectGroupOfEndpoints: "Production:Y, Monitored:Y, Scope:TenantA"
+        TopoSelectGroupOfGroups: "Certification:Certified, Infrastructure:Production, Scope:TenantA"
+        DowntimesFeed: "https://goc.example.com/gocdbpi/"
+      - name: "JOB_TenantA_PART"
+        Directory: "TenantA_PART"
+        Profiles: "PART_SERVICES"
+        TopoType: "GOCDB"
+        TopoFeed: "https://goc.example.com/gocdbpi/"
+        TopoFetchType: "Sites"
+        TopoSelectGroupOfEndpoints: "Production:Y, Monitored:Y, Scope:TenantA"
+        TopoSelectGroupOfGroups: "Certification:Candidate, Infrastructure:Production, Scope:TenantA"
+        DowntimesFeed: "https://goc.example.com/gocdbpi/"
+  TenantB:
+    topics:
+      - "probe.*"
+    brokers:
+      - "broker3.example.com"
+    outputdir: "/var/lib/argo-connectors/TenantB/"
+    jobs_all: "JOB_TenantB_SERVICES"
+    jobs_details:
+      - name: "JOB_TenantB_SERVICES"
+        Directory: "SERVICES"
+        Profiles: "My_Critical_Services"
+        TopoType: "GOCDB"
+        TopoFeed: "https://goc.example.com/gocdbpi/"
+        TopoFetchType: "ServiceGroups"
+        TopoSelectGroupOfEndpoints: "Production:Y, Monitored:Y, Scope:TenantB"
+        TopoSelectGroupOfGroups: "Certification:Candidate, Infrastructure:Production, Scope:TenantB"
+        DowntimesFeed: "https://goc.example.com/gocdbpi/"
+
+poem_servers:
+  - host: "poemA.example.com"
+    vos:
+      - ops
+      - gridpp
+  - host: "poemB.example.com"
+    vos:
+      - ops
+
+poem_fetch_profiles:
+  - profile_1
+  - profile_2
+
+mongo_host_or_ip: "127.0.0.1"
+mongo_port_number: "27017"
+argo_compute_mode: "local"
+prefilter_clean_bool: "false"
+argo_sync_conf_path: "/etc/argo-egi-connectors"
+argo_sync_path: "/var/lib/argo-connectors"
+argo_exec_path: "/usr/libexec/argo-egi-connectors"
diff --git a/roles/consumer/handlers/main.yml b/roles/consumer/handlers/main.yml
index b03fc8f3e39c0d7fde2640a21260961e0349d045..36b828b7d7a183e5fa7b2c330ae33b1cd31eb3a2 100644
--- a/roles/consumer/handlers/main.yml
+++ b/roles/consumer/handlers/main.yml
@@ -1,5 +1,14 @@
 ---
 
-- name: restart consumer
-  service: name=ar-consumer state=restarted
+- name: restart egi consumer
+  service: name=argo-egi-consumer state=restarted
 
+- name: restart all consumers
+  service: name=argo-{{ item.key | lower }}-consumer state=restarted
+  with_dict: tenants
+
+# TODO: Make following handler task tenant unaware
+- name: restart all non egi consumers
+  service: name=argo-{{ item.key | lower }}-consumer state=restarted
+  with_dict: tenants
+  when: item.key|lower != "egi"
diff --git a/roles/consumer/tasks/main.yml b/roles/consumer/tasks/main.yml
index 26ca1ff5c00db235e85b92285650d4da8aef8409..3b4fcc0eceed29a97f6e6ea5857d5ace42bb41c5 100644
--- a/roles/consumer/tasks/main.yml
+++ b/roles/consumer/tasks/main.yml
@@ -1,61 +1,159 @@
 ---
 
-- name: Install consumer from ar project
-  tags: ar-packages
-  yum: name=ar-consumer state=latest
-  notify: restart consumer
-
 - name: Install avro from ar project
   tags: ar-packages
-  yum: name=avro state=present
+  yum: name=avro state=present enablerepo={{ enabled_argo_repo }}
 
-- name: Install argo-egi-connectors from ar project
+- name: Install python-pip
   tags: ar-packages
-  yum: name=argo-egi-connectors state=latest
+  yum: name=python-pip state=present
 
-- name: Install ar-compute from ar project
+- name: Install pymongo fixed version
   tags: ar-packages
-  yum: name=ar-compute state=latest
-
-- name: Configure ar-compute stuff 1
-  tags: compute_config
-  lineinfile: dest=/etc/ar-compute-engine.conf
-              regexp="^mongo_host="
-              line="mongo_host=127.0.0.1"
-              state=present
-              backup=yes
+  pip: name=pymongo state=present version=3.2.1
+
+- name: Install egi consumer package from ar project
+  tags: 
+    - ar-packages
+    - consumer_config
+  yum: name=argo-egi-consumer state=latest enablerepo={{ enabled_argo_repo }}
+  notify: restart all consumers
+
+- name: Create consumer configuration directories
+  file: path=/etc/argo-{{ item.key | lower }}-consumer
+        state=directory
+        owner=root group=root mode=0755
+  with_dict: tenants
+  notify: restart all consumers
+
+- name: Copy metric avro specification for each tenant
+  tags: 
+    - consumer_config
+  template: src=metric_data.avsc.j2
+            dest=/etc/argo-{{ item.key | lower }}-consumer/metric_data.avsc
+            owner=root group=root mode=0644
+  with_dict: tenants
+  notify: restart all consumers
 
-- name: Configure ar-compute stuff 2
-  tags: compute_config
-  lineinfile: dest=/etc/ar-compute-engine.conf
-              regexp="^mode="
-              line="mode=local"
-              state=present
-              backup=yes
+- name: Create consumer output directories per tenant
+  tags: consumer_config
+  file: path=/var/lib/argo-{{ item.key | lower }}-consumer
+        state=directory
+        owner=arstats group=arstats mode=0755
+  with_dict: tenants
+
+- name: Consumer configuration
+  tags: 
+    - consumer_config
+  template: src=consumer.conf.j2
+            dest=/etc/argo-{{ item.key | lower }}-consumer/consumer.conf
+            owner=root group=root mode=0644
+  with_dict: tenants
+  notify: restart all consumers
+
+# TODO: Make following task tenant unaware
+- name: Copy out init scripts for non egi consumers
+  tags: 
+    - consumer_config
+  template: src=consumer.init.j2
+            dest=/etc/init.d/argo-{{ item.key | lower }}-consumer
+            owner=root group=root mode=0755
+  with_dict: tenants
+  when: item.key|lower != "egi"
+  notify: restart all non egi consumers
+
+# TODO: Make following task tenant unaware
+- name: Create copies of python wrappers for non egi consumers
+  tags: 
+    - consumer_config
+  file: path=/usr/bin/argo-{{ item.key | lower }}-wrapper-consumer.py
+        state=link src=/usr/bin/argo-egi-consumer.py
+  with_dict: tenants
+  when: item.key|lower != "egi"
+
+- name: Enable and start consumer services
+  tags: 
+    - consumer_config
+  service: name=argo-{{ item.key | lower }}-consumer enabled=on state=started
+  with_dict: tenants
 
-- name: Configure ar-compute stuff 3
-  tags: compute_config
-  lineinfile: dest=/etc/ar-compute-engine.conf
-              regexp="^prefilter_clean="
-              line="prefilter_clean=false"
-              state=present
-              backup=yes
+- name: Install argo-egi-connectors from ar project
+  tags: 
+    - ar-packages
+    - connectors
+  yum: name=argo-egi-connectors state=latest enablerepo={{ enabled_argo_repo }}
+
+- name: Configure connectors
+  tags: 
+    - connectors_config
+    - connectors
+  template: src=customer.conf.j2
+            dest=/etc/argo-egi-connectors/{{ item.key | lower }}-customer.conf
+            owner=root group=root mode=0644
+            backup=yes
+  with_dict: tenants
+
+- name: POEM configuration
+  tags:
+    - connectors_config
+    - poem_config
+  template: src=poem-connector.conf.j2
+            dest=/etc/argo-egi-connectors/poem-connector.conf
+            owner=root group=root mode=0644
+            backup=yes
+
+- name: Configure poem connector per tenant cron job
+  tags: 
+    - connectors_config
+    - connectors
+    - poem_cron
+  cron: cron_file=poem_{{ item.key | lower }}
+        name=poem_{{ item.key | lower }}
+        minute=2
+        hour=0
+        user=root
+        job="/usr/libexec/argo-egi-connectors/poem-connector.py {% if item.value.prefilter is not defined %} -np {% endif %} -c /etc/argo-egi-connectors/{{ item.key | lower }}-customer.conf"
+        state=present
+  with_dict: tenants
+
+- name: Configure topology connector per tenant cron job
+  tags: 
+    - connectors_config
+    - connectors
+    - topology_cron
+  cron: cron_file=topology_{{ item.key | lower }}
+        name=topology_{{ item.key | lower }}
+        minute=7
+        hour=0
+        user=root
+        job="/usr/libexec/argo-egi-connectors/topology-gocdb-connector.py -c /etc/argo-egi-connectors/{{ item.key | lower }}-customer.conf"
+        state=present
+  with_dict: tenants
+
+- name: Configure weights connector per tenant cron job
+  tags: 
+    - connectors_config
+    - connectors
+    - weights_cron
+  cron: cron_file=weights_{{ item.key | lower }}
+        name=weights_{{ item.key | lower }}
+        minute=5
+        hour=0
+        user=root
+        job="/usr/libexec/argo-egi-connectors/weights-gstat-connector.py -c /etc/argo-egi-connectors/{{ item.key | lower }}-customer.conf"
+        state=present
+  with_dict: tenants
 
-- name: Configure ar-compute stuff 4
-  tags: consumer_config
-  lineinfile: dest=/etc/ar-compute-engine.conf
-              regexp="^sync_path="
-              line="sync_path=/var/lib/argo-connectors"
-              state=present
-              backup=yes
+- name: Install ar-compute from ar project
+  tags: ar-packages
+  yum: name=ar-compute state=latest enablerepo={{ enabled_argo_repo }}
 
-- name: Configure ar-compute stuff 5
-  tags: consumer_config
-  lineinfile: dest=/etc/ar-compute-engine.conf
-              regexp="^sync_exec="
-              line="sync_exec=/usr/libexec/argo-egi-connectors"
-              state=present
-              backup=yes
+- name: Copy out compute engine configuration file
+  tags: ce_config
+  template: src=ar-compute-engine.conf.j2
+            dest=/etc/ar-compute-engine.conf
+            owner=root group=root mode=0644
+            backup=yes
 
 - name: Configure ar-compute job cycle daily cron 
   tags: compute_config
@@ -74,30 +172,22 @@
         name=ar_job_cycle_hourly
         state=present
         minute=55
-        hour=*
+        hour=*/2
         job="/usr/libexec/ar-compute/bin/job_cycle.py -d $(/bin/date --utc  +\%Y-\%m-\%d)"
 
-- name: Create job directories
-  tags: sync_config
-  file: path={{ item }} owner=root group=root mode=0755 state=directory
-  with_items:
-    - /var/lib/argo-connectors/EGI/Cloudmon
-    - /var/lib/argo-connectors/EGI/Critical
-
-- name: Make sure ownerships are OK
-  tags: consumer_config
-  file: path={{ item }} owner=root group=arstats mode=0775 state=directory
-  with_items:
-    - /var/lib/argo-connectors
-    - /var/lib/ar-consumer
-
-- name: Enable and start consumer service
-  tags: consumer_config
-  service: name=ar-consumer enabled=yes state=started
+- name: Add ar-compute poller hourly cron for tenant EGI
+  tags: compute_crons
+  cron: cron_file=ar_poller_hourly_egi
+        name=ar_poller_hourly_egi
+        minute=25
+        hour=*
+        user=root
+        job="/usr/libexec/ar-compute/bin/poller_ar.py -t EGI"
+        state=present
 
 - name: Install ar-data-retention from ar project
   tags: ar-data-retention
-  yum: name=ar-data-retention state=latest
+  yum: name=ar-data-retention state=latest enablerepo={{ enabled_argo_repo }}
 
 - name: Parametrize data retention policies
   tags: data_retention
diff --git a/roles/consumer/templates/ar-compute-engine.conf.j2 b/roles/consumer/templates/ar-compute-engine.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..1aa994784b8ef17e6eadf70a991e44525126eabe
--- /dev/null
+++ b/roles/consumer/templates/ar-compute-engine.conf.j2
@@ -0,0 +1,85 @@
+[default]
+
+# mongo server ip location
+mongo_host={{ mongo_host_or_ip }}
+
+# mongo server port
+mongo_port={{ mongo_port_number }}
+
+# core database used by argo
+mongo_core_db = argo_core
+
+# mongo authentication
+# mongo_user =
+# mongo_pass =
+
+# declare the mode of ARGOeu
+# can be: local or cluster
+mode={{ argo_compute_mode }}
+
+# declare the serialization framework
+# can be: avro or none
+serialization=none
+
+# declare if prefilter data must be cleaned after upload to hdfs
+prefilter_clean={{ prefilter_clean_bool }}
+sync_clean=true
+
+# Provide maximum number of recomputations that can run in parallel.
+recomp_threshold=1
+
+[logging]
+
+# mode for logging (syslog,file,none)
+log_mode=syslog
+
+# log level status
+log_level=DEBUG
+
+# If log_mode equals file - uncomment to set log file path:
+# log_file=/var/log/ar-compute/ar-compute.log
+
+# Hadoop clients log level and log appender
+# If you want to log via SYSLOG make sure
+# an appropriate appender is defined in hadoop
+# log4j.properties file and just add the name
+# of this appender in the following line. I.e.
+# if you define a new appender named SYSLOG
+# change console to SYSLOG, or just add
+# SYSLOG appender in the following line
+hadoop_log_root=INFO,console
+
+[connectors]
+
+sync_conf={{ argo_sync_conf_path }}
+sync_exec={{ argo_exec_path }}
+sync_path={{ argo_sync_path }}
+
+[jobs]
+
+# Here are declared available tenants and available jobs
+# for each tenant (tenant/job names are case-sensitive)
+# The order of declarations is as follows:
+#
+# tenants=TenantA,TenantB
+# TenantA_jobs=Job1,Job2,Job3
+# TenantB_jobs=Job4,Job5
+# TenantA_prefilter=prefilter_exec (optional)
+#
+# Declare available tenants
+tenants={{ tenants|join(',')}}
+
+# For a declared tenant declare it's jobs by using
+# {Tenant_Name}_jobs conformance
+{% for key,value in tenants.iteritems() %}
+{{ key }}_jobs={{ value.jobs_all|replace(" ","") }}
+{% if value.prefilter is defined %}
+{{ key }}_prefilter={{ value.prefilter }}
+{% endif %}
+{% endfor %}
+
+
+[sampling]
+
+s_period=1440
+s_interval=5
\ No newline at end of file
diff --git a/roles/consumer/templates/consumer.conf.j2 b/roles/consumer/templates/consumer.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..5ec8fc7fce1c8d33a4b815a0133393b946857e09
--- /dev/null
+++ b/roles/consumer/templates/consumer.conf.j2
@@ -0,0 +1,41 @@
+[General]
+LogName = argo-{{ item.key | lower }}-consumer
+WritePlaintext = False
+LogMsgOutAllowedTime = True
+LogWrongFormat = True
+ReportWritMsgEveryHours = 24
+AvroSchema = /etc/argo-{{ item.key | lower }}-consumer/metric_data.avsc
+
+
+[Subscription]
+Destinations = {% if item.value.topics is defined %}{% for topic in item.value.topics %}{% if loop.last %}/queue/Consumer.{{ ansible_fqdn|replace(".","_") }}.{{ topic }}{% else %}/queue/Consumer.{{ ansible_fqdn|replace(".","_") }}.{{ topic }}, {% endif %}{% endfor %}{% endif %}
+
+IdleMsgTimeout = 0
+
+
+[Brokers]
+{% if item.value.brokers is defined %}
+{% for broker in item.value.brokers %}
+Server{{ loop.index }} = {{ broker }}:6163
+{% endfor %}
+{% endif %}
+
+[MsgRetention]
+PastDaysOk = 1
+FutureDaysOk = 1
+
+[Authentication]
+HostKey = /etc/grid-security/hostkey.pem
+HostCert = /etc/grid-security/hostcert.pem
+
+[STOMP]
+TCPKeepAliveIdle = 20
+TCPKeepAliveInterval = 5
+TCPKeepAliveProbes = 10
+ReconnectAttempts = 10
+UseSSL = False
+
+[Output]
+Directory = /var/lib/argo-{{ item.key | lower }}-consumer
+Filename = argo-consumer_log_DATE.avro
+ErrorFilename = argo-consumer_error_log_DATE.avro
\ No newline at end of file
diff --git a/roles/consumer/templates/consumer.init.j2 b/roles/consumer/templates/consumer.init.j2
new file mode 100644
index 0000000000000000000000000000000000000000..391e1d96d3a09e618e3cb3b71c4078d9c48a7ba8
--- /dev/null
+++ b/roles/consumer/templates/consumer.init.j2
@@ -0,0 +1,35 @@
+#!/bin/bash
+# argo-{{ item.key | lower }}-consumer daemon
+# chkconfig: 345 20 80
+# description: argo-{{ item.key | lower }}-consumer daemon
+# processname: argo-{{ item.key | lower }}-consumer
+
+. /etc/rc.d/init.d/functions
+PROG_NAME="argo-{{ item.key | lower }}-consumer"
+CONFIG="/etc/argo-{{ item.key | lower }}-consumer/consumer.conf"
+DAEMON_PATH="/usr/bin/argo-{{ item.key | lower }}{% if item.key|lower != "egi" %}-wrapper{% endif %}-consumer.py"
+
+case "$1" in
+start)
+	echo -n $"Starting $PROG_NAME: "
+	daemon $DAEMON_PATH --start --config $CONFIG
+	echo
+;;
+status)
+	$DAEMON_PATH --status --config $CONFIG
+;;
+stop)
+	echo -n $"Stopping $PROG_NAME: "
+	daemon $DAEMON_PATH --stop --config $CONFIG
+	echo
+;;
+restart)
+	echo -n $"Restarting $PROG_NAME: "
+	daemon $DAEMON_PATH --restart --config $CONFIG
+	echo
+;;
+*)
+	echo "Usage: $0 {status|start|stop|restart}"
+	exit 1
+esac
+
diff --git a/roles/consumer/templates/customer.conf.j2 b/roles/consumer/templates/customer.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..aad48f665b0ce494b5cb8e22613ea3ad0568ed41
--- /dev/null
+++ b/roles/consumer/templates/customer.conf.j2
@@ -0,0 +1,21 @@
+[CUSTOMER_{{item.key|upper}}]
+Name = {{item.key|upper}}
+OutputDir = {{item.value.outputdir}}
+{% if item.value.jobs_all is defined %}
+Jobs = {{ item.value.jobs_all }}
+{% endif %}
+
+{% if item.value.jobs_details is defined %}
+{% for job in item.value.jobs_details %}
+[{{job.name}}]
+Dirname = {{job.Directory}}
+Profiles = {{job.Profiles}}
+TopoType = {{job.TopoType}}
+TopoFeed = {{job.TopoFeed}}
+TopoFetchType = {{job.TopoFetchType}}
+TopoSelectGroupOfEndpoints = {{job.TopoSelectGroupOfEndpoints}}
+TopoSelectGroupOfGroups = {{job.TopoSelectGroupOfGroups}}
+DowntimesFeed = {{job.DowntimesFeed}}
+
+{% endfor %}
+{% endif %}
diff --git a/roles/consumer/templates/metric_data.avsc.j2 b/roles/consumer/templates/metric_data.avsc.j2
new file mode 100644
index 0000000000000000000000000000000000000000..c35bbe380de6ab2f7cce65a2f07232a076680bab
--- /dev/null
+++ b/roles/consumer/templates/metric_data.avsc.j2
@@ -0,0 +1,18 @@
+{"namespace": "argo.avro",
+ "type": "record",
+ "name": "metric_data",
+ "fields": [
+        {"name": "timestamp", "type": "string"},
+        {"name": "service", "type": "string"},
+        {"name": "hostname", "type": "string"},
+        {"name": "metric", "type": "string"},
+        {"name": "status", "type": "string"},
+        {"name": "monitoring_host", "type": ["null", "string"]},
+        {"name": "summary", "type": ["null", "string"]},
+        {"name": "message", "type": ["null", "string"]},
+        {"name": "tags", "type" : ["null", {"name" : "Tags",
+                                             "type" : "map",
+                                             "values" : ["null", "string"]
+                                           }]
+        }]
+}
diff --git a/roles/consumer/templates/poem-connector.conf.j2 b/roles/consumer/templates/poem-connector.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..20604fb442f940e2dc6ea5e23a5616ef40ffcd9f
--- /dev/null
+++ b/roles/consumer/templates/poem-connector.conf.j2
@@ -0,0 +1,20 @@
+{% for poem in poem_servers %}
+[PoemServer{{ loop.index }}]
+Host = {{ poem.host }}
+VO = {{ poem.vos|join(', ') }}
+
+{% endfor %}
+
+
+[FetchProfiles]
+List = {{ poem_fetch_profiles|join(', ')|upper }}
+
+[PrefilterData]
+AllowedNGI = http://mon.egi.eu/nagios-roles.conf
+AllowedNGIProfiles = ch.cern.sam.ROC, ch.cern.sam.ROC_OPERATORS, ch.cern.sam.ROC_CRITICAL, ch.cern.sam.GLEXEC
+AllNGI1 = opsmon.egi.eu
+AllNGIProfiles1 = ch.cern.sam.OPS_MONITOR, ch.cern.sam.OPS_MONITOR_CRITICAL
+AllNGI2 = cloudmon.egi.eu
+AllNGIProfiles2 = ch.cern.sam.CLOUD-MON, ch.cern.sam.CLOUD-MON_CRITICAL
+
+
diff --git a/roles/firewall/tasks/centos6.yml b/roles/firewall/tasks/centos6.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7690aba2861a60b5eb17febb685af7f580d13bb9
--- /dev/null
+++ b/roles/firewall/tasks/centos6.yml
@@ -0,0 +1,15 @@
+---
+
+- name: copy iptables file onto host
+  template: src=iptables.j2
+        dest=/etc/sysconfig/iptables backup=no
+        owner=root group=root mode=0600
+  when: iptables_rules is defined
+  notify: reload iptables
+
+- name: copy ip6tables file onto host
+  template: src=ip6tables.j2
+        dest=/etc/sysconfig/ip6tables backup=no
+        owner=root group=root mode=0600
+  when: ip6tables_rules is defined
+  notify: reload ip6tables
diff --git a/roles/firewall/tasks/centos7.yml b/roles/firewall/tasks/centos7.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f6188e49b27f3c531f9b342c9b86a8881e130fed
--- /dev/null
+++ b/roles/firewall/tasks/centos7.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Enable required ports
+  firewalld: service={{ item }} immediate=true permanent=true state=enabled
+  with_items: services
+  when: services is defined
+
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index 7690aba2861a60b5eb17febb685af7f580d13bb9..bd3f9a76977165353cfbf4336d2fb5b8a35e2bf2 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -1,15 +1,8 @@
 ---
 
-- name: copy iptables file onto host
-  template: src=iptables.j2
-        dest=/etc/sysconfig/iptables backup=no
-        owner=root group=root mode=0600
-  when: iptables_rules is defined
-  notify: reload iptables
+- include: centos6.yml
+  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6'
+
+- include: centos7.yml
+  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
 
-- name: copy ip6tables file onto host
-  template: src=ip6tables.j2
-        dest=/etc/sysconfig/ip6tables backup=no
-        owner=root group=root mode=0600
-  when: ip6tables_rules is defined
-  notify: reload ip6tables
diff --git a/roles/has_certificate/defaults/main.yml b/roles/has_certificate/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f609797224a4162df970b84cf25ef68a82f222b6
--- /dev/null
+++ b/roles/has_certificate/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+cert_path: /etc/grid-security/hostcert.pem
+key_path: /etc/grid-security/hostkey.pem
\ No newline at end of file
diff --git a/roles/has_certificate/tasks/main.yml b/roles/has_certificate/tasks/main.yml
index 487534411884b23c129622462cd64494cd87db54..1db5c6e158f0a5ddcbdac3fceb142df2ac0eaba3 100644
--- a/roles/has_certificate/tasks/main.yml
+++ b/roles/has_certificate/tasks/main.yml
@@ -1,14 +1,19 @@
 ---
 
+- name: Create cert_dir if not exists
+  file: dest={{ cert_dir }} state=directory
+        owner=root group=root mode=0755
+  when: cert_dir is defined
+
 - name: Copy host x509 certificate onto host
   tags: certificate
-  copy: src=hostcert.pem
+  copy: src={{ inventory_hostname }}.pem
         dest={{ cert_path }} backup=yes
         owner=root group=root mode=0644
 
 - name: Copy host x509 key onto host
   tags: certificate
-  copy: src=hostkey.pem
+  copy: src={{ inventory_hostname }}.key
         dest={{ key_path }} backup=yes
         owner=root group=root mode=0400
 
@@ -24,3 +29,8 @@
         path=/etc/pki/tls/private/localhost.key
   when: inventory_hostname in groups.standalone
 
+- name: Create p12 key for web ui
+  command: openssl pkcs12 -export -in hostcert.pem -inkey hostkey.pem -password pass:{{ keystore_password }} -out server.p12
+           chdir=/etc/grid-security
+           creates=/etc/grid-security/server.p12
+  when: inventory_hostname in groups.webui
diff --git a/roles/is_monitored/defaults/main.yml b/roles/is_monitored/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1060d23a4ede32b755e4ba70aabda67fc2def4c3
--- /dev/null
+++ b/roles/is_monitored/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+nrpe_conf_path: /etc/nrpe.d
+
+# Comma separated list of monitoring hosts (either IPs or FQDNs)
+nrpe_allowed_hosts: 8.8.8.8,host.example.com
diff --git a/roles/is_monitored/handlers/main.yml b/roles/is_monitored/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0fed1e9701d3a8302825a2bf3da0509ce2c28e13
--- /dev/null
+++ b/roles/is_monitored/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: restart nrpe
+  service: name=nrpe state=restarted
diff --git a/roles/is_monitored/tasks/main.yml b/roles/is_monitored/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e6e2f584cba2b66f647874d56f502f1a2a694300
--- /dev/null
+++ b/roles/is_monitored/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: Install nagios needed nrpe packages
+  tags: monitoring
+  yum: name={{ item }} state=latest
+  with_items:
+    - nrpe
+    - nagios-plugins
+    - nagios-plugins-disk
+
+- name: Copy nrpe configuration file on host
+  tags: 
+    - monitoring
+    - nrpe_checks
+  template: src=nrpe.cfg.j2
+            dest={{ nrpe_conf_path }}/nrpe.cfg backup=yes
+            owner=root group=root mode=0644
+  notify: restart nrpe
+
+- name: Modify nrpe configuration itself
+  tags: 
+    - monitoring
+    - nrpe_hosts
+  lineinfile: dest=/etc/nagios/nrpe.cfg
+              regexp="^allowed_hosts="
+              line="allowed_hosts={{ nrpe_allowed_hosts }}"
+              state=present
+              backup=yes
+  notify: restart nrpe
+
+- name: Start and enable nrpe service
+  tags: monitoring
+  service: name=nrpe state=started enabled=yes
diff --git a/roles/is_monitored/templates/nrpe.cfg.j2 b/roles/is_monitored/templates/nrpe.cfg.j2
new file mode 100644
index 0000000000000000000000000000000000000000..9145b053291f7fb4713d48d4df0a2a548857caf5
--- /dev/null
+++ b/roles/is_monitored/templates/nrpe.cfg.j2
@@ -0,0 +1,5 @@
+{% if inventory_hostname in groups.standalone %}
+command[check_consumer_proc]=/usr/lib64/nagios/plugins/check_procs -a '/usr/bin/argo-egi-consumer.py' -c 1:10
+command[check_consumer_log]=/usr/bin/sudo /usr/local/bin/check_consumer_log
+{% endif %}
+command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w 10% -c 5%
\ No newline at end of file
diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f71442570e13908e389f52b97b410ba72a4291b0
--- /dev/null
+++ b/roles/mongodb/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+# Comma separated list of IPs mongo service should bind to
+mongo_bind_interfaces: 127.0.0.1,192.168.0.33
diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml
index 9242f72c7514c878fe355017f00becc17c80f9b3..93ce9cbdb2c2c145be93853ddff95816abdc8f27 100644
--- a/roles/mongodb/tasks/main.yml
+++ b/roles/mongodb/tasks/main.yml
@@ -4,14 +4,23 @@
   tags: mongoDB-packages
   yum: name={{ item }} state=present
   with_items:
-    - mongodb-org
-    - mongodb-org-server
+    - mongodb-org-3.0.7
+    - mongodb-org-server-3.0.7
 
-- name: Bind mongod processes to any interface
-  lineinfile: dest=/etc/mongod.conf
-              regexp="^bind_ip="
-              insertafter=EOF
-              line="bind_ip={{ mongo_bind_interface }}"
+- name: Bind mongod processes to one or more interfaces
+  lineinfile: >
+              dest=/etc/mongod.conf
+              regexp="\ \ bindIp"
+              line='  bindIp: {{ mongo_bind_interfaces }}'
+              state=present
+              backup=yes
+  notify: restart mongo
+
+- name: Fix issue with mongo init script
+  lineinfile: >
+              dest=/etc/mongod.conf
+              regexp="\ \ pidFilePath"
+              line='  pidFilePath: /var/run/mongodb/mongod.pid'
               state=present
               backup=yes
   notify: restart mongo
diff --git a/roles/monitoring_engine/defaults/main.yml b/roles/monitoring_engine/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cd618cfc02b84c51410d3c4af34d33c31a8479b9
--- /dev/null
+++ b/roles/monitoring_engine/defaults/main.yml
@@ -0,0 +1,55 @@
+
+nagios_components:
+  - { name: argo-ncg                , repo: argo-prod }
+  - { name: argo-msg-nagios         , repo: argo-prod }
+  - { name: perl-Crypt-SSLeay       , repo: ""        }
+
+## NCG vars ##
+nagios_server: localhost
+nagios_admin_email: "contact@nagiosadmin.localhost"
+vo: ops
+enable_unicore_probes: "0"
+probes_type: local
+gocdb_root_url: https://localhost/gocdbpi
+cert_status: Certified
+contact_type: roc
+nagios_role: project
+include_empty_hosts: "0"
+enable_notifications: "0"
+local_metric_store: "0"
+check_hosts: "0"
+tenant_name: tenant_a
+poem_root_url: http://localhost/poem
+include_proxy_checks: "0"
+include_msg_checks_recv: "0"
+backup_instance: "false"
+
+## CGI vars ##
+authorized_for_all_service_commands:
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1"
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2"
+authorized_for_all_host_commands:
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1"
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2"
+
+## Nagios.cfg vars ##
+host_perfdata_file_processing_command: ncg-process-host-perfdata-file
+service_perfdata_file_processing_command: ncg-process-service-perfdata-file
+obsess_over_services: "1"
+ocsp_command: handle_service_check
+use_large_installation_tweaks: "1"
+enable_environment_macros: "1"
+allow_empty_hostgroup_assignment: "1"
+cfg_dir: /etc/nagios/argo-ncg.d
+use_syslog: "0"
+log_initial_states: "1"
+log_external_commands: "0"
+log_passive_checks: "0"
+service_check_timeout: 910
+process_performance_data: "1"
+
+## Other vars
+ca_bundle_install: false
+configure_apache_ssl: false
+configure_nagios_apache: false
+
diff --git a/roles/monitoring_engine/handlers/main.yml b/roles/monitoring_engine/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4f411f64c799f0d6ac6be9fbe2d89fd4c9e78893
--- /dev/null
+++ b/roles/monitoring_engine/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: reload nagios
+  service: name=nagios state=reloaded
+
+- name: reload httpd
+  service: name=httpd state=reloaded
diff --git a/roles/monitoring_engine/tasks/main.yml b/roles/monitoring_engine/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6ae0b191474384f1f60f46e8a98676da11afcb64
--- /dev/null
+++ b/roles/monitoring_engine/tasks/main.yml
@@ -0,0 +1,227 @@
+---
+
+- name: Install Nagios
+  yum: name=nagios state=latest enablerepo=nagios
+  tags: install
+
+- name: Install pnp4nagios
+  yum: name=pnp4nagios state=latest
+  tags: install
+
+- name: Install Apache and mod_ssl
+  yum: name={{ item }} state=latest
+  with_items:
+    - httpd
+    - mod_ssl
+  tags: install
+
+- name: Install fetch-crl
+  yum: name=fetch-crl state=latest
+  when: ca_bundle_install
+  tags: install
+
+- name: Install NCG and MSG conponents
+  yum: name={{ item.name }} state=latest enablerepo={{ item.repo }}
+  with_items: nagios_components
+  tags: install
+
+- name: Install Nagios plugins
+  yum: name={{ item.name }} state=latest enablerepo={{ item.repo }}
+  with_items: nagios_plugins
+  tags: install
+
+- name: Copy nagios.cfg file
+  template: src=nagios.cfg.j2
+            dest=/etc/nagios/nagios.cfg
+            owner=nagios group=nagios mode=0644
+  notify: reload nagios
+  tags: config
+
+- name: Copy cgi.cfg file
+  template: src=cgi.cfg.j2
+            dest=/etc/nagios/cgi.cfg
+            owner=nagios group=nagios mode=0644
+  notify: reload nagios
+  tags: config
+
+#FIXME: Make this tenant unaware
+- name: Copy ncg.conf file for EGI
+  template: src=ncg.conf.j2
+            dest=/etc/argo-ncg/ncg.conf
+            owner=root group=root
+  when: tenant_name|lower == "egi"
+  notify: reload nagios
+  tags: config
+
+- name: Copy ncg.conf file for EUDAT
+  template: src=ncg.conf.eudat.j2
+            dest=/etc/ncg/ncg.conf
+            owner=root group=root
+  when: tenant_name|lower == "eudat"
+  notify: reload nagios
+  tags: config
+
+- name: Copy argo-voms-htpasswd.conf file
+  template: src=argo-voms-htpasswd.conf.j2
+            dest=/etc/argo-voms-htpasswd/argo-voms-htpasswd.conf
+            owner=root group=root
+  when: voms_htpasswd is defined
+  tags: config
+
+#FIXME: Temp workaround for tenants without BDII infrastructure.
+- name: Copy broker-list file
+  template: src=broker-list.j2
+            dest=/var/cache/msg/broker-cache-file/broker-list
+            owner=root group=root mode=0644
+  when: broker_host is defined
+  tags: config
+##
+
+- name: Copy argo-msg-cache file
+  template: src=argo-msg-cache.conf.j2
+            dest=/etc/argo-msg-cache.conf
+            owner=root group=root
+  when: lcg_gfal_infosys is defined and broker_network is defined
+  tags: config
+
+- name: Create unicore log dir
+  file: path=/var/log/unicore
+        state=directory 
+        owner=nagios group=nagios mode=0755
+  when: enable_unicore_probes is defined and enable_unicore_probes == "1"
+  tags: config
+
+- name: Copy ucc.config file for unicore
+  template: src=ucc.config.j2
+            dest=/etc/nagios/unicore/ucc.config
+            owner=nagios group=nagios mode=0400
+  when: enable_unicore_probes is defined and enable_unicore_probes == "1"
+  tags: config
+
+- name: Copy scripts for unicore credentials
+  template: src={{ item }}.j2
+            dest=/usr/local/bin/{{ item }} 
+            owner=root group=root mode=0744
+  with_items:
+    - unicore_jks.sh
+    - unicore_ks.sh
+    - unicore_ts.sh
+  when: enable_unicore_probes is defined and enable_unicore_probes == "1"
+  tags: config
+
+- name: Execute scripts for unicore credentials
+  command: /usr/local/bin/{{ item }}
+  with_items:
+    - unicore_jks.sh
+    - unicore_ks.sh
+    - unicore_ts.sh
+  when: enable_unicore_probes is defined and enable_unicore_probes == "1"
+  tags: config
+
+- name: Create vomses dir
+  file: path=/etc/vomses 
+        state=directory 
+        owner=root group=root mode=0755
+  when: vomses is defined
+  tags: config
+
+- name: Copy vomses files
+  template: src=vomses.j2
+            dest=/etc/vomses/{{ item.name }}
+            owner=root group=root mode=0644
+  when: vomses is defined
+  with_items: vomses
+  tags: config
+
+- name: Create voms lsc dir
+  file: path=/etc/grid-security/vomsdir/{{ item.vo }}
+        state=directory 
+        owner=root group=root mode=0755
+  when: vomses is defined
+  with_items: vomses
+  tags: config
+
+- name: Create voms lsc files
+  template: src=voms_lsc.j2
+            dest=/etc/grid-security/vomsdir/{{ item.vo }}/{{ item.server }}.lsc
+            owner=root group=root mode=0644
+  when: vomses is defined
+  with_items: vomses
+  tags: config
+
+- name: Create sha checksum for dashboard config
+  shell: echo -n {{ nagios_server }} | sha1sum | cut -f1 -d' '
+  register: sha
+  tags: config
+  
+- name: Create dashboard config for msg-to-handler
+  template: src=dashboard.conf.j2
+            dest=/etc/msg-to-handler.d/DASHBOARD.conf
+            owner=root group=root mode=0644
+  when: send_to_dashboard is defined and send_to_dashboard == "1"
+  tags: config
+
+- name: Create apel config for msg-to-handler
+  template: src=apel.conf.j2
+            dest=/etc/msg-to-handler.d/APEL.conf
+            owner=root group=root mode=0644
+  when: send_to_apel is defined and send_to_apel == "1"
+  tags: config
+
+- name: Create a cron job to restart apache 
+  cron: name=restart_httpd 
+        user="root"
+        minute="53" hour="2,8,14,20" 
+        job="( /sbin/service httpd status && /sbin/service httpd graceful ) > /dev/null 2>&1" 
+  when: ca_bundle_install
+  tags: config
+
+- name: create apache nagios conf
+  template: src=nagios_apache.conf.j2
+            dest=/etc/httpd/conf.d/nagios.conf
+            owner=root group=root mode=0644
+  notify: reload httpd
+  when: configure_nagios_apache
+  tags: config
+
+- name: create apache ssl conf
+  template: src=ssl.conf.j2
+            dest=/etc/httpd/conf.d/ssl.conf
+            owner=root group=root mode=0644
+  notify: reload httpd
+  when: configure_apache_ssl
+  tags: config
+
+- name: Enable nagios and httpd on boot and start service
+  service: name={{ item }} state=started enabled=yes
+  with_items:
+    - nagios
+    - httpd
+  tags: config
+
+- name: Start fetch-crl cron
+  service: name=fetch-crl-cron state=started enabled=yes
+  when: ca_bundle_install
+  tags: config
+
+- name: Start fetch-crl boot
+  service: name=fetch-crl-boot state=started enabled=no
+  when: ca_bundle_install
+  ignore_errors: yes
+  tags: config
+
+- name: Enable argo-voms-htpasswd on boot and start service
+  service: name=argo-voms-htpasswd state=started enabled=yes
+  when: voms_htpasswd is defined
+  tags: config
+
+- name: Enable argo-msg-cache on boot and start service
+  service: name=argo-msg-cache state=started enabled=yes
+  when: lcg_gfal_infosys is defined
+  tags: config
+
+- name: Enable msg-to-handler on boot and start service
+  service: name=msg-to-handler state=started enabled=yes
+  when: lcg_gfal_infosys is defined
+  tags: config
+  
diff --git a/roles/monitoring_engine/templates/apel.conf.j2 b/roles/monitoring_engine/templates/apel.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..e4c1380d19a043e82883aed7f1001278363b5e0f
--- /dev/null
+++ b/roles/monitoring_engine/templates/apel.conf.j2
@@ -0,0 +1,10 @@
+<handler APEL>
+  class = GridMon::MsgHandler::MetricOutput
+  <instance>
+    SOURCE = local
+    CACHE_DIR = /var/spool/argo-msg-nagios/incoming
+  </instance>
+  <subscribe>
+    destination = "/queue/Consumer.{{ nagios_role }}_{{ nagios_server|replace(".","_") }}.grid.accounting.test.apel.*"
+  </subscribe>
+</handler>
diff --git a/roles/monitoring_engine/templates/argo-msg-cache.conf.j2 b/roles/monitoring_engine/templates/argo-msg-cache.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..98ea2bb10dcea2169e79cc1e6c339b055f4f2380
--- /dev/null
+++ b/roles/monitoring_engine/templates/argo-msg-cache.conf.j2
@@ -0,0 +1,12 @@
+# Configuration file for argo-msg-cache.
+
+# Maintaining the Broker Cache File requires the end point of the information
+# system.
+
+# We support a ',' delimited list as lcg-utils does.
+
+# LCG_GFAL_INFOSYS=bdii.example.org:2170
+LCG_GFAL_INFOSYS={% for bdii in lcg_gfal_infosys %}{{ bdii }}{% if not loop.last %},{% endif %}{% endfor %}
+
+# BROKER_NETWORK=PROD
+BROKER_NETWORK={{ broker_network }}
diff --git a/roles/monitoring_engine/templates/argo-voms-htpasswd.conf.j2 b/roles/monitoring_engine/templates/argo-voms-htpasswd.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..2bde5774e77139486c9740edd2e83f04d008c69f
--- /dev/null
+++ b/roles/monitoring_engine/templates/argo-voms-htpasswd.conf.j2
@@ -0,0 +1,3 @@
+{% for url in voms_htpasswd %}
+{{ url }}
+{% endfor %}
\ No newline at end of file
diff --git a/roles/monitoring_engine/templates/broker-list.j2 b/roles/monitoring_engine/templates/broker-list.j2
new file mode 100644
index 0000000000000000000000000000000000000000..62592d9c5cb5ab419c2c3e064f1bbee441da21af
--- /dev/null
+++ b/roles/monitoring_engine/templates/broker-list.j2
@@ -0,0 +1 @@
+stomp://{{ broker_host }}:6163
\ No newline at end of file
diff --git a/roles/monitoring_engine/templates/cgi.cfg.j2 b/roles/monitoring_engine/templates/cgi.cfg.j2
new file mode 100644
index 0000000000000000000000000000000000000000..d2e95a6bc981ceb14859bd1b03f9c70d67467052
--- /dev/null
+++ b/roles/monitoring_engine/templates/cgi.cfg.j2
@@ -0,0 +1,374 @@
+#################################################################
+#
+# CGI.CFG - Sample CGI Configuration File for Nagios 4.0.8
+#
+#
+#################################################################
+
+
+# MAIN CONFIGURATION FILE
+# This tells the CGIs where to find your main configuration file.
+# The CGIs will read the main and host config files for any other
+# data they might need.
+
+main_config_file=/etc/nagios/nagios.cfg
+
+
+
+# PHYSICAL HTML PATH
+# This is the path where the HTML files for Nagios reside.  This
+# value is used to locate the logo images needed by the statusmap
+# and statuswrl CGIs.
+
+physical_html_path=/usr/share/nagios
+
+
+
+# URL HTML PATH
+# This is the path portion of the URL that corresponds to the
+# physical location of the Nagios HTML files (as defined above).
+# This value is used by the CGIs to locate the online documentation
+# and graphics.  If you access the Nagios pages with an URL like
+# http://www.myhost.com/nagios, this value should be '/nagios'
+# (without the quotes).
+
+url_html_path=/nagios
+
+
+
+# CONTEXT-SENSITIVE HELP
+# This option determines whether or not a context-sensitive
+# help icon will be displayed for most of the CGIs.
+# Values: 0 = disables context-sensitive help
+#         1 = enables context-sensitive help
+
+show_context_help=0
+
+
+
+# PENDING STATES OPTION
+# This option determines what states should be displayed in the web
+# interface for hosts/services that have not yet been checked.
+# Values: 0 = leave hosts/services that have not been check yet in their original state
+#         1 = mark hosts/services that have not been checked yet as PENDING
+
+use_pending_states=1
+
+
+
+
+# AUTHENTICATION USAGE
+# This option controls whether or not the CGIs will use any 
+# authentication when displaying host and service information, as
+# well as committing commands to Nagios for processing.  
+#
+# Read the HTML documentation to learn how the authorization works!
+#
+# NOTE: It is a really *bad* idea to disable authorization, unless
+# you plan on removing the command CGI (cmd.cgi)!  Failure to do
+# so will leave you wide open to kiddies messing with Nagios and
+# possibly hitting you with a denial of service attack by filling up
+# your drive by continuously writing to your command file!
+#
+# Setting this value to 0 will cause the CGIs to *not* use
+# authentication (bad idea), while any other value will make them
+# use the authentication functions (the default).
+
+use_authentication=1
+
+
+
+
+# x509 CERT AUTHENTICATION
+# When enabled, this option allows you to use x509 cert (SSL)
+# authentication in the CGIs.  This is an advanced option and should
+# not be enabled unless you know what you're doing.
+
+use_ssl_authentication=0
+
+
+
+
+# DEFAULT USER
+# Setting this variable will define a default user name that can
+# access pages without authentication.  This allows people within a
+# secure domain (i.e., behind a firewall) to see the current status
+# without authenticating.  You may want to use this to avoid basic
+# authentication if you are not using a secure server since basic
+# authentication transmits passwords in the clear.
+#
+# Important:  Do not define a default username unless you are
+# running a secure web server and are sure that everyone who has
+# access to the CGIs has been authenticated in some manner!  If you
+# define this variable, anyone who has not authenticated to the web
+# server will inherit all rights you assign to this user!
+ 
+#default_user_name=guest
+
+
+
+# SYSTEM/PROCESS INFORMATION ACCESS
+# This option is a comma-delimited list of all usernames that
+# have access to viewing the Nagios process information as
+# provided by the Extended Information CGI (extinfo.cgi).  By
+# default, *no one* has access to this unless you choose to
+# not use authorization.  You may use an asterisk (*) to
+# authorize any user who has authenticated to the web server.
+
+authorized_for_system_information=nagiosadmin
+
+
+
+# CONFIGURATION INFORMATION ACCESS
+# This option is a comma-delimited list of all usernames that
+# can view ALL configuration information (hosts, commands, etc).
+# By default, users can only view configuration information
+# for the hosts and services they are contacts for. You may use
+# an asterisk (*) to authorize any user who has authenticated
+# to the web server.
+
+authorized_for_configuration_information=nagiosadmin
+
+
+
+# SYSTEM/PROCESS COMMAND ACCESS
+# This option is a comma-delimited list of all usernames that
+# can issue shutdown and restart commands to Nagios via the
+# command CGI (cmd.cgi).  Users in this list can also change
+# the program mode to active or standby. By default, *no one*
+# has access to this unless you choose to not use authorization.
+# You may use an asterisk (*) to authorize any user who has
+# authenticated to the web server.
+
+authorized_for_system_commands=nagiosadmin
+
+
+
+# GLOBAL HOST/SERVICE VIEW ACCESS
+# These two options are comma-delimited lists of all usernames that
+# can view information for all hosts and services that are being
+# monitored.  By default, users can only view information
+# for hosts or services that they are contacts for (unless you
+# you choose to not use authorization). You may use an asterisk (*)
+# to authorize any user who has authenticated to the web server.
+
+
+authorized_for_all_services=*
+authorized_for_all_hosts=*
+
+
+
+# GLOBAL HOST/SERVICE COMMAND ACCESS
+# These two options are comma-delimited lists of all usernames that
+# can issue host or service related commands via the command
+# CGI (cmd.cgi) for all hosts and services that are being monitored. 
+# By default, users can only issue commands for hosts or services 
+# that they are contacts for (unless you you choose to not use 
+# authorization).  You may use an asterisk (*) to authorize any
+# user who has authenticated to the web server.
+
+authorized_for_all_service_commands={% for dn in authorized_for_all_service_commands %}{{ dn }}{% if not loop.last %},{% endif %}{% endfor %}
+
+authorized_for_all_host_commands={% for dn in authorized_for_all_host_commands %}{{ dn }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
+
+
+# READ-ONLY USERS
+# A comma-delimited list of usernames that have read-only rights in
+# the CGIs.  This will block any service or host commands normally shown
+# on the extinfo CGI pages.  It will also block comments from being shown
+# to read-only users.
+
+#authorized_for_read_only=user1,user2
+
+
+
+
+# STATUSMAP BACKGROUND IMAGE
+# This option allows you to specify an image to be used as a 
+# background in the statusmap CGI.  It is assumed that the image
+# resides in the HTML images path (i.e. /usr/local/nagios/share/images).
+# This path is automatically determined by appending "/images"
+# to the path specified by the 'physical_html_path' directive.
+# Note:  The image file may be in GIF, PNG, JPEG, or GD2 format.
+# However, I recommend that you convert your image to GD2 format
+# (uncompressed), as this will cause less CPU load when the CGI
+# generates the image.
+
+#statusmap_background_image=smbackground.gd2
+
+
+
+
+# STATUSMAP TRANSPARENCY INDEX COLOR
+# These options set the r,g,b values of the background color used the statusmap CGI,
+# so normal browsers that can't show real png transparency set the desired color as
+# a background color instead (to make it look pretty).  
+# Defaults to white: (R,G,B) = (255,255,255).
+
+#color_transparency_index_r=255
+#color_transparency_index_g=255
+#color_transparency_index_b=255
+
+
+
+
+# DEFAULT STATUSMAP LAYOUT METHOD
+# This option allows you to specify the default layout method
+# the statusmap CGI should use for drawing hosts.  If you do
+# not use this option, the default is to use user-defined
+# coordinates.  Valid options are as follows:
+#	0 = User-defined coordinates
+#	1 = Depth layers
+#       2 = Collapsed tree
+#       3 = Balanced tree
+#       4 = Circular
+#       5 = Circular (Marked Up)
+
+default_statusmap_layout=5
+
+
+
+# DEFAULT STATUSWRL LAYOUT METHOD
+# This option allows you to specify the default layout method
+# the statuswrl (VRML) CGI should use for drawing hosts.  If you
+# do not use this option, the default is to use user-defined
+# coordinates.  Valid options are as follows:
+#	0 = User-defined coordinates
+#       2 = Collapsed tree
+#       3 = Balanced tree
+#       4 = Circular
+
+default_statuswrl_layout=4
+
+
+
+# STATUSWRL INCLUDE
+# This option allows you to include your own objects in the 
+# generated VRML world.  It is assumed that the file
+# resides in the HTML path (i.e. /usr/local/nagios/share).
+
+#statuswrl_include=myworld.wrl
+
+
+
+# PING SYNTAX
+# This option determines what syntax should be used when
+# attempting to ping a host from the WAP interface (using
+# the statuswml CGI.  You must include the full path to
+# the ping binary, along with all required options.  The
+# $HOSTADDRESS$ macro is substituted with the address of
+# the host before the command is executed.
+# Please note that the syntax for the ping binary is
+# notorious for being different on virtually ever *NIX
+# OS and distribution, so you may have to tweak this to
+# work on your system.
+
+ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$
+
+
+
+# REFRESH RATE
+# This option allows you to specify the refresh rate in seconds
+# of various CGIs (status, statusmap, extinfo, and outages).  
+
+refresh_rate=90
+
+# DEFAULT PAGE LIMIT
+# This option allows you to specify the default number of results 
+# displayed on the status.cgi.  This number can be adjusted from
+# within the UI after the initial page load. Setting this to 0
+# will show all results.  
+
+result_limit=100
+
+
+# ESCAPE HTML TAGS
+# This option determines whether HTML tags in host and service
+# status output is escaped in the web interface.  If enabled,
+# your plugin output will not be able to contain clickable links.
+
+escape_html_tags=1
+
+
+
+
+# SOUND OPTIONS
+# These options allow you to specify an optional audio file
+# that should be played in your browser window when there are
+# problems on the network.  The audio files are used only in
+# the status CGI.  Only the sound for the most critical problem
+# will be played.  Order of importance (higher to lower) is as
+# follows: unreachable hosts, down hosts, critical services,
+# warning services, and unknown services. If there are no
+# visible problems, the sound file optionally specified by
+# 'normal_sound' variable will be played.
+#
+#
+# <varname>=<sound_file>
+#
+# Note: All audio files must be placed in the /media subdirectory
+# under the HTML path (i.e. /usr/local/nagios/share/media/).
+
+#host_unreachable_sound=hostdown.wav
+#host_down_sound=hostdown.wav
+#service_critical_sound=critical.wav
+#service_warning_sound=warning.wav
+#service_unknown_sound=warning.wav
+#normal_sound=noproblem.wav
+
+
+
+# URL TARGET FRAMES
+# These options determine the target frames in which notes and 
+# action URLs will open.
+
+action_url_target=_blank
+notes_url_target=_blank
+
+
+
+
+# LOCK AUTHOR NAMES OPTION
+# This option determines whether users can change the author name 
+# when submitting comments, scheduling downtime.  If disabled, the 
+# author names will be locked into their contact name, as defined in Nagios.
+# Values: 0 = allow editing author names
+#         1 = lock author names (disallow editing)
+
+lock_author_names=1
+
+
+
+
+# SPLUNK INTEGRATION OPTIONS
+# These options allow you to enable integration with Splunk
+# in the web interface.  If enabled, you'll be presented with
+# "Splunk It" links in various places in the CGIs (log file,
+# alert history, host/service detail, etc).  Useful if you're
+# trying to research why a particular problem occurred.
+# For more information on Splunk, visit http://www.splunk.com/
+
+# This option determines whether the Splunk integration is enabled
+# Values: 0 = disable Splunk integration
+#         1 = enable Splunk integration
+
+#enable_splunk_integration=1
+
+
+# This option should be the URL used to access your instance of Splunk
+
+#splunk_url=http://127.0.0.1:8000/
+
+
+
+
+# NAVIGATION BAR SEARCH OPTIONS
+# The following options allow to configure the navbar search. Default
+# is to search for hostnames. With enabled navbar_search_for_addresses,
+# the navbar search queries IP addresses as well. It's also possible
+# to enable search for aliases by setting navbar_search_for_aliases=1.
+
+navbar_search_for_addresses=1
+navbar_search_for_aliases=1
diff --git a/roles/monitoring_engine/templates/dashboard.conf.j2 b/roles/monitoring_engine/templates/dashboard.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8fe4f686c91ecd8fa00137c4a2e2c6cecf6ede67
--- /dev/null
+++ b/roles/monitoring_engine/templates/dashboard.conf.j2
@@ -0,0 +1,6 @@
+<handler Dashboard>
+  class = GridMon::MsgHandler::DashboardInput
+  <subscribe>
+     destination = /topic/nagios.probe.notification.ack.{{ sha.stdout }}
+  </subscribe>
+</handler>
diff --git a/roles/monitoring_engine/templates/nagios.cfg.j2 b/roles/monitoring_engine/templates/nagios.cfg.j2
new file mode 100644
index 0000000000000000000000000000000000000000..dffc3f7f7fc7bfc22dc744bf317d2021fa9ac425
--- /dev/null
+++ b/roles/monitoring_engine/templates/nagios.cfg.j2
@@ -0,0 +1,1343 @@
+##############################################################################
+#
+# NAGIOS.CFG - Sample Main Config File for Nagios 4.0.8
+#
+# Read the documentation for more information on this configuration
+# file.  I've provided some comments here, but things may not be so
+# clear without further explanation.
+#
+#
+##############################################################################
+
+
+# LOG FILE
+# This is the main log file where service and host events are logged
+# for historical purposes.  This should be the first option specified 
+# in the config file!!!
+
+log_file=/var/log/nagios/nagios.log
+
+
+
+# OBJECT CONFIGURATION FILE(S)
+# These are the object configuration files in which you define hosts,
+# host groups, contacts, contact groups, services, etc.
+# You can split your object definitions across several config files
+# if you wish (as shown below), or keep them all in a single config file.
+
+# You can specify individual object config files as shown below:
+#cfg_file=/etc/nagios/objects/commands.cfg
+#cfg_file=/etc/nagios/objects/contacts.cfg
+#cfg_file=/etc/nagios/objects/timeperiods.cfg
+#cfg_file=/etc/nagios/objects/templates.cfg
+
+# Definitions for monitoring the local (Linux) host
+#cfg_file=/etc/nagios/objects/localhost.cfg
+
+# Definitions for monitoring a Windows machine
+#cfg_file=/etc/nagios/objects/windows.cfg
+
+# Definitions for monitoring a router/switch
+#cfg_file=/etc/nagios/objects/switch.cfg
+
+# Definitions for monitoring a network printer
+#cfg_file=/etc/nagios/objects/printer.cfg
+
+
+# You can also tell Nagios to process all config files (with a .cfg
+# extension) in a particular directory by using the cfg_dir
+# directive as shown below:
+
+#cfg_dir=/etc/nagios/conf.d
+#cfg_dir=/etc/nagios/printers
+#cfg_dir=/etc/nagios/switches
+#cfg_dir=/etc/nagios/routers
+
+cfg_dir={{ cfg_dir }}
+
+
+
+# OBJECT CACHE FILE
+# This option determines where object definitions are cached when
+# Nagios starts/restarts.  The CGIs read object definitions from 
+# this cache file (rather than looking at the object config files
+# directly) in order to prevent inconsistencies that can occur
+# when the config files are modified after Nagios starts.
+
+object_cache_file=/var/nagios/objects.cache
+
+
+
+# PRE-CACHED OBJECT FILE
+# This options determines the location of the precached object file.
+# If you run Nagios with the -p command line option, it will preprocess
+# your object configuration file(s) and write the cached config to this
+# file.  You can then start Nagios with the -u option to have it read
+# object definitions from this precached file, rather than the standard
+# object configuration files (see the cfg_file and cfg_dir options above).
+# Using a precached object file can speed up the time needed to (re)start 
+# the Nagios process if you've got a large and/or complex configuration.
+# Read the documentation section on optimizing Nagios to find our more
+# about how this feature works.
+
+precached_object_file=/var/nagios/objects.precache
+
+
+
+# RESOURCE FILE
+# This is an optional resource file that contains $USERx$ macro
+# definitions. Multiple resource files can be specified by using
+# multiple resource_file definitions.  The CGIs will not attempt to
+# read the contents of resource files, so information that is
+# considered to be sensitive (usernames, passwords, etc) can be
+# defined as macros in this file and restrictive permissions (600)
+# can be placed on this file.
+
+resource_file=/etc/nagios/resource.cfg
+
+
+
+# STATUS FILE
+# This is where the current status of all monitored services and
+# hosts is stored.  Its contents are read and processed by the CGIs.
+# The contents of the status file are deleted every time Nagios
+#  restarts.
+
+status_file=/var/nagios/status.dat
+
+
+
+# STATUS FILE UPDATE INTERVAL
+# This option determines the frequency (in seconds) that
+# Nagios will periodically dump program, host, and 
+# service status data.
+
+status_update_interval=10
+
+
+
+# NAGIOS USER
+# This determines the effective user that Nagios should run as.  
+# You can either supply a username or a UID.
+
+nagios_user=nagios
+
+
+
+# NAGIOS GROUP
+# This determines the effective group that Nagios should run as.  
+# You can either supply a group name or a GID.
+
+nagios_group=nagios
+
+
+
+# EXTERNAL COMMAND OPTION
+# This option allows you to specify whether or not Nagios should check
+# for external commands (in the command file defined below).  By default
+# Nagios will *not* check for external commands, just to be on the
+# cautious side.  If you want to be able to use the CGI command interface
+# you will have to enable this.
+# Values: 0 = disable commands, 1 = enable commands
+
+check_external_commands=1
+
+
+
+# EXTERNAL COMMAND FILE
+# This is the file that Nagios checks for external command requests.
+# It is also where the command CGI will write commands that are submitted
+# by users, so it must be writeable by the user that the web server
+# is running as (usually 'nobody').  Permissions should be set at the 
+# directory level instead of on the file, as the file is deleted every
+# time its contents are processed.
+
+command_file=/var/nagios/rw/nagios.cmd
+
+
+
+# QUERY HANDLER INTERFACE
+# This is the socket that is created for the Query Handler interface
+
+#query_socket=/var/nagios/rw/nagios.qh
+
+
+
+# LOCK FILE
+# This is the lockfile that Nagios will use to store its PID number
+# in when it is running in daemon mode.
+
+lock_file=/var/nagios/nagios.pid
+
+
+
+# TEMP FILE
+# This is a temporary file that is used as scratch space when Nagios
+# updates the status log, cleans the comment file, etc.  This file
+# is created, used, and deleted throughout the time that Nagios is
+# running.
+
+temp_file=/var/nagios/nagios.tmp
+
+
+
+# TEMP PATH
+# This is path where Nagios can create temp files for service and
+# host check results, etc.
+
+temp_path=/tmp
+
+
+
+# EVENT BROKER OPTIONS
+# Controls what (if any) data gets sent to the event broker.
+# Values:  0      = Broker nothing
+#         -1      = Broker everything
+#         <other> = See documentation
+
+event_broker_options=-1
+
+
+
+# EVENT BROKER MODULE(S)
+# This directive is used to specify an event broker module that should
+# by loaded by Nagios at startup.  Use multiple directives if you want
+# to load more than one module.  Arguments that should be passed to
+# the module at startup are seperated from the module path by a space.
+#
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+#
+# Do NOT overwrite modules while they are being used by Nagios or Nagios
+# will crash in a fiery display of SEGFAULT glory.  This is a bug/limitation
+# either in dlopen(), the kernel, and/or the filesystem.  And maybe Nagios...
+#
+# The correct/safe way of updating a module is by using one of these methods:
+#    1. Shutdown Nagios, replace the module file, restart Nagios
+#    2. Delete the original module file, move the new module file into place, restart Nagios
+#
+# Example:
+#
+#   broker_module=<modulepath> [moduleargs]
+
+#broker_module=/somewhere/module1.o
+#broker_module=/somewhere/module2.o arg1 arg2=3 debug=0
+
+
+
+# LOG ROTATION METHOD
+# This is the log rotation method that Nagios should use to rotate
+# the main log file. Values are as follows..
+#	n	= None - don't rotate the log
+#	h	= Hourly rotation (top of the hour)
+#	d	= Daily rotation (midnight every day)
+#	w	= Weekly rotation (midnight on Saturday evening)
+#	m	= Monthly rotation (midnight last day of month)
+
+log_rotation_method=d
+
+
+
+# LOG ARCHIVE PATH
+# This is the directory where archived (rotated) log files should be 
+# placed (assuming you've chosen to do log rotation).
+
+log_archive_path=/var/log/nagios/archives
+
+
+
+# LOGGING OPTIONS
+# If you want messages logged to the syslog facility, as well as the
+# Nagios log file set this option to 1.  If not, set it to 0.
+
+use_syslog={{ use_syslog }}
+
+
+
+# NOTIFICATION LOGGING OPTION
+# If you don't want notifications to be logged, set this value to 0.
+# If notifications should be logged, set the value to 1.
+
+log_notifications=1
+
+
+
+# SERVICE RETRY LOGGING OPTION
+# If you don't want service check retries to be logged, set this value
+# to 0.  If retries should be logged, set the value to 1.
+
+log_service_retries=1
+
+
+
+# HOST RETRY LOGGING OPTION
+# If you don't want host check retries to be logged, set this value to
+# 0.  If retries should be logged, set the value to 1.
+
+log_host_retries=1
+
+
+
+# EVENT HANDLER LOGGING OPTION
+# If you don't want host and service event handlers to be logged, set
+# this value to 0.  If event handlers should be logged, set the value
+# to 1.
+
+log_event_handlers=1
+
+
+
+# INITIAL STATES LOGGING OPTION
+# If you want Nagios to log all initial host and service states to
+# the main log file (the first time the service or host is checked)
+# you can enable this option by setting this value to 1.  If you
+# are not using an external application that does long term state
+# statistics reporting, you do not need to enable this option.  In
+# this case, set the value to 0.
+
+log_initial_states={{ log_initial_states }}
+
+
+
+# CURRENT STATES LOGGING OPTION
+# If you don't want Nagios to log all current host and service states
+# after log has been rotated to the main log file, you can disable this
+# option by setting this value to 0. Default value is 1.
+
+log_current_states=1
+
+
+
+# EXTERNAL COMMANDS LOGGING OPTION
+# If you don't want Nagios to log external commands, set this value
+# to 0.  If external commands should be logged, set this value to 1.
+# Note: This option does not include logging of passive service
+# checks - see the option below for controlling whether or not
+# passive checks are logged.
+
+log_external_commands={{ log_external_commands }}
+
+
+
+# PASSIVE CHECKS LOGGING OPTION
+# If you don't want Nagios to log passive host and service checks, set
+# this value to 0.  If passive checks should be logged, set
+# this value to 1.
+
+log_passive_checks={{ log_passive_checks }}
+
+
+
+# GLOBAL HOST AND SERVICE EVENT HANDLERS
+# These options allow you to specify a host and service event handler
+# command that is to be run for every host or service state change.
+# The global event handler is executed immediately prior to the event
+# handler that you have optionally specified in each host or
+# service definition. The command argument is the short name of a
+# command definition that you define in your host configuration file.
+# Read the HTML docs for more information.
+
+#global_host_event_handler=somecommand
+#global_service_event_handler=somecommand
+
+
+
+# SERVICE INTER-CHECK DELAY METHOD
+# This is the method that Nagios should use when initially
+# "spreading out" service checks when it starts monitoring.  The
+# default is to use smart delay calculation, which will try to
+# space all service checks out evenly to minimize CPU load.
+# Using the dumb setting will cause all checks to be scheduled
+# at the same time (with no delay between them)!  This is not a
+# good thing for production, but is useful when testing the
+# parallelization functionality.
+#	n	= None - don't use any delay between checks
+#	d	= Use a "dumb" delay of 1 second between checks
+#	s	= Use "smart" inter-check delay calculation
+#       x.xx    = Use an inter-check delay of x.xx seconds
+
+service_inter_check_delay_method=s
+
+
+
+# MAXIMUM SERVICE CHECK SPREAD
+# This variable determines the timeframe (in minutes) from the
+# program start time that an initial check of all services should
+# be completed.  Default is 30 minutes.
+
+max_service_check_spread=30
+
+
+
+# SERVICE CHECK INTERLEAVE FACTOR
+# This variable determines how service checks are interleaved.
+# Interleaving the service checks allows for a more even
+# distribution of service checks and reduced load on remote
+# hosts.  Setting this value to 1 is equivalent to how versions
+# of Nagios previous to 0.0.5 did service checks.  Set this
+# value to s (smart) for automatic calculation of the interleave
+# factor unless you have a specific reason to change it.
+#       s       = Use "smart" interleave factor calculation
+#       x       = Use an interleave factor of x, where x is a
+#                 number greater than or equal to 1.
+
+service_interleave_factor=s
+
+
+
+# HOST INTER-CHECK DELAY METHOD
+# This is the method that Nagios should use when initially
+# "spreading out" host checks when it starts monitoring.  The
+# default is to use smart delay calculation, which will try to
+# space all host checks out evenly to minimize CPU load.
+# Using the dumb setting will cause all checks to be scheduled
+# at the same time (with no delay between them)!
+#	n	= None - don't use any delay between checks
+#	d	= Use a "dumb" delay of 1 second between checks
+#	s	= Use "smart" inter-check delay calculation
+#       x.xx    = Use an inter-check delay of x.xx seconds
+
+host_inter_check_delay_method=s
+
+
+
+# MAXIMUM HOST CHECK SPREAD
+# This variable determines the timeframe (in minutes) from the
+# program start time that an initial check of all hosts should
+# be completed.  Default is 30 minutes.
+
+max_host_check_spread=30
+
+
+
+# MAXIMUM CONCURRENT SERVICE CHECKS
+# This option allows you to specify the maximum number of 
+# service checks that can be run in parallel at any given time.
+# Specifying a value of 1 for this variable essentially prevents
+# any service checks from being parallelized.  A value of 0
+# will not restrict the number of concurrent checks that are
+# being executed.
+
+max_concurrent_checks=0
+
+
+
+# HOST AND SERVICE CHECK REAPER FREQUENCY
+# This is the frequency (in seconds!) that Nagios will process
+# the results of host and service checks.
+
+check_result_reaper_frequency=10
+
+
+
+
+# MAX CHECK RESULT REAPER TIME
+# This is the max amount of time (in seconds) that  a single
+# check result reaper event will be allowed to run before 
+# returning control back to Nagios so it can perform other
+# duties.
+
+max_check_result_reaper_time=30
+
+
+
+
+# CHECK RESULT PATH
+# This is directory where Nagios stores the results of host and
+# service checks that have not yet been processed.
+#
+# Note: Make sure that only one instance of Nagios has access
+# to this directory!  
+
+check_result_path=/var/nagios/spool/checkresults
+
+
+
+
+# MAX CHECK RESULT FILE AGE
+# This option determines the maximum age (in seconds) which check
+# result files are considered to be valid.  Files older than this 
+# threshold will be mercilessly deleted without further processing.
+
+max_check_result_file_age=3600
+
+
+
+
+# CACHED HOST CHECK HORIZON
+# This option determines the maximum amount of time (in seconds)
+# that the state of a previous host check is considered current.
+# Cached host states (from host checks that were performed more
+# recently that the timeframe specified by this value) can immensely
+# improve performance in regards to the host check logic.
+# Too high of a value for this option may result in inaccurate host
+# states being used by Nagios, while a lower value may result in a
+# performance hit for host checks.  Use a value of 0 to disable host
+# check caching.
+
+cached_host_check_horizon=15
+
+
+
+# CACHED SERVICE CHECK HORIZON
+# This option determines the maximum amount of time (in seconds)
+# that the state of a previous service check is considered current.
+# Cached service states (from service checks that were performed more
+# recently that the timeframe specified by this value) can immensely
+# improve performance in regards to predictive dependency checks.
+# Use a value of 0 to disable service check caching.
+
+cached_service_check_horizon=15
+
+
+
+# ENABLE PREDICTIVE HOST DEPENDENCY CHECKS
+# This option determines whether or not Nagios will attempt to execute
+# checks of hosts when it predicts that future dependency logic test
+# may be needed.  These predictive checks can help ensure that your
+# host dependency logic works well.
+# Values:
+#  0 = Disable predictive checks
+#  1 = Enable predictive checks (default)
+
+enable_predictive_host_dependency_checks=1
+
+
+
+# ENABLE PREDICTIVE SERVICE DEPENDENCY CHECKS
+# This option determines whether or not Nagios will attempt to execute
+# checks of service when it predicts that future dependency logic test
+# may be needed.  These predictive checks can help ensure that your
+# service dependency logic works well.
+# Values:
+#  0 = Disable predictive checks
+#  1 = Enable predictive checks (default)
+
+enable_predictive_service_dependency_checks=1
+
+
+
+# SOFT STATE DEPENDENCIES
+# This option determines whether or not Nagios will use soft state 
+# information when checking host and service dependencies. Normally 
+# Nagios will only use the latest hard host or service state when 
+# checking dependencies. If you want it to use the latest state (regardless
+# of whether its a soft or hard state type), enable this option. 
+# Values:
+#  0 = Don't use soft state dependencies (default) 
+#  1 = Use soft state dependencies 
+
+soft_state_dependencies=0
+
+
+
+# TIME CHANGE ADJUSTMENT THRESHOLDS
+# These options determine when Nagios will react to detected changes
+# in system time (either forward or backwards).
+
+#time_change_threshold=900
+
+
+
+# AUTO-RESCHEDULING OPTION
+# This option determines whether or not Nagios will attempt to
+# automatically reschedule active host and service checks to
+# "smooth" them out over time.  This can help balance the load on
+# the monitoring server.  
+# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE
+# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY
+
+auto_reschedule_checks=0
+
+
+
+# AUTO-RESCHEDULING INTERVAL
+# This option determines how often (in seconds) Nagios will
+# attempt to automatically reschedule checks.  This option only
+# has an effect if the auto_reschedule_checks option is enabled.
+# Default is 30 seconds.
+# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE
+# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY
+
+auto_rescheduling_interval=30
+
+
+
+# AUTO-RESCHEDULING WINDOW
+# This option determines the "window" of time (in seconds) that
+# Nagios will look at when automatically rescheduling checks.
+# Only host and service checks that occur in the next X seconds
+# (determined by this variable) will be rescheduled. This option
+# only has an effect if the auto_reschedule_checks option is
+# enabled.  Default is 180 seconds (3 minutes).
+# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE
+# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY
+
+auto_rescheduling_window=180
+
+
+
+# TIMEOUT VALUES
+# These options control how much time Nagios will allow various
+# types of commands to execute before killing them off.  Options
+# are available for controlling maximum time allotted for
+# service checks, host checks, event handlers, notifications, the
+# ocsp command, and performance data commands.  All values are in
+# seconds.
+
+service_check_timeout={{ service_check_timeout }}
+host_check_timeout=30
+event_handler_timeout=30
+notification_timeout=30
+ocsp_timeout=5
+perfdata_timeout=5
+
+
+
+# RETAIN STATE INFORMATION
+# This setting determines whether or not Nagios will save state
+# information for services and hosts before it shuts down.  Upon
+# startup Nagios will reload all saved service and host state
+# information before starting to monitor.  This is useful for 
+# maintaining long-term data on state statistics, etc, but will
+# slow Nagios down a bit when it (re)starts.  Since its only
+# a one-time penalty, I think its well worth the additional
+# startup delay.
+
+retain_state_information=1
+
+
+
+# STATE RETENTION FILE
+# This is the file that Nagios should use to store host and
+# service state information before it shuts down.  The state 
+# information in this file is also read immediately prior to
+# starting to monitor the network when Nagios is restarted.
+# This file is used only if the retain_state_information
+# variable is set to 1.
+
+state_retention_file=/var/nagios/retention.dat
+
+
+
+# RETENTION DATA UPDATE INTERVAL
+# This setting determines how often (in minutes) that Nagios
+# will automatically save retention data during normal operation.
+# If you set this value to 0, Nagios will not save retention
+# data at regular interval, but it will still save retention
+# data before shutting down or restarting.  If you have disabled
+# state retention, this option has no effect.
+
+retention_update_interval=60
+
+
+
+# USE RETAINED PROGRAM STATE
+# This setting determines whether or not Nagios will set 
+# program status variables based on the values saved in the
+# retention file.  If you want to use retained program status
+# information, set this value to 1.  If not, set this value
+# to 0.
+
+use_retained_program_state=1
+
+
+
+# USE RETAINED SCHEDULING INFO
+# This setting determines whether or not Nagios will retain
+# the scheduling info (next check time) for hosts and services
+# based on the values saved in the retention file.  If you
+# If you want to use retained scheduling info, set this
+# value to 1.  If not, set this value to 0.
+
+use_retained_scheduling_info=1
+
+
+
+# RETAINED ATTRIBUTE MASKS (ADVANCED FEATURE)
+# The following variables are used to specify specific host and
+# service attributes that should *not* be retained by Nagios during
+# program restarts.
+#
+# The values of the masks are bitwise ANDs of values specified
+# by the "MODATTR_" definitions found in include/common.h.  
+# For example, if you do not want the current enabled/disabled state
+# of flap detection and event handlers for hosts to be retained, you
+# would use a value of 24 for the host attribute mask...
+# MODATTR_EVENT_HANDLER_ENABLED (8) + MODATTR_FLAP_DETECTION_ENABLED (16) = 24
+
+# This mask determines what host attributes are not retained
+retained_host_attribute_mask=0
+
+# This mask determines what service attributes are not retained
+retained_service_attribute_mask=0
+
+# These two masks determine what process attributes are not retained.
+# There are two masks, because some process attributes have host and service
+# options.  For example, you can disable active host checks, but leave active
+# service checks enabled.
+retained_process_host_attribute_mask=0
+retained_process_service_attribute_mask=0
+
+# These two masks determine what contact attributes are not retained.
+# There are two masks, because some contact attributes have host and
+# service options.  For example, you can disable host notifications for
+# a contact, but leave service notifications enabled for them.
+retained_contact_host_attribute_mask=0
+retained_contact_service_attribute_mask=0
+
+
+
+# INTERVAL LENGTH
+# This is the seconds per unit interval as used in the
+# host/contact/service configuration files.  Setting this to 60 means
+# that each interval is one minute long (60 seconds).  Other settings
+# have not been tested much, so your mileage is likely to vary...
+
+interval_length=60
+
+
+
+# CHECK FOR UPDATES
+# This option determines whether Nagios will automatically check to
+# see if new updates (releases) are available.  It is recommend that you
+# enable this option to ensure that you stay on top of the latest critical
+# patches to Nagios.  Nagios is critical to you - make sure you keep it in
+# good shape.  Nagios will check once a day for new updates. Data collected
+# by Nagios Enterprises from the update check is processed in accordance 
+# with our privacy policy - see http://api.nagios.org for details.
+
+check_for_updates=1
+
+
+
+# BARE UPDATE CHECK
+# This option deterines what data Nagios will send to api.nagios.org when
+# it checks for updates.  By default, Nagios will send information on the 
+# current version of Nagios you have installed, as well as an indicator as
+# to whether this was a new installation or not.  Nagios Enterprises uses
+# this data to determine the number of users running specific version of 
+# Nagios.  Enable this option if you do not want this information to be sent.
+
+bare_update_check=0
+
+
+
+# AGGRESSIVE HOST CHECKING OPTION
+# If you don't want to turn on aggressive host checking features, set
+# this value to 0 (the default).  Otherwise set this value to 1 to
+# enable the aggressive check option.  Read the docs for more info
+# on what aggressive host check is or check out the source code in
+# base/checks.c
+
+use_aggressive_host_checking=0
+
+
+
+# SERVICE CHECK EXECUTION OPTION
+# This determines whether or not Nagios will actively execute
+# service checks when it initially starts.  If this option is 
+# disabled, checks are not actively made, but Nagios can still
+# receive and process passive check results that come in.  Unless
+# you're implementing redundant hosts or have a special need for
+# disabling the execution of service checks, leave this enabled!
+# Values: 1 = enable checks, 0 = disable checks
+
+execute_service_checks=1
+
+
+
+# PASSIVE SERVICE CHECK ACCEPTANCE OPTION
+# This determines whether or not Nagios will accept passive
+# service checks results when it initially (re)starts.
+# Values: 1 = accept passive checks, 0 = reject passive checks
+
+accept_passive_service_checks=1
+
+
+
+# HOST CHECK EXECUTION OPTION
+# This determines whether or not Nagios will actively execute
+# host checks when it initially starts.  If this option is 
+# disabled, checks are not actively made, but Nagios can still
+# receive and process passive check results that come in.  Unless
+# you're implementing redundant hosts or have a special need for
+# disabling the execution of host checks, leave this enabled!
+# Values: 1 = enable checks, 0 = disable checks
+
+execute_host_checks=1
+
+
+
+# PASSIVE HOST CHECK ACCEPTANCE OPTION
+# This determines whether or not Nagios will accept passive
+# host checks results when it initially (re)starts.
+# Values: 1 = accept passive checks, 0 = reject passive checks
+
+accept_passive_host_checks=1
+
+
+
+# NOTIFICATIONS OPTION
+# This determines whether or not Nagios will sent out any host or
+# service notifications when it is initially (re)started.
+# Values: 1 = enable notifications, 0 = disable notifications
+
+enable_notifications=1
+
+
+
+# EVENT HANDLER USE OPTION
+# This determines whether or not Nagios will run any host or
+# service event handlers when it is initially (re)started.  Unless
+# you're implementing redundant hosts, leave this option enabled.
+# Values: 1 = enable event handlers, 0 = disable event handlers
+
+enable_event_handlers=1
+
+
+
+# PROCESS PERFORMANCE DATA OPTION
+# This determines whether or not Nagios will process performance
+# data returned from service and host checks.  If this option is
+# enabled, host performance data will be processed using the
+# host_perfdata_command (defined below) and service performance
+# data will be processed using the service_perfdata_command (also
+# defined below).  Read the HTML docs for more information on
+# performance data.
+# Values: 1 = process performance data, 0 = do not process performance data
+
+process_performance_data={{ process_performance_data }}
+
+
+
+# HOST AND SERVICE PERFORMANCE DATA PROCESSING COMMANDS
+# These commands are run after every host and service check is
+# performed.  These commands are executed only if the
+# enable_performance_data option (above) is set to 1.  The command
+# argument is the short name of a command definition that you 
+# define in your host configuration file.  Read the HTML docs for
+# more information on performance data.
+
+#host_perfdata_command=process-host-perfdata
+#service_perfdata_command=process-service-perfdata
+
+
+
+# HOST AND SERVICE PERFORMANCE DATA FILES
+# These files are used to store host and service performance data.
+# Performance data is only written to these files if the
+# enable_performance_data option (above) is set to 1.
+
+#host_perfdata_file=/var/nagios/host-perfdata
+#service_perfdata_file=/var/nagios/service-perfdata
+
+
+
+# HOST AND SERVICE PERFORMANCE DATA FILE TEMPLATES
+# These options determine what data is written (and how) to the
+# performance data files.  The templates may contain macros, special
+# characters (\t for tab, \r for carriage return, \n for newline)
+# and plain text.  A newline is automatically added after each write
+# to the performance data file.  Some examples of what you can do are
+# shown below.
+
+#host_perfdata_file_template=[HOSTPERFDATA]\t$TIMET$\t$HOSTNAME$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$
+#service_perfdata_file_template=[SERVICEPERFDATA]\t$TIMET$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$
+
+host_perfdata_file_template=DATATYPE::HOSTPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tHOSTPERFDATA::$HOSTPERFDATA$\tHOSTCHECKCOMMAND::$HOSTCHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$
+
+service_perfdata_file_template=DATATYPE::SERVICEPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tSERVICEDESC::$SERVICEDESC$\tSERVICEPERFDATA::$SERVICEPERFDATA$\tSERVICECHECKCOMMAND::$SERVICECHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$\tSERVICESTATE::$SERVICESTATE$\tSERVICESTATETYPE::$SERVICESTATETYPE$
+
+
+
+# HOST AND SERVICE PERFORMANCE DATA FILE MODES
+# This option determines whether or not the host and service
+# performance data files are opened in write ("w") or append ("a")
+# mode. If you want to use named pipes, you should use the special
+# pipe ("p") mode which avoid blocking at startup, otherwise you will
+# likely want the defult append ("a") mode.
+
+#host_perfdata_file_mode=a
+#service_perfdata_file_mode=a
+
+
+
+# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING INTERVAL
+# These options determine how often (in seconds) the host and service
+# performance data files are processed using the commands defined
+# below.  A value of 0 indicates the files should not be periodically
+# processed.
+
+#host_perfdata_file_processing_interval=0
+#service_perfdata_file_processing_interval=0
+
+
+
+# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING COMMANDS
+# These commands are used to periodically process the host and
+# service performance data files.  The interval at which the
+# processing occurs is determined by the options above.
+
+#host_perfdata_file_processing_command=process-host-perfdata-file
+#service_perfdata_file_processing_command=process-service-perfdata-file
+
+host_perfdata_file_processing_command={{ host_perfdata_file_processing_command }}
+service_perfdata_file_processing_command={{ service_perfdata_file_processing_command }}
+
+
+# HOST AND SERVICE PERFORMANCE DATA PROCESS EMPTY RESULTS
+# These options determine wether the core will process empty perfdata
+# results or not. This is needed for distributed monitoring, and intentionally
+# turned on by default.
+# If you don't require empty perfdata - saving some cpu cycles
+# on unwanted macro calculation - you can turn that off. Be careful!
+# Values: 1 = enable, 0 = disable
+
+#host_perfdata_process_empty_results=1
+#service_perfdata_process_empty_results=1
+
+
+# OBSESS OVER SERVICE CHECKS OPTION
+# This determines whether or not Nagios will obsess over service
+# checks and run the ocsp_command defined below.  Unless you're
+# planning on implementing distributed monitoring, do not enable
+# this option.  Read the HTML docs for more information on
+# implementing distributed monitoring.
+# Values: 1 = obsess over services, 0 = do not obsess (default)
+
+obsess_over_services={{ obsess_over_services }}
+
+
+
+# OBSESSIVE COMPULSIVE SERVICE PROCESSOR COMMAND
+# This is the command that is run for every service check that is
+# processed by Nagios.  This command is executed only if the
+# obsess_over_services option (above) is set to 1.  The command 
+# argument is the short name of a command definition that you
+# define in your host configuration file. Read the HTML docs for
+# more information on implementing distributed monitoring.
+
+ocsp_command={{ ocsp_command }}
+
+
+
+# OBSESS OVER HOST CHECKS OPTION
+# This determines whether or not Nagios will obsess over host
+# checks and run the ochp_command defined below.  Unless you're
+# planning on implementing distributed monitoring, do not enable
+# this option.  Read the HTML docs for more information on
+# implementing distributed monitoring.
+# Values: 1 = obsess over hosts, 0 = do not obsess (default)
+
+obsess_over_hosts=0
+
+
+
+# OBSESSIVE COMPULSIVE HOST PROCESSOR COMMAND
+# This is the command that is run for every host check that is
+# processed by Nagios.  This command is executed only if the
+# obsess_over_hosts option (above) is set to 1.  The command 
+# argument is the short name of a command definition that you
+# define in your host configuration file. Read the HTML docs for
+# more information on implementing distributed monitoring.
+
+#ochp_command=somecommand
+
+
+
+# TRANSLATE PASSIVE HOST CHECKS OPTION
+# This determines whether or not Nagios will translate
+# DOWN/UNREACHABLE passive host check results into their proper
+# state for this instance of Nagios.  This option is useful
+# if you have distributed or failover monitoring setup.  In
+# these cases your other Nagios servers probably have a different
+# "view" of the network, with regards to the parent/child relationship
+# of hosts.  If a distributed monitoring server thinks a host
+# is DOWN, it may actually be UNREACHABLE from the point of
+# this Nagios instance.  Enabling this option will tell Nagios
+# to translate any DOWN or UNREACHABLE host states it receives
+# passively into the correct state from the view of this server.
+# Values: 1 = perform translation, 0 = do not translate (default)
+
+translate_passive_host_checks=0
+
+
+
+# PASSIVE HOST CHECKS ARE SOFT OPTION
+# This determines whether or not Nagios will treat passive host
+# checks as being HARD or SOFT.  By default, a passive host check
+# result will put a host into a HARD state type.  This can be changed
+# by enabling this option.
+# Values: 0 = passive checks are HARD, 1 = passive checks are SOFT
+
+passive_host_checks_are_soft=0
+
+
+
+# ORPHANED HOST/SERVICE CHECK OPTIONS
+# These options determine whether or not Nagios will periodically 
+# check for orphaned host service checks.  Since service checks are
+# not rescheduled until the results of their previous execution 
+# instance are processed, there exists a possibility that some
+# checks may never get rescheduled.  A similar situation exists for
+# host checks, although the exact scheduling details differ a bit
+# from service checks.  Orphaned checks seem to be a rare
+# problem and should not happen under normal circumstances.
+# If you have problems with service checks never getting
+# rescheduled, make sure you have orphaned service checks enabled.
+# Values: 1 = enable checks, 0 = disable checks
+
+check_for_orphaned_services=1
+check_for_orphaned_hosts=1
+
+
+
+# SERVICE FRESHNESS CHECK OPTION
+# This option determines whether or not Nagios will periodically
+# check the "freshness" of service results.  Enabling this option
+# is useful for ensuring passive checks are received in a timely
+# manner.
+# Values: 1 = enabled freshness checking, 0 = disable freshness checking
+
+check_service_freshness=1
+
+
+
+# SERVICE FRESHNESS CHECK INTERVAL
+# This setting determines how often (in seconds) Nagios will
+# check the "freshness" of service check results.  If you have
+# disabled service freshness checking, this option has no effect.
+
+service_freshness_check_interval=60
+
+
+
+# SERVICE CHECK TIMEOUT STATE
+# This setting determines the state Nagios will report when a
+# service check times out - that is does not respond within
+# service_check_timeout seconds.  This can be useful if a
+# machine is running at too high a load and you do not want
+# to consider a failed service check to be critical (the default).
+# Valid settings are:
+# c - Critical (default)
+# u - Unknown
+# w - Warning
+# o - OK
+
+service_check_timeout_state=c
+
+
+
+# HOST FRESHNESS CHECK OPTION
+# This option determines whether or not Nagios will periodically
+# check the "freshness" of host results.  Enabling this option
+# is useful for ensuring passive checks are received in a timely
+# manner.
+# Values: 1 = enabled freshness checking, 0 = disable freshness checking
+
+check_host_freshness=0
+
+
+
+# HOST FRESHNESS CHECK INTERVAL
+# This setting determines how often (in seconds) Nagios will
+# check the "freshness" of host check results.  If you have
+# disabled host freshness checking, this option has no effect.
+
+host_freshness_check_interval=60
+
+
+
+
+# ADDITIONAL FRESHNESS THRESHOLD LATENCY
+# This setting determines the number of seconds that Nagios
+# will add to any host and service freshness thresholds that
+# it calculates (those not explicitly specified by the user).
+
+additional_freshness_latency=15
+
+
+
+
+# FLAP DETECTION OPTION
+# This option determines whether or not Nagios will try
+# and detect hosts and services that are "flapping".  
+# Flapping occurs when a host or service changes between
+# states too frequently.  When Nagios detects that a 
+# host or service is flapping, it will temporarily suppress
+# notifications for that host/service until it stops
+# flapping.  Flap detection is very experimental, so read
+# the HTML documentation before enabling this feature!
+# Values: 1 = enable flap detection
+#         0 = disable flap detection (default)
+
+enable_flap_detection=1
+
+
+
+# FLAP DETECTION THRESHOLDS FOR HOSTS AND SERVICES
+# Read the HTML documentation on flap detection for
+# an explanation of what this option does.  This option
+# has no effect if flap detection is disabled.
+
+low_service_flap_threshold=5.0
+high_service_flap_threshold=20.0
+low_host_flap_threshold=5.0
+high_host_flap_threshold=20.0
+
+
+
+# DATE FORMAT OPTION
+# This option determines how short dates are displayed. Valid options
+# include:
+#	us		(MM-DD-YYYY HH:MM:SS)
+#	euro    	(DD-MM-YYYY HH:MM:SS)
+#	iso8601		(YYYY-MM-DD HH:MM:SS)
+#	strict-iso8601	(YYYY-MM-DDTHH:MM:SS)
+#
+
+date_format=us
+
+
+
+
+# TIMEZONE OFFSET
+# This option is used to override the default timezone that this
+# instance of Nagios runs in.  If not specified, Nagios will use
+# the system configured timezone.
+#
+# NOTE: In order to display the correct timezone in the CGIs, you
+# will also need to alter the Apache directives for the CGI path 
+# to include your timezone.  Example:
+#
+#   <Directory "/usr/local/nagios/sbin/">
+#      SetEnv TZ "Australia/Brisbane"
+#      ...
+#   </Directory>
+
+#use_timezone=US/Mountain
+#use_timezone=Australia/Brisbane
+
+
+
+# ILLEGAL OBJECT NAME CHARACTERS
+# This option allows you to specify illegal characters that cannot
+# be used in host names, service descriptions, or names of other
+# object types.
+
+illegal_object_name_chars=`~!$%^*|"<>?,
+
+
+
+# ILLEGAL MACRO OUTPUT CHARACTERS
+# This option allows you to specify illegal characters that are
+# stripped from macros before being used in notifications, event
+# handlers, etc.  This DOES NOT affect macros used in service or
+# host check commands.
+# The following macros are stripped of the characters you specify:
+#	$HOSTOUTPUT$
+#	$HOSTPERFDATA$
+#	$HOSTACKAUTHOR$
+#	$HOSTACKCOMMENT$
+#	$SERVICEOUTPUT$
+#	$SERVICEPERFDATA$
+#	$SERVICEACKAUTHOR$
+#	$SERVICEACKCOMMENT$
+
+illegal_macro_output_chars=`~$|'"<>
+
+
+
+# REGULAR EXPRESSION MATCHING
+# This option controls whether or not regular expression matching
+# takes place in the object config files.  Regular expression
+# matching is used to match host, hostgroup, service, and service
+# group names/descriptions in some fields of various object types.
+# Values: 1 = enable regexp matching, 0 = disable regexp matching
+
+use_regexp_matching=0
+
+
+
+# "TRUE" REGULAR EXPRESSION MATCHING
+# This option controls whether or not "true" regular expression 
+# matching takes place in the object config files.  This option
+# only has an effect if regular expression matching is enabled
+# (see above).  If this option is DISABLED, regular expression
+# matching only occurs if a string contains wildcard characters
+# (* and ?).  If the option is ENABLED, regexp matching occurs
+# all the time (which can be annoying).
+# Values: 1 = enable true matching, 0 = disable true matching
+
+use_true_regexp_matching=0
+
+
+
+# ADMINISTRATOR EMAIL/PAGER ADDRESSES
+# The email and pager address of a global administrator (likely you).
+# Nagios never uses these values itself, but you can access them by
+# using the $ADMINEMAIL$ and $ADMINPAGER$ macros in your notification
+# commands.
+
+admin_email=nagios@localhost
+admin_pager=pagenagios@localhost
+
+
+
+# DAEMON CORE DUMP OPTION
+# This option determines whether or not Nagios is allowed to create
+# a core dump when it runs as a daemon.  Note that it is generally
+# considered bad form to allow this, but it may be useful for
+# debugging purposes.  Enabling this option doesn't guarantee that
+# a core file will be produced, but that's just life...
+# Values: 1 - Allow core dumps
+#         0 - Do not allow core dumps (default)
+
+daemon_dumps_core=0
+
+
+
+# LARGE INSTALLATION TWEAKS OPTION
+# This option determines whether or not Nagios will take some shortcuts
+# which can save on memory and CPU usage in large Nagios installations.
+# Read the documentation for more information on the benefits/tradeoffs
+# of enabling this option.
+# Values: 1 - Enabled tweaks
+#         0 - Disable tweaks (default)
+
+use_large_installation_tweaks={{ use_large_installation_tweaks }}
+
+
+
+# ENABLE ENVIRONMENT MACROS
+# This option determines whether or not Nagios will make all standard
+# macros available as environment variables when host/service checks
+# and system commands (event handlers, notifications, etc.) are
+# executed.
+# Enabling this is a very bad idea for anything but very small setups,
+# as it means plugins, notification scripts and eventhandlers may run
+# out of environment space. It will also cause a significant increase
+# in CPU- and memory usage and drastically reduce the number of checks
+# you can run.
+# Values: 1 - Enable environment variable macros
+#         0 - Disable environment variable macros (default)
+
+enable_environment_macros={{ enable_environment_macros }}
+
+
+
+# CHILD PROCESS MEMORY OPTION
+# This option determines whether or not Nagios will free memory in
+# child processes (processed used to execute system commands and host/
+# service checks).  If you specify a value here, it will override
+# program defaults.
+# Value: 1 - Free memory in child processes
+#        0 - Do not free memory in child processes
+
+#free_child_process_memory=1
+
+
+
+# CHILD PROCESS FORKING BEHAVIOR
+# This option determines how Nagios will fork child processes
+# (used to execute system commands and host/service checks).  Normally
+# child processes are fork()ed twice, which provides a very high level
+# of isolation from problems.  Fork()ing once is probably enough and will
+# save a great deal on CPU usage (in large installs), so you might
+# want to consider using this.  If you specify a value here, it will
+# program defaults.
+# Value: 1 - Child processes fork() twice
+#        0 - Child processes fork() just once
+
+#child_processes_fork_twice=1
+
+
+
+# DEBUG LEVEL
+# This option determines how much (if any) debugging information will
+# be written to the debug file.  OR values together to log multiple
+# types of information.
+# Values: 
+#          -1 = Everything
+#          0 = Nothing
+#	   1 = Functions
+#          2 = Configuration
+#          4 = Process information
+#	   8 = Scheduled events
+#          16 = Host/service checks
+#          32 = Notifications
+#          64 = Event broker
+#          128 = External commands
+#          256 = Commands
+#          512 = Scheduled downtime
+#          1024 = Comments
+#          2048 = Macros
+
+debug_level=0
+
+
+
+# DEBUG VERBOSITY
+# This option determines how verbose the debug log out will be.
+# Values: 0 = Brief output
+#         1 = More detailed
+#         2 = Very detailed
+
+debug_verbosity=1
+
+
+
+# DEBUG FILE
+# This option determines where Nagios should write debugging information.
+
+debug_file=/var/log/nagios/nagios.debug
+
+
+
+# MAX DEBUG FILE SIZE
+# This option determines the maximum size (in bytes) of the debug file.  If
+# the file grows larger than this size, it will be renamed with a .old
+# extension.  If a file already exists with a .old extension it will
+# automatically be deleted.  This helps ensure your disk space usage doesn't
+# get out of control when debugging Nagios.
+
+max_debug_file_size=1000000
+
+
+
+# Should we allow hostgroups to have no hosts, we default this to off since
+# that was the old behavior
+
+allow_empty_hostgroup_assignment={{ allow_empty_hostgroup_assignment }}
+
+
+
+# Normally worker count is dynamically allocated based on 1.5 * number of cpu's
+# with a minimum of 4 workers.  This value will override the defaults
+
+#check_workers=3
+
+
+
+# EXPERIMENTAL load controlling options
+# To get current defaults based on your system issue a command to
+# the query handler. Please note that this is an experimental feature
+# and not meant for production use. Used incorrectly it can induce
+# enormous latency.
+# #core loadctl
+#   jobs_max - The maximum amount of jobs to run at one time
+#   jobs_min - The minimum amount of jobs to run at one time
+#   jobs_limit - The maximum amount of jobs the current load lets us run
+#   backoff_limit - The minimum backoff_change
+#   backoff_change - # of jobs to remove from jobs_limit when backing off
+#   rampup_limit - Minimum rampup_change
+#   rampup_change - # of jobs to add to jobs_limit when ramping up
+# NOTE: The backoff_limit and rampup_limit are NOT used by anything currently,
+#       so if your system is under load nothing will actively modify the jobs
+#       even if you have these options enabled, they are for external
+#       connector information only.  However, if you change the jobs_max or
+#       jobs_min manually here or through the query handler interface that
+#       WILL affect your system
+#loadctl_options=jobs_max=100;backoff_limit=10;rampup_change=5
diff --git a/roles/monitoring_engine/templates/nagios_apache.conf.j2 b/roles/monitoring_engine/templates/nagios_apache.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..072bb8a5f016dc6edf06441c5d0fe2f9ca53adaf
--- /dev/null
+++ b/roles/monitoring_engine/templates/nagios_apache.conf.j2
@@ -0,0 +1 @@
+{% include "private_files/" + ansible_fqdn + "/files/etc/httpd/conf.d/nagios.conf"  %}
\ No newline at end of file
diff --git a/roles/monitoring_engine/templates/ncg.conf.eudat.j2 b/roles/monitoring_engine/templates/ncg.conf.eudat.j2
new file mode 100644
index 0000000000000000000000000000000000000000..5b411debceb3261218720cd39faaec025e376f03
--- /dev/null
+++ b/roles/monitoring_engine/templates/ncg.conf.eudat.j2
@@ -0,0 +1,64 @@
+# Configuration uses Apache-like format
+# as defined by Perl module Config::General.
+# For further details see:
+#   http://search.cpan.org/dist/Config-General/
+
+# Global variables which can be used in module
+# configuration (e.g. LDAP_ADDRESS=$BDII).
+# Variables in curly brackets are environment
+# variables.
+
+NAGIOS_SERVER = {{ nagios_server }}
+PROBES_TYPE={{ probes_type }}
+NAGIOS_ADMIN = {{ nagios_admin_email }}
+VO = {{ vo }}
+ENABLE_UNICORE_PROBES={{ enable_unicore_probes }}
+BACKUP_INSTANCE = {{ backup_instance }}
+
+<NCG::SiteSet>
+  <GOCDB>
+    GOCDB_ROOT_URL={{ gocdb_root_url }}
+    CERT_STATUS={{ cert_status }}
+  </GOCDB>
+</NCG::SiteSet>
+<NCG::SiteInfo>
+  <GOCDB>
+    GOCDB_ROOT_URL={{ gocdb_root_url }}
+  </GOCDB>
+</NCG::SiteInfo>
+
+<NCG::ConfigGen>
+  <Nagios>
+    TEMPLATES_DIR = /usr/share/grid-monitoring/config-gen/nagios
+    OUTPUT_DIR = /etc/nagios/wlcg.d
+    NAGIOS_ROLE = {{ nagios_role }}
+    INCLUDE_EMPTY_HOSTS = {{ include_empty_hosts }}
+    ENABLE_NOTIFICATIONS = {{ enable_notifications }}
+    CHECK_HOSTS = {{ check_hosts }}
+    TENANT = {{ tenant_name|lower }}
+  </Nagios>
+</NCG::ConfigGen>
+
+<NCG::LocalMetrics>
+  <POEM>
+    POEM_ROOT_URL = {{ poem_root_url }}
+  </POEM>
+  <File>
+    DB_FILE=/etc/ncg/ncg.localdb
+  </File>
+</NCG::LocalMetrics>
+
+<NCG::LocalMetricsAttrs>
+  <Active>
+    GOCDB_ROOT_URL={{ gocdb_root_url }}
+    ENABLE_UNICORE_PROBES=$ENABLE_UNICORE_PROBES
+    INCLUDE_PROXY_CHECKS = {{ include_proxy_checks }}
+    INCLUDE_MSG_CHECKS_RECV = {{ include_msg_checks_recv }}
+  </Active>
+  <File>
+    DB_FILE=/etc/ncg/ncg.localdb
+  </File>
+</NCG::LocalMetricsAttrs>
+
+include ncg.conf.d/*.conf
+
diff --git a/roles/monitoring_engine/templates/ncg.conf.j2 b/roles/monitoring_engine/templates/ncg.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..4e0a3e62515593547b6aefb3d54d6655cd3c6994
--- /dev/null
+++ b/roles/monitoring_engine/templates/ncg.conf.j2
@@ -0,0 +1,98 @@
+# Configuration uses Apache-like format
+# as defined by Perl module Config::General.
+# For further details see:
+#   http://search.cpan.org/dist/Config-General/
+
+# Global variables which can be used in module
+# configuration (e.g. LDAP_ADDRESS=$BDII).
+# Variables in curly brackets are environment
+# variables.
+
+NAGIOS_SERVER = {{ nagios_server }}
+NAGIOS_ADMIN = {{ nagios_admin_email }}
+VO = {{ vo }}
+ENABLE_UNICORE_PROBES= {{ enable_unicore_probes }}
+MYPROXY_SERVER = {{ myproxy_server }}
+
+<NCG::SiteSet>
+  <GOCDB>
+    GOCDB_ROOT_URL={{ gocdb_root_url }}
+    ENABLE_UNICORE_PROBES=$ENABLE_UNICORE_PROBES
+  </GOCDB>
+  <File>
+    DB_FILE=/etc/argo-ncg/ncg.localdb
+    DB_DIRECTORY=/etc/argo-ncg/ncg-localdb.d
+  </File>
+</NCG::SiteSet>
+<NCG::SiteContacts>
+  <GOCDB>
+    GOCDB_ROOT_URL={{ gocdb_root_url }}
+  </GOCDB>
+  <GOCDB>
+    CONTACT_TYPE=alarm
+    GOCDB_ROOT_URL={{ gocdb_root_url }}
+  </GOCDB>
+  <GOCDB>
+    CONTACT_TYPE={{ contact_type }}
+    GOCDB_ROOT_URL={{ gocdb_root_url }}
+  </GOCDB>
+  <File>
+    DB_FILE=/etc/argo-ncg/ncg.localdb
+    DB_DIRECTORY=/etc/argo-ncg/ncg-localdb.d
+  </File>
+</NCG::SiteContacts>
+
+<NCG::SiteInfo>
+  <GOCDB>
+    GOCDB_ROOT_URL={{ gocdb_root_url }}
+  </GOCDB>
+  <File>
+    DB_FILE=/etc/argo-ncg/ncg.localdb
+    DB_DIRECTORY=/etc/argo-ncg/ncg-localdb.d
+  </File>
+</NCG::SiteInfo>
+
+<NCG::LocalMetricsAttrs>
+  <Active>
+    GOCDB_ROOT_URL={{ gocdb_root_url }}
+    ENABLE_UNICORE_PROBES=$ENABLE_UNICORE_PROBES
+    BDII_HOST={{ bdii_host }}
+    INCLUDE_PROXY_CHECKS = {{ include_proxy_checks }}
+  </Active>
+  <LDAP>
+    LDAP_ADDRESS={{ bdii_host }}
+    BDII_LEVEL={{ bdii_level }}
+  </LDAP>
+  <File>
+    DB_FILE=/etc/argo-ncg/ncg.localdb
+    DB_DIRECTORY=/etc/argo-ncg/ncg-localdb.d
+  </File>
+</NCG::LocalMetricsAttrs>
+
+<NCG::ConfigGen>
+  <Nagios>
+    NAGIOS_ROLE = {{ nagios_role|lower }}
+    INCLUDE_EMPTY_HOSTS = {{ include_empty_hosts }}
+    ENABLE_NOTIFICATIONS = {{ enable_notifications }}
+    SEND_TO_DASHBOARD = {{ send_to_dashboard }}
+    CHECK_HOSTS = {{ check_hosts }}
+    TENANT = {{ tenant_name|lower }}
+    ROBOT_CERT=/etc/nagios/globus/robocert.pem
+    ROBOT_KEY=/etc/nagios/globus/robokey.pem
+    USE_ROBOT_CERT=1
+  </Nagios>
+</NCG::ConfigGen>
+
+<NCG::LocalMetrics>
+  <File>
+    DB_FILE=/etc/argo-ncg/ncg.localdb
+    DB_DIRECTORY=/etc/argo-ncg/ncg-localdb.d
+  </File>
+  <POEM>
+    POEM_ROOT_URL = {{ poem_root_url }}
+    POEM_PROFILES = {% for poem in poem_profiles %}{{ poem|upper }}{% if not loop.last %},{% endif %}{% endfor %}
+
+  </POEM>
+</NCG::LocalMetrics>
+
+include ncg.conf.d/*.conf
diff --git a/roles/monitoring_engine/templates/ssl.conf.j2 b/roles/monitoring_engine/templates/ssl.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..4990266ac9ab66fc82516e7db827935c4f4b5e99
--- /dev/null
+++ b/roles/monitoring_engine/templates/ssl.conf.j2
@@ -0,0 +1 @@
+{% include "private_files/" + ansible_fqdn + "/templates/ssl.conf.j2"  %}
\ No newline at end of file
diff --git a/roles/monitoring_engine/templates/ucc.config.j2 b/roles/monitoring_engine/templates/ucc.config.j2
new file mode 100644
index 0000000000000000000000000000000000000000..195b99b75ff9f6d37a47483152346e2f4aa0a3bf
--- /dev/null
+++ b/roles/monitoring_engine/templates/ucc.config.j2
@@ -0,0 +1 @@
+{% include "private_files/" + ansible_fqdn + "/templates/ucc.config.j2"  %}
\ No newline at end of file
diff --git a/roles/monitoring_engine/templates/unicore_jks.sh.j2 b/roles/monitoring_engine/templates/unicore_jks.sh.j2
new file mode 100644
index 0000000000000000000000000000000000000000..55dbf659546351a0cedfec696bba2b4c37184a1e
--- /dev/null
+++ b/roles/monitoring_engine/templates/unicore_jks.sh.j2
@@ -0,0 +1 @@
+{% include "private_files/" + ansible_fqdn + "/templates/unicore_jks.sh.j2"  %}
\ No newline at end of file
diff --git a/roles/monitoring_engine/templates/unicore_ks.sh.j2 b/roles/monitoring_engine/templates/unicore_ks.sh.j2
new file mode 100644
index 0000000000000000000000000000000000000000..866df1f198184181e12179d3811f057767960915
--- /dev/null
+++ b/roles/monitoring_engine/templates/unicore_ks.sh.j2
@@ -0,0 +1 @@
+{% include "private_files/" + ansible_fqdn + "/templates/unicore_ks.sh.j2"  %}
\ No newline at end of file
diff --git a/roles/monitoring_engine/templates/unicore_ts.sh.j2 b/roles/monitoring_engine/templates/unicore_ts.sh.j2
new file mode 100644
index 0000000000000000000000000000000000000000..4e2ce0bf7c522b2c6253d1566b57c4cc77b17c4a
--- /dev/null
+++ b/roles/monitoring_engine/templates/unicore_ts.sh.j2
@@ -0,0 +1 @@
+{% include "private_files/" + ansible_fqdn + "/templates/unicore_ts.sh.j2"  %}
\ No newline at end of file
diff --git a/roles/monitoring_engine/templates/voms_lsc.j2 b/roles/monitoring_engine/templates/voms_lsc.j2
new file mode 100644
index 0000000000000000000000000000000000000000..6dec1787f5046cc46254c827b16c593dd860ae93
--- /dev/null
+++ b/roles/monitoring_engine/templates/voms_lsc.j2
@@ -0,0 +1,2 @@
+{{ item.dn }}
+{{ item.issuer }}
\ No newline at end of file
diff --git a/roles/monitoring_engine/templates/vomses.j2 b/roles/monitoring_engine/templates/vomses.j2
new file mode 100644
index 0000000000000000000000000000000000000000..6ca85e24b1a3060fe2c052edb7002769cc59ef40
--- /dev/null
+++ b/roles/monitoring_engine/templates/vomses.j2
@@ -0,0 +1 @@
+"{{ item.vo }}" "{{ item.server }}" "{{ item.port }}" "{{ item.dn }}" "{{ item.vo }}" "24"
\ No newline at end of file
diff --git a/roles/poem/defaults/main.yml b/roles/poem/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..330da5a1828b756f4a4e2313172943f3f8b8879d
--- /dev/null
+++ b/roles/poem/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+
+db_path: /var/lib/poem/poemserv.db
+db_user: test
+db_pass: test123
+db_mail: foo@example.com
+
+poem_namespace: example.com.TEST
+poem_gocdb_url: goc.egi.eu
+poem_secret: bbc2ac55-e3aa-4b89-9038-e1acc4baf232
+poem_debug: "True"
+poem_timezone: Europe/Athens
\ No newline at end of file
diff --git a/roles/poem/tasks/main.yml b/roles/poem/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7d3730d8334ff7c1fcac35a3a63ebf200337b47c
--- /dev/null
+++ b/roles/poem/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Install CAs metapackage
+  yum: name=ca-policy-egi-core state=latest
+  tags: install_ca_bundle
+
+- name: Install poem package from argo repository
+  yum: name=poem state=latest enablerepo={{ enabled_argo_repo }}
+
+- name: Create poem.ini file
+  template: src=poem.ini.j2
+            dest=/etc/poem/poem.ini backup=yes
+            owner=root group=root mode=0644
+
+- name: Run db creation script
+  shell: poem-createdb creates={{ db_path }}
+
+- name: Start and enable httpd service
+  service: name=httpd state=started enabled=yes
+
diff --git a/roles/poem/templates/poem.ini.j2 b/roles/poem/templates/poem.ini.j2
new file mode 100644
index 0000000000000000000000000000000000000000..cfb81bacf4a24b4a5aea8c6dcd34fe3590778d39
--- /dev/null
+++ b/roles/poem/templates/poem.ini.j2
@@ -0,0 +1,17 @@
+[general]
+SUPERUSER_NAME: {{ db_user }}
+SUPERUSER_PASSWORD: {{ db_pass }}
+SUPERUSER_EMAIL: {{ db_mail }}
+
+[log]
+LOG_CONFIG: /etc/poem/poem_logging.ini
+
+[others]
+POEM_NAMESPACE: {{ poem_namespace }}
+GOCDB_SERVICETYPE_URL: https://{{ poem_gocdb_url }}/gocdbpi/private/?method=get_service_types
+CIC_VO_URL: http://operations-portal.egi.eu/xml/voIDCard/public/all/true
+HOST_CERT = /etc/grid-security/hostcert.pem
+HOST_KEY = /etc/grid-security/hostkey.pem
+DEBUG: {{ poem_debug }} 
+SECRET_KEY: {{ poem_secret }}
+TIME_ZONE: {{ poem_timezone }}
diff --git a/roles/repos/defaults/main.yml b/roles/repos/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bf9b73d7e3c29e6c490efccaf6f2d714cd61a120
--- /dev/null
+++ b/roles/repos/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+epel_release: http://ftp.ntua.gr/pub/linux/fedora-epel/6/i386/epel-release-6-8.noarch.rpm
diff --git a/roles/repos/files/etc/yum.repos.d/argo.repo b/roles/repos/files/etc/yum.repos.d/argo.repo
new file mode 100644
index 0000000000000000000000000000000000000000..3119f9fb378ff2776af884e5b6e2340b5b8aca8f
--- /dev/null
+++ b/roles/repos/files/etc/yum.repos.d/argo.repo
@@ -0,0 +1,11 @@
+[argo-prod]
+name=ARGO Product Repository
+baseurl=http://snf-711530.vm.okeanos.grnet.gr/ARGO/prod/centos6/
+enabled=0
+gpgcheck=0
+
+[argo-devel]
+name=ARGO Development Repository
+baseurl=http://snf-711530.vm.okeanos.grnet.gr/ARGO/devel/centos6/
+gpgcheck=0
+enabled=1
diff --git a/roles/repos/files/etc/yum.repos.d/cloudera-cdh5.repo b/roles/repos/files/etc/yum.repos.d/cloudera-cdh5.repo
new file mode 100644
index 0000000000000000000000000000000000000000..17468362516c9db3f21bec9b0d18b69065806d23
--- /dev/null
+++ b/roles/repos/files/etc/yum.repos.d/cloudera-cdh5.repo
@@ -0,0 +1,7 @@
+[cloudera-cdh5]
+# Packages for Cloudera's Distribution for Hadoop, Version 5, on RedHat or CentOS 6 x86_64
+name=Cloudera's Distribution for Hadoop, Version 5
+baseurl=http://archive.cloudera.com/cdh5/redhat/$releasever/$basearch/cdh/5/
+gpgkey = http://archive.cloudera.com/cdh5/redhat/$releasever/$basearch/cdh/RPM-GPG-KEY-cloudera
+gpgcheck = 1
+enabled = 1
diff --git a/roles/repos/files/etc/yum.repos.d/nagios.repo b/roles/repos/files/etc/yum.repos.d/nagios.repo
new file mode 100644
index 0000000000000000000000000000000000000000..63d643cb46857e0987f3c2d7da15a8b955022531
--- /dev/null
+++ b/roles/repos/files/etc/yum.repos.d/nagios.repo
@@ -0,0 +1,5 @@
+[nagios]
+name=Nagios Repository
+baseurl=http://ftp.srce.hr/srce-redhat/base/el6/$basearch
+enabled=0
+gpgcheck=0
\ No newline at end of file
diff --git a/roles/repos/tasks/main.yml b/roles/repos/tasks/main.yml
index bf456aaa62eeb2811f05a789292f8341baf1f0cf..62a5ce7607f9d78d2015cf0c94f7b7c018e9521f 100644
--- a/roles/repos/tasks/main.yml
+++ b/roles/repos/tasks/main.yml
@@ -1,29 +1,47 @@
 ---
 
 - name: Install epel repo files
-  yum: name={{ epel_release_url }}{{ epel_release_name }}
+  yum: name={{ epel_release }}
        state=present
+  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6'
 
-- name: Install arstats repo files
-  yum: name={{ arstats_release_url }}{{ arstats_release_name }}
-       state=present
+- name: Install argo repository definitions
+  tags: argo_repo
+  copy: src=etc/yum.repos.d/argo.repo
+        dest=/etc/yum.repos.d/argo.repo backup=no
+        owner=root group=root mode=0644
+  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6'
 
 - name: Install mongodb repo
   tags: mongodb_repo
   copy: src=etc/yum.repos.d/mongodb_3.repo
         dest=/etc/yum.repos.d/mongodb_3.repo backup=no
         owner=root group=root mode=0644
+  when: inventory_hostname in groups.standalone or inventory_hostname in groups.webapi
 
 - name: Install EGI-trustanchors repository definitions
   tags: ca_bundle_repo
   copy: src=etc/yum.repos.d/EGI-trustanchors.repo
         dest=/etc/yum.repos.d/EGI-trustanchors.repo backup=no
         owner=root group=root mode=0644
-  when: inventory_hostname in groups.standalone
+  when: inventory_hostname in groups.standalone or inventory_hostname in groups.webui or ca_bundle_install==true
 
-- name: Install cloudera-cdh4 repo
-  tags: cloudera-cdh4_repo
-  copy: src=etc/yum.repos.d/cloudera-cdh4.repo
-        dest=/etc/yum.repos.d/cloudera-cdh4.repo backup=no
+- name: Install cloudera-cdh5 repo
+  tags: cloudera-cdh5_repo
+  copy: src=etc/yum.repos.d/cloudera-cdh5.repo
+        dest=/etc/yum.repos.d/cloudera-cdh5.repo backup=no
         owner=root group=root mode=0644
   when: inventory_hostname in groups.standalone
+
+- name: Install Nagios repo
+  tags: monitoring_engine_repo
+  copy: src=etc/yum.repos.d/nagios.repo
+        dest=/etc/yum.repos.d/nagios.repo backup=no
+        owner=root group=root mode=0644
+  when: inventory_hostname in groups.monitoring_engine
+
+- name: Install UMD repo
+  tags: umd_repo
+  yum: name=http://repository.egi.eu/sw/production/umd/3/sl6/x86_64/updates/umd-release-3.0.1-1.el6.noarch.rpm 
+       state=present
+  when: inventory_hostname in groups.monitoring_engine and nagios_plugins_umd is defined
diff --git a/roles/swagger/defaults/main.yml b/roles/swagger/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..717050627be2c72c4cb3997887becdeb3581bc7f
--- /dev/null
+++ b/roles/swagger/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+swagger_docs:
+  - { github_org: swagger-api, name: swagger-spec , branch: master, path_to_yaml: "examples/v2.0/yaml/petstore.yaml" , api_host: "petstore.swagger.io"}
diff --git a/roles/swagger/handlers/main.yml b/roles/swagger/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c2859ca6248775ee74fb1ae1a5ccb7c3f0e819e2
--- /dev/null
+++ b/roles/swagger/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: restart apache
+  service: name=httpd state=restarted
diff --git a/roles/swagger/tasks/main.yml b/roles/swagger/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..71082edb3d0157abdf3859bd01c387ac8e15934f
--- /dev/null
+++ b/roles/swagger/tasks/main.yml
@@ -0,0 +1,76 @@
+---
+
+- name: Install Pip
+  tags: swagger
+  yum: name=python-pip state=present
+
+- name: Install PyYAML
+  tags: swagger
+  pip: name=pyYAML state=latest
+
+- name: Install Apache
+  tags: swagger
+  yum: name={{ item }} state=present
+  with_items:
+    - httpd
+    - mod_ssl
+
+- name: Config Apache Up and Running
+  tags: swagger
+  service: name=httpd enabled=yes state=started
+
+- name: Create /tmp/swagger folder
+  tags: swagger
+  file: path=/tmp/swagger state=directory
+
+- name: Get swagger-ui distro tar
+  tags: swagger
+  shell: >
+    curl -L https://api.github.com/repos/swagger-api/swagger-ui/tarball
+    | tar xz -C /tmp/swagger --strip-components 1
+
+- name: Create swagger directories
+  tags: swagger
+  file: path=/var/www/html/{{ item.name }} state=directory owner=root group=root mode=0755
+  with_items: swagger_docs
+
+- name: Transfer dist files to each dedicated dir at /var/www/html/
+  tags: swagger
+  shell: cp -R /tmp/swagger/dist/* /var/www/html/{{ item.name }}
+  with_items: swagger_docs
+
+- name: Get latest swagger.yaml definition files
+  tags: swagger
+  get_url: url=https://raw.githubusercontent.com/{{ item.github_org }}/{{ item.name }}/{{ item.branch }}/{{ item.path_to_yaml }}
+           dest=/tmp/swagger/{{ item.name }}_swagger.yaml force=yes
+           owner=root group=root mode=0644
+  with_items: swagger_docs
+  notify: restart apache
+
+- name: Convert swagger.yaml to swagger.json
+  tags: swagger
+  shell: >
+    python -c 'import sys, yaml, json;
+    json.dump(yaml.load(sys.stdin), sys.stdout, indent=4)'
+    < /tmp/swagger/{{ item.name }}_swagger.yaml > /var/www/html/{{ item.name }}/swagger.json
+  with_items: swagger_docs
+
+- name: Make swagger.json point to corresponding api endpoint
+  tags: swagger
+  lineinfile: >
+              dest=/var/www/html/{{ item.name }}/swagger.json
+              regexp='( +)\"host\":\ \"(.+)\"\,'
+              line='    \"host\": \"{{ item.api_host }}\",'
+              state=present backup=yes
+  with_items: swagger_docs
+  notify: restart apache
+
+- name: Point swagger-ui to corresponding swagger definitions on host
+  tags: swagger
+  replace: dest=/var/www/html/{{ item.name }}/index.html
+           regexp='url = "http:\/\/petstore\.swagger\.io\/v2\/swagger\.json";'
+           replace='url = "https://{{ inventory_hostname }}/{{ item.name }}/swagger.json";'
+           backup=yes
+  with_items: swagger_docs
+
+
diff --git a/roles/webapi/defaults/main.yml b/roles/webapi/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6635d5bfed271db41d191c44fad08d19b802cd83
--- /dev/null
+++ b/roles/webapi/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+argo_web_api_port: 443
+cors_support: "false"
diff --git a/roles/webapi/handlers/main.yml b/roles/webapi/handlers/main.yml
index e7beb180b8e9ccfd38cba385fa76d1cd712cc140..257e5eb7d89f40c49a961958c2b9d5090cdb2724 100644
--- a/roles/webapi/handlers/main.yml
+++ b/roles/webapi/handlers/main.yml
@@ -1,4 +1,4 @@
 ---
 
-- name: updated ar-web-api package
-  service: name=ar-web-api state=restarted
\ No newline at end of file
+- name: restart argo-web-api service
+  service: name=argo-web-api state=restarted
\ No newline at end of file
diff --git a/roles/webapi/tasks/main.yml b/roles/webapi/tasks/main.yml
index b5cd8b82031a457a3d2b3eef1e47d34aac541c47..0b090a2b77532a287d69b7eea98aa35284ba366d 100644
--- a/roles/webapi/tasks/main.yml
+++ b/roles/webapi/tasks/main.yml
@@ -1,10 +1,16 @@
 ---
 
-- name: Install ar-web-api package
-  yum: name=ar-web-api state=latest
-  notify: updated ar-web-api package
+- name: Install argo-web-api package
+  yum: name=argo-web-api state=latest enablerepo={{ enabled_argo_repo }}
+  notify: restart argo-web-api service
   tags: api
 
+- name: Configure argo-web-api
+  template: src=argo-web-api.conf.j2
+            dest=/etc/argo-web-api.conf backup=yes
+            owner=root group=root mode=0644
+  notify: restart argo-web-api service
+
 - name: Start web api service
-  service: name=ar-web-api state=started
+  service: name=argo-web-api state=started
   tags: api
diff --git a/roles/webapi/templates/argo-web-api.conf.j2 b/roles/webapi/templates/argo-web-api.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..1af86d903b6e08f1dc9439a348f4391330334a7d
--- /dev/null
+++ b/roles/webapi/templates/argo-web-api.conf.j2
@@ -0,0 +1,16 @@
+[server]
+bindip = ""
+port = {{ argo_web_api_port }}
+maxprocs = 4
+cache = false
+lrucache = 700000000
+gzip = true
+cert = /etc/pki/tls/certs/localhost.crt
+privkey = /etc/pki/tls/private/localhost.key
+reqsizelimit = 1073741824
+enablecors = {{ cors_support }}
+
+[mongodb]
+host = "127.0.0.1"
+port = 27017
+db = "argo_core"
diff --git a/roles/webui/defaults/main.yml b/roles/webui/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8c33d054ebbf916beaa265cc9c40e5139f874eba
--- /dev/null
+++ b/roles/webui/defaults/main.yml
@@ -0,0 +1,30 @@
+---
+
+services:
+  - http
+  - https
+
+tenant_name: einfraname
+lavoisier_home: /var/www/lavoisier
+branch_name: master
+argo_web: argo-egi-web
+argo_api_host: example.com
+argo_api_key: some_api_key
+contact_email: foo@example.com
+
+gocdb_endpoint: goc.egi.eu
+gocdb_production: Production
+gocdb_certification: Certified
+
+cert_dir: /etc/grid-security
+cert_path: /etc/grid-security/hostcert.pem
+key_path: /etc/grid-security/hostkey.pem
+
+certificate_password: change_me_or_overwrite_me_in_vars_file
+certificate_path: /etc/grid-security/server.p12
+cache_directory: /tmp
+truststore_path: /etc/grid-security/certificates
+keystore_path: /etc/grid-security/server.p12
+keystore_password: change_me_or_overwrite_me_in_vars_file
+
+admin_password_md5: b91cd1a54781790beaa2baf741fa6789
\ No newline at end of file
diff --git a/roles/webui/handlers/main.yml b/roles/webui/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..744e10ed09e6731647f7e80971a148b614224df6
--- /dev/null
+++ b/roles/webui/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: restart webui
+  command: ./bin/lavoisier.sh restart
+           chdir={{ lavoisier_home }}/{{ argo_web }}-{{ branch_name }}
+  ignore_errors: True
diff --git a/roles/webui/tasks/main.yml b/roles/webui/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f64925778f036c55dff7d24abce82a984a406cff
--- /dev/null
+++ b/roles/webui/tasks/main.yml
@@ -0,0 +1,73 @@
+---
+
+- name: Install requirements
+  yum: name={{ item }} state=present
+  with_items:
+    - java-1.7.0-openjdk.x86_64
+    - wget
+    - unzip
+  tags: install_requirements
+
+- name: Install CAs metapackage
+  yum: name=ca-policy-egi-core state=latest
+  tags: install_ca_bundle
+  notify: restart webui
+
+- name: Copy files to setup HOME_LAVOISIER
+  template: src={{ item }}.j2 dest=/etc/profile.d/{{ item }}
+            owner=root group=root mode=0644
+  with_items:
+    - lavoisier.sh
+    - lavoisier.csh
+
+- name: Create download directory
+  file: path={{ lavoisier_home }} state=directory
+
+- name: Create cache directory
+  file: path={{ cache_directory }} state=directory
+
+- name: Remove older downloaded lavoisier zip file
+  command: rm -f {{ lavoisier_home }}/{{ branch_name }}.zip
+  ignore_errors: True
+  
+- name: Download lavoisier zip file
+  get_url: url=https://github.com/ARGOeu/{{ argo_web }}/archive/{{ branch_name }}.zip
+           dest={{ lavoisier_home }}/{{ branch_name }}.zip
+           mode=0640
+  register: download_out
+  notify: restart webui
+
+- name: Stage old directory if download target has changed
+  command: mv {{ argo_web }}-{{ branch_name }} {{ argo_web }}-{{ branch_name }}.old
+           chdir={{ lavoisier_home }}
+  when: download_out is defined and download_out.changed
+  ignore_errors: True
+
+- name: Unzip zip file
+  command: unzip {{ branch_name }}.zip
+           chdir={{ lavoisier_home }}
+  when: download_out is defined and download_out.changed
+
+- name: Copy etc/lavoisier-hidden.properties file
+  template: src=lavoisier-hidden.properties.j2
+            dest={{ lavoisier_home }}/{{ argo_web }}-{{ branch_name }}/etc/lavoisier-hidden.properties
+            owner=root group=root mode=0644
+  notify: restart webui
+
+- name: Copy etc/argo-config.properties file
+  template: src=argo-config.properties.j2
+            dest={{ lavoisier_home }}/{{ argo_web }}-{{ branch_name }}/etc/argo-config.properties
+            owner=root group=root mode=0644
+  notify: restart webui
+
+- name: Configure etc/security/passwords.properties
+  lineinfile: dest={{ lavoisier_home }}/{{ argo_web }}-{{ branch_name }}/etc/security/passwords.properties
+              line='admin={{ admin_password_md5 }}'
+              regexp='^admin'
+              state=present
+  notify: restart webui
+
+- name: Start webui
+  command: ./bin/lavoisier.sh start
+           chdir={{ lavoisier_home }}/{{ argo_web }}-{{ branch_name }}
+  ignore_errors: True
diff --git a/roles/webui/templates/argo-config.properties.j2 b/roles/webui/templates/argo-config.properties.j2
new file mode 100644
index 0000000000000000000000000000000000000000..c6b3ca23b48a735c8cdaa40e327c23faa416f84c
--- /dev/null
+++ b/roles/webui/templates/argo-config.properties.j2
@@ -0,0 +1,56 @@
+############################################
+# ARGO API methods
+###########################################
+
+### Generic Url Availability
+
+api.group.availability=https://{{ argo_api_host }}/api/v2/results/
+api.service.availability=https://{{ argo_api_host }}/api/v2/results/
+api.output.details=https://{{ argo_api_host }}/api/v2/metric_result/
+
+###Generic Url  STATUS
+
+api.status.url=https://{{ argo_api_host }}/api/v2/status/
+
+
+### Factors
+api.custom.factors=https://{{ argo_api_host }}/api/v2/factors
+
+
+### RECOMPUTATION
+
+api.recomputation.url=https://{{ argo_api_host }}/api/v2/recalculate
+api.recomputation.history.url=https://{{ argo_api_host }}/api/v2/get_recalculation_requests
+
+### METRICS PROFILE
+api.metrics.profile=https://{{ argo_api_host }}/api/v2/metric_profiles
+
+### PROFILES
+
+api.availabilities.profiles=http://argo.egi.eu/lavoisier/listProfilesRaw?accept=xml
+api.aggregation_profiles=https://{{ argo_api_host }}/api/v2/aggregation_profiles
+
+api.reports=https://{{ argo_api_host }}/api/v2/reports
+
+####################
+# MON.EGI.EU
+#####################
+
+api.monthly.sites.cern=http://mon.egi.eu/mywlcg/sam-pi/group_availability_in_profile/?profile_name=ROC_CRITICAL&vo_name=ops&group_type=Site&start_time=2014-05-01T00:00:00Z&end_time=2016-01-01T00:00:00Z&type=MONTHLY&output=xml
+api.monthly.sites.argo=https://{{ argo_api_host }}/api/v2/group_availability?group_type=site&start_time=2014-05-01T10:00:00Z&end_time=2016-10-02T10:00:00Z&granularity=MONTHLY&output=XML&availability_profile=test-ap1
+
+api.monthly.sites.cern.cloud=http://mon.egi.eu/mywlcg/sam-pi/group_availability_in_profile/?profile_name=CLOUD-MON&vo_name=ops&group_type=Site&start_time=2014-05-01T00:00:00Z&end_time=2016-01-01T00:00:00Z&type=MONTHLY&output=xml
+api.monthly.sites.argo.cloud=https://{{ argo_api_host }}/api/v2/group_availability?group_type=site&start_time=2014-05-01T10:00:00Z&end_time=2016-10-02T10:00:00Z&granularity=MONTHLY&output=XML&availability_profile=egi-fedcloud
+
+
+########################
+# GOC DB
+######################
+
+{% if tenant_name is defined and tenant_name|lower == "eudat" %}
+goc.siteProjects=https://{{ gocdb_endpoint }}/gocdbpi/private/?method=get_service_group
+{% endif %}
+goc.siteList=https://{{ gocdb_endpoint }}/gocdbpi/private/?method=get_site&certification_status={{ gocdb_certification }}&production_status={{ gocdb_production }}
+goc.ngiContactsList=https://{{ gocdb_endpoint }}/gocdbpi/private/?method=get_roc_contacts
+goc.serviceFlavours=https://{{ gocdb_endpoint }}/gocdbpi/public/?method=get_service_types
+goc.hostList=https://{{ gocdb_endpoint }}/gocdbpi/public/?method=get_service
diff --git a/roles/webui/templates/lavoisier-hidden.properties.j2 b/roles/webui/templates/lavoisier-hidden.properties.j2
new file mode 100644
index 0000000000000000000000000000000000000000..d60364c0fb736b51f874ad1f420cd34de66bb855
--- /dev/null
+++ b/roles/webui/templates/lavoisier-hidden.properties.j2
@@ -0,0 +1,24 @@
+# location of the caches for the data
+cache.baseDirectory={{ cache_directory }}
+
+# Certificate path and associated password (accepted formats p12 and pem)
+certificate.password={{ certificate_password }}
+certificate.path={{ certificate_path }}
+
+# Path to the CA , used for ssl authentication
+lavoisier.ssl.trustStore={{ truststore_path }}
+
+# Path to the host certificate for the trusted authentication , could be the same value than certificate
+lavoisier.ssl.keyStore={{ keystore_path }}
+lavoisier.ssl.keyStorePassword={{ keystore_password }}
+
+
+# Key used to interact with the ARGO API
+argo.api.key={{ argo_api_key }}
+
+
+# Host of the service, used to generate relative urls
+server.baseUrl=http://{{ inventory_hostname }}
+
+# Email contact used to send emails for recomputation
+contact.email={{ contact_email }}
diff --git a/roles/webui/templates/lavoisier.csh.j2 b/roles/webui/templates/lavoisier.csh.j2
new file mode 100644
index 0000000000000000000000000000000000000000..55bc43970a0a220d52fa43024cd1bb4d99433c73
--- /dev/null
+++ b/roles/webui/templates/lavoisier.csh.j2
@@ -0,0 +1,2 @@
+# File to export the variable HOME_LAVOISIER.
+setenv HOME_LAVOISIER "{{ lavoisier_home }}"
\ No newline at end of file
diff --git a/roles/webui/templates/lavoisier.sh.j2 b/roles/webui/templates/lavoisier.sh.j2
new file mode 100644
index 0000000000000000000000000000000000000000..d795fd8d43c41bcd4ea7ae563fa03be56158f787
--- /dev/null
+++ b/roles/webui/templates/lavoisier.sh.j2
@@ -0,0 +1,2 @@
+# File to export the variable HOME_LAVOISIER.
+export HOME_LAVOISIER={{ lavoisier_home }}
\ No newline at end of file
diff --git a/standalone.yml b/standalone.yml
index 3b7aa9b0e56d2d685896686ad1bc844ad5b6b702..773040804d81df062cf76fc38d90b5c159ccf633 100644
--- a/standalone.yml
+++ b/standalone.yml
@@ -1,7 +1,7 @@
 ---
 
 - hosts: standalone
-  user: root
+  sudo: true
   roles:
     - { role: firewall        , tags: firewall        }
     - { role: repos           , tags: repos           }
diff --git a/swagger.yml b/swagger.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f573cb93da50556fdecfdc66e09ce21675c1beb9
--- /dev/null
+++ b/swagger.yml
@@ -0,0 +1,6 @@
+---
+
+- hosts: webapi
+  sudo: true
+  roles:
+    - { role: swagger, tags: swagger }
diff --git a/webapi.yml b/webapi.yml
index b70f3ff23dc77d64e93f2f8f6462e627581a8869..4df42d90544214bb0a5cf9ca41c45b0aee805ab8 100644
--- a/webapi.yml
+++ b/webapi.yml
@@ -1,7 +1,7 @@
 ---
 
 - hosts: webapi
-  user: root
+  sudo: true
   roles:
     - { role: firewall, tags: firewall }
     - { role: repos, tags: repos }
diff --git a/webui.yml b/webui.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d11473a70580e4520a6e9ed7785e07b9a5ddcad7
--- /dev/null
+++ b/webui.yml
@@ -0,0 +1,9 @@
+---
+
+- hosts: webui
+  user: root
+  roles:
+    - { role: firewall, tags: firewall }
+    - { role: repos,    tags: repos    }
+    - { role: has_certificate, tags: certificate }
+    - { role: webui,    tags: webui    }