From 99baa97c729a2dfb7c1025d4d2adcd568ad3e410 Mon Sep 17 00:00:00 2001
From: msoares <marcelo.soares@cnaf.infn.it>
Date: Thu, 25 Feb 2021 00:44:48 +0000
Subject: [PATCH 1/5] Added all vomses and vomsdir Fixed httpd conf files Fixed
 mounting volumes Fixed Mysql

---
 .gitignore                                    |   9 +
 Dockerfile                                    |  66 +---
 assets/1                                      |  16 +
 assets/ENV                                    |  12 +
 assets/fts3-mon/autoindex.conf                |   1 -
 assets/fts3-mon/httpd/conf.d/autoindex.conf   |  94 ++++++
 .../fts3-mon/{ => httpd/conf.d}/ftsmon.conf   |  10 +-
 assets/fts3-mon/httpd/conf.d/ssl.conf         | 217 +++++++++++++
 assets/fts3-mon/httpd/conf.d/userdir.conf     |  36 +++
 assets/fts3-mon/httpd/conf.d/welcome.conf     |  22 ++
 assets/fts3-mon/httpd/conf.d/zgridsite.conf   | 111 +++++++
 assets/fts3-mon/ssl.conf                      |   1 -
 assets/fts3-mon/userdir.conf                  |   1 -
 assets/fts3-mon/welcome.conf                  |   1 -
 assets/fts3-mon/zgridsite.conf                |   1 -
 assets/fts3-rest/autoindex.conf               |   1 -
 assets/fts3-rest/httpd/conf.d/autoindex.conf  |  94 ++++++
 .../{ => httpd/conf.d}/fts3rest.conf          |   7 +-
 assets/fts3-rest/httpd/conf.d/ssl.conf        | 217 +++++++++++++
 assets/fts3-rest/httpd/conf.d/userdir.conf    |  36 +++
 assets/fts3-rest/httpd/conf.d/welcome.conf    |  22 ++
 assets/fts3-rest/httpd/conf.d/zgridsite.conf  | 111 +++++++
 assets/fts3-rest/ssl.conf                     |   1 -
 assets/fts3-rest/userdir.conf                 |   1 -
 assets/fts3-rest/welcome.conf                 |   1 -
 assets/fts3-rest/zgridsite.conf               |   1 -
 .../fts3-server/httpd/conf.d/autoindex.conf   |  94 ++++++
 assets/fts3-server/httpd/conf.d/ssl.conf      | 217 +++++++++++++
 assets/fts3-server/httpd/conf.d/userdir.conf  |  36 +++
 assets/fts3-server/httpd/conf.d/welcome.conf  |  22 ++
 .../fts3-server/httpd/conf.d/zgridsite.conf   | 111 +++++++
 assets/fts3/fts-msg-monitoring.conf           |   1 +
 assets/fts3/fts3config                        |  31 +-
 assets/fts3/fts3rest.ini                      |  13 +-
 assets/log/fts3/fts3bringonline.log           |   0
 assets/log/fts3/fts3server.log                |   0
 assets/log/fts3/fts_bringonline_stderr.log    |   0
 assets/log/fts3/fts_bringonline_stdout.log    |   0
 assets/log/fts3/fts_server_stderr.log         |   0
 assets/log/fts3/fts_server_stdout.log         |   0
 assets/log/fts3/msg.log                       |   0
 assets/mysql/fts-database-upgrade.py          | 285 ++++++++++++++++++
 assets/mysql/fts-database-upgrade.pyc         | Bin 0 -> 9692 bytes
 assets/mysql/fts-database-upgrade.pyo         | Bin 0 -> 9692 bytes
 assets/scripts/docker-entrypoint.sh           |  21 --
 assets/scripts/etc/hosts                      |   7 +
 assets/scripts/fts-database-upgrade.py        | 285 ++++++++++++++++++
 assets/scripts/fts-database-upgrade.pyc       | Bin 0 -> 9692 bytes
 assets/scripts/fts-database-upgrade.pyo       | Bin 0 -> 9692 bytes
 assets/scripts/initialize-mysql.sh            |   2 +-
 assets/scripts/startup-fts-mon.sh             |  15 +
 assets/scripts/startup-fts-rest-mon.sh        |  11 -
 assets/scripts/startup-fts-rest.sh            |  12 +-
 assets/scripts/startup-fts-server.sh          |  11 +
 assets/supervisor/conf.d/supervisord.conf     |  36 +++
 assets/vomsdir/alice/lcg-voms2.cern.ch.lsc    |   2 +
 assets/vomsdir/alice/voms2.cern.ch.lsc        |   2 +
 assets/vomsdir/argo/voms-01.pd.infn.it.lsc    |   2 +
 assets/vomsdir/argo/voms.cnaf.infn.it.lsc     |   2 +
 assets/vomsdir/atlas/lcg-voms2.cern.ch.lsc    |   2 +
 assets/vomsdir/atlas/voms2.cern.ch.lsc        |   2 +
 assets/vomsdir/auger/voms1.grid.cesnet.cz.lsc |   2 +
 assets/vomsdir/auger/voms2.grid.cesnet.cz.lsc |   2 +
 assets/vomsdir/babar/voms.gridpp.ac.uk.lsc    |   2 +
 assets/vomsdir/belle/grid-voms.desy.de.lsc    |   2 +
 assets/vomsdir/belle/voms.cc.kek.jp.lsc       |   2 +
 assets/vomsdir/belle/voms.hep.pnnl.gov.lsc    |   2 +
 .../vomsdir/biomed/cclcgvomsli01.in2p3.fr.lsc |   2 +
 assets/vomsdir/cdf/voms-01.pd.infn.it.lsc     |   2 +
 assets/vomsdir/cdf/voms.cnaf.infn.it.lsc      |   2 +
 assets/vomsdir/cdf/voms1.fnal.gov.lsc         |   2 +
 assets/vomsdir/cdf/voms2.fnal.gov.lsc         |   2 +
 .../vomsdir/clas12/gryphn.phys.uconn.edu.lsc  |   2 +
 .../vomsdir/clas12/jlabvoms.t2.ucsd.edu.lsc   |   2 +
 assets/vomsdir/cms/lcg-voms2.cern.ch.lsc      |   2 +
 assets/vomsdir/cms/voms2.cern.ch.lsc          |   2 +
 assets/vomsdir/dteam/voms2.hellasgrid.gr.lsc  |   2 +
 assets/vomsdir/geant4/lcg-voms.cern.ch.lsc    |   2 +
 assets/vomsdir/geant4/voms.cern.ch.lsc        |   2 +
 .../gerda.mpg.de/vomsIGI-NA.unina.it.lsc      |   2 +
 .../gerda.mpg.de/vomsmania.cnaf.infn.it.lsc   |   2 +
 .../vomsdir/glast.org/voms-02.pd.infn.it.lsc  |   2 +
 .../vomsdir/glast.org/voms2.cnaf.infn.it.lsc  |   2 +
 .../icarus-exp.org/vomsIGI-NA.unina.it.lsc    |   2 +
 .../icarus-exp.org/vomsmania.cnaf.infn.it.lsc |   2 +
 assets/vomsdir/infngrid/voms.cnaf.infn.it.lsc |   2 +
 assets/vomsdir/juno/lcgvoms02.jinr.ru.lsc     |   2 +
 assets/vomsdir/juno/voms.ihep.ac.cn.lsc       |   2 +
 .../km3net.org/voms02.scope.unina.it.lsc      |   2 +
 assets/vomsdir/lhcb/lcg-voms2.cern.ch.lsc     |   2 +
 assets/vomsdir/lhcb/voms2.cern.ch.lsc         |   2 +
 assets/vomsdir/magic/voms01.pic.es.lsc        |   2 +
 .../muoncoll.infn.it/voms-02.pd.infn.it.lsc   |   2 +
 .../muoncoll.infn.it/voms2.cnaf.infn.it.lsc   |   2 +
 .../voms.gridpp.ac.uk.lsc                     |   2 +
 .../voms02.gridpp.ac.uk.lsc                   |   2 +
 .../voms03.gridpp.ac.uk.lsc                   |   2 +
 assets/vomsdir/ops/lcg-voms2.cern.ch.lsc      |   2 +
 assets/vomsdir/ops/voms2.cern.ch.lsc          |   2 +
 assets/vomsdir/pamela/voms-01.pd.infn.it.lsc  |   2 +
 assets/vomsdir/pamela/voms.cnaf.infn.it.lsc   |   2 +
 assets/vomsdir/rdfa/voms.cnaf.infn.it.lsc     |   2 +
 .../vomsdir/theophys/voms-01.pd.infn.it.lsc   |   2 +
 assets/vomsdir/theophys/voms.cnaf.infn.it.lsc |   2 +
 assets/vomsdir/virgo/voms-01.pd.infn.it.lsc   |   2 +
 assets/vomsdir/virgo/voms.cnaf.infn.it.lsc    |   2 +
 .../vo.compass.cern.ch/lcg-voms2.cern.ch.lsc  |   2 +
 .../vo.compass.cern.ch/voms2.cern.ch.lsc      |   2 +
 .../cclcgvomsli01.in2p3.fr.lsc                |   2 +
 .../vo.darkside.org/vomsIGI-NA.unina.it.lsc   |   2 +
 .../vomsmania.cnaf.infn.it.lsc                |   2 +
 .../vo.padme.org/voms-02.pd.infn.it.lsc       |   2 +
 .../vo.padme.org/voms2.cnaf.infn.it.lsc       |   2 +
 .../xenon.biggrid.nl/voms.grid.sara.nl.lsc    |   2 +
 assets/vomses/alice-lcg-voms2.cern.ch         |   1 +
 assets/vomses/alice-voms2.cern.ch             |   1 +
 assets/vomses/argo-voms-01.pd.infn.it         |   1 +
 assets/vomses/argo-voms.cnaf.infn.it          |   1 +
 assets/vomses/atlas-lcg-voms2.cern.ch         |   1 +
 assets/vomses/atlas-voms2.cern.ch             |   1 +
 assets/vomses/auger-voms1.grid.cesnet.cz      |   1 +
 assets/vomses/auger-voms2.grid.cesnet.cz      |   1 +
 assets/vomses/babar-voms.gridpp.ac.uk         |   1 +
 assets/vomses/belle-grid-voms.desy.de         |   1 +
 assets/vomses/belle-voms.cc.kek.jp            |   1 +
 assets/vomses/belle-voms.hep.pnnl.gov         |   1 +
 assets/vomses/biomed-cclcgvomsli01.in2p3.fr   |   1 +
 assets/vomses/cdf-voms-01.pd.infn.it          |   1 +
 assets/vomses/cdf-voms.cnaf.infn.it           |   1 +
 assets/vomses/cdf-voms1.fnal.gov              |   1 +
 assets/vomses/cdf-voms2.fnal.gov              |   1 +
 assets/vomses/clas12-gryphn.phys.uconn.edu    |   1 +
 assets/vomses/clas12-jlabvoms.t2.ucsd.edu     |   1 +
 assets/vomses/cms-lcg-voms2.cern.ch           |   1 +
 assets/vomses/cms-voms2.cern.ch               |   1 +
 assets/vomses/dteam-voms2.hellasgrid.gr       |   1 +
 assets/vomses/geant4-lcg-voms.cern.ch         |   1 +
 assets/vomses/geant4-voms.cern.ch             |   1 +
 .../vomses/gerda.mpg.de-vomsIGI-NA.unina.it   |   1 +
 .../gerda.mpg.de-vomsmania.cnaf.infn.it       |   1 +
 assets/vomses/glast.org-voms-02.pd.infn.it    |   1 +
 assets/vomses/glast.org-voms2.cnaf.infn.it    |   1 +
 .../vomses/icarus-exp.org-vomsIGI-NA.unina.it |   1 +
 .../icarus-exp.org-vomsmania.cnaf.infn.it     |   1 +
 assets/vomses/infngrid-voms.cnaf.infn.it      |   1 +
 assets/vomses/juno-lcgvoms02.jinr.ru          |   1 +
 assets/vomses/juno-voms.ihep.ac.cn            |   1 +
 .../vomses/km3net.org-voms02.scope.unina.it   |   1 +
 assets/vomses/lhcb-lcg-voms2.cern.ch          |   1 +
 assets/vomses/lhcb-voms2.cern.ch              |   1 +
 assets/vomses/magic-voms01.pic.es             |   1 +
 .../muoncoll.infn.it-voms-02.pd.infn.it       |   1 +
 .../muoncoll.infn.it-voms2.cnaf.infn.it       |   1 +
 .../na62.vo.gridpp.ac.uk-voms.gridpp.ac.uk    |   1 +
 .../na62.vo.gridpp.ac.uk-voms02.gridpp.ac.uk  |   1 +
 .../na62.vo.gridpp.ac.uk-voms03.gridpp.ac.uk  |   1 +
 assets/vomses/ops-lcg-voms2.cern.ch           |   1 +
 assets/vomses/ops-voms2.cern.ch               |   1 +
 assets/vomses/pamela-voms-01.pd.infn.it       |   1 +
 assets/vomses/pamela-voms.cnaf.infn.it        |   1 +
 assets/vomses/rdfa-voms.cnaf.infn.it          |   1 +
 assets/vomses/theophys-voms-01.pd.infn.it     |   1 +
 assets/vomses/theophys-voms.cnaf.infn.it      |   1 +
 assets/vomses/virgo-voms-01.pd.infn.it        |   1 +
 assets/vomses/virgo-voms.cnaf.infn.it         |   1 +
 .../vo.compass.cern.ch-lcg-voms2.cern.ch      |   1 +
 .../vomses/vo.compass.cern.ch-voms2.cern.ch   |   1 +
 .../vo.cta.in2p3.fr-cclcgvomsli01.in2p3.fr    |   1 +
 .../vo.darkside.org-vomsIGI-NA.unina.it       |   1 +
 .../vo.darkside.org-vomsmania.cnaf.infn.it    |   1 +
 assets/vomses/vo.padme.org-voms-02.pd.infn.it |   1 +
 assets/vomses/vo.padme.org-voms2.cnaf.infn.it |   1 +
 assets/vomses/voms.ihep.ac.cn                 |   1 +
 assets/vomses/voms2.hellasgrid.gr             |   1 +
 .../vomses/xenon.biggrid.nl-voms.grid.sara.nl |   1 +
 docker-compose.yml                            |  25 +-
 new.docker-compose.yml                        | 108 +++++++
 no.docker-compose.yml                         |  28 --
 old.Dockerfile                                |  54 ++++
 179 files changed, 2536 insertions(+), 158 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 assets/1
 create mode 100644 assets/ENV
 delete mode 100644 assets/fts3-mon/autoindex.conf
 create mode 100644 assets/fts3-mon/httpd/conf.d/autoindex.conf
 rename assets/fts3-mon/{ => httpd/conf.d}/ftsmon.conf (93%)
 create mode 100644 assets/fts3-mon/httpd/conf.d/ssl.conf
 create mode 100644 assets/fts3-mon/httpd/conf.d/userdir.conf
 create mode 100644 assets/fts3-mon/httpd/conf.d/welcome.conf
 create mode 100644 assets/fts3-mon/httpd/conf.d/zgridsite.conf
 delete mode 100644 assets/fts3-mon/ssl.conf
 delete mode 100644 assets/fts3-mon/userdir.conf
 delete mode 100644 assets/fts3-mon/welcome.conf
 delete mode 100644 assets/fts3-mon/zgridsite.conf
 delete mode 100644 assets/fts3-rest/autoindex.conf
 create mode 100644 assets/fts3-rest/httpd/conf.d/autoindex.conf
 rename assets/fts3-rest/{ => httpd/conf.d}/fts3rest.conf (92%)
 create mode 100644 assets/fts3-rest/httpd/conf.d/ssl.conf
 create mode 100644 assets/fts3-rest/httpd/conf.d/userdir.conf
 create mode 100644 assets/fts3-rest/httpd/conf.d/welcome.conf
 create mode 100644 assets/fts3-rest/httpd/conf.d/zgridsite.conf
 delete mode 100644 assets/fts3-rest/ssl.conf
 delete mode 100644 assets/fts3-rest/userdir.conf
 delete mode 100644 assets/fts3-rest/welcome.conf
 delete mode 100644 assets/fts3-rest/zgridsite.conf
 create mode 100644 assets/fts3-server/httpd/conf.d/autoindex.conf
 create mode 100644 assets/fts3-server/httpd/conf.d/ssl.conf
 create mode 100644 assets/fts3-server/httpd/conf.d/userdir.conf
 create mode 100644 assets/fts3-server/httpd/conf.d/welcome.conf
 create mode 100644 assets/fts3-server/httpd/conf.d/zgridsite.conf
 create mode 100644 assets/fts3/fts-msg-monitoring.conf
 create mode 100644 assets/log/fts3/fts3bringonline.log
 create mode 100644 assets/log/fts3/fts3server.log
 create mode 100644 assets/log/fts3/fts_bringonline_stderr.log
 create mode 100644 assets/log/fts3/fts_bringonline_stdout.log
 create mode 100644 assets/log/fts3/fts_server_stderr.log
 create mode 100644 assets/log/fts3/fts_server_stdout.log
 create mode 100644 assets/log/fts3/msg.log
 create mode 100644 assets/mysql/fts-database-upgrade.py
 create mode 100644 assets/mysql/fts-database-upgrade.pyc
 create mode 100644 assets/mysql/fts-database-upgrade.pyo
 delete mode 100755 assets/scripts/docker-entrypoint.sh
 create mode 100644 assets/scripts/etc/hosts
 create mode 100755 assets/scripts/fts-database-upgrade.py
 create mode 100644 assets/scripts/fts-database-upgrade.pyc
 create mode 100644 assets/scripts/fts-database-upgrade.pyo
 create mode 100755 assets/scripts/startup-fts-mon.sh
 delete mode 100755 assets/scripts/startup-fts-rest-mon.sh
 create mode 100755 assets/scripts/startup-fts-server.sh
 create mode 100644 assets/supervisor/conf.d/supervisord.conf
 create mode 100644 assets/vomsdir/alice/lcg-voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/alice/voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/argo/voms-01.pd.infn.it.lsc
 create mode 100644 assets/vomsdir/argo/voms.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/atlas/lcg-voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/atlas/voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/auger/voms1.grid.cesnet.cz.lsc
 create mode 100644 assets/vomsdir/auger/voms2.grid.cesnet.cz.lsc
 create mode 100644 assets/vomsdir/babar/voms.gridpp.ac.uk.lsc
 create mode 100644 assets/vomsdir/belle/grid-voms.desy.de.lsc
 create mode 100644 assets/vomsdir/belle/voms.cc.kek.jp.lsc
 create mode 100644 assets/vomsdir/belle/voms.hep.pnnl.gov.lsc
 create mode 100644 assets/vomsdir/biomed/cclcgvomsli01.in2p3.fr.lsc
 create mode 100644 assets/vomsdir/cdf/voms-01.pd.infn.it.lsc
 create mode 100644 assets/vomsdir/cdf/voms.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/cdf/voms1.fnal.gov.lsc
 create mode 100644 assets/vomsdir/cdf/voms2.fnal.gov.lsc
 create mode 100644 assets/vomsdir/clas12/gryphn.phys.uconn.edu.lsc
 create mode 100644 assets/vomsdir/clas12/jlabvoms.t2.ucsd.edu.lsc
 create mode 100644 assets/vomsdir/cms/lcg-voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/cms/voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/dteam/voms2.hellasgrid.gr.lsc
 create mode 100644 assets/vomsdir/geant4/lcg-voms.cern.ch.lsc
 create mode 100644 assets/vomsdir/geant4/voms.cern.ch.lsc
 create mode 100644 assets/vomsdir/gerda.mpg.de/vomsIGI-NA.unina.it.lsc
 create mode 100644 assets/vomsdir/gerda.mpg.de/vomsmania.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/glast.org/voms-02.pd.infn.it.lsc
 create mode 100644 assets/vomsdir/glast.org/voms2.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/icarus-exp.org/vomsIGI-NA.unina.it.lsc
 create mode 100644 assets/vomsdir/icarus-exp.org/vomsmania.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/infngrid/voms.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/juno/lcgvoms02.jinr.ru.lsc
 create mode 100644 assets/vomsdir/juno/voms.ihep.ac.cn.lsc
 create mode 100644 assets/vomsdir/km3net.org/voms02.scope.unina.it.lsc
 create mode 100644 assets/vomsdir/lhcb/lcg-voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/lhcb/voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/magic/voms01.pic.es.lsc
 create mode 100644 assets/vomsdir/muoncoll.infn.it/voms-02.pd.infn.it.lsc
 create mode 100644 assets/vomsdir/muoncoll.infn.it/voms2.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/na62.vo.gridpp.ac.uk/voms.gridpp.ac.uk.lsc
 create mode 100644 assets/vomsdir/na62.vo.gridpp.ac.uk/voms02.gridpp.ac.uk.lsc
 create mode 100644 assets/vomsdir/na62.vo.gridpp.ac.uk/voms03.gridpp.ac.uk.lsc
 create mode 100644 assets/vomsdir/ops/lcg-voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/ops/voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/pamela/voms-01.pd.infn.it.lsc
 create mode 100644 assets/vomsdir/pamela/voms.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/rdfa/voms.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/theophys/voms-01.pd.infn.it.lsc
 create mode 100644 assets/vomsdir/theophys/voms.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/virgo/voms-01.pd.infn.it.lsc
 create mode 100644 assets/vomsdir/virgo/voms.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/vo.compass.cern.ch/lcg-voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/vo.compass.cern.ch/voms2.cern.ch.lsc
 create mode 100644 assets/vomsdir/vo.cta.in2p3.fr/cclcgvomsli01.in2p3.fr.lsc
 create mode 100644 assets/vomsdir/vo.darkside.org/vomsIGI-NA.unina.it.lsc
 create mode 100644 assets/vomsdir/vo.darkside.org/vomsmania.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/vo.padme.org/voms-02.pd.infn.it.lsc
 create mode 100644 assets/vomsdir/vo.padme.org/voms2.cnaf.infn.it.lsc
 create mode 100644 assets/vomsdir/xenon.biggrid.nl/voms.grid.sara.nl.lsc
 create mode 100644 assets/vomses/alice-lcg-voms2.cern.ch
 create mode 100644 assets/vomses/alice-voms2.cern.ch
 create mode 100644 assets/vomses/argo-voms-01.pd.infn.it
 create mode 100644 assets/vomses/argo-voms.cnaf.infn.it
 create mode 100644 assets/vomses/atlas-lcg-voms2.cern.ch
 create mode 100644 assets/vomses/atlas-voms2.cern.ch
 create mode 100644 assets/vomses/auger-voms1.grid.cesnet.cz
 create mode 100644 assets/vomses/auger-voms2.grid.cesnet.cz
 create mode 100644 assets/vomses/babar-voms.gridpp.ac.uk
 create mode 100644 assets/vomses/belle-grid-voms.desy.de
 create mode 100644 assets/vomses/belle-voms.cc.kek.jp
 create mode 100644 assets/vomses/belle-voms.hep.pnnl.gov
 create mode 100644 assets/vomses/biomed-cclcgvomsli01.in2p3.fr
 create mode 100644 assets/vomses/cdf-voms-01.pd.infn.it
 create mode 100644 assets/vomses/cdf-voms.cnaf.infn.it
 create mode 100644 assets/vomses/cdf-voms1.fnal.gov
 create mode 100644 assets/vomses/cdf-voms2.fnal.gov
 create mode 100644 assets/vomses/clas12-gryphn.phys.uconn.edu
 create mode 100644 assets/vomses/clas12-jlabvoms.t2.ucsd.edu
 create mode 100644 assets/vomses/cms-lcg-voms2.cern.ch
 create mode 100644 assets/vomses/cms-voms2.cern.ch
 create mode 100644 assets/vomses/dteam-voms2.hellasgrid.gr
 create mode 100644 assets/vomses/geant4-lcg-voms.cern.ch
 create mode 100644 assets/vomses/geant4-voms.cern.ch
 create mode 100644 assets/vomses/gerda.mpg.de-vomsIGI-NA.unina.it
 create mode 100644 assets/vomses/gerda.mpg.de-vomsmania.cnaf.infn.it
 create mode 100644 assets/vomses/glast.org-voms-02.pd.infn.it
 create mode 100644 assets/vomses/glast.org-voms2.cnaf.infn.it
 create mode 100644 assets/vomses/icarus-exp.org-vomsIGI-NA.unina.it
 create mode 100644 assets/vomses/icarus-exp.org-vomsmania.cnaf.infn.it
 create mode 100644 assets/vomses/infngrid-voms.cnaf.infn.it
 create mode 100644 assets/vomses/juno-lcgvoms02.jinr.ru
 create mode 100644 assets/vomses/juno-voms.ihep.ac.cn
 create mode 100644 assets/vomses/km3net.org-voms02.scope.unina.it
 create mode 100644 assets/vomses/lhcb-lcg-voms2.cern.ch
 create mode 100644 assets/vomses/lhcb-voms2.cern.ch
 create mode 100644 assets/vomses/magic-voms01.pic.es
 create mode 100644 assets/vomses/muoncoll.infn.it-voms-02.pd.infn.it
 create mode 100644 assets/vomses/muoncoll.infn.it-voms2.cnaf.infn.it
 create mode 100644 assets/vomses/na62.vo.gridpp.ac.uk-voms.gridpp.ac.uk
 create mode 100644 assets/vomses/na62.vo.gridpp.ac.uk-voms02.gridpp.ac.uk
 create mode 100644 assets/vomses/na62.vo.gridpp.ac.uk-voms03.gridpp.ac.uk
 create mode 100644 assets/vomses/ops-lcg-voms2.cern.ch
 create mode 100644 assets/vomses/ops-voms2.cern.ch
 create mode 100644 assets/vomses/pamela-voms-01.pd.infn.it
 create mode 100644 assets/vomses/pamela-voms.cnaf.infn.it
 create mode 100644 assets/vomses/rdfa-voms.cnaf.infn.it
 create mode 100644 assets/vomses/theophys-voms-01.pd.infn.it
 create mode 100644 assets/vomses/theophys-voms.cnaf.infn.it
 create mode 100644 assets/vomses/virgo-voms-01.pd.infn.it
 create mode 100644 assets/vomses/virgo-voms.cnaf.infn.it
 create mode 100644 assets/vomses/vo.compass.cern.ch-lcg-voms2.cern.ch
 create mode 100644 assets/vomses/vo.compass.cern.ch-voms2.cern.ch
 create mode 100644 assets/vomses/vo.cta.in2p3.fr-cclcgvomsli01.in2p3.fr
 create mode 100644 assets/vomses/vo.darkside.org-vomsIGI-NA.unina.it
 create mode 100644 assets/vomses/vo.darkside.org-vomsmania.cnaf.infn.it
 create mode 100644 assets/vomses/vo.padme.org-voms-02.pd.infn.it
 create mode 100644 assets/vomses/vo.padme.org-voms2.cnaf.infn.it
 create mode 100644 assets/vomses/voms.ihep.ac.cn
 create mode 100644 assets/vomses/voms2.hellasgrid.gr
 create mode 100644 assets/vomses/xenon.biggrid.nl-voms.grid.sara.nl
 create mode 100644 new.docker-compose.yml
 delete mode 100644 no.docker-compose.yml
 create mode 100644 old.Dockerfile

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6ec20cf
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,9 @@
+./assets/log/fts3/fts3bringonline.log
+./assets/log/fts3/fts3server.log
+./assets/log/fts3/fts_bringonline_stderr.log
+./assets/log/fts3/fts_bringonline_stdout.log
+./assets/log/fts3/fts_server_stderr.log
+./assets/log/fts3/fts_server_stdout.log
+./assets/log/fts3/msg.log
+./assets/log/fts3/*
+./assets/log/fts3/transfers/*
diff --git a/Dockerfile b/Dockerfile
index 3836086..c563b1b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,54 +1,16 @@
 FROM centos:7
 
-# Install FTS
-RUN yum install -y epel-release.noarch
-#RUN curl https://fts-repo.web.cern.ch/fts-repo/fts3-prod-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo
-#RUN curl https://dmc-repo.web.cern.ch/dmc-repo/dmc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo
-RUN curl http://fts-repo.web.cern.ch/fts-repo/fts3-rc-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo
-RUN curl http://dmc-repo.web.cern.ch/dmc-repo/dmc-rc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo
-
-RUN yum clean all && yum upgrade -y
-RUN yum install -y gfal2-plugin-* --skip-broken
-RUN yum install -y fts-server fts-client fts-rest fts-monitoring fts-mysql fts-msg fts-infosys
-RUN yum install -y mysql MySQL-python fts-rest-oauth2 multitail
-RUN yum install -y fts-server-selinux fts-rest-selinux fts-monitoring-selinux
-RUN yum clean all
-
-# Setup FTS security
-COPY assets/fts/certs/hostcert_fts.pem /etc/grid-security/hostcert.pem
-COPY assets/fts/certs/hostcert_fts.key.pem /etc/grid-security/hostkey.pem
-RUN chmod 400 /etc/grid-security/hostkey.pem
-COPY assets/fts/Sectigo/SectigoRSA* /etc/grid-security/certificates/
-COPY assets/fts/Sectigo/USERTrustRSA-AAACA-xSign.crt /etc/grid-security/certificates/
-#COPY assets/fts/Sectigo/SHA-2\ Root\ USERTrust\ RSA\ Certification\ Authority.crt /etc/grid-security/certificates/
-
-
-# Database configuration for FTS server
-COPY assets/fts/fts3config /etc/fts3/fts3config
-COPY assets/fts/mysql/fts-schema-6.0.0.sql /usr/share/fts-mysql/fts-schema-6.0.0.sql 
-
-# Configuration for FTSREST and FTSMON
-COPY assets/fts/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf
-RUN echo "" > /etc/httpd/conf.d/ssl.conf &&\
-    echo "" > /etc/httpd/conf.d/autoindex.conf &&\
-    echo "" > /etc/httpd/conf.d/userdir.conf &&\
-    echo "" > /etc/httpd/conf.d/welcome.conf &&\
-    echo "" > /etc/httpd/conf.d/zgridsite.conf &&\
-    echo "ServerName fts3-cnaf.cloud.cnaf.infn.it:80" >> /etc/httpd/conf/httpd.conf 
-
-# Entrypoint waiting script for MySQL
-COPY assets/fts/wait-for-it.sh /usr/local/bin/wait-for-it.sh
-RUN chmod +x /usr/local/bin/wait-for-it.sh
-
-# Shortcut for logfiles
-COPY assets/fts/logshow /usr/local/bin/logshow
-RUN chmod +x /usr/local/bin/logshow
-RUN touch /var/log/fts3/fts3server.log
-RUN chown -R fts3:fts3 /var/log/fts3/fts3server.log
-RUN touch /var/log/fts3rest/fts3rest.log
-RUN chown -R fts3:fts3 /var/log/fts3rest
-
-# Startup
-EXPOSE 8446 8449
-ADD assets/fts/docker-entrypoint.sh /
-ENTRYPOINT ["/docker-entrypoint.sh"]
+# Install Gfal2-tool:
+RUN yum install -y gfal2-util gfal2-all
+
+Install SRM Client:
+RUN yum install -y emi-storm-srm-client-mp
+
+# Install FTS3 REST CLI:
+RUN yum update-y && yum install -y python-pip
+RUN pip install "git+https://gitlab.cern.ch/fts/fts-rest.git"
+
+
+
+
+
diff --git a/assets/1 b/assets/1
new file mode 100644
index 0000000..ab321f2
--- /dev/null
+++ b/assets/1
@@ -0,0 +1,16 @@
+#!/bin/bash
+set -ex
+
+# wait for MySQL readiness
+/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600
+
+# put host certificate and key to their place
+cp /certs/hostcert.pem /etc/grid-security/hostcert.pem
+cp /certs/hostkey.pem /etc/grid-security/hostkey.pem
+cp /scripts/hosts /etc/hosts
+
+# put fts3 rest httpd config file to it's place
+#cp /fts3-rest/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf
+
+/usr/sbin/apachectl -DFOREGROUND # FTS REST frontend
+
diff --git a/assets/ENV b/assets/ENV
new file mode 100644
index 0000000..feae99c
--- /dev/null
+++ b/assets/ENV
@@ -0,0 +1,12 @@
+FTS_HOSTNAME="fts3-cnaf.cloud.cnaf.infn.it"
+FTS_SERVER_VERSION=v3.10.0
+FTS_REST_VERSION=v3.10.1
+FTS_MONITORING_VERSION=v3.10.0
+FTS_MYSQL_IMAGE=mysql:5
+FTS_MYSQL_HOST=ftsdb
+FTS_DATABASE=fts
+FTS_DB_USER=fts
+FTS_DB_PASSWD=fts
+FTS_DB_ROOT_PASSWD=fts
+
+
diff --git a/assets/fts3-mon/autoindex.conf b/assets/fts3-mon/autoindex.conf
deleted file mode 100644
index 8b13789..0000000
--- a/assets/fts3-mon/autoindex.conf
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assets/fts3-mon/httpd/conf.d/autoindex.conf b/assets/fts3-mon/httpd/conf.d/autoindex.conf
new file mode 100644
index 0000000..a85cf5d
--- /dev/null
+++ b/assets/fts3-mon/httpd/conf.d/autoindex.conf
@@ -0,0 +1,94 @@
+#
+# Directives controlling the display of server-generated directory listings.
+#
+# Required modules: mod_authz_core, mod_authz_host,
+#                   mod_autoindex, mod_alias
+#
+# To see the listing of a directory, the Options directive for the
+# directory must include "Indexes", and the directory must not contain
+# a file matching those listed in the DirectoryIndex directive.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing HTMLTable VersionSort
+
+# We include the /icons/ alias for FancyIndexed directory listings.  If
+# you do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "/usr/share/httpd/icons/"
+
+<Directory "/usr/share/httpd/icons">
+    Options Indexes MultiViews FollowSymlinks
+    AllowOverride None
+    Require all granted
+</Directory>
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions.  These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif /core
+AddIcon /icons/bomb.gif */core.*
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes.  These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes. 
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing.  Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
diff --git a/assets/fts3-mon/ftsmon.conf b/assets/fts3-mon/httpd/conf.d/ftsmon.conf
similarity index 93%
rename from assets/fts3-mon/ftsmon.conf
rename to assets/fts3-mon/httpd/conf.d/ftsmon.conf
index b830233..e50157c 100644
--- a/assets/fts3-mon/ftsmon.conf
+++ b/assets/fts3-mon/httpd/conf.d/ftsmon.conf
@@ -4,6 +4,9 @@
 <IfModule !wsgi_module>
     LoadModule wsgi_module modules/mod_wsgi.so
 </IfModule>
+<IfModule !gridsite_module>
+  LoadModule gridsite_module modules/mod_gridsite.so
+</IfModule>
 <IfModule !version_module>
     LoadModule version_module modules/mod_version.so
 </IfModule>
@@ -18,11 +21,8 @@ Listen 8449
     SSLHonorCipherOrder on
 
     # Certificates
-#    SSLCertificateFile /etc/grid-security/hostcert.pem
-#    SSLCertificateKeyFile /etc/grid-security/hostkey.pem
-    SSLCertificateFile /certs/hostcert.pem
-    SSLCertificateKeyFile /certs/hostkey.pem
-
+    SSLCertificateFile /etc/grid-security/hostcert.pem
+    SSLCertificateKeyFile /etc/grid-security/hostkey.pem
     SSLCACertificatePath /etc/grid-security/certificates
     SSLCARevocationPath /etc/grid-security/certificates
 
diff --git a/assets/fts3-mon/httpd/conf.d/ssl.conf b/assets/fts3-mon/httpd/conf.d/ssl.conf
new file mode 100644
index 0000000..fe96202
--- /dev/null
+++ b/assets/fts3-mon/httpd/conf.d/ssl.conf
@@ -0,0 +1,217 @@
+#
+# When we also provide SSL we have to listen to the 
+# the HTTPS port in addition.
+#
+Listen 443 https
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout  300
+
+#   Pseudo Random Number Generator (PRNG):
+#   Configure one or more sources to seed the PRNG of the 
+#   SSL library. The seed data should be of good random quality.
+#   WARNING! On some platforms /dev/random blocks if not enough entropy
+#   is available. This means you then cannot use the /dev/random device
+#   because it would lead to very long connection times (as long as
+#   it requires to make more entropy available). But usually those
+#   platforms additionally provide a /dev/urandom device which doesn't
+#   block. So, if available, use this one instead. Read the mod_ssl User
+#   Manual for more details.
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   SSL Protocol support:
+# List the enable protocol levels with which clients will be able to
+# connect.  Disable SSLv2 access by default:
+SSLProtocol all -SSLv2 -SSLv3
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_ssl documentation for a complete list.
+SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
+
+#   Speed-optimized SSL Cipher configuration:
+#   If speed is your main concern (on busy HTTPS servers e.g.),
+#   you might want to force clients to specific, performance
+#   optimized ciphers. In this case, prepend those ciphers
+#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
+#   (as in the example below), most connections will no longer
+#   have perfect forward secrecy - if the server's key is
+#   compromised, captures of past or future traffic must be
+#   considered compromised, too.
+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+#SSLHonorCipherOrder on 
+
+#   Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate.  If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase.  Note that a kill -HUP will prompt again.  A new
+# certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/grid-security/hostcert.pem
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/grid-security/hostkey.pem
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convinience.
+##### SSLCertificateChainFile /etc/grid-security/hostcert.pem
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars
+</Files>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is send or allowed to received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is send and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
+
diff --git a/assets/fts3-mon/httpd/conf.d/userdir.conf b/assets/fts3-mon/httpd/conf.d/userdir.conf
new file mode 100644
index 0000000..b5d7a49
--- /dev/null
+++ b/assets/fts3-mon/httpd/conf.d/userdir.conf
@@ -0,0 +1,36 @@
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+# The path to the end user account 'public_html' directory must be
+# accessible to the webserver userid.  This usually means that ~userid
+# must have permissions of 711, ~userid/public_html must have permissions
+# of 755, and documents contained therein must be world-readable.
+# Otherwise, the client will only receive a "403 Forbidden" message.
+#
+<IfModule mod_userdir.c>
+    #
+    # UserDir is disabled by default since it can confirm the presence
+    # of a username on the system (depending on home directory
+    # permissions).
+    #
+    UserDir disabled
+
+    #
+    # To enable requests to /~user/ to serve the user's public_html
+    # directory, remove the "UserDir disabled" line above, and uncomment
+    # the following line instead:
+    # 
+    #UserDir public_html
+</IfModule>
+
+#
+# Control access to UserDir directories.  The following is an example
+# for a site where these directories are restricted to read-only.
+#
+<Directory "/home/*/public_html">
+    AllowOverride FileInfo AuthConfig Limit Indexes
+    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+    Require method GET POST OPTIONS
+</Directory>
+
diff --git a/assets/fts3-mon/httpd/conf.d/welcome.conf b/assets/fts3-mon/httpd/conf.d/welcome.conf
new file mode 100644
index 0000000..c1b6c11
--- /dev/null
+++ b/assets/fts3-mon/httpd/conf.d/welcome.conf
@@ -0,0 +1,22 @@
+# 
+# This configuration file enables the default "Welcome" page if there
+# is no default index page present for the root URL.  To disable the
+# Welcome page, comment out all the lines below. 
+#
+# NOTE: if this file is removed, it will be restored on upgrades.
+#
+<LocationMatch "^/+$">
+    Options -Indexes
+    ErrorDocument 403 /.noindex.html
+</LocationMatch>
+
+<Directory /usr/share/httpd/noindex>
+    AllowOverride None
+    Require all granted
+</Directory>
+
+Alias /.noindex.html /usr/share/httpd/noindex/index.html
+Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
+Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
+Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
+Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/assets/fts3-mon/httpd/conf.d/zgridsite.conf b/assets/fts3-mon/httpd/conf.d/zgridsite.conf
new file mode 100644
index 0000000..a777a57
--- /dev/null
+++ b/assets/fts3-mon/httpd/conf.d/zgridsite.conf
@@ -0,0 +1,111 @@
+#
+# This is the Apache server configuration file providing GridSite support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection with access controls enabled
+# via .gacl files. 
+
+# In order to benefit from GridSite it is nescesary to optinally autheticate
+# clients to this web server:
+# Within mod_ssl's configuration for <VirtualHost _default_:443>
+# you should have at least the following parameters set. The mod_ssl
+# file cotains more detailed comments about these settings.
+## 1. Location of  web server certificate file.
+## SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+## or
+## SSLCertificateFile /etc/grid-security/hostcert.pem
+## 2. Location of web server key file.
+## SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+## or
+## SSLCertificateKeyFile /etc/grid-security/hostkey.pem
+## 3. Location of certificate authorities which the server should trust.
+## SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+## or 
+## SSLCACertificatePath /etc/pki/tls/certs/
+## or
+## SSLCACertificatePath /etc/grid-security/cetificates
+##4. You must at least optionally authenticate clients.
+## SSLVerifyClient optional
+## SSLVerifyDepth  10
+
+
+
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+<IfModule !gridsite_module>
+  LoadModule gridsite_module modules/mod_gridsite.so
+</IfModule>
+# LoadModule gridsite_module modules/mod_gridsite.so
+
+ScriptAlias /gridsite-cgi-bin/real-gridsite-admin.cgi "/usr/libexec/gridsite/cgi-bin/real-gridsite-admin.cgi"
+
+
+#Location of authentication cookies and SSL session credentials directory, relative to ServerRoot.  Used  by  GridHTTP  to
+#record  the  credentials obtained via HTTPS, and available to the corresponding HTTP request or subsequent HTTPS requests
+#following a session restart.  (Default: /var/www/sessions)
+GridSiteSessionsDir  /var/cache/mod_gridsite
+
+## This is the path of directories (and all their subdirectories) for
+## GACL to search when it encounters a dn-list credential. The DN List
+## files are plain text, one DN per line, and must have the full url
+## as the file name, but URL Encoded - eg with urlencode(1)
+# GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/html/dn-lists/
+GridSiteDNlists /etc/grid-security/dn-lists/
+
+## This is used to form the URL at which DN Lists "owned" by this 
+## server are exported. https://FULL.SERVER.NAME/dn-lists/file
+GridSiteDNlistsURI     /gridsite/dn-lists/
+
+## These directives (and the ScriptAlias above) allow authorized
+## people to manage files, ACLs and DN Lists through their web
+## browsers via HTTPS. The value of GridSiteAdminFile appears to
+## exist in every directory, but is internally redirected by
+## mod_gridsite to the value of GridSiteAdminURI (the ScriptAlias
+## then maps that onto the real-gridsite-admin.cgi executable.)
+GridSiteAdminFile gridsite-admin.cgi 
+GridSiteAdminUri /gridsite-cgi-bin/real-gridsite-admin.cgi 
+
+
+Alias /gridsite "/var/lib/gridsite"
+
+
+<Directory "/var/lib/gridsite/">
+  SSLOptions              +ExportCertData +StdEnvVars  
+  ## This sets up GACL authorization for this server
+  GridSiteAuth on
+  
+  ## This exports various bits of info into the CGI environment 
+  ## variables (and is needed for gridsite-admin.cgi to work.)
+  GridSiteEnvs           on
+
+  ## Nice GridSite directory listings 
+  GridSiteIndexes        on
+
+  ## If this is on, GridSite will look for gridsitehead.txt and
+  ## gridsitefoot.txt in the current directory or its parents, and
+  ## use them to replace the <body> and </body> tags in .html files.
+  GridSiteHtmlFormat     on
+
+  ## Set the filenames to be used for as standard headers and footers for HTML pages. If the file 
+  ## name begins with "/" then this is used as the absolute path to that file to be used. 
+  ## Otherwise, for each HTML page, the directory of that page is tried first, and then parent 
+  ## directories in ascending order until a header / footer file is found. Header files are inserted 
+  ## in place of HTML <body[ ...]> tags; footer files in place of </body>. (These standard files 
+  ## should each include the appropriate body tag as a replacement.) (Defaults: GridSiteHeadFile 
+  ## gridsitehead.txt, GridSiteFootFile gridsitefoot.txt)
+  # GridSiteHeadFile gridsitehead.txt
+  # GridSiteFootFile gridsitefoot.txt
+
+  ## If this is greater than zero, we will accept GSI Proxies for clients
+  ## (full client certificates - eg inside web browsers - are always ok)
+  GridSiteGSIProxyLimit 9
+
+  ## This directive allows authorized people to write/delete files 
+  ## from non-browser clients - eg with htcp(1)
+  GridSiteMethods        GET PUT DELETE MOVE POST
+
+</Directory>
+
+
diff --git a/assets/fts3-mon/ssl.conf b/assets/fts3-mon/ssl.conf
deleted file mode 100644
index 8b13789..0000000
--- a/assets/fts3-mon/ssl.conf
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assets/fts3-mon/userdir.conf b/assets/fts3-mon/userdir.conf
deleted file mode 100644
index 8b13789..0000000
--- a/assets/fts3-mon/userdir.conf
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assets/fts3-mon/welcome.conf b/assets/fts3-mon/welcome.conf
deleted file mode 100644
index 8b13789..0000000
--- a/assets/fts3-mon/welcome.conf
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assets/fts3-mon/zgridsite.conf b/assets/fts3-mon/zgridsite.conf
deleted file mode 100644
index 8b13789..0000000
--- a/assets/fts3-mon/zgridsite.conf
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assets/fts3-rest/autoindex.conf b/assets/fts3-rest/autoindex.conf
deleted file mode 100644
index 8b13789..0000000
--- a/assets/fts3-rest/autoindex.conf
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assets/fts3-rest/httpd/conf.d/autoindex.conf b/assets/fts3-rest/httpd/conf.d/autoindex.conf
new file mode 100644
index 0000000..a85cf5d
--- /dev/null
+++ b/assets/fts3-rest/httpd/conf.d/autoindex.conf
@@ -0,0 +1,94 @@
+#
+# Directives controlling the display of server-generated directory listings.
+#
+# Required modules: mod_authz_core, mod_authz_host,
+#                   mod_autoindex, mod_alias
+#
+# To see the listing of a directory, the Options directive for the
+# directory must include "Indexes", and the directory must not contain
+# a file matching those listed in the DirectoryIndex directive.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing HTMLTable VersionSort
+
+# We include the /icons/ alias for FancyIndexed directory listings.  If
+# you do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "/usr/share/httpd/icons/"
+
+<Directory "/usr/share/httpd/icons">
+    Options Indexes MultiViews FollowSymlinks
+    AllowOverride None
+    Require all granted
+</Directory>
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions.  These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif /core
+AddIcon /icons/bomb.gif */core.*
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes.  These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes. 
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing.  Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
diff --git a/assets/fts3-rest/fts3rest.conf b/assets/fts3-rest/httpd/conf.d/fts3rest.conf
similarity index 92%
rename from assets/fts3-rest/fts3rest.conf
rename to assets/fts3-rest/httpd/conf.d/fts3rest.conf
index 04fd304..b7c7a2b 100644
--- a/assets/fts3-rest/fts3rest.conf
+++ b/assets/fts3-rest/httpd/conf.d/fts3rest.conf
@@ -26,11 +26,8 @@ Listen 8446
   SSLHonorCipherOrder on
 
   # Certificates
-#  SSLCertificateFile /etc/grid-security/hostcert.pem
-#  SSLCertificateKeyFile /etc/grid-security/hostkey.pem
-  SSLCertificateFile /certs/hostcert.pem
-  SSLCertificateKeyFile /certs/hostkey.pem
-
+  SSLCertificateFile /etc/grid-security/hostcert.pem
+  SSLCertificateKeyFile /etc/grid-security/hostkey.pem
   SSLCACertificatePath /etc/grid-security/certificates
   SSLCARevocationPath /etc/grid-security/certificates
 
diff --git a/assets/fts3-rest/httpd/conf.d/ssl.conf b/assets/fts3-rest/httpd/conf.d/ssl.conf
new file mode 100644
index 0000000..a619886
--- /dev/null
+++ b/assets/fts3-rest/httpd/conf.d/ssl.conf
@@ -0,0 +1,217 @@
+#
+# When we also provide SSL we have to listen to the 
+# the HTTPS port in addition.
+#
+Listen 443 https
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout  300
+
+#   Pseudo Random Number Generator (PRNG):
+#   Configure one or more sources to seed the PRNG of the 
+#   SSL library. The seed data should be of good random quality.
+#   WARNING! On some platforms /dev/random blocks if not enough entropy
+#   is available. This means you then cannot use the /dev/random device
+#   because it would lead to very long connection times (as long as
+#   it requires to make more entropy available). But usually those
+#   platforms additionally provide a /dev/urandom device which doesn't
+#   block. So, if available, use this one instead. Read the mod_ssl User
+#   Manual for more details.
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn 
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   SSL Protocol support:
+# List the enable protocol levels with which clients will be able to
+# connect.  Disable SSLv2 access by default:
+SSLProtocol all -SSLv2 -SSLv3
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_ssl documentation for a complete list.
+SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
+
+#   Speed-optimized SSL Cipher configuration:
+#   If speed is your main concern (on busy HTTPS servers e.g.),
+#   you might want to force clients to specific, performance
+#   optimized ciphers. In this case, prepend those ciphers
+#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
+#   (as in the example below), most connections will no longer
+#   have perfect forward secrecy - if the server's key is
+#   compromised, captures of past or future traffic must be
+#   considered compromised, too.
+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+#SSLHonorCipherOrder on 
+
+#   Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate.  If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase.  Note that a kill -HUP will prompt again.  A new
+# certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/grid-security/hostcert.pem
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/grid-security/hostkey.pem
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convinience.
+##### SSLCertificateChainFile /etc/grid-security/hostcert.pem
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars
+</Files>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is send or allowed to received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is send and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
+
diff --git a/assets/fts3-rest/httpd/conf.d/userdir.conf b/assets/fts3-rest/httpd/conf.d/userdir.conf
new file mode 100644
index 0000000..b5d7a49
--- /dev/null
+++ b/assets/fts3-rest/httpd/conf.d/userdir.conf
@@ -0,0 +1,36 @@
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+# The path to the end user account 'public_html' directory must be
+# accessible to the webserver userid.  This usually means that ~userid
+# must have permissions of 711, ~userid/public_html must have permissions
+# of 755, and documents contained therein must be world-readable.
+# Otherwise, the client will only receive a "403 Forbidden" message.
+#
+<IfModule mod_userdir.c>
+    #
+    # UserDir is disabled by default since it can confirm the presence
+    # of a username on the system (depending on home directory
+    # permissions).
+    #
+    UserDir disabled
+
+    #
+    # To enable requests to /~user/ to serve the user's public_html
+    # directory, remove the "UserDir disabled" line above, and uncomment
+    # the following line instead:
+    # 
+    #UserDir public_html
+</IfModule>
+
+#
+# Control access to UserDir directories.  The following is an example
+# for a site where these directories are restricted to read-only.
+#
+<Directory "/home/*/public_html">
+    AllowOverride FileInfo AuthConfig Limit Indexes
+    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+    Require method GET POST OPTIONS
+</Directory>
+
diff --git a/assets/fts3-rest/httpd/conf.d/welcome.conf b/assets/fts3-rest/httpd/conf.d/welcome.conf
new file mode 100644
index 0000000..c1b6c11
--- /dev/null
+++ b/assets/fts3-rest/httpd/conf.d/welcome.conf
@@ -0,0 +1,22 @@
+# 
+# This configuration file enables the default "Welcome" page if there
+# is no default index page present for the root URL.  To disable the
+# Welcome page, comment out all the lines below. 
+#
+# NOTE: if this file is removed, it will be restored on upgrades.
+#
+<LocationMatch "^/+$">
+    Options -Indexes
+    ErrorDocument 403 /.noindex.html
+</LocationMatch>
+
+<Directory /usr/share/httpd/noindex>
+    AllowOverride None
+    Require all granted
+</Directory>
+
+Alias /.noindex.html /usr/share/httpd/noindex/index.html
+Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
+Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
+Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
+Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/assets/fts3-rest/httpd/conf.d/zgridsite.conf b/assets/fts3-rest/httpd/conf.d/zgridsite.conf
new file mode 100644
index 0000000..a777a57
--- /dev/null
+++ b/assets/fts3-rest/httpd/conf.d/zgridsite.conf
@@ -0,0 +1,111 @@
+#
+# This is the Apache server configuration file providing GridSite support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection with access controls enabled
+# via .gacl files. 
+
+# In order to benefit from GridSite it is nescesary to optinally autheticate
+# clients to this web server:
+# Within mod_ssl's configuration for <VirtualHost _default_:443>
+# you should have at least the following parameters set. The mod_ssl
+# file cotains more detailed comments about these settings.
+## 1. Location of  web server certificate file.
+## SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+## or
+## SSLCertificateFile /etc/grid-security/hostcert.pem
+## 2. Location of web server key file.
+## SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+## or
+## SSLCertificateKeyFile /etc/grid-security/hostkey.pem
+## 3. Location of certificate authorities which the server should trust.
+## SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+## or 
+## SSLCACertificatePath /etc/pki/tls/certs/
+## or
+## SSLCACertificatePath /etc/grid-security/cetificates
+##4. You must at least optionally authenticate clients.
+## SSLVerifyClient optional
+## SSLVerifyDepth  10
+
+
+
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+<IfModule !gridsite_module>
+  LoadModule gridsite_module modules/mod_gridsite.so
+</IfModule>
+# LoadModule gridsite_module modules/mod_gridsite.so
+
+ScriptAlias /gridsite-cgi-bin/real-gridsite-admin.cgi "/usr/libexec/gridsite/cgi-bin/real-gridsite-admin.cgi"
+
+
+#Location of authentication cookies and SSL session credentials directory, relative to ServerRoot.  Used  by  GridHTTP  to
+#record  the  credentials obtained via HTTPS, and available to the corresponding HTTP request or subsequent HTTPS requests
+#following a session restart.  (Default: /var/www/sessions)
+GridSiteSessionsDir  /var/cache/mod_gridsite
+
+## This is the path of directories (and all their subdirectories) for
+## GACL to search when it encounters a dn-list credential. The DN List
+## files are plain text, one DN per line, and must have the full url
+## as the file name, but URL Encoded - eg with urlencode(1)
+# GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/html/dn-lists/
+GridSiteDNlists /etc/grid-security/dn-lists/
+
+## This is used to form the URL at which DN Lists "owned" by this 
+## server are exported. https://FULL.SERVER.NAME/dn-lists/file
+GridSiteDNlistsURI     /gridsite/dn-lists/
+
+## These directives (and the ScriptAlias above) allow authorized
+## people to manage files, ACLs and DN Lists through their web
+## browsers via HTTPS. The value of GridSiteAdminFile appears to
+## exist in every directory, but is internally redirected by
+## mod_gridsite to the value of GridSiteAdminURI (the ScriptAlias
+## then maps that onto the real-gridsite-admin.cgi executable.)
+GridSiteAdminFile gridsite-admin.cgi 
+GridSiteAdminUri /gridsite-cgi-bin/real-gridsite-admin.cgi 
+
+
+Alias /gridsite "/var/lib/gridsite"
+
+
+<Directory "/var/lib/gridsite/">
+  SSLOptions              +ExportCertData +StdEnvVars  
+  ## This sets up GACL authorization for this server
+  GridSiteAuth on
+  
+  ## This exports various bits of info into the CGI environment 
+  ## variables (and is needed for gridsite-admin.cgi to work.)
+  GridSiteEnvs           on
+
+  ## Nice GridSite directory listings 
+  GridSiteIndexes        on
+
+  ## If this is on, GridSite will look for gridsitehead.txt and
+  ## gridsitefoot.txt in the current directory or its parents, and
+  ## use them to replace the <body> and </body> tags in .html files.
+  GridSiteHtmlFormat     on
+
+  ## Set the filenames to be used for as standard headers and footers for HTML pages. If the file 
+  ## name begins with "/" then this is used as the absolute path to that file to be used. 
+  ## Otherwise, for each HTML page, the directory of that page is tried first, and then parent 
+  ## directories in ascending order until a header / footer file is found. Header files are inserted 
+  ## in place of HTML <body[ ...]> tags; footer files in place of </body>. (These standard files 
+  ## should each include the appropriate body tag as a replacement.) (Defaults: GridSiteHeadFile 
+  ## gridsitehead.txt, GridSiteFootFile gridsitefoot.txt)
+  # GridSiteHeadFile gridsitehead.txt
+  # GridSiteFootFile gridsitefoot.txt
+
+  ## If this is greater than zero, we will accept GSI Proxies for clients
+  ## (full client certificates - eg inside web browsers - are always ok)
+  GridSiteGSIProxyLimit 9
+
+  ## This directive allows authorized people to write/delete files 
+  ## from non-browser clients - eg with htcp(1)
+  GridSiteMethods        GET PUT DELETE MOVE POST
+
+</Directory>
+
+
diff --git a/assets/fts3-rest/ssl.conf b/assets/fts3-rest/ssl.conf
deleted file mode 100644
index 8b13789..0000000
--- a/assets/fts3-rest/ssl.conf
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assets/fts3-rest/userdir.conf b/assets/fts3-rest/userdir.conf
deleted file mode 100644
index 8b13789..0000000
--- a/assets/fts3-rest/userdir.conf
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assets/fts3-rest/welcome.conf b/assets/fts3-rest/welcome.conf
deleted file mode 100644
index 8b13789..0000000
--- a/assets/fts3-rest/welcome.conf
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assets/fts3-rest/zgridsite.conf b/assets/fts3-rest/zgridsite.conf
deleted file mode 100644
index 8b13789..0000000
--- a/assets/fts3-rest/zgridsite.conf
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/assets/fts3-server/httpd/conf.d/autoindex.conf b/assets/fts3-server/httpd/conf.d/autoindex.conf
new file mode 100644
index 0000000..a85cf5d
--- /dev/null
+++ b/assets/fts3-server/httpd/conf.d/autoindex.conf
@@ -0,0 +1,94 @@
+#
+# Directives controlling the display of server-generated directory listings.
+#
+# Required modules: mod_authz_core, mod_authz_host,
+#                   mod_autoindex, mod_alias
+#
+# To see the listing of a directory, the Options directive for the
+# directory must include "Indexes", and the directory must not contain
+# a file matching those listed in the DirectoryIndex directive.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing HTMLTable VersionSort
+
+# We include the /icons/ alias for FancyIndexed directory listings.  If
+# you do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "/usr/share/httpd/icons/"
+
+<Directory "/usr/share/httpd/icons">
+    Options Indexes MultiViews FollowSymlinks
+    AllowOverride None
+    Require all granted
+</Directory>
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions.  These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif /core
+AddIcon /icons/bomb.gif */core.*
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes.  These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes. 
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing.  Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
diff --git a/assets/fts3-server/httpd/conf.d/ssl.conf b/assets/fts3-server/httpd/conf.d/ssl.conf
new file mode 100644
index 0000000..fe96202
--- /dev/null
+++ b/assets/fts3-server/httpd/conf.d/ssl.conf
@@ -0,0 +1,217 @@
+#
+# When we also provide SSL we have to listen to the 
+# the HTTPS port in addition.
+#
+Listen 443 https
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout  300
+
+#   Pseudo Random Number Generator (PRNG):
+#   Configure one or more sources to seed the PRNG of the 
+#   SSL library. The seed data should be of good random quality.
+#   WARNING! On some platforms /dev/random blocks if not enough entropy
+#   is available. This means you then cannot use the /dev/random device
+#   because it would lead to very long connection times (as long as
+#   it requires to make more entropy available). But usually those
+#   platforms additionally provide a /dev/urandom device which doesn't
+#   block. So, if available, use this one instead. Read the mod_ssl User
+#   Manual for more details.
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   SSL Protocol support:
+# List the enable protocol levels with which clients will be able to
+# connect.  Disable SSLv2 access by default:
+SSLProtocol all -SSLv2 -SSLv3
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_ssl documentation for a complete list.
+SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
+
+#   Speed-optimized SSL Cipher configuration:
+#   If speed is your main concern (on busy HTTPS servers e.g.),
+#   you might want to force clients to specific, performance
+#   optimized ciphers. In this case, prepend those ciphers
+#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
+#   (as in the example below), most connections will no longer
+#   have perfect forward secrecy - if the server's key is
+#   compromised, captures of past or future traffic must be
+#   considered compromised, too.
+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+#SSLHonorCipherOrder on 
+
+#   Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate.  If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase.  Note that a kill -HUP will prompt again.  A new
+# certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/grid-security/hostcert.pem
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/grid-security/hostkey.pem
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convinience.
+##### SSLCertificateChainFile /etc/grid-security/hostcert.pem
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars
+</Files>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is send or allowed to received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is send and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
+
diff --git a/assets/fts3-server/httpd/conf.d/userdir.conf b/assets/fts3-server/httpd/conf.d/userdir.conf
new file mode 100644
index 0000000..b5d7a49
--- /dev/null
+++ b/assets/fts3-server/httpd/conf.d/userdir.conf
@@ -0,0 +1,36 @@
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+# The path to the end user account 'public_html' directory must be
+# accessible to the webserver userid.  This usually means that ~userid
+# must have permissions of 711, ~userid/public_html must have permissions
+# of 755, and documents contained therein must be world-readable.
+# Otherwise, the client will only receive a "403 Forbidden" message.
+#
+<IfModule mod_userdir.c>
+    #
+    # UserDir is disabled by default since it can confirm the presence
+    # of a username on the system (depending on home directory
+    # permissions).
+    #
+    UserDir disabled
+
+    #
+    # To enable requests to /~user/ to serve the user's public_html
+    # directory, remove the "UserDir disabled" line above, and uncomment
+    # the following line instead:
+    # 
+    #UserDir public_html
+</IfModule>
+
+#
+# Control access to UserDir directories.  The following is an example
+# for a site where these directories are restricted to read-only.
+#
+<Directory "/home/*/public_html">
+    AllowOverride FileInfo AuthConfig Limit Indexes
+    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+    Require method GET POST OPTIONS
+</Directory>
+
diff --git a/assets/fts3-server/httpd/conf.d/welcome.conf b/assets/fts3-server/httpd/conf.d/welcome.conf
new file mode 100644
index 0000000..c1b6c11
--- /dev/null
+++ b/assets/fts3-server/httpd/conf.d/welcome.conf
@@ -0,0 +1,22 @@
+# 
+# This configuration file enables the default "Welcome" page if there
+# is no default index page present for the root URL.  To disable the
+# Welcome page, comment out all the lines below. 
+#
+# NOTE: if this file is removed, it will be restored on upgrades.
+#
+<LocationMatch "^/+$">
+    Options -Indexes
+    ErrorDocument 403 /.noindex.html
+</LocationMatch>
+
+<Directory /usr/share/httpd/noindex>
+    AllowOverride None
+    Require all granted
+</Directory>
+
+Alias /.noindex.html /usr/share/httpd/noindex/index.html
+Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
+Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
+Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
+Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/assets/fts3-server/httpd/conf.d/zgridsite.conf b/assets/fts3-server/httpd/conf.d/zgridsite.conf
new file mode 100644
index 0000000..a777a57
--- /dev/null
+++ b/assets/fts3-server/httpd/conf.d/zgridsite.conf
@@ -0,0 +1,111 @@
+#
+# This is the Apache server configuration file providing GridSite support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection with access controls enabled
+# via .gacl files. 
+
+# In order to benefit from GridSite it is nescesary to optinally autheticate
+# clients to this web server:
+# Within mod_ssl's configuration for <VirtualHost _default_:443>
+# you should have at least the following parameters set. The mod_ssl
+# file cotains more detailed comments about these settings.
+## 1. Location of  web server certificate file.
+## SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+## or
+## SSLCertificateFile /etc/grid-security/hostcert.pem
+## 2. Location of web server key file.
+## SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+## or
+## SSLCertificateKeyFile /etc/grid-security/hostkey.pem
+## 3. Location of certificate authorities which the server should trust.
+## SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+## or 
+## SSLCACertificatePath /etc/pki/tls/certs/
+## or
+## SSLCACertificatePath /etc/grid-security/cetificates
+##4. You must at least optionally authenticate clients.
+## SSLVerifyClient optional
+## SSLVerifyDepth  10
+
+
+
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+<IfModule !gridsite_module>
+  LoadModule gridsite_module modules/mod_gridsite.so
+</IfModule>
+# LoadModule gridsite_module modules/mod_gridsite.so
+
+ScriptAlias /gridsite-cgi-bin/real-gridsite-admin.cgi "/usr/libexec/gridsite/cgi-bin/real-gridsite-admin.cgi"
+
+
+#Location of authentication cookies and SSL session credentials directory, relative to ServerRoot.  Used  by  GridHTTP  to
+#record  the  credentials obtained via HTTPS, and available to the corresponding HTTP request or subsequent HTTPS requests
+#following a session restart.  (Default: /var/www/sessions)
+GridSiteSessionsDir  /var/cache/mod_gridsite
+
+## This is the path of directories (and all their subdirectories) for
+## GACL to search when it encounters a dn-list credential. The DN List
+## files are plain text, one DN per line, and must have the full url
+## as the file name, but URL Encoded - eg with urlencode(1)
+# GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/html/dn-lists/
+GridSiteDNlists /etc/grid-security/dn-lists/
+
+## This is used to form the URL at which DN Lists "owned" by this 
+## server are exported. https://FULL.SERVER.NAME/dn-lists/file
+GridSiteDNlistsURI     /gridsite/dn-lists/
+
+## These directives (and the ScriptAlias above) allow authorized
+## people to manage files, ACLs and DN Lists through their web
+## browsers via HTTPS. The value of GridSiteAdminFile appears to
+## exist in every directory, but is internally redirected by
+## mod_gridsite to the value of GridSiteAdminURI (the ScriptAlias
+## then maps that onto the real-gridsite-admin.cgi executable.)
+GridSiteAdminFile gridsite-admin.cgi 
+GridSiteAdminUri /gridsite-cgi-bin/real-gridsite-admin.cgi 
+
+
+Alias /gridsite "/var/lib/gridsite"
+
+
+<Directory "/var/lib/gridsite/">
+  SSLOptions              +ExportCertData +StdEnvVars  
+  ## This sets up GACL authorization for this server
+  GridSiteAuth on
+  
+  ## This exports various bits of info into the CGI environment 
+  ## variables (and is needed for gridsite-admin.cgi to work.)
+  GridSiteEnvs           on
+
+  ## Nice GridSite directory listings 
+  GridSiteIndexes        on
+
+  ## If this is on, GridSite will look for gridsitehead.txt and
+  ## gridsitefoot.txt in the current directory or its parents, and
+  ## use them to replace the <body> and </body> tags in .html files.
+  GridSiteHtmlFormat     on
+
+  ## Set the filenames to be used for as standard headers and footers for HTML pages. If the file 
+  ## name begins with "/" then this is used as the absolute path to that file to be used. 
+  ## Otherwise, for each HTML page, the directory of that page is tried first, and then parent 
+  ## directories in ascending order until a header / footer file is found. Header files are inserted 
+  ## in place of HTML <body[ ...]> tags; footer files in place of </body>. (These standard files 
+  ## should each include the appropriate body tag as a replacement.) (Defaults: GridSiteHeadFile 
+  ## gridsitehead.txt, GridSiteFootFile gridsitefoot.txt)
+  # GridSiteHeadFile gridsitehead.txt
+  # GridSiteFootFile gridsitefoot.txt
+
+  ## If this is greater than zero, we will accept GSI Proxies for clients
+  ## (full client certificates - eg inside web browsers - are always ok)
+  GridSiteGSIProxyLimit 9
+
+  ## This directive allows authorized people to write/delete files 
+  ## from non-browser clients - eg with htcp(1)
+  GridSiteMethods        GET PUT DELETE MOVE POST
+
+</Directory>
+
+
diff --git a/assets/fts3/fts-msg-monitoring.conf b/assets/fts3/fts-msg-monitoring.conf
new file mode 100644
index 0000000..9ac651f
--- /dev/null
+++ b/assets/fts3/fts-msg-monitoring.conf
@@ -0,0 +1 @@
+ACTIVE=false
diff --git a/assets/fts3/fts3config b/assets/fts3/fts3config
index 3c1ddcd..046a71f 100644
--- a/assets/fts3/fts3config
+++ b/assets/fts3/fts3config
@@ -1,18 +1,41 @@
+Port=8443
+IP=127.0.0.1
+User=root
+Group=root
+
 Alias=fts
-SiteName=DOCKER
+SiteName=FTS3-CNAF
+MonitoringMessaging=true
+Profiling=0
 
 AuthorizedVO=*
 
 DbType=mysql
 DbUserName=fts
 DbPassword=fts
-DbConnectString=ftsdb/fts
+#DbConnectString=ftsdb/fts
+# DbConnectString=<host>:<port>/<database>
+DbConnectString=vm-131-154-97-13.cloud.cnaf.infn.it:3306/fts
+
+#DbThreadsNum=25
+#Infosys=false
+#InfoProviders=glue1
+
 
 LogLevel=DEBUG
 
-MinRequiredFreeRAM = 16
-MaxUrlCopyProcesses = 4
+TransferLogDirectory=/var/log/fts3/transfers
+ServerLogDirectory=/var/log/fts3
+
+CheckStalledTransfers = true
+MinRequiredFreeRAM = 50
+MaxUrlCopyProcesses = 400
+#HeartBeatInterval=60
+#HeartBeatGraceInterval=120
+OptimizerInterval = 60
 
 [roles]
 Public = all:transfer;all:config;all:datamanagement
+lcgadmin = vo:transfer
+production = all:config
 
diff --git a/assets/fts3/fts3rest.ini b/assets/fts3/fts3rest.ini
index eed7baf..e839cc9 100644
--- a/assets/fts3/fts3rest.ini
+++ b/assets/fts3/fts3rest.ini
@@ -31,17 +31,18 @@ fts3.config = /etc/fts3/fts3config
 # SQLAlchemy database URL
 # If fts3.config is specified, the database connection string will be picked
 # up from there
-sqlalchemy.url = mysql://fts:fts@ftsdb/fts
+sqlalchemy.url = mysql://fts:fts@vm-131-154-97-13.cloud.cnaf.infn.it/fts
+#sqlalchemy.url = mysql://fts:fts@ftsdb/fts
 
 # SQLAlchemy pool size.
-# sqlalchemy.pool_size=32
+sqlalchemy.pool_size=64
 # SQLAlchemy pool timeout. It is recommended to leave some not very high value
-sqlalchemy.pool_timeout=10
+sqlalchemy.pool_timeout=20
 
 # WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*
 # Debug mode will enable the interactive debugging tool, allowing ANYONE to
 # execute malicious code after an exception is raised.
-#set debug = false
+set debug = false
 
 
 # Logging configuration
@@ -65,12 +66,12 @@ qualname = routes.middleware
 # "level = DEBUG" logs the route matched and routing variables.
 
 [logger_fts3rest]
-level = INFO
+level = DEBUG
 handlers =
 qualname = fts3rest
 
 [logger_sqlalchemy]
-level = WARN
+level = DEBUG
 handlers =
 qualname = sqlalchemy.engine
 # "level = INFO" logs SQL queries.
diff --git a/assets/log/fts3/fts3bringonline.log b/assets/log/fts3/fts3bringonline.log
new file mode 100644
index 0000000..e69de29
diff --git a/assets/log/fts3/fts3server.log b/assets/log/fts3/fts3server.log
new file mode 100644
index 0000000..e69de29
diff --git a/assets/log/fts3/fts_bringonline_stderr.log b/assets/log/fts3/fts_bringonline_stderr.log
new file mode 100644
index 0000000..e69de29
diff --git a/assets/log/fts3/fts_bringonline_stdout.log b/assets/log/fts3/fts_bringonline_stdout.log
new file mode 100644
index 0000000..e69de29
diff --git a/assets/log/fts3/fts_server_stderr.log b/assets/log/fts3/fts_server_stderr.log
new file mode 100644
index 0000000..e69de29
diff --git a/assets/log/fts3/fts_server_stdout.log b/assets/log/fts3/fts_server_stdout.log
new file mode 100644
index 0000000..e69de29
diff --git a/assets/log/fts3/msg.log b/assets/log/fts3/msg.log
new file mode 100644
index 0000000..e69de29
diff --git a/assets/mysql/fts-database-upgrade.py b/assets/mysql/fts-database-upgrade.py
new file mode 100644
index 0000000..cd27f74
--- /dev/null
+++ b/assets/mysql/fts-database-upgrade.py
@@ -0,0 +1,285 @@
+#!/usr/bin/env python
+#
+#   Copyright notice:
+#   Copyright CERN, 2016.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+
+import logging
+import os
+import subprocess
+import sys
+from distutils.util import strtobool
+from optparse import OptionParser
+from pkg_resources import parse_version
+from sqlalchemy import create_engine
+from sqlalchemy.exc import ProgrammingError
+from tempfile import NamedTemporaryFile
+from urlparse import urlparse
+
+from fts3.util.config import fts3_config_load
+
+log = logging.getLogger(__name__)
+
+
+def infer_sql_location(config):
+    """
+    Depending on the database configuration, guess where the sql scripts are
+    located
+    :param config: FTS3 config file parsed
+    :return: The inferred SQL script location
+    """
+    base = '/usr/share'
+    if config['fts3.DbType'] not in ['mysql']:
+        raise NotImplementedError('Database type %s not supported', config['fts3.DbType'])
+    return os.path.join(base, 'fts-%s' % config['fts3.DbType'])
+
+
+def connect_database(config):
+    """
+    Connect to the database
+    :param config: FTS3 config file parsed
+    :return: A database connection
+    """
+    log.debug('Connecting to the database')
+    engine = create_engine(config['sqlalchemy.url'])
+    conn = engine.connect()
+    log.debug('Connected')
+    return conn
+
+
+def get_schema_version(conn):
+    """
+    Get the schema version
+    :param conn: Database connection
+    :return: Schema version, None if not found
+    """
+    try:
+        result = conn.execute(
+            'SELECT major, minor, patch FROM t_schema_vers ORDER BY major DESC, minor DESC, patch DESC')
+        row = result.fetchone()
+        if row is None:
+            raise Exception('t_schema_vers exits but is empty!')
+        return parse_version("%(major)d.%(minor)d.%(patch)d" % row)
+    except ProgrammingError:
+        return None
+
+
+def get_running_services(conn):
+    """
+    Return a list of tuples (host, service) of services that are still alive
+    :param conn: Database connection
+    :return: List of tuples
+    """
+    result = conn.execute(
+        'SELECT hostname, service_name FROM t_hosts WHERE beat >= UTC_TIMESTAMP() - INTERVAL 2 MINUTE'
+    )
+    services = []
+    for row in result.fetchall():
+        services.append((row['hostname'], row['service_name']))
+    return services
+
+def ask_confirmation(question):
+    """
+    Ask a yes/no question
+    :param question: The question
+    :return: True if accepted, False if not
+    """
+    print "%s [Y/N]" % question
+    return strtobool(raw_input().lower())
+
+
+def get_full_schema_path(sql_location):
+    """
+    Find the full schema with the higher version under sql_location
+    :param sql_location: Location of the SQL scripts
+    :return: The path to the full schema script with the highest version
+    """
+    full_schemas = []
+    for sql in os.listdir(sql_location):
+        if sql.endswith('.sql') and sql.startswith('fts-schema'):
+            path = os.path.join(sql_location, sql)
+            version = parse_version(sql[:-4].split('-')[2])
+            log.debug('Found schema %s with version %s', path, version)
+            full_schemas.append((version, path))
+    if len(full_schemas) == 0:
+        raise RuntimeError('Could not find a valid schema')
+    highest = sorted(full_schemas, reverse=True)[0]
+    log.debug('Highest schema: %s' % highest[1])
+    return highest[1]
+
+
+def get_upgrade_scripts(current_version, sql_location):
+    """
+    Look for upgrade scripts
+    :param current_version: Version running now
+    :param sql_location: Where to look for the SQL scripts
+    :return: A list with upgrade scripts that must run
+    """
+    upgrades = []
+    for sql in os.listdir(sql_location):
+        if sql.endswith('.sql') and sql.startswith('fts-diff'):
+            path = os.path.join(sql_location, sql)
+            version = parse_version(sql[:-4].split('-')[2])
+            log.debug('Found schema %s with version %s', path, version)
+            if version > current_version:
+                log.debug('Mark to upgrade')
+                upgrades.append((version, path))
+    return [path for (version, path) in sorted(upgrades)]
+
+
+def run_sql_script_mysql(config, sql):
+    """
+    Run a SQL script
+    :param config: FTS3 config file parsed
+    :param sql: The SQL script
+    """
+    parsed = urlparse('mysql://' + config['fts3.DbConnectString'])
+
+    creds = NamedTemporaryFile(delete=True)
+    print >> creds, """
+[client]
+user=%(fts3.DbUserName)s
+password=%(fts3.DbPassword)s
+""" % config
+    creds.flush()
+
+    cmd = [
+        'mysql',
+        '--defaults-extra-file=%s' % creds.name,
+        '-h', parsed.hostname,
+        '-v'
+    ]
+    if parsed.port:
+        cmd.extend(['-P', str(parsed.port)])
+    cmd.append(parsed.path[1:])
+
+    log.debug('Running %s < %s', ' '.join(cmd), sql)
+
+    sql_fd = open(sql)
+    ret = subprocess.call(cmd, stdout=sys.stdout, stderr=sys.stderr, stdin=sql_fd)
+    if ret != 0:
+        raise Exception('Failed to run mysql (%d)' % ret)
+
+
+def run_sql_script(config, sql):
+    """
+    Run a SQL script
+    :param config: FTS3 config file parsed
+    :param sql: The SQL script
+    """
+    log.info('Running %s' % sql)
+    run_sql_script_mysql(config, sql)
+
+def populate_schema(config, sql_location):
+    """
+    Create the schema from scratch
+    :param config: FTS3 config file parsed
+    :param sql_location: Location of the SQL scripts
+    """
+    log.warning('The schema does not seem to be created')
+    if not ask_confirmation('Do you want to create the schema now?'):
+        log.error('Abort')
+        return
+
+    schema = get_full_schema_path(sql_location)
+    run_sql_script(config, schema)
+
+    current_version = get_schema_version(connect_database(config))
+    log.info('Running upgrade scripts')
+    upgrade_schema(connect_database(config), config, current_version, sql_location)
+
+
+def upgrade_schema(conn, config, current_version, sql_location):
+    """
+    Run the upgrade scripts if needed
+    :param conn: Database connection
+    :param config: FTS3 config file parsed
+    :param current_version: Version present in the database
+    :param sql_location: Location of the SQL scripts
+    """
+    log.info('Current schema version is %s', current_version)
+
+    running_services = get_running_services(conn)
+    if len(running_services) > 0:
+        log.warning('There are services still running')
+        for service in running_services:
+            log.warning("%s: %s" % service)
+        if not ask_confirmation('Do you want to continue anyway?'):
+            log.error('Abort')
+            return
+
+    upgrade_scripts = get_upgrade_scripts(current_version, sql_location)
+    if len(upgrade_scripts) == 0:
+        log.info('No upgrades pending')
+        return
+
+    log.warning('%d upgrade scripts found' % len(upgrade_scripts))
+    for sql in upgrade_scripts:
+        log.warning(sql)
+
+    if not ask_confirmation('Do you want to run the upgrade scripts?'):
+        log.error('Abort')
+        return
+
+    for sql in upgrade_scripts:
+        run_sql_script(config, sql)
+
+
+def prepare_schema(config, sql_location):
+    """
+    Run the upgrade scripts
+    :param config: FTS3 config file parsed
+    :param sql_location: SQL scripts location
+    :return:
+    """
+    db_type = config['fts3.DbType']
+    log.info('Database type: %s' % db_type)
+    log.info('SQL Scripts location: %s' % sql_location)
+    log.info('Database: %s' % config['fts3.DbConnectString'])
+    log.info('User: %s' % config['fts3.DbUserName'])
+
+    conn = connect_database(config)
+
+    current_version = get_schema_version(conn)
+    if current_version is None:
+        populate_schema(config, sql_location)
+    else:
+        upgrade_schema(conn, config, current_version, sql_location)
+
+
+if __name__ == '__main__':
+    optparser = OptionParser(description='Run database upgrade scripts')
+    optparser.add_option('-f', '--config-file', default='/etc/fts3/fts3config', help='Configuration file')
+    optparser.add_option('-v', '--verbose', default=False, action='store_true', help='Verbose mode')
+    optparser.add_option('-d', '--sql-location', default=None, help='SQL scripts location')
+    opts, args = optparser.parse_args()
+    if len(args) > 0:
+        optparser.error('No arguments are expected')
+
+    log_handler = logging.StreamHandler(sys.stderr)
+    log_handler.setFormatter(logging.Formatter('[%(levelname)7s] %(message)s'))
+    if opts.verbose:
+        log_handler.setLevel(logging.DEBUG)
+    else:
+        log_handler.setLevel(logging.INFO)
+    log.addHandler(log_handler)
+    log.setLevel(logging.DEBUG)
+
+    config = fts3_config_load(opts.config_file)
+
+    if opts.sql_location is None:
+        opts.sql_location = infer_sql_location(config)
+
+    prepare_schema(config, opts.sql_location)
diff --git a/assets/mysql/fts-database-upgrade.pyc b/assets/mysql/fts-database-upgrade.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..3323eb76c8c9b3445e6f93e43db8f4bf76e242b6
GIT binary patch
literal 9692
zcmcgy-)|h(b-uH^BDs_({*oxumaUO&MoULaCUz3HL~KXq4@<2?DYLXy(`FaLox9{N
zXJ?jkXH6275Fjqlpa_Bjee6@;3$%GE+P4-3`jWi$p?^dI6zFS!^!v`8*&nPM$9$-0
z4)5IGbME=hch0#k{`b`6!}WiuH&phojK4p?ulZ>~sQ~{uDpYE>Uv|{4lh+s2ZXquh
z)oxMB1r?T5=aSmJq#TYfs&Gto#?|h)eJ`nSLUqb&w`|`psc=$tF00+k_I*r+S5#+8
z?M~VEaTQ)wooTf@ZQmzUIHNi<YInxImsL2cI&*4wPB~hs_Po;9)EC(1brnpiKgZq|
zRB%}eH&k#%3NNW(N(zfAxGII0RWL1uS5z<~g_|mvmBOnkn3KY5DwvnTEfrjof~$h-
zQn<}Ug9UX|P{~gUdRzrq>m~Jta(3@1eMhxlR{_?-DwrQLW6syq7lne8wP8lg^@`GO
zsNl8=?nsZ<(W996K*N%ZhV(J|8~xEJDfJnS;;!1QD7~z7g`XeXRYxV2{D+KxQw37#
zL`qRc-&DG&+V@0ERi&${y(0CiDp+PE{&VzQ)&7=BUMjHp+tU1&G(<Bp!dAU)`(9V=
z@32+|;$^tMo>QFbyKLP3o|NCAS{+TOq*u@jN`H?{=u>}3af1+M-tCKm;-1mFR(TUz
z+4?R1ZC4x=Q);S7lQiCs<Iq-JLDiFP+KQv6eqwZDYo}1#<$L{eoftF@svC*+Q(f25
zK`YX>dIr6pCh<YycRH=;U^7YLY@Ru^Z2KJ@?C4H6PW<F-s}*LWCeYSPLRn@oPct=d
z*Bf!vY#r3Y*bf@qIB=yd;ddRs=0iO2buS$C9EE~f493*axJvG+6z`?H7IOHpL*b;3
zY8O<ysGj49FXhb(Xs=bqIpIIzG3nyphVJSpz!$i2<fez(4gA#K_l<V#hI)xlLEUo?
zdfFKG<WMJC`kCX<HI1azO^xd(S|$tQ2ILe-c?}=wcd}X5+^wD3+u4iTggji4LDn_V
zX)lS^+#Rgnikdn}bl}#0_$XVzm3grXnb=HX@2fqNteQhCY%b%K5?tBX-#P2*ltSyA
zVSDB^ls59uNzvvm88?bk*YvtL8SK=I*}>H%Bgf(KfGQ<C(s?|#<Md&t8|sdZ&{@tn
z<+;QrWuLB}9!jAdx1tIgQqE@uCk+&21yxEO<{KytcD{;T^S7FdyxQwRp8~zoJxi%Y
zB8ob`1X=;XLI7`|)^Lw%e9W0~793HPBHsBcs<MUxl%kD;w+O|KGo=B1s6o(;BCWxT
zLf#Rtfbw%{2fxe2c!;dm<0#UN)J@|N-MH`p-ycygPTfD%m-zv9Icnp%70p%d>p1ko
z#-Z+<tpG%V>}-S%?4eN#VSFGu5a|8hfybJZDvwj)dKFf9#JZf7g|wU%J6!CnXbZCG
z>-kxJ8+D?oYHSK8b;X$)oK+vzK02K};PJEt--83f(a8bfOaO1%z&}(en6to>$}nCc
zYofyfs%p=oIaR`UA5E&{GvzoAhSmOrj|!JFPzigaA8H&YaAqh--_2~@xf2Bz`@qS*
zEI+8V9IUmG3GTVuaRl@>1z^p%7g=nZPq1)p^U>z|j@$9uadOXvz2qODr*Y_Rc~2g@
zY2EHdEU){-+t~En4?eN|-HpxKdNwF4+mWm{w=w(ZXnop(McVJBZp*l^!0Fj-^D25R
zRb=_)U<D=aKuR*za<E+?a79n_sc!UAof2hDjV<D{L_hd_qH~+44K3{95%L}pW3}o!
z=io%JO1&_}d7&7eTuiBG01ouXx8VrhL#<(x8Y?<uP8o`I#hG^Ia`ob7`s($^csZwA
z2clJ{t6~L2$u{<Gs~4h2V2tOYVvGD!REtf~Hs|<`dN!~Pe~n2+TRbt^uJ48|le%%!
zO?xnv#;qK}Jl=D`tDm<TdYLU**+B99lx*Rev=xS~AGSWX%rRh#-$(TxjjSlUF`r>y
znVxY25g53?i8|kMRb#7hpFP<0Hr;*jy8GU{?ngW8^__>0H)}ihA3v=uyH)q$_RgmF
z@%=~cTkhkB+aK+0ibCWwr*t8*uae2F0^C6DKymyq6m9Ukq*yUf9#zD9CGVEY#k+}`
zi>b*qjHH?*y(og+tmjicLA~KF)fm*IFy_oVx2y%qor`t$;KJYuXvxBd4`3tUIKc2g
z6Y!*25mqxD^b#rGH%B<|Gi_F**gb|v(6`^&0p@j<%kwvDU2?;*lk~(;_zmJn2lw19
zKZL_!ZHGNgq7P*K=_jk(dseonu+CiKpVV7Xx0i~Q595>Ef#aBb#fu4(hTJzt))z}U
zLb-dWGlZ2ID_a2);rtZ={u%{>%2B6(mC-4L3DIrr{fG<;;6R#|ijxI-&CNJoNz^6P
z77q<Q;hzDDP#Tm0K(~zup~T7H!!6>^ixSnVT~=`afYIk@D}uK{=#zXwRSww&b-bXS
zrI(3wjvtqp<DV52H<(~e#vxPUA(mBo6_pOUExx#vuYox)F(z6h!8lpDRuR?zcYL;-
z)K)7Bgio4106HU;lU8~tm4~eZIE*>TxF7|*4LdYeGpwsPT)*Z%%3L0?Ea0nwJ7~_S
z6B_A><u1eUMy!MCj_wE6YMAxpa96On&^7%r`xUL<Acz1Sl&ZF9=*=xWwn%LGXF@?`
z=4>{2mo0QrLO1JiFAOXfQbHhF7`uF=5KW>vPKz~vKsjMwcI7qB#Dy!<czE=8Wdsdv
z&`QL@z@iu~p0d@Xev-<oM{n5U5eYd7L`*kqrQR&-$Q+(<W)Y<jZmo3fMQN*}t$$0+
zHsTx$>k+J$9Oc}Hd{G%nVQ1uRgzq3n*@J926O5Ea6-;_DVCGhCXt_Gi9LQ7VB|K>5
z7M$0d>&~mNbT5Mtr}2K>Y4GGm0Q;Y)$XM|2a=;2kHunBTh!7#~FktcerGSOegxd_j
z0+WKqF9mELOy~lDUb27{ydNR%{&|kIabl7lIFXFzQXk1bCz1(fY?^o$PTts?V=xb_
zVtI7_(}FtwS6FMBK=W^S2t*#m@sZn%6E}-1pk5NM4TG-HL$DR4dCa@!er$tZHzO3N
z@X2uhQII~f;b4piEnAAN<^KuQ`_@+w(45<obqzW_fB-AYiUVNsvm{VzHJbuUk81RL
zqtXyYkNxC`CL&u`%$PvSdlRkRH~F~7$0&llD(gnU<9!Qt78IQMoCv+QP$wA8mNMRV
zIET#pU5>=>*AEC8kCN!KNdY=J%RfW4Av_on4iLb2<5jEu<7lG*g{~%GRzNzI@|j4u
z0li}&2#x^rkoO&WgGE&W^Uy6QJp3cP*@)2r4_WE~Yb}5+sIaJ-PzP2M@j9lGA5$gC
zUEq}o=`%+4J`mMqqK3_7X_#d8?G|+(y4?mjU1svF4O$Z3BYT12z)qIONKVtLJ;UZ;
zN~N=^J;&S}3-ip)5n)d81<*Fe4Bb&tB_$_C(ruPCBr;2U$ko*<6sZaD5Owo<5zO>J
zcZaneF%Xh7Uy;S=vzT>$&dnrYyW}O-R#)Z3pwUcPtlPk}mL~Au#9<6{s8elzz@2^C
z2wTAC-eeD+-MdSbY|uw|W0GmvOm=-^PU0jOG(OF0&?pHFv5?hjpqoCz5>wTuY2sIz
zg?V?$7+T2cq5bo@{qt1VM_>b~(640X<okFCAG)$ja8V2=O!y)NuP2slz)+E;LE7al
zAFIGYh>2=fKHse@1<TtN@q{_pW4z)qUX}@(Vb9pC3Y~V3IUFG(CTwIe>>lK2$tF#N
z%`CPCASG4FpctOFWys!sH;EfaVM%?1zBwt-oEh(3{Ph@EdCWmbeoPVs0$W+q=Bi|S
zNCgI#=^CBDempp_Y4-yU_hR5CfFU5s^;lrnMOHsUy}5&j8oO4Qc1op5XR=syCK33R
z3uSop*9tcaSDd>D0)^>#mi#QiI>!O)HWLK=h#P0KK|~XBrZ50C@vi^>P(XKOpi|q{
zx97>pxgg^ed)s)ExMOe%7nAB$Of)Lhe?U#<%+FehjRed;;y!YTiBW<lAXdw~DGd@A
zvw?{f>^QSZu%AONyaTm>%VWa;bf!y>Nhj#V%cL-ic{4h}x^kM5om6PW`~({j`?D^Y
zXYr*o-@2K^9TGXSCl@zS{fy#QJKB=9WM($oKoBFymn^E*9U^-lxnkL7V3x4&jo3Yl
zd+v!JN#4*l4SxYViuVOe_xFM6ZNsQJSBZ08K}FO>)Ppp3;wLml-d&Vs23Vaq@!sJC
zPx)Y?$6Mfo@h@lt>2{k_&74#lg){wUX<Dq8B(l6eK;^~sj7~r|?)E}n5?Cqy6RNU2
z&6FhnN`UE9LGm<Ixe5I8uK@LROUfBgp>Keu#VNH1{-q7|K+y%ct$88(B<Vlu)9EeJ
z;l|z#`h(Oow1}@MfIt2KaUeKabkEqK;6`C&27I*$f)Xar{8=b3){}OwhpVc;mszpA
zM2<2jTLzk(_m#y?U*X7&y?OOwJlo21>)Iaw(r#mt5HOCz2}ZUtIuvdL9Bd4QD2^wb
zXWVFo9+deN9(}&1w|P!wB#oeT@V~Aheph12Quo(j`Ex$sz-{g#_Xp0wHHN5so(>*H
z>Zl9-RdKGQXx6Qlo<lGXIFaGZV@?-h0Z5Trlk}QRzL_k~1|vw^$Zf}xVR$LQ?0KZd
z2m>SJX8h>v#6NrA`yuAsHufSU7qfA*`yz2FmV&%Kk1Y^yAVM}o=(*{!2@%P;^LoF+
z8#?P@6SUsze5~-{@xhtA8Xvsb5SUAtV^e8@WFptXnF*ZiWBZvfC^yu`3IxvMutg9L
zT4?@4!1s1A+b=jfLkKl71B?^lQwTiifRBT+`CcmAz;l)s0A*YRkf!PN^fR@8ix*G<
z-15c2t&Aj(ENNR#5~3Kc5D%TXq2WsSzL*J_99xN5Bp*c<!UTv}#ir1Ko{)=$zs$+Y
z`UKH@7SEEJEW?qSCV)S=O8pCL^>^WKSku1-phiJ4@SV-*<zIgLAgi3e`ZFYo{=Ee+
z{6y91hjPMNc3YWWrb#1R#e9fVTtmf|dFJB3)9sdC)T48*__p;Nxd&k%%R|CQi>&*Y
z4{D5D$XMS-LPhFluwUnXtx{i{iAZ>`Krm-H5&aixviNY)nZ?g_=X&7^RPl;4Q;;aN
zUhnv=s9r|^hJ9%3e&VV@3=epDaAkK6xi(g48e*_owP!6+g&;1EHYm?k+@tWO^KE(9
zp5pHv>aZ&`xh?@#cG)Z!#CbqMrK?t9@%Ce*#o_kl)-X$a#rV<`IV#C@BX_}GZYRcf
z5M<RrE)J_zs8=;VcM->zX_yULcv#yp%;-Un_r699sy^-F@(`~7O|*WxR0)y13mKp+
zzhm}X+$bTk@DC7<Rd{$J0Ng|3e-}8gIfgCNdJovdBMOkn>){5(tnf)QXA=f-H<eJs
zgF~QF%C&oRPzR&Ly#%p~P3h4k!slc+q4t84lMd=u^l3w`rR025T!JyyvvC$3o|I-%
zw3o}T*z@qHhH}4!EW;!0UE4%sUG6vPb!(xi_d|*;w)!sX#0L`#z0Ftg#`+rXeVWgm
ze_<lW=LbO@HBdJ3=Hwc{qx_{+L{Y~%*q99+ZGknGAV>=$CIrvg?>z9MAk>M(a-z*R
zg8HGYlx!swXe(x3KgGvUu?BDa`drEAoT2L@p0R9fWAlTLJ`{z0xV`lx-+H#3tYl?a
z7diL6%K@oK>FZqoa|_>x8uvo|o}?)#OM+H_iwoucPhqAoT`W)GXSRH`JXyY0o-f}i
jm+^d~yuiD`o6a5l&f#YU{^tTh$N9nxm<Z#@Plf*hB*)n>

literal 0
HcmV?d00001

diff --git a/assets/mysql/fts-database-upgrade.pyo b/assets/mysql/fts-database-upgrade.pyo
new file mode 100644
index 0000000000000000000000000000000000000000..3323eb76c8c9b3445e6f93e43db8f4bf76e242b6
GIT binary patch
literal 9692
zcmcgy-)|h(b-uH^BDs_({*oxumaUO&MoULaCUz3HL~KXq4@<2?DYLXy(`FaLox9{N
zXJ?jkXH6275Fjqlpa_Bjee6@;3$%GE+P4-3`jWi$p?^dI6zFS!^!v`8*&nPM$9$-0
z4)5IGbME=hch0#k{`b`6!}WiuH&phojK4p?ulZ>~sQ~{uDpYE>Uv|{4lh+s2ZXquh
z)oxMB1r?T5=aSmJq#TYfs&Gto#?|h)eJ`nSLUqb&w`|`psc=$tF00+k_I*r+S5#+8
z?M~VEaTQ)wooTf@ZQmzUIHNi<YInxImsL2cI&*4wPB~hs_Po;9)EC(1brnpiKgZq|
zRB%}eH&k#%3NNW(N(zfAxGII0RWL1uS5z<~g_|mvmBOnkn3KY5DwvnTEfrjof~$h-
zQn<}Ug9UX|P{~gUdRzrq>m~Jta(3@1eMhxlR{_?-DwrQLW6syq7lne8wP8lg^@`GO
zsNl8=?nsZ<(W996K*N%ZhV(J|8~xEJDfJnS;;!1QD7~z7g`XeXRYxV2{D+KxQw37#
zL`qRc-&DG&+V@0ERi&${y(0CiDp+PE{&VzQ)&7=BUMjHp+tU1&G(<Bp!dAU)`(9V=
z@32+|;$^tMo>QFbyKLP3o|NCAS{+TOq*u@jN`H?{=u>}3af1+M-tCKm;-1mFR(TUz
z+4?R1ZC4x=Q);S7lQiCs<Iq-JLDiFP+KQv6eqwZDYo}1#<$L{eoftF@svC*+Q(f25
zK`YX>dIr6pCh<YycRH=;U^7YLY@Ru^Z2KJ@?C4H6PW<F-s}*LWCeYSPLRn@oPct=d
z*Bf!vY#r3Y*bf@qIB=yd;ddRs=0iO2buS$C9EE~f493*axJvG+6z`?H7IOHpL*b;3
zY8O<ysGj49FXhb(Xs=bqIpIIzG3nyphVJSpz!$i2<fez(4gA#K_l<V#hI)xlLEUo?
zdfFKG<WMJC`kCX<HI1azO^xd(S|$tQ2ILe-c?}=wcd}X5+^wD3+u4iTggji4LDn_V
zX)lS^+#Rgnikdn}bl}#0_$XVzm3grXnb=HX@2fqNteQhCY%b%K5?tBX-#P2*ltSyA
zVSDB^ls59uNzvvm88?bk*YvtL8SK=I*}>H%Bgf(KfGQ<C(s?|#<Md&t8|sdZ&{@tn
z<+;QrWuLB}9!jAdx1tIgQqE@uCk+&21yxEO<{KytcD{;T^S7FdyxQwRp8~zoJxi%Y
zB8ob`1X=;XLI7`|)^Lw%e9W0~793HPBHsBcs<MUxl%kD;w+O|KGo=B1s6o(;BCWxT
zLf#Rtfbw%{2fxe2c!;dm<0#UN)J@|N-MH`p-ycygPTfD%m-zv9Icnp%70p%d>p1ko
z#-Z+<tpG%V>}-S%?4eN#VSFGu5a|8hfybJZDvwj)dKFf9#JZf7g|wU%J6!CnXbZCG
z>-kxJ8+D?oYHSK8b;X$)oK+vzK02K};PJEt--83f(a8bfOaO1%z&}(en6to>$}nCc
zYofyfs%p=oIaR`UA5E&{GvzoAhSmOrj|!JFPzigaA8H&YaAqh--_2~@xf2Bz`@qS*
zEI+8V9IUmG3GTVuaRl@>1z^p%7g=nZPq1)p^U>z|j@$9uadOXvz2qODr*Y_Rc~2g@
zY2EHdEU){-+t~En4?eN|-HpxKdNwF4+mWm{w=w(ZXnop(McVJBZp*l^!0Fj-^D25R
zRb=_)U<D=aKuR*za<E+?a79n_sc!UAof2hDjV<D{L_hd_qH~+44K3{95%L}pW3}o!
z=io%JO1&_}d7&7eTuiBG01ouXx8VrhL#<(x8Y?<uP8o`I#hG^Ia`ob7`s($^csZwA
z2clJ{t6~L2$u{<Gs~4h2V2tOYVvGD!REtf~Hs|<`dN!~Pe~n2+TRbt^uJ48|le%%!
zO?xnv#;qK}Jl=D`tDm<TdYLU**+B99lx*Rev=xS~AGSWX%rRh#-$(TxjjSlUF`r>y
znVxY25g53?i8|kMRb#7hpFP<0Hr;*jy8GU{?ngW8^__>0H)}ihA3v=uyH)q$_RgmF
z@%=~cTkhkB+aK+0ibCWwr*t8*uae2F0^C6DKymyq6m9Ukq*yUf9#zD9CGVEY#k+}`
zi>b*qjHH?*y(og+tmjicLA~KF)fm*IFy_oVx2y%qor`t$;KJYuXvxBd4`3tUIKc2g
z6Y!*25mqxD^b#rGH%B<|Gi_F**gb|v(6`^&0p@j<%kwvDU2?;*lk~(;_zmJn2lw19
zKZL_!ZHGNgq7P*K=_jk(dseonu+CiKpVV7Xx0i~Q595>Ef#aBb#fu4(hTJzt))z}U
zLb-dWGlZ2ID_a2);rtZ={u%{>%2B6(mC-4L3DIrr{fG<;;6R#|ijxI-&CNJoNz^6P
z77q<Q;hzDDP#Tm0K(~zup~T7H!!6>^ixSnVT~=`afYIk@D}uK{=#zXwRSww&b-bXS
zrI(3wjvtqp<DV52H<(~e#vxPUA(mBo6_pOUExx#vuYox)F(z6h!8lpDRuR?zcYL;-
z)K)7Bgio4106HU;lU8~tm4~eZIE*>TxF7|*4LdYeGpwsPT)*Z%%3L0?Ea0nwJ7~_S
z6B_A><u1eUMy!MCj_wE6YMAxpa96On&^7%r`xUL<Acz1Sl&ZF9=*=xWwn%LGXF@?`
z=4>{2mo0QrLO1JiFAOXfQbHhF7`uF=5KW>vPKz~vKsjMwcI7qB#Dy!<czE=8Wdsdv
z&`QL@z@iu~p0d@Xev-<oM{n5U5eYd7L`*kqrQR&-$Q+(<W)Y<jZmo3fMQN*}t$$0+
zHsTx$>k+J$9Oc}Hd{G%nVQ1uRgzq3n*@J926O5Ea6-;_DVCGhCXt_Gi9LQ7VB|K>5
z7M$0d>&~mNbT5Mtr}2K>Y4GGm0Q;Y)$XM|2a=;2kHunBTh!7#~FktcerGSOegxd_j
z0+WKqF9mELOy~lDUb27{ydNR%{&|kIabl7lIFXFzQXk1bCz1(fY?^o$PTts?V=xb_
zVtI7_(}FtwS6FMBK=W^S2t*#m@sZn%6E}-1pk5NM4TG-HL$DR4dCa@!er$tZHzO3N
z@X2uhQII~f;b4piEnAAN<^KuQ`_@+w(45<obqzW_fB-AYiUVNsvm{VzHJbuUk81RL
zqtXyYkNxC`CL&u`%$PvSdlRkRH~F~7$0&llD(gnU<9!Qt78IQMoCv+QP$wA8mNMRV
zIET#pU5>=>*AEC8kCN!KNdY=J%RfW4Av_on4iLb2<5jEu<7lG*g{~%GRzNzI@|j4u
z0li}&2#x^rkoO&WgGE&W^Uy6QJp3cP*@)2r4_WE~Yb}5+sIaJ-PzP2M@j9lGA5$gC
zUEq}o=`%+4J`mMqqK3_7X_#d8?G|+(y4?mjU1svF4O$Z3BYT12z)qIONKVtLJ;UZ;
zN~N=^J;&S}3-ip)5n)d81<*Fe4Bb&tB_$_C(ruPCBr;2U$ko*<6sZaD5Owo<5zO>J
zcZaneF%Xh7Uy;S=vzT>$&dnrYyW}O-R#)Z3pwUcPtlPk}mL~Au#9<6{s8elzz@2^C
z2wTAC-eeD+-MdSbY|uw|W0GmvOm=-^PU0jOG(OF0&?pHFv5?hjpqoCz5>wTuY2sIz
zg?V?$7+T2cq5bo@{qt1VM_>b~(640X<okFCAG)$ja8V2=O!y)NuP2slz)+E;LE7al
zAFIGYh>2=fKHse@1<TtN@q{_pW4z)qUX}@(Vb9pC3Y~V3IUFG(CTwIe>>lK2$tF#N
z%`CPCASG4FpctOFWys!sH;EfaVM%?1zBwt-oEh(3{Ph@EdCWmbeoPVs0$W+q=Bi|S
zNCgI#=^CBDempp_Y4-yU_hR5CfFU5s^;lrnMOHsUy}5&j8oO4Qc1op5XR=syCK33R
z3uSop*9tcaSDd>D0)^>#mi#QiI>!O)HWLK=h#P0KK|~XBrZ50C@vi^>P(XKOpi|q{
zx97>pxgg^ed)s)ExMOe%7nAB$Of)Lhe?U#<%+FehjRed;;y!YTiBW<lAXdw~DGd@A
zvw?{f>^QSZu%AONyaTm>%VWa;bf!y>Nhj#V%cL-ic{4h}x^kM5om6PW`~({j`?D^Y
zXYr*o-@2K^9TGXSCl@zS{fy#QJKB=9WM($oKoBFymn^E*9U^-lxnkL7V3x4&jo3Yl
zd+v!JN#4*l4SxYViuVOe_xFM6ZNsQJSBZ08K}FO>)Ppp3;wLml-d&Vs23Vaq@!sJC
zPx)Y?$6Mfo@h@lt>2{k_&74#lg){wUX<Dq8B(l6eK;^~sj7~r|?)E}n5?Cqy6RNU2
z&6FhnN`UE9LGm<Ixe5I8uK@LROUfBgp>Keu#VNH1{-q7|K+y%ct$88(B<Vlu)9EeJ
z;l|z#`h(Oow1}@MfIt2KaUeKabkEqK;6`C&27I*$f)Xar{8=b3){}OwhpVc;mszpA
zM2<2jTLzk(_m#y?U*X7&y?OOwJlo21>)Iaw(r#mt5HOCz2}ZUtIuvdL9Bd4QD2^wb
zXWVFo9+deN9(}&1w|P!wB#oeT@V~Aheph12Quo(j`Ex$sz-{g#_Xp0wHHN5so(>*H
z>Zl9-RdKGQXx6Qlo<lGXIFaGZV@?-h0Z5Trlk}QRzL_k~1|vw^$Zf}xVR$LQ?0KZd
z2m>SJX8h>v#6NrA`yuAsHufSU7qfA*`yz2FmV&%Kk1Y^yAVM}o=(*{!2@%P;^LoF+
z8#?P@6SUsze5~-{@xhtA8Xvsb5SUAtV^e8@WFptXnF*ZiWBZvfC^yu`3IxvMutg9L
zT4?@4!1s1A+b=jfLkKl71B?^lQwTiifRBT+`CcmAz;l)s0A*YRkf!PN^fR@8ix*G<
z-15c2t&Aj(ENNR#5~3Kc5D%TXq2WsSzL*J_99xN5Bp*c<!UTv}#ir1Ko{)=$zs$+Y
z`UKH@7SEEJEW?qSCV)S=O8pCL^>^WKSku1-phiJ4@SV-*<zIgLAgi3e`ZFYo{=Ee+
z{6y91hjPMNc3YWWrb#1R#e9fVTtmf|dFJB3)9sdC)T48*__p;Nxd&k%%R|CQi>&*Y
z4{D5D$XMS-LPhFluwUnXtx{i{iAZ>`Krm-H5&aixviNY)nZ?g_=X&7^RPl;4Q;;aN
zUhnv=s9r|^hJ9%3e&VV@3=epDaAkK6xi(g48e*_owP!6+g&;1EHYm?k+@tWO^KE(9
zp5pHv>aZ&`xh?@#cG)Z!#CbqMrK?t9@%Ce*#o_kl)-X$a#rV<`IV#C@BX_}GZYRcf
z5M<RrE)J_zs8=;VcM->zX_yULcv#yp%;-Un_r699sy^-F@(`~7O|*WxR0)y13mKp+
zzhm}X+$bTk@DC7<Rd{$J0Ng|3e-}8gIfgCNdJovdBMOkn>){5(tnf)QXA=f-H<eJs
zgF~QF%C&oRPzR&Ly#%p~P3h4k!slc+q4t84lMd=u^l3w`rR025T!JyyvvC$3o|I-%
zw3o}T*z@qHhH}4!EW;!0UE4%sUG6vPb!(xi_d|*;w)!sX#0L`#z0Ftg#`+rXeVWgm
ze_<lW=LbO@HBdJ3=Hwc{qx_{+L{Y~%*q99+ZGknGAV>=$CIrvg?>z9MAk>M(a-z*R
zg8HGYlx!swXe(x3KgGvUu?BDa`drEAoT2L@p0R9fWAlTLJ`{z0xV`lx-+H#3tYl?a
z7diL6%K@oK>FZqoa|_>x8uvo|o}?)#OM+H_iwoucPhqAoT`W)GXSRH`JXyY0o-f}i
jm+^d~yuiD`o6a5l&f#YU{^tTh$N9nxm<Z#@Plf*hB*)n>

literal 0
HcmV?d00001

diff --git a/assets/scripts/docker-entrypoint.sh b/assets/scripts/docker-entrypoint.sh
deleted file mode 100755
index 64a10de..0000000
--- a/assets/scripts/docker-entrypoint.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-set -ex
-
-# wait for MySQL readiness
-/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600
-
-# initialise / upgrade the database
-#/scripts/initialize-mysql.sh
-
-
-#mysql -u root -pfts -h ftsdb -Bse "GRANT ALL ON fts.* TO 'fts'@'%' IDENTIFIED BY 'fts';\
-#                                   FLUSH PRIVILEGES;\
-#                                   GRANT SUPER ON *.* to 'fts'@'%' IDENTIFIED BY 'fts';\
-#                                   FLUSH PRIVILEGES;"
-#mysql -u root -pfts -h ftsdb fts < /usr/share/fts-mysql/fts-schema-6.0.0.sql
-
-# startup the FTS services
-#/usr/sbin/fts_server               # main FTS server daemonizes
-#/usr/sbin/httpd -DFOREGROUND       # FTS REST frontend & FTSMON
-
-/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
diff --git a/assets/scripts/etc/hosts b/assets/scripts/etc/hosts
new file mode 100644
index 0000000..e0e9ba4
--- /dev/null
+++ b/assets/scripts/etc/hosts
@@ -0,0 +1,7 @@
+127.0.0.1       localhost
+::1     localhost ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+131.154.97.15   fts3-cnaf.cloud.cnaf.infn.it fts3-cnaf
diff --git a/assets/scripts/fts-database-upgrade.py b/assets/scripts/fts-database-upgrade.py
new file mode 100755
index 0000000..cd27f74
--- /dev/null
+++ b/assets/scripts/fts-database-upgrade.py
@@ -0,0 +1,285 @@
+#!/usr/bin/env python
+#
+#   Copyright notice:
+#   Copyright CERN, 2016.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+
+import logging
+import os
+import subprocess
+import sys
+from distutils.util import strtobool
+from optparse import OptionParser
+from pkg_resources import parse_version
+from sqlalchemy import create_engine
+from sqlalchemy.exc import ProgrammingError
+from tempfile import NamedTemporaryFile
+from urlparse import urlparse
+
+from fts3.util.config import fts3_config_load
+
+log = logging.getLogger(__name__)
+
+
+def infer_sql_location(config):
+    """
+    Depending on the database configuration, guess where the sql scripts are
+    located
+    :param config: FTS3 config file parsed
+    :return: The inferred SQL script location
+    """
+    base = '/usr/share'
+    if config['fts3.DbType'] not in ['mysql']:
+        raise NotImplementedError('Database type %s not supported', config['fts3.DbType'])
+    return os.path.join(base, 'fts-%s' % config['fts3.DbType'])
+
+
+def connect_database(config):
+    """
+    Connect to the database
+    :param config: FTS3 config file parsed
+    :return: A database connection
+    """
+    log.debug('Connecting to the database')
+    engine = create_engine(config['sqlalchemy.url'])
+    conn = engine.connect()
+    log.debug('Connected')
+    return conn
+
+
+def get_schema_version(conn):
+    """
+    Get the schema version
+    :param conn: Database connection
+    :return: Schema version, None if not found
+    """
+    try:
+        result = conn.execute(
+            'SELECT major, minor, patch FROM t_schema_vers ORDER BY major DESC, minor DESC, patch DESC')
+        row = result.fetchone()
+        if row is None:
+            raise Exception('t_schema_vers exits but is empty!')
+        return parse_version("%(major)d.%(minor)d.%(patch)d" % row)
+    except ProgrammingError:
+        return None
+
+
+def get_running_services(conn):
+    """
+    Return a list of tuples (host, service) of services that are still alive
+    :param conn: Database connection
+    :return: List of tuples
+    """
+    result = conn.execute(
+        'SELECT hostname, service_name FROM t_hosts WHERE beat >= UTC_TIMESTAMP() - INTERVAL 2 MINUTE'
+    )
+    services = []
+    for row in result.fetchall():
+        services.append((row['hostname'], row['service_name']))
+    return services
+
+def ask_confirmation(question):
+    """
+    Ask a yes/no question
+    :param question: The question
+    :return: True if accepted, False if not
+    """
+    print "%s [Y/N]" % question
+    return strtobool(raw_input().lower())
+
+
+def get_full_schema_path(sql_location):
+    """
+    Find the full schema with the higher version under sql_location
+    :param sql_location: Location of the SQL scripts
+    :return: The path to the full schema script with the highest version
+    """
+    full_schemas = []
+    for sql in os.listdir(sql_location):
+        if sql.endswith('.sql') and sql.startswith('fts-schema'):
+            path = os.path.join(sql_location, sql)
+            version = parse_version(sql[:-4].split('-')[2])
+            log.debug('Found schema %s with version %s', path, version)
+            full_schemas.append((version, path))
+    if len(full_schemas) == 0:
+        raise RuntimeError('Could not find a valid schema')
+    highest = sorted(full_schemas, reverse=True)[0]
+    log.debug('Highest schema: %s' % highest[1])
+    return highest[1]
+
+
+def get_upgrade_scripts(current_version, sql_location):
+    """
+    Look for upgrade scripts
+    :param current_version: Version running now
+    :param sql_location: Where to look for the SQL scripts
+    :return: A list with upgrade scripts that must run
+    """
+    upgrades = []
+    for sql in os.listdir(sql_location):
+        if sql.endswith('.sql') and sql.startswith('fts-diff'):
+            path = os.path.join(sql_location, sql)
+            version = parse_version(sql[:-4].split('-')[2])
+            log.debug('Found schema %s with version %s', path, version)
+            if version > current_version:
+                log.debug('Mark to upgrade')
+                upgrades.append((version, path))
+    return [path for (version, path) in sorted(upgrades)]
+
+
+def run_sql_script_mysql(config, sql):
+    """
+    Run a SQL script
+    :param config: FTS3 config file parsed
+    :param sql: The SQL script
+    """
+    parsed = urlparse('mysql://' + config['fts3.DbConnectString'])
+
+    creds = NamedTemporaryFile(delete=True)
+    print >> creds, """
+[client]
+user=%(fts3.DbUserName)s
+password=%(fts3.DbPassword)s
+""" % config
+    creds.flush()
+
+    cmd = [
+        'mysql',
+        '--defaults-extra-file=%s' % creds.name,
+        '-h', parsed.hostname,
+        '-v'
+    ]
+    if parsed.port:
+        cmd.extend(['-P', str(parsed.port)])
+    cmd.append(parsed.path[1:])
+
+    log.debug('Running %s < %s', ' '.join(cmd), sql)
+
+    sql_fd = open(sql)
+    ret = subprocess.call(cmd, stdout=sys.stdout, stderr=sys.stderr, stdin=sql_fd)
+    if ret != 0:
+        raise Exception('Failed to run mysql (%d)' % ret)
+
+
+def run_sql_script(config, sql):
+    """
+    Run a SQL script
+    :param config: FTS3 config file parsed
+    :param sql: The SQL script
+    """
+    log.info('Running %s' % sql)
+    run_sql_script_mysql(config, sql)
+
+def populate_schema(config, sql_location):
+    """
+    Create the schema from scratch
+    :param config: FTS3 config file parsed
+    :param sql_location: Location of the SQL scripts
+    """
+    log.warning('The schema does not seem to be created')
+    if not ask_confirmation('Do you want to create the schema now?'):
+        log.error('Abort')
+        return
+
+    schema = get_full_schema_path(sql_location)
+    run_sql_script(config, schema)
+
+    current_version = get_schema_version(connect_database(config))
+    log.info('Running upgrade scripts')
+    upgrade_schema(connect_database(config), config, current_version, sql_location)
+
+
+def upgrade_schema(conn, config, current_version, sql_location):
+    """
+    Run the upgrade scripts if needed
+    :param conn: Database connection
+    :param config: FTS3 config file parsed
+    :param current_version: Version present in the database
+    :param sql_location: Location of the SQL scripts
+    """
+    log.info('Current schema version is %s', current_version)
+
+    running_services = get_running_services(conn)
+    if len(running_services) > 0:
+        log.warning('There are services still running')
+        for service in running_services:
+            log.warning("%s: %s" % service)
+        if not ask_confirmation('Do you want to continue anyway?'):
+            log.error('Abort')
+            return
+
+    upgrade_scripts = get_upgrade_scripts(current_version, sql_location)
+    if len(upgrade_scripts) == 0:
+        log.info('No upgrades pending')
+        return
+
+    log.warning('%d upgrade scripts found' % len(upgrade_scripts))
+    for sql in upgrade_scripts:
+        log.warning(sql)
+
+    if not ask_confirmation('Do you want to run the upgrade scripts?'):
+        log.error('Abort')
+        return
+
+    for sql in upgrade_scripts:
+        run_sql_script(config, sql)
+
+
+def prepare_schema(config, sql_location):
+    """
+    Run the upgrade scripts
+    :param config: FTS3 config file parsed
+    :param sql_location: SQL scripts location
+    :return:
+    """
+    db_type = config['fts3.DbType']
+    log.info('Database type: %s' % db_type)
+    log.info('SQL Scripts location: %s' % sql_location)
+    log.info('Database: %s' % config['fts3.DbConnectString'])
+    log.info('User: %s' % config['fts3.DbUserName'])
+
+    conn = connect_database(config)
+
+    current_version = get_schema_version(conn)
+    if current_version is None:
+        populate_schema(config, sql_location)
+    else:
+        upgrade_schema(conn, config, current_version, sql_location)
+
+
+if __name__ == '__main__':
+    optparser = OptionParser(description='Run database upgrade scripts')
+    optparser.add_option('-f', '--config-file', default='/etc/fts3/fts3config', help='Configuration file')
+    optparser.add_option('-v', '--verbose', default=False, action='store_true', help='Verbose mode')
+    optparser.add_option('-d', '--sql-location', default=None, help='SQL scripts location')
+    opts, args = optparser.parse_args()
+    if len(args) > 0:
+        optparser.error('No arguments are expected')
+
+    log_handler = logging.StreamHandler(sys.stderr)
+    log_handler.setFormatter(logging.Formatter('[%(levelname)7s] %(message)s'))
+    if opts.verbose:
+        log_handler.setLevel(logging.DEBUG)
+    else:
+        log_handler.setLevel(logging.INFO)
+    log.addHandler(log_handler)
+    log.setLevel(logging.DEBUG)
+
+    config = fts3_config_load(opts.config_file)
+
+    if opts.sql_location is None:
+        opts.sql_location = infer_sql_location(config)
+
+    prepare_schema(config, opts.sql_location)
diff --git a/assets/scripts/fts-database-upgrade.pyc b/assets/scripts/fts-database-upgrade.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..3323eb76c8c9b3445e6f93e43db8f4bf76e242b6
GIT binary patch
literal 9692
zcmcgy-)|h(b-uH^BDs_({*oxumaUO&MoULaCUz3HL~KXq4@<2?DYLXy(`FaLox9{N
zXJ?jkXH6275Fjqlpa_Bjee6@;3$%GE+P4-3`jWi$p?^dI6zFS!^!v`8*&nPM$9$-0
z4)5IGbME=hch0#k{`b`6!}WiuH&phojK4p?ulZ>~sQ~{uDpYE>Uv|{4lh+s2ZXquh
z)oxMB1r?T5=aSmJq#TYfs&Gto#?|h)eJ`nSLUqb&w`|`psc=$tF00+k_I*r+S5#+8
z?M~VEaTQ)wooTf@ZQmzUIHNi<YInxImsL2cI&*4wPB~hs_Po;9)EC(1brnpiKgZq|
zRB%}eH&k#%3NNW(N(zfAxGII0RWL1uS5z<~g_|mvmBOnkn3KY5DwvnTEfrjof~$h-
zQn<}Ug9UX|P{~gUdRzrq>m~Jta(3@1eMhxlR{_?-DwrQLW6syq7lne8wP8lg^@`GO
zsNl8=?nsZ<(W996K*N%ZhV(J|8~xEJDfJnS;;!1QD7~z7g`XeXRYxV2{D+KxQw37#
zL`qRc-&DG&+V@0ERi&${y(0CiDp+PE{&VzQ)&7=BUMjHp+tU1&G(<Bp!dAU)`(9V=
z@32+|;$^tMo>QFbyKLP3o|NCAS{+TOq*u@jN`H?{=u>}3af1+M-tCKm;-1mFR(TUz
z+4?R1ZC4x=Q);S7lQiCs<Iq-JLDiFP+KQv6eqwZDYo}1#<$L{eoftF@svC*+Q(f25
zK`YX>dIr6pCh<YycRH=;U^7YLY@Ru^Z2KJ@?C4H6PW<F-s}*LWCeYSPLRn@oPct=d
z*Bf!vY#r3Y*bf@qIB=yd;ddRs=0iO2buS$C9EE~f493*axJvG+6z`?H7IOHpL*b;3
zY8O<ysGj49FXhb(Xs=bqIpIIzG3nyphVJSpz!$i2<fez(4gA#K_l<V#hI)xlLEUo?
zdfFKG<WMJC`kCX<HI1azO^xd(S|$tQ2ILe-c?}=wcd}X5+^wD3+u4iTggji4LDn_V
zX)lS^+#Rgnikdn}bl}#0_$XVzm3grXnb=HX@2fqNteQhCY%b%K5?tBX-#P2*ltSyA
zVSDB^ls59uNzvvm88?bk*YvtL8SK=I*}>H%Bgf(KfGQ<C(s?|#<Md&t8|sdZ&{@tn
z<+;QrWuLB}9!jAdx1tIgQqE@uCk+&21yxEO<{KytcD{;T^S7FdyxQwRp8~zoJxi%Y
zB8ob`1X=;XLI7`|)^Lw%e9W0~793HPBHsBcs<MUxl%kD;w+O|KGo=B1s6o(;BCWxT
zLf#Rtfbw%{2fxe2c!;dm<0#UN)J@|N-MH`p-ycygPTfD%m-zv9Icnp%70p%d>p1ko
z#-Z+<tpG%V>}-S%?4eN#VSFGu5a|8hfybJZDvwj)dKFf9#JZf7g|wU%J6!CnXbZCG
z>-kxJ8+D?oYHSK8b;X$)oK+vzK02K};PJEt--83f(a8bfOaO1%z&}(en6to>$}nCc
zYofyfs%p=oIaR`UA5E&{GvzoAhSmOrj|!JFPzigaA8H&YaAqh--_2~@xf2Bz`@qS*
zEI+8V9IUmG3GTVuaRl@>1z^p%7g=nZPq1)p^U>z|j@$9uadOXvz2qODr*Y_Rc~2g@
zY2EHdEU){-+t~En4?eN|-HpxKdNwF4+mWm{w=w(ZXnop(McVJBZp*l^!0Fj-^D25R
zRb=_)U<D=aKuR*za<E+?a79n_sc!UAof2hDjV<D{L_hd_qH~+44K3{95%L}pW3}o!
z=io%JO1&_}d7&7eTuiBG01ouXx8VrhL#<(x8Y?<uP8o`I#hG^Ia`ob7`s($^csZwA
z2clJ{t6~L2$u{<Gs~4h2V2tOYVvGD!REtf~Hs|<`dN!~Pe~n2+TRbt^uJ48|le%%!
zO?xnv#;qK}Jl=D`tDm<TdYLU**+B99lx*Rev=xS~AGSWX%rRh#-$(TxjjSlUF`r>y
znVxY25g53?i8|kMRb#7hpFP<0Hr;*jy8GU{?ngW8^__>0H)}ihA3v=uyH)q$_RgmF
z@%=~cTkhkB+aK+0ibCWwr*t8*uae2F0^C6DKymyq6m9Ukq*yUf9#zD9CGVEY#k+}`
zi>b*qjHH?*y(og+tmjicLA~KF)fm*IFy_oVx2y%qor`t$;KJYuXvxBd4`3tUIKc2g
z6Y!*25mqxD^b#rGH%B<|Gi_F**gb|v(6`^&0p@j<%kwvDU2?;*lk~(;_zmJn2lw19
zKZL_!ZHGNgq7P*K=_jk(dseonu+CiKpVV7Xx0i~Q595>Ef#aBb#fu4(hTJzt))z}U
zLb-dWGlZ2ID_a2);rtZ={u%{>%2B6(mC-4L3DIrr{fG<;;6R#|ijxI-&CNJoNz^6P
z77q<Q;hzDDP#Tm0K(~zup~T7H!!6>^ixSnVT~=`afYIk@D}uK{=#zXwRSww&b-bXS
zrI(3wjvtqp<DV52H<(~e#vxPUA(mBo6_pOUExx#vuYox)F(z6h!8lpDRuR?zcYL;-
z)K)7Bgio4106HU;lU8~tm4~eZIE*>TxF7|*4LdYeGpwsPT)*Z%%3L0?Ea0nwJ7~_S
z6B_A><u1eUMy!MCj_wE6YMAxpa96On&^7%r`xUL<Acz1Sl&ZF9=*=xWwn%LGXF@?`
z=4>{2mo0QrLO1JiFAOXfQbHhF7`uF=5KW>vPKz~vKsjMwcI7qB#Dy!<czE=8Wdsdv
z&`QL@z@iu~p0d@Xev-<oM{n5U5eYd7L`*kqrQR&-$Q+(<W)Y<jZmo3fMQN*}t$$0+
zHsTx$>k+J$9Oc}Hd{G%nVQ1uRgzq3n*@J926O5Ea6-;_DVCGhCXt_Gi9LQ7VB|K>5
z7M$0d>&~mNbT5Mtr}2K>Y4GGm0Q;Y)$XM|2a=;2kHunBTh!7#~FktcerGSOegxd_j
z0+WKqF9mELOy~lDUb27{ydNR%{&|kIabl7lIFXFzQXk1bCz1(fY?^o$PTts?V=xb_
zVtI7_(}FtwS6FMBK=W^S2t*#m@sZn%6E}-1pk5NM4TG-HL$DR4dCa@!er$tZHzO3N
z@X2uhQII~f;b4piEnAAN<^KuQ`_@+w(45<obqzW_fB-AYiUVNsvm{VzHJbuUk81RL
zqtXyYkNxC`CL&u`%$PvSdlRkRH~F~7$0&llD(gnU<9!Qt78IQMoCv+QP$wA8mNMRV
zIET#pU5>=>*AEC8kCN!KNdY=J%RfW4Av_on4iLb2<5jEu<7lG*g{~%GRzNzI@|j4u
z0li}&2#x^rkoO&WgGE&W^Uy6QJp3cP*@)2r4_WE~Yb}5+sIaJ-PzP2M@j9lGA5$gC
zUEq}o=`%+4J`mMqqK3_7X_#d8?G|+(y4?mjU1svF4O$Z3BYT12z)qIONKVtLJ;UZ;
zN~N=^J;&S}3-ip)5n)d81<*Fe4Bb&tB_$_C(ruPCBr;2U$ko*<6sZaD5Owo<5zO>J
zcZaneF%Xh7Uy;S=vzT>$&dnrYyW}O-R#)Z3pwUcPtlPk}mL~Au#9<6{s8elzz@2^C
z2wTAC-eeD+-MdSbY|uw|W0GmvOm=-^PU0jOG(OF0&?pHFv5?hjpqoCz5>wTuY2sIz
zg?V?$7+T2cq5bo@{qt1VM_>b~(640X<okFCAG)$ja8V2=O!y)NuP2slz)+E;LE7al
zAFIGYh>2=fKHse@1<TtN@q{_pW4z)qUX}@(Vb9pC3Y~V3IUFG(CTwIe>>lK2$tF#N
z%`CPCASG4FpctOFWys!sH;EfaVM%?1zBwt-oEh(3{Ph@EdCWmbeoPVs0$W+q=Bi|S
zNCgI#=^CBDempp_Y4-yU_hR5CfFU5s^;lrnMOHsUy}5&j8oO4Qc1op5XR=syCK33R
z3uSop*9tcaSDd>D0)^>#mi#QiI>!O)HWLK=h#P0KK|~XBrZ50C@vi^>P(XKOpi|q{
zx97>pxgg^ed)s)ExMOe%7nAB$Of)Lhe?U#<%+FehjRed;;y!YTiBW<lAXdw~DGd@A
zvw?{f>^QSZu%AONyaTm>%VWa;bf!y>Nhj#V%cL-ic{4h}x^kM5om6PW`~({j`?D^Y
zXYr*o-@2K^9TGXSCl@zS{fy#QJKB=9WM($oKoBFymn^E*9U^-lxnkL7V3x4&jo3Yl
zd+v!JN#4*l4SxYViuVOe_xFM6ZNsQJSBZ08K}FO>)Ppp3;wLml-d&Vs23Vaq@!sJC
zPx)Y?$6Mfo@h@lt>2{k_&74#lg){wUX<Dq8B(l6eK;^~sj7~r|?)E}n5?Cqy6RNU2
z&6FhnN`UE9LGm<Ixe5I8uK@LROUfBgp>Keu#VNH1{-q7|K+y%ct$88(B<Vlu)9EeJ
z;l|z#`h(Oow1}@MfIt2KaUeKabkEqK;6`C&27I*$f)Xar{8=b3){}OwhpVc;mszpA
zM2<2jTLzk(_m#y?U*X7&y?OOwJlo21>)Iaw(r#mt5HOCz2}ZUtIuvdL9Bd4QD2^wb
zXWVFo9+deN9(}&1w|P!wB#oeT@V~Aheph12Quo(j`Ex$sz-{g#_Xp0wHHN5so(>*H
z>Zl9-RdKGQXx6Qlo<lGXIFaGZV@?-h0Z5Trlk}QRzL_k~1|vw^$Zf}xVR$LQ?0KZd
z2m>SJX8h>v#6NrA`yuAsHufSU7qfA*`yz2FmV&%Kk1Y^yAVM}o=(*{!2@%P;^LoF+
z8#?P@6SUsze5~-{@xhtA8Xvsb5SUAtV^e8@WFptXnF*ZiWBZvfC^yu`3IxvMutg9L
zT4?@4!1s1A+b=jfLkKl71B?^lQwTiifRBT+`CcmAz;l)s0A*YRkf!PN^fR@8ix*G<
z-15c2t&Aj(ENNR#5~3Kc5D%TXq2WsSzL*J_99xN5Bp*c<!UTv}#ir1Ko{)=$zs$+Y
z`UKH@7SEEJEW?qSCV)S=O8pCL^>^WKSku1-phiJ4@SV-*<zIgLAgi3e`ZFYo{=Ee+
z{6y91hjPMNc3YWWrb#1R#e9fVTtmf|dFJB3)9sdC)T48*__p;Nxd&k%%R|CQi>&*Y
z4{D5D$XMS-LPhFluwUnXtx{i{iAZ>`Krm-H5&aixviNY)nZ?g_=X&7^RPl;4Q;;aN
zUhnv=s9r|^hJ9%3e&VV@3=epDaAkK6xi(g48e*_owP!6+g&;1EHYm?k+@tWO^KE(9
zp5pHv>aZ&`xh?@#cG)Z!#CbqMrK?t9@%Ce*#o_kl)-X$a#rV<`IV#C@BX_}GZYRcf
z5M<RrE)J_zs8=;VcM->zX_yULcv#yp%;-Un_r699sy^-F@(`~7O|*WxR0)y13mKp+
zzhm}X+$bTk@DC7<Rd{$J0Ng|3e-}8gIfgCNdJovdBMOkn>){5(tnf)QXA=f-H<eJs
zgF~QF%C&oRPzR&Ly#%p~P3h4k!slc+q4t84lMd=u^l3w`rR025T!JyyvvC$3o|I-%
zw3o}T*z@qHhH}4!EW;!0UE4%sUG6vPb!(xi_d|*;w)!sX#0L`#z0Ftg#`+rXeVWgm
ze_<lW=LbO@HBdJ3=Hwc{qx_{+L{Y~%*q99+ZGknGAV>=$CIrvg?>z9MAk>M(a-z*R
zg8HGYlx!swXe(x3KgGvUu?BDa`drEAoT2L@p0R9fWAlTLJ`{z0xV`lx-+H#3tYl?a
z7diL6%K@oK>FZqoa|_>x8uvo|o}?)#OM+H_iwoucPhqAoT`W)GXSRH`JXyY0o-f}i
jm+^d~yuiD`o6a5l&f#YU{^tTh$N9nxm<Z#@Plf*hB*)n>

literal 0
HcmV?d00001

diff --git a/assets/scripts/fts-database-upgrade.pyo b/assets/scripts/fts-database-upgrade.pyo
new file mode 100644
index 0000000000000000000000000000000000000000..3323eb76c8c9b3445e6f93e43db8f4bf76e242b6
GIT binary patch
literal 9692
zcmcgy-)|h(b-uH^BDs_({*oxumaUO&MoULaCUz3HL~KXq4@<2?DYLXy(`FaLox9{N
zXJ?jkXH6275Fjqlpa_Bjee6@;3$%GE+P4-3`jWi$p?^dI6zFS!^!v`8*&nPM$9$-0
z4)5IGbME=hch0#k{`b`6!}WiuH&phojK4p?ulZ>~sQ~{uDpYE>Uv|{4lh+s2ZXquh
z)oxMB1r?T5=aSmJq#TYfs&Gto#?|h)eJ`nSLUqb&w`|`psc=$tF00+k_I*r+S5#+8
z?M~VEaTQ)wooTf@ZQmzUIHNi<YInxImsL2cI&*4wPB~hs_Po;9)EC(1brnpiKgZq|
zRB%}eH&k#%3NNW(N(zfAxGII0RWL1uS5z<~g_|mvmBOnkn3KY5DwvnTEfrjof~$h-
zQn<}Ug9UX|P{~gUdRzrq>m~Jta(3@1eMhxlR{_?-DwrQLW6syq7lne8wP8lg^@`GO
zsNl8=?nsZ<(W996K*N%ZhV(J|8~xEJDfJnS;;!1QD7~z7g`XeXRYxV2{D+KxQw37#
zL`qRc-&DG&+V@0ERi&${y(0CiDp+PE{&VzQ)&7=BUMjHp+tU1&G(<Bp!dAU)`(9V=
z@32+|;$^tMo>QFbyKLP3o|NCAS{+TOq*u@jN`H?{=u>}3af1+M-tCKm;-1mFR(TUz
z+4?R1ZC4x=Q);S7lQiCs<Iq-JLDiFP+KQv6eqwZDYo}1#<$L{eoftF@svC*+Q(f25
zK`YX>dIr6pCh<YycRH=;U^7YLY@Ru^Z2KJ@?C4H6PW<F-s}*LWCeYSPLRn@oPct=d
z*Bf!vY#r3Y*bf@qIB=yd;ddRs=0iO2buS$C9EE~f493*axJvG+6z`?H7IOHpL*b;3
zY8O<ysGj49FXhb(Xs=bqIpIIzG3nyphVJSpz!$i2<fez(4gA#K_l<V#hI)xlLEUo?
zdfFKG<WMJC`kCX<HI1azO^xd(S|$tQ2ILe-c?}=wcd}X5+^wD3+u4iTggji4LDn_V
zX)lS^+#Rgnikdn}bl}#0_$XVzm3grXnb=HX@2fqNteQhCY%b%K5?tBX-#P2*ltSyA
zVSDB^ls59uNzvvm88?bk*YvtL8SK=I*}>H%Bgf(KfGQ<C(s?|#<Md&t8|sdZ&{@tn
z<+;QrWuLB}9!jAdx1tIgQqE@uCk+&21yxEO<{KytcD{;T^S7FdyxQwRp8~zoJxi%Y
zB8ob`1X=;XLI7`|)^Lw%e9W0~793HPBHsBcs<MUxl%kD;w+O|KGo=B1s6o(;BCWxT
zLf#Rtfbw%{2fxe2c!;dm<0#UN)J@|N-MH`p-ycygPTfD%m-zv9Icnp%70p%d>p1ko
z#-Z+<tpG%V>}-S%?4eN#VSFGu5a|8hfybJZDvwj)dKFf9#JZf7g|wU%J6!CnXbZCG
z>-kxJ8+D?oYHSK8b;X$)oK+vzK02K};PJEt--83f(a8bfOaO1%z&}(en6to>$}nCc
zYofyfs%p=oIaR`UA5E&{GvzoAhSmOrj|!JFPzigaA8H&YaAqh--_2~@xf2Bz`@qS*
zEI+8V9IUmG3GTVuaRl@>1z^p%7g=nZPq1)p^U>z|j@$9uadOXvz2qODr*Y_Rc~2g@
zY2EHdEU){-+t~En4?eN|-HpxKdNwF4+mWm{w=w(ZXnop(McVJBZp*l^!0Fj-^D25R
zRb=_)U<D=aKuR*za<E+?a79n_sc!UAof2hDjV<D{L_hd_qH~+44K3{95%L}pW3}o!
z=io%JO1&_}d7&7eTuiBG01ouXx8VrhL#<(x8Y?<uP8o`I#hG^Ia`ob7`s($^csZwA
z2clJ{t6~L2$u{<Gs~4h2V2tOYVvGD!REtf~Hs|<`dN!~Pe~n2+TRbt^uJ48|le%%!
zO?xnv#;qK}Jl=D`tDm<TdYLU**+B99lx*Rev=xS~AGSWX%rRh#-$(TxjjSlUF`r>y
znVxY25g53?i8|kMRb#7hpFP<0Hr;*jy8GU{?ngW8^__>0H)}ihA3v=uyH)q$_RgmF
z@%=~cTkhkB+aK+0ibCWwr*t8*uae2F0^C6DKymyq6m9Ukq*yUf9#zD9CGVEY#k+}`
zi>b*qjHH?*y(og+tmjicLA~KF)fm*IFy_oVx2y%qor`t$;KJYuXvxBd4`3tUIKc2g
z6Y!*25mqxD^b#rGH%B<|Gi_F**gb|v(6`^&0p@j<%kwvDU2?;*lk~(;_zmJn2lw19
zKZL_!ZHGNgq7P*K=_jk(dseonu+CiKpVV7Xx0i~Q595>Ef#aBb#fu4(hTJzt))z}U
zLb-dWGlZ2ID_a2);rtZ={u%{>%2B6(mC-4L3DIrr{fG<;;6R#|ijxI-&CNJoNz^6P
z77q<Q;hzDDP#Tm0K(~zup~T7H!!6>^ixSnVT~=`afYIk@D}uK{=#zXwRSww&b-bXS
zrI(3wjvtqp<DV52H<(~e#vxPUA(mBo6_pOUExx#vuYox)F(z6h!8lpDRuR?zcYL;-
z)K)7Bgio4106HU;lU8~tm4~eZIE*>TxF7|*4LdYeGpwsPT)*Z%%3L0?Ea0nwJ7~_S
z6B_A><u1eUMy!MCj_wE6YMAxpa96On&^7%r`xUL<Acz1Sl&ZF9=*=xWwn%LGXF@?`
z=4>{2mo0QrLO1JiFAOXfQbHhF7`uF=5KW>vPKz~vKsjMwcI7qB#Dy!<czE=8Wdsdv
z&`QL@z@iu~p0d@Xev-<oM{n5U5eYd7L`*kqrQR&-$Q+(<W)Y<jZmo3fMQN*}t$$0+
zHsTx$>k+J$9Oc}Hd{G%nVQ1uRgzq3n*@J926O5Ea6-;_DVCGhCXt_Gi9LQ7VB|K>5
z7M$0d>&~mNbT5Mtr}2K>Y4GGm0Q;Y)$XM|2a=;2kHunBTh!7#~FktcerGSOegxd_j
z0+WKqF9mELOy~lDUb27{ydNR%{&|kIabl7lIFXFzQXk1bCz1(fY?^o$PTts?V=xb_
zVtI7_(}FtwS6FMBK=W^S2t*#m@sZn%6E}-1pk5NM4TG-HL$DR4dCa@!er$tZHzO3N
z@X2uhQII~f;b4piEnAAN<^KuQ`_@+w(45<obqzW_fB-AYiUVNsvm{VzHJbuUk81RL
zqtXyYkNxC`CL&u`%$PvSdlRkRH~F~7$0&llD(gnU<9!Qt78IQMoCv+QP$wA8mNMRV
zIET#pU5>=>*AEC8kCN!KNdY=J%RfW4Av_on4iLb2<5jEu<7lG*g{~%GRzNzI@|j4u
z0li}&2#x^rkoO&WgGE&W^Uy6QJp3cP*@)2r4_WE~Yb}5+sIaJ-PzP2M@j9lGA5$gC
zUEq}o=`%+4J`mMqqK3_7X_#d8?G|+(y4?mjU1svF4O$Z3BYT12z)qIONKVtLJ;UZ;
zN~N=^J;&S}3-ip)5n)d81<*Fe4Bb&tB_$_C(ruPCBr;2U$ko*<6sZaD5Owo<5zO>J
zcZaneF%Xh7Uy;S=vzT>$&dnrYyW}O-R#)Z3pwUcPtlPk}mL~Au#9<6{s8elzz@2^C
z2wTAC-eeD+-MdSbY|uw|W0GmvOm=-^PU0jOG(OF0&?pHFv5?hjpqoCz5>wTuY2sIz
zg?V?$7+T2cq5bo@{qt1VM_>b~(640X<okFCAG)$ja8V2=O!y)NuP2slz)+E;LE7al
zAFIGYh>2=fKHse@1<TtN@q{_pW4z)qUX}@(Vb9pC3Y~V3IUFG(CTwIe>>lK2$tF#N
z%`CPCASG4FpctOFWys!sH;EfaVM%?1zBwt-oEh(3{Ph@EdCWmbeoPVs0$W+q=Bi|S
zNCgI#=^CBDempp_Y4-yU_hR5CfFU5s^;lrnMOHsUy}5&j8oO4Qc1op5XR=syCK33R
z3uSop*9tcaSDd>D0)^>#mi#QiI>!O)HWLK=h#P0KK|~XBrZ50C@vi^>P(XKOpi|q{
zx97>pxgg^ed)s)ExMOe%7nAB$Of)Lhe?U#<%+FehjRed;;y!YTiBW<lAXdw~DGd@A
zvw?{f>^QSZu%AONyaTm>%VWa;bf!y>Nhj#V%cL-ic{4h}x^kM5om6PW`~({j`?D^Y
zXYr*o-@2K^9TGXSCl@zS{fy#QJKB=9WM($oKoBFymn^E*9U^-lxnkL7V3x4&jo3Yl
zd+v!JN#4*l4SxYViuVOe_xFM6ZNsQJSBZ08K}FO>)Ppp3;wLml-d&Vs23Vaq@!sJC
zPx)Y?$6Mfo@h@lt>2{k_&74#lg){wUX<Dq8B(l6eK;^~sj7~r|?)E}n5?Cqy6RNU2
z&6FhnN`UE9LGm<Ixe5I8uK@LROUfBgp>Keu#VNH1{-q7|K+y%ct$88(B<Vlu)9EeJ
z;l|z#`h(Oow1}@MfIt2KaUeKabkEqK;6`C&27I*$f)Xar{8=b3){}OwhpVc;mszpA
zM2<2jTLzk(_m#y?U*X7&y?OOwJlo21>)Iaw(r#mt5HOCz2}ZUtIuvdL9Bd4QD2^wb
zXWVFo9+deN9(}&1w|P!wB#oeT@V~Aheph12Quo(j`Ex$sz-{g#_Xp0wHHN5so(>*H
z>Zl9-RdKGQXx6Qlo<lGXIFaGZV@?-h0Z5Trlk}QRzL_k~1|vw^$Zf}xVR$LQ?0KZd
z2m>SJX8h>v#6NrA`yuAsHufSU7qfA*`yz2FmV&%Kk1Y^yAVM}o=(*{!2@%P;^LoF+
z8#?P@6SUsze5~-{@xhtA8Xvsb5SUAtV^e8@WFptXnF*ZiWBZvfC^yu`3IxvMutg9L
zT4?@4!1s1A+b=jfLkKl71B?^lQwTiifRBT+`CcmAz;l)s0A*YRkf!PN^fR@8ix*G<
z-15c2t&Aj(ENNR#5~3Kc5D%TXq2WsSzL*J_99xN5Bp*c<!UTv}#ir1Ko{)=$zs$+Y
z`UKH@7SEEJEW?qSCV)S=O8pCL^>^WKSku1-phiJ4@SV-*<zIgLAgi3e`ZFYo{=Ee+
z{6y91hjPMNc3YWWrb#1R#e9fVTtmf|dFJB3)9sdC)T48*__p;Nxd&k%%R|CQi>&*Y
z4{D5D$XMS-LPhFluwUnXtx{i{iAZ>`Krm-H5&aixviNY)nZ?g_=X&7^RPl;4Q;;aN
zUhnv=s9r|^hJ9%3e&VV@3=epDaAkK6xi(g48e*_owP!6+g&;1EHYm?k+@tWO^KE(9
zp5pHv>aZ&`xh?@#cG)Z!#CbqMrK?t9@%Ce*#o_kl)-X$a#rV<`IV#C@BX_}GZYRcf
z5M<RrE)J_zs8=;VcM->zX_yULcv#yp%;-Un_r699sy^-F@(`~7O|*WxR0)y13mKp+
zzhm}X+$bTk@DC7<Rd{$J0Ng|3e-}8gIfgCNdJovdBMOkn>){5(tnf)QXA=f-H<eJs
zgF~QF%C&oRPzR&Ly#%p~P3h4k!slc+q4t84lMd=u^l3w`rR025T!JyyvvC$3o|I-%
zw3o}T*z@qHhH}4!EW;!0UE4%sUG6vPb!(xi_d|*;w)!sX#0L`#z0Ftg#`+rXeVWgm
ze_<lW=LbO@HBdJ3=Hwc{qx_{+L{Y~%*q99+ZGknGAV>=$CIrvg?>z9MAk>M(a-z*R
zg8HGYlx!swXe(x3KgGvUu?BDa`drEAoT2L@p0R9fWAlTLJ`{z0xV`lx-+H#3tYl?a
z7diL6%K@oK>FZqoa|_>x8uvo|o}?)#OM+H_iwoucPhqAoT`W)GXSRH`JXyY0o-f}i
jm+^d~yuiD`o6a5l&f#YU{^tTh$N9nxm<Z#@Plf*hB*)n>

literal 0
HcmV?d00001

diff --git a/assets/scripts/initialize-mysql.sh b/assets/scripts/initialize-mysql.sh
index c796aac..f4fe2d2 100755
--- a/assets/scripts/initialize-mysql.sh
+++ b/assets/scripts/initialize-mysql.sh
@@ -2,7 +2,7 @@
 set -ex
 
 # wait for MySQL readiness
-#/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600
+/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600
 
 #/bin/mysql -u root -pfts -h ftsdb fts < /usr/share/fts-mysql/fts-schema-6.0.0.sql
 mysql -u root -pfts -h ftsdb fts < /scripts/fts-schema-6.0.0.sql
diff --git a/assets/scripts/startup-fts-mon.sh b/assets/scripts/startup-fts-mon.sh
new file mode 100755
index 0000000..70bc2e3
--- /dev/null
+++ b/assets/scripts/startup-fts-mon.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -ex
+
+# wait for MySQL readiness
+/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600
+
+# put host certificate and keys in place
+cp /certs/hostcert.pem /etc/grid-security/hostcert.pem
+cp /certs/hostkey.pem /etc/grid-security/hostkey.pem
+cp /scripts/etc/hosts /etc/hosts
+
+# put fts monitorind httpd config file in place
+#cp /fts3-mon/ftsmon.conf /etc/httpd/conf.d/ftsmon.conf
+
+/usr/sbin/httpd -DFOREGROUND       # FTS REST frontend & FTSMON
diff --git a/assets/scripts/startup-fts-rest-mon.sh b/assets/scripts/startup-fts-rest-mon.sh
deleted file mode 100755
index 8547cfe..0000000
--- a/assets/scripts/startup-fts-rest-mon.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-set -ex
-
-# wait for MySQL readiness
-/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600
-
-
-cp /certs/hostcert.pem /etc/grid-security/hostcert.pem
-cp /certs/hostkey.pem /etc/grid-security/hostkey.pem
-
-/usr/sbin/httpd -DFOREGROUND       # FTS REST frontend & FTSMON
diff --git a/assets/scripts/startup-fts-rest.sh b/assets/scripts/startup-fts-rest.sh
index f5d0f9a..1e53024 100755
--- a/assets/scripts/startup-fts-rest.sh
+++ b/assets/scripts/startup-fts-rest.sh
@@ -2,11 +2,15 @@
 set -ex
 
 # wait for MySQL readiness
-/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600
-
+/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600
 
+# put host certificate and key to their place
 cp /certs/hostcert.pem /etc/grid-security/hostcert.pem
 cp /certs/hostkey.pem /etc/grid-security/hostkey.pem
+cp /scripts/etc/hosts /etc/hosts
+
+# put fts3 rest httpd config file to it's place
+#cp /fts3-rest/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf
+
+/usr/sbin/apachectl -DFOREGROUND # FTS REST frontend
 
-/usr/sbin/apachectl -DFOREGROUND
-#/usr/sbin/httpd -DFOREGROUND       # FTS REST frontend & FTSMON
diff --git a/assets/scripts/startup-fts-server.sh b/assets/scripts/startup-fts-server.sh
new file mode 100755
index 0000000..f70dcb2
--- /dev/null
+++ b/assets/scripts/startup-fts-server.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -ex
+
+# wait for MySQL readiness
+/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600
+
+cp /certs/hostcert.pem /etc/grid-security/hostcert.pem
+cp /certs/hostkey.pem /etc/grid-security/hostkey.pem
+cp /scripts/etc/hosts /etc/hosts
+
+/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
diff --git a/assets/supervisor/conf.d/supervisord.conf b/assets/supervisor/conf.d/supervisord.conf
new file mode 100644
index 0000000..fee6f06
--- /dev/null
+++ b/assets/supervisor/conf.d/supervisord.conf
@@ -0,0 +1,36 @@
+[supervisord]
+nodaemon=true
+user=root
+
+[program:bringonline]
+command=/usr/sbin/fts_bringonline -t 25
+autostart=true
+autorestart=true
+startretries=10
+stdout_logfile=/var/log/fts3/fts_bringonline_stdout.log
+stderr_logfile=/var/log/fts3/fts_bringonline_stderr.log
+priority=50
+
+[program:fts-server]
+command=/usr/sbin/fts_server -t 25
+autostart=true
+autorestart=true
+startretries=10
+stdout_logfile=/var/log/fts3/fts_server_stdout.log
+stderr_logfile=/var/log/fts3/fts_server_stderr.log
+priority=50
+
+[program:fts-msg-bulk]
+command=/usr/sbin/fts_msg_bulk
+autostart=true
+autorestart=true
+startretries=10
+priority=50
+
+[program:cron]
+command=/usr/sbin/crond -n
+autostart=true
+autorestart=true
+startretries=10
+priority=50
+
diff --git a/assets/vomsdir/alice/lcg-voms2.cern.ch.lsc b/assets/vomsdir/alice/lcg-voms2.cern.ch.lsc
new file mode 100644
index 0000000..6279707
--- /dev/null
+++ b/assets/vomsdir/alice/lcg-voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/alice/voms2.cern.ch.lsc b/assets/vomsdir/alice/voms2.cern.ch.lsc
new file mode 100644
index 0000000..54ccd3a
--- /dev/null
+++ b/assets/vomsdir/alice/voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/argo/voms-01.pd.infn.it.lsc b/assets/vomsdir/argo/voms-01.pd.infn.it.lsc
new file mode 100644
index 0000000..6d4d714
--- /dev/null
+++ b/assets/vomsdir/argo/voms-01.pd.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/argo/voms.cnaf.infn.it.lsc b/assets/vomsdir/argo/voms.cnaf.infn.it.lsc
new file mode 100644
index 0000000..911bd72
--- /dev/null
+++ b/assets/vomsdir/argo/voms.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/atlas/lcg-voms2.cern.ch.lsc b/assets/vomsdir/atlas/lcg-voms2.cern.ch.lsc
new file mode 100644
index 0000000..6279707
--- /dev/null
+++ b/assets/vomsdir/atlas/lcg-voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/atlas/voms2.cern.ch.lsc b/assets/vomsdir/atlas/voms2.cern.ch.lsc
new file mode 100644
index 0000000..54ccd3a
--- /dev/null
+++ b/assets/vomsdir/atlas/voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/auger/voms1.grid.cesnet.cz.lsc b/assets/vomsdir/auger/voms1.grid.cesnet.cz.lsc
new file mode 100644
index 0000000..7e7fc74
--- /dev/null
+++ b/assets/vomsdir/auger/voms1.grid.cesnet.cz.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/auger/voms2.grid.cesnet.cz.lsc b/assets/vomsdir/auger/voms2.grid.cesnet.cz.lsc
new file mode 100644
index 0000000..14a9685
--- /dev/null
+++ b/assets/vomsdir/auger/voms2.grid.cesnet.cz.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms2.grid.cesnet.cz
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/babar/voms.gridpp.ac.uk.lsc b/assets/vomsdir/babar/voms.gridpp.ac.uk.lsc
new file mode 100644
index 0000000..5b37691
--- /dev/null
+++ b/assets/vomsdir/babar/voms.gridpp.ac.uk.lsc
@@ -0,0 +1,2 @@
+/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk/emailAddress=ops@tier2.hep.manchester.ac.uk
+/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
diff --git a/assets/vomsdir/belle/grid-voms.desy.de.lsc b/assets/vomsdir/belle/grid-voms.desy.de.lsc
new file mode 100644
index 0000000..f21bcc4
--- /dev/null
+++ b/assets/vomsdir/belle/grid-voms.desy.de.lsc
@@ -0,0 +1,2 @@
+/C=DE/O=GermanGrid/OU=DESY/CN=host/grid-voms.desy.de
+/C=DE/O=GermanGrid/CN=GridKa-CA
diff --git a/assets/vomsdir/belle/voms.cc.kek.jp.lsc b/assets/vomsdir/belle/voms.cc.kek.jp.lsc
new file mode 100644
index 0000000..92e8f66
--- /dev/null
+++ b/assets/vomsdir/belle/voms.cc.kek.jp.lsc
@@ -0,0 +1,2 @@
+/C=JP/O=KEK/OU=CRC/CN=host/voms.cc.kek.jp
+/C=JP/O=KEK/OU=CRC/CN=KEK GRID Certificate Authority
diff --git a/assets/vomsdir/belle/voms.hep.pnnl.gov.lsc b/assets/vomsdir/belle/voms.hep.pnnl.gov.lsc
new file mode 100644
index 0000000..c2ecf1f
--- /dev/null
+++ b/assets/vomsdir/belle/voms.hep.pnnl.gov.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms.hep.pnnl.gov
+/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon OSG CA 1
diff --git a/assets/vomsdir/biomed/cclcgvomsli01.in2p3.fr.lsc b/assets/vomsdir/biomed/cclcgvomsli01.in2p3.fr.lsc
new file mode 100644
index 0000000..f350d34
--- /dev/null
+++ b/assets/vomsdir/biomed/cclcgvomsli01.in2p3.fr.lsc
@@ -0,0 +1,2 @@
+/O=GRID-FR/C=FR/O=CNRS/OU=CC-IN2P3/CN=cclcgvomsli01.in2p3.fr
+/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services
diff --git a/assets/vomsdir/cdf/voms-01.pd.infn.it.lsc b/assets/vomsdir/cdf/voms-01.pd.infn.it.lsc
new file mode 100644
index 0000000..6d4d714
--- /dev/null
+++ b/assets/vomsdir/cdf/voms-01.pd.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/cdf/voms.cnaf.infn.it.lsc b/assets/vomsdir/cdf/voms.cnaf.infn.it.lsc
new file mode 100644
index 0000000..911bd72
--- /dev/null
+++ b/assets/vomsdir/cdf/voms.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/cdf/voms1.fnal.gov.lsc b/assets/vomsdir/cdf/voms1.fnal.gov.lsc
new file mode 100644
index 0000000..0a57f62
--- /dev/null
+++ b/assets/vomsdir/cdf/voms1.fnal.gov.lsc
@@ -0,0 +1,2 @@
+/DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=Services/CN=voms1.fnal.gov
+/DC=com/DC=DigiCert-Grid/O=DigiCert Grid/CN=DigiCert Grid CA-1
diff --git a/assets/vomsdir/cdf/voms2.fnal.gov.lsc b/assets/vomsdir/cdf/voms2.fnal.gov.lsc
new file mode 100644
index 0000000..e5479c8
--- /dev/null
+++ b/assets/vomsdir/cdf/voms2.fnal.gov.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms2.fnal.gov
+/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon OSG CA 1
diff --git a/assets/vomsdir/clas12/gryphn.phys.uconn.edu.lsc b/assets/vomsdir/clas12/gryphn.phys.uconn.edu.lsc
new file mode 100644
index 0000000..2fee7df
--- /dev/null
+++ b/assets/vomsdir/clas12/gryphn.phys.uconn.edu.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms/gryphn.phys.uconn.edu
+/C=US/O=Internet2/OU=InCommon/CN=InCommon IGTF Server CA
diff --git a/assets/vomsdir/clas12/jlabvoms.t2.ucsd.edu.lsc b/assets/vomsdir/clas12/jlabvoms.t2.ucsd.edu.lsc
new file mode 100644
index 0000000..b108f24
--- /dev/null
+++ b/assets/vomsdir/clas12/jlabvoms.t2.ucsd.edu.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=incommon/C=US/ST=California/L=La Jolla/O=University of California, San Diego/OU=UCSD/CN=jlabvoms.t2.ucsd.edu
+/C=US/O=Internet2/OU=InCommon/CN=InCommon IGTF Server CA
diff --git a/assets/vomsdir/cms/lcg-voms2.cern.ch.lsc b/assets/vomsdir/cms/lcg-voms2.cern.ch.lsc
new file mode 100644
index 0000000..6279707
--- /dev/null
+++ b/assets/vomsdir/cms/lcg-voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/cms/voms2.cern.ch.lsc b/assets/vomsdir/cms/voms2.cern.ch.lsc
new file mode 100644
index 0000000..54ccd3a
--- /dev/null
+++ b/assets/vomsdir/cms/voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/dteam/voms2.hellasgrid.gr.lsc b/assets/vomsdir/dteam/voms2.hellasgrid.gr.lsc
new file mode 100644
index 0000000..2bf8ea4
--- /dev/null
+++ b/assets/vomsdir/dteam/voms2.hellasgrid.gr.lsc
@@ -0,0 +1,2 @@
+/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr
+/C=GR/O=HellasGrid/OU=Certification Authorities/CN=HellasGrid CA 2016
diff --git a/assets/vomsdir/geant4/lcg-voms.cern.ch.lsc b/assets/vomsdir/geant4/lcg-voms.cern.ch.lsc
new file mode 100644
index 0000000..8817af5
--- /dev/null
+++ b/assets/vomsdir/geant4/lcg-voms.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
+/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
diff --git a/assets/vomsdir/geant4/voms.cern.ch.lsc b/assets/vomsdir/geant4/voms.cern.ch.lsc
new file mode 100644
index 0000000..baa6c15
--- /dev/null
+++ b/assets/vomsdir/geant4/voms.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch
+/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
diff --git a/assets/vomsdir/gerda.mpg.de/vomsIGI-NA.unina.it.lsc b/assets/vomsdir/gerda.mpg.de/vomsIGI-NA.unina.it.lsc
new file mode 100644
index 0000000..45ed9b6
--- /dev/null
+++ b/assets/vomsdir/gerda.mpg.de/vomsIGI-NA.unina.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/gerda.mpg.de/vomsmania.cnaf.infn.it.lsc b/assets/vomsdir/gerda.mpg.de/vomsmania.cnaf.infn.it.lsc
new file mode 100644
index 0000000..322d18c
--- /dev/null
+++ b/assets/vomsdir/gerda.mpg.de/vomsmania.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/glast.org/voms-02.pd.infn.it.lsc b/assets/vomsdir/glast.org/voms-02.pd.infn.it.lsc
new file mode 100644
index 0000000..ecf661b
--- /dev/null
+++ b/assets/vomsdir/glast.org/voms-02.pd.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/glast.org/voms2.cnaf.infn.it.lsc b/assets/vomsdir/glast.org/voms2.cnaf.infn.it.lsc
new file mode 100644
index 0000000..2d28ddc
--- /dev/null
+++ b/assets/vomsdir/glast.org/voms2.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/icarus-exp.org/vomsIGI-NA.unina.it.lsc b/assets/vomsdir/icarus-exp.org/vomsIGI-NA.unina.it.lsc
new file mode 100644
index 0000000..45ed9b6
--- /dev/null
+++ b/assets/vomsdir/icarus-exp.org/vomsIGI-NA.unina.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/icarus-exp.org/vomsmania.cnaf.infn.it.lsc b/assets/vomsdir/icarus-exp.org/vomsmania.cnaf.infn.it.lsc
new file mode 100644
index 0000000..322d18c
--- /dev/null
+++ b/assets/vomsdir/icarus-exp.org/vomsmania.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/infngrid/voms.cnaf.infn.it.lsc b/assets/vomsdir/infngrid/voms.cnaf.infn.it.lsc
new file mode 100644
index 0000000..911bd72
--- /dev/null
+++ b/assets/vomsdir/infngrid/voms.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/juno/lcgvoms02.jinr.ru.lsc b/assets/vomsdir/juno/lcgvoms02.jinr.ru.lsc
new file mode 100644
index 0000000..8693a27
--- /dev/null
+++ b/assets/vomsdir/juno/lcgvoms02.jinr.ru.lsc
@@ -0,0 +1,2 @@
+/C=RU/O=RDIG/OU=hosts/OU=jinr.ru/CN=lcgvoms02.jinr.ru
+/C=RU/O=RDIG/CN=Russian Data-Intensive Grid CA
diff --git a/assets/vomsdir/juno/voms.ihep.ac.cn.lsc b/assets/vomsdir/juno/voms.ihep.ac.cn.lsc
new file mode 100644
index 0000000..885c35a
--- /dev/null
+++ b/assets/vomsdir/juno/voms.ihep.ac.cn.lsc
@@ -0,0 +1,2 @@
+/C=CN/O=HEP/OU=CC/O=IHEP/CN=voms.ihep.ac.cn
+/C=CN/O=HEP/CN=Institute of High Energy Physics Certification Authority
diff --git a/assets/vomsdir/km3net.org/voms02.scope.unina.it.lsc b/assets/vomsdir/km3net.org/voms02.scope.unina.it.lsc
new file mode 100644
index 0000000..545f0d4
--- /dev/null
+++ b/assets/vomsdir/km3net.org/voms02.scope.unina.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=voms02.scope.unina.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/lhcb/lcg-voms2.cern.ch.lsc b/assets/vomsdir/lhcb/lcg-voms2.cern.ch.lsc
new file mode 100644
index 0000000..6279707
--- /dev/null
+++ b/assets/vomsdir/lhcb/lcg-voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/lhcb/voms2.cern.ch.lsc b/assets/vomsdir/lhcb/voms2.cern.ch.lsc
new file mode 100644
index 0000000..54ccd3a
--- /dev/null
+++ b/assets/vomsdir/lhcb/voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/magic/voms01.pic.es.lsc b/assets/vomsdir/magic/voms01.pic.es.lsc
new file mode 100644
index 0000000..05ca87c
--- /dev/null
+++ b/assets/vomsdir/magic/voms01.pic.es.lsc
@@ -0,0 +1,2 @@
+/DC=es/DC=irisgrid/O=pic/CN=voms01.pic.es
+/DC=es/DC=irisgrid/CN=IRISGridCA
diff --git a/assets/vomsdir/muoncoll.infn.it/voms-02.pd.infn.it.lsc b/assets/vomsdir/muoncoll.infn.it/voms-02.pd.infn.it.lsc
new file mode 100644
index 0000000..ecf661b
--- /dev/null
+++ b/assets/vomsdir/muoncoll.infn.it/voms-02.pd.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/muoncoll.infn.it/voms2.cnaf.infn.it.lsc b/assets/vomsdir/muoncoll.infn.it/voms2.cnaf.infn.it.lsc
new file mode 100644
index 0000000..2d28ddc
--- /dev/null
+++ b/assets/vomsdir/muoncoll.infn.it/voms2.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/na62.vo.gridpp.ac.uk/voms.gridpp.ac.uk.lsc b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms.gridpp.ac.uk.lsc
new file mode 100644
index 0000000..231f449
--- /dev/null
+++ b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms.gridpp.ac.uk.lsc
@@ -0,0 +1,2 @@
+/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk
+/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B
diff --git a/assets/vomsdir/na62.vo.gridpp.ac.uk/voms02.gridpp.ac.uk.lsc b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms02.gridpp.ac.uk.lsc
new file mode 100644
index 0000000..35d961d
--- /dev/null
+++ b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms02.gridpp.ac.uk.lsc
@@ -0,0 +1,2 @@
+/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=voms02.gridpp.ac.uk
+/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B
diff --git a/assets/vomsdir/na62.vo.gridpp.ac.uk/voms03.gridpp.ac.uk.lsc b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms03.gridpp.ac.uk.lsc
new file mode 100644
index 0000000..52a613e
--- /dev/null
+++ b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms03.gridpp.ac.uk.lsc
@@ -0,0 +1,2 @@
+/C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk
+/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B
diff --git a/assets/vomsdir/ops/lcg-voms2.cern.ch.lsc b/assets/vomsdir/ops/lcg-voms2.cern.ch.lsc
new file mode 100644
index 0000000..6279707
--- /dev/null
+++ b/assets/vomsdir/ops/lcg-voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/ops/voms2.cern.ch.lsc b/assets/vomsdir/ops/voms2.cern.ch.lsc
new file mode 100644
index 0000000..54ccd3a
--- /dev/null
+++ b/assets/vomsdir/ops/voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/pamela/voms-01.pd.infn.it.lsc b/assets/vomsdir/pamela/voms-01.pd.infn.it.lsc
new file mode 100644
index 0000000..6d4d714
--- /dev/null
+++ b/assets/vomsdir/pamela/voms-01.pd.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/pamela/voms.cnaf.infn.it.lsc b/assets/vomsdir/pamela/voms.cnaf.infn.it.lsc
new file mode 100644
index 0000000..911bd72
--- /dev/null
+++ b/assets/vomsdir/pamela/voms.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/rdfa/voms.cnaf.infn.it.lsc b/assets/vomsdir/rdfa/voms.cnaf.infn.it.lsc
new file mode 100644
index 0000000..911bd72
--- /dev/null
+++ b/assets/vomsdir/rdfa/voms.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/theophys/voms-01.pd.infn.it.lsc b/assets/vomsdir/theophys/voms-01.pd.infn.it.lsc
new file mode 100644
index 0000000..6d4d714
--- /dev/null
+++ b/assets/vomsdir/theophys/voms-01.pd.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/theophys/voms.cnaf.infn.it.lsc b/assets/vomsdir/theophys/voms.cnaf.infn.it.lsc
new file mode 100644
index 0000000..911bd72
--- /dev/null
+++ b/assets/vomsdir/theophys/voms.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/virgo/voms-01.pd.infn.it.lsc b/assets/vomsdir/virgo/voms-01.pd.infn.it.lsc
new file mode 100644
index 0000000..6d4d714
--- /dev/null
+++ b/assets/vomsdir/virgo/voms-01.pd.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/virgo/voms.cnaf.infn.it.lsc b/assets/vomsdir/virgo/voms.cnaf.infn.it.lsc
new file mode 100644
index 0000000..911bd72
--- /dev/null
+++ b/assets/vomsdir/virgo/voms.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/vo.compass.cern.ch/lcg-voms2.cern.ch.lsc b/assets/vomsdir/vo.compass.cern.ch/lcg-voms2.cern.ch.lsc
new file mode 100644
index 0000000..6279707
--- /dev/null
+++ b/assets/vomsdir/vo.compass.cern.ch/lcg-voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/vo.compass.cern.ch/voms2.cern.ch.lsc b/assets/vomsdir/vo.compass.cern.ch/voms2.cern.ch.lsc
new file mode 100644
index 0000000..54ccd3a
--- /dev/null
+++ b/assets/vomsdir/vo.compass.cern.ch/voms2.cern.ch.lsc
@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch
+/DC=ch/DC=cern/CN=CERN Grid Certification Authority
diff --git a/assets/vomsdir/vo.cta.in2p3.fr/cclcgvomsli01.in2p3.fr.lsc b/assets/vomsdir/vo.cta.in2p3.fr/cclcgvomsli01.in2p3.fr.lsc
new file mode 100644
index 0000000..f350d34
--- /dev/null
+++ b/assets/vomsdir/vo.cta.in2p3.fr/cclcgvomsli01.in2p3.fr.lsc
@@ -0,0 +1,2 @@
+/O=GRID-FR/C=FR/O=CNRS/OU=CC-IN2P3/CN=cclcgvomsli01.in2p3.fr
+/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services
diff --git a/assets/vomsdir/vo.darkside.org/vomsIGI-NA.unina.it.lsc b/assets/vomsdir/vo.darkside.org/vomsIGI-NA.unina.it.lsc
new file mode 100644
index 0000000..45ed9b6
--- /dev/null
+++ b/assets/vomsdir/vo.darkside.org/vomsIGI-NA.unina.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/vo.darkside.org/vomsmania.cnaf.infn.it.lsc b/assets/vomsdir/vo.darkside.org/vomsmania.cnaf.infn.it.lsc
new file mode 100644
index 0000000..322d18c
--- /dev/null
+++ b/assets/vomsdir/vo.darkside.org/vomsmania.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/vo.padme.org/voms-02.pd.infn.it.lsc b/assets/vomsdir/vo.padme.org/voms-02.pd.infn.it.lsc
new file mode 100644
index 0000000..ecf661b
--- /dev/null
+++ b/assets/vomsdir/vo.padme.org/voms-02.pd.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it
+/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
diff --git a/assets/vomsdir/vo.padme.org/voms2.cnaf.infn.it.lsc b/assets/vomsdir/vo.padme.org/voms2.cnaf.infn.it.lsc
new file mode 100644
index 0000000..2d28ddc
--- /dev/null
+++ b/assets/vomsdir/vo.padme.org/voms2.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/assets/vomsdir/xenon.biggrid.nl/voms.grid.sara.nl.lsc b/assets/vomsdir/xenon.biggrid.nl/voms.grid.sara.nl.lsc
new file mode 100644
index 0000000..b3e85ab
--- /dev/null
+++ b/assets/vomsdir/xenon.biggrid.nl/voms.grid.sara.nl.lsc
@@ -0,0 +1,2 @@
+/O=dutchgrid/O=hosts/OU=sara.nl/CN=voms.grid.sara.nl
+/C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth
diff --git a/assets/vomses/alice-lcg-voms2.cern.ch b/assets/vomses/alice-lcg-voms2.cern.ch
new file mode 100644
index 0000000..8a6d861
--- /dev/null
+++ b/assets/vomses/alice-lcg-voms2.cern.ch
@@ -0,0 +1 @@
+"alice" "lcg-voms2.cern.ch" "15000" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "alice" "24"
diff --git a/assets/vomses/alice-voms2.cern.ch b/assets/vomses/alice-voms2.cern.ch
new file mode 100644
index 0000000..8d77979
--- /dev/null
+++ b/assets/vomses/alice-voms2.cern.ch
@@ -0,0 +1 @@
+"alice" "voms2.cern.ch" "15000" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "alice" "24"
diff --git a/assets/vomses/argo-voms-01.pd.infn.it b/assets/vomses/argo-voms-01.pd.infn.it
new file mode 100644
index 0000000..2254aa1
--- /dev/null
+++ b/assets/vomses/argo-voms-01.pd.infn.it
@@ -0,0 +1 @@
+"argo" "voms-01.pd.infn.it" "15012" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it" "argo"
diff --git a/assets/vomses/argo-voms.cnaf.infn.it b/assets/vomses/argo-voms.cnaf.infn.it
new file mode 100644
index 0000000..3ca6c36
--- /dev/null
+++ b/assets/vomses/argo-voms.cnaf.infn.it
@@ -0,0 +1 @@
+"argo" "voms.cnaf.infn.it" "15012" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "argo"
diff --git a/assets/vomses/atlas-lcg-voms2.cern.ch b/assets/vomses/atlas-lcg-voms2.cern.ch
new file mode 100644
index 0000000..e2eda1c
--- /dev/null
+++ b/assets/vomses/atlas-lcg-voms2.cern.ch
@@ -0,0 +1 @@
+"atlas" "lcg-voms2.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "atlas" "24"
diff --git a/assets/vomses/atlas-voms2.cern.ch b/assets/vomses/atlas-voms2.cern.ch
new file mode 100644
index 0000000..134b75e
--- /dev/null
+++ b/assets/vomses/atlas-voms2.cern.ch
@@ -0,0 +1 @@
+"atlas" "voms2.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "atlas" "24"
diff --git a/assets/vomses/auger-voms1.grid.cesnet.cz b/assets/vomses/auger-voms1.grid.cesnet.cz
new file mode 100644
index 0000000..2ed3c9f
--- /dev/null
+++ b/assets/vomses/auger-voms1.grid.cesnet.cz
@@ -0,0 +1 @@
+"auger" "voms1.grid.cesnet.cz" "15004" "/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz" "auger" "24"
diff --git a/assets/vomses/auger-voms2.grid.cesnet.cz b/assets/vomses/auger-voms2.grid.cesnet.cz
new file mode 100644
index 0000000..df130b3
--- /dev/null
+++ b/assets/vomses/auger-voms2.grid.cesnet.cz
@@ -0,0 +1 @@
+"auger" "voms2.grid.cesnet.cz" "15004" "/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms2.grid.cesnet.cz" "auger" "24"
diff --git a/assets/vomses/babar-voms.gridpp.ac.uk b/assets/vomses/babar-voms.gridpp.ac.uk
new file mode 100644
index 0000000..c3537c1
--- /dev/null
+++ b/assets/vomses/babar-voms.gridpp.ac.uk
@@ -0,0 +1 @@
+"babar" "voms.gridpp.ac.uk" "15002" "/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk/emailAddress=ops@tier2.hep.manchester.ac.uk" "babar"
diff --git a/assets/vomses/belle-grid-voms.desy.de b/assets/vomses/belle-grid-voms.desy.de
new file mode 100644
index 0000000..99169ea
--- /dev/null
+++ b/assets/vomses/belle-grid-voms.desy.de
@@ -0,0 +1 @@
+"belle" "grid-voms.desy.de" "15020" "/C=DE/O=GermanGrid/OU=DESY/CN=host/grid-voms.desy.de" "belle"
diff --git a/assets/vomses/belle-voms.cc.kek.jp b/assets/vomses/belle-voms.cc.kek.jp
new file mode 100644
index 0000000..0d040d0
--- /dev/null
+++ b/assets/vomses/belle-voms.cc.kek.jp
@@ -0,0 +1 @@
+"belle" "voms.cc.kek.jp" "15020" "/C=JP/O=KEK/OU=CRC/CN=host/voms.cc.kek.jp" "belle" "24"
diff --git a/assets/vomses/belle-voms.hep.pnnl.gov b/assets/vomses/belle-voms.hep.pnnl.gov
new file mode 100644
index 0000000..f84a9a7
--- /dev/null
+++ b/assets/vomses/belle-voms.hep.pnnl.gov
@@ -0,0 +1 @@
+"belle" "voms.hep.pnnl.gov" "15020" "/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms.hep.pnnl.gov" "belle"
diff --git a/assets/vomses/biomed-cclcgvomsli01.in2p3.fr b/assets/vomses/biomed-cclcgvomsli01.in2p3.fr
new file mode 100644
index 0000000..3187799
--- /dev/null
+++ b/assets/vomses/biomed-cclcgvomsli01.in2p3.fr
@@ -0,0 +1 @@
+"biomed" "cclcgvomsli01.in2p3.fr" "15000" "/O=GRID-FR/C=FR/O=CNRS/OU=CC-IN2P3/CN=cclcgvomsli01.in2p3.fr" "biomed" "24"
diff --git a/assets/vomses/cdf-voms-01.pd.infn.it b/assets/vomses/cdf-voms-01.pd.infn.it
new file mode 100644
index 0000000..98be48e
--- /dev/null
+++ b/assets/vomses/cdf-voms-01.pd.infn.it
@@ -0,0 +1 @@
+"cdf" "voms-01.pd.infn.it" "15001" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it" "cdf" "24"
diff --git a/assets/vomses/cdf-voms.cnaf.infn.it b/assets/vomses/cdf-voms.cnaf.infn.it
new file mode 100644
index 0000000..92469bc
--- /dev/null
+++ b/assets/vomses/cdf-voms.cnaf.infn.it
@@ -0,0 +1 @@
+"cdf" "voms.cnaf.infn.it" "15001" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "cdf" "24"
diff --git a/assets/vomses/cdf-voms1.fnal.gov b/assets/vomses/cdf-voms1.fnal.gov
new file mode 100644
index 0000000..795acb9
--- /dev/null
+++ b/assets/vomses/cdf-voms1.fnal.gov
@@ -0,0 +1 @@
+"cdf" "voms1.fnal.gov" "15020" "/DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=Services/CN=voms1.fnal.gov" "cdf" "24"
diff --git a/assets/vomses/cdf-voms2.fnal.gov b/assets/vomses/cdf-voms2.fnal.gov
new file mode 100644
index 0000000..4379888
--- /dev/null
+++ b/assets/vomses/cdf-voms2.fnal.gov
@@ -0,0 +1 @@
+"cdf" "voms2.fnal.gov" "15020" "/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms2.fnal.gov" "cdf" "24"
diff --git a/assets/vomses/clas12-gryphn.phys.uconn.edu b/assets/vomses/clas12-gryphn.phys.uconn.edu
new file mode 100644
index 0000000..e4636a9
--- /dev/null
+++ b/assets/vomses/clas12-gryphn.phys.uconn.edu
@@ -0,0 +1 @@
+"clas12" "gryphn.phys.uconn.edu" "15001" "/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms/gryphn.phys.uconn.edu" "clas12" "24"
diff --git a/assets/vomses/clas12-jlabvoms.t2.ucsd.edu b/assets/vomses/clas12-jlabvoms.t2.ucsd.edu
new file mode 100644
index 0000000..106bf9e
--- /dev/null
+++ b/assets/vomses/clas12-jlabvoms.t2.ucsd.edu
@@ -0,0 +1 @@
+"clas12" "jlabvoms.t2.ucsd.edu" "15001" "/DC=org/DC=incommon/C=US/ST=California/L=La Jolla/O=University of California, San Diego/OU=UCSD/CN=jlabvoms.t2.ucsd.edu" "clas12" "24"
diff --git a/assets/vomses/cms-lcg-voms2.cern.ch b/assets/vomses/cms-lcg-voms2.cern.ch
new file mode 100644
index 0000000..1ee844a
--- /dev/null
+++ b/assets/vomses/cms-lcg-voms2.cern.ch
@@ -0,0 +1 @@
+"cms" "lcg-voms2.cern.ch" "15002" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "cms" "24"
diff --git a/assets/vomses/cms-voms2.cern.ch b/assets/vomses/cms-voms2.cern.ch
new file mode 100644
index 0000000..229d0dc
--- /dev/null
+++ b/assets/vomses/cms-voms2.cern.ch
@@ -0,0 +1 @@
+"cms" "voms2.cern.ch" "15002" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "cms" "24"
diff --git a/assets/vomses/dteam-voms2.hellasgrid.gr b/assets/vomses/dteam-voms2.hellasgrid.gr
new file mode 100644
index 0000000..e39fc1c
--- /dev/null
+++ b/assets/vomses/dteam-voms2.hellasgrid.gr
@@ -0,0 +1 @@
+"dteam" "voms2.hellasgrid.gr" "15004" "/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr" "dteam" "24"
diff --git a/assets/vomses/geant4-lcg-voms.cern.ch b/assets/vomses/geant4-lcg-voms.cern.ch
new file mode 100644
index 0000000..2e7c8b9
--- /dev/null
+++ b/assets/vomses/geant4-lcg-voms.cern.ch
@@ -0,0 +1 @@
+"geant4" "lcg-voms.cern.ch" "15007" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch" "geant4"
diff --git a/assets/vomses/geant4-voms.cern.ch b/assets/vomses/geant4-voms.cern.ch
new file mode 100644
index 0000000..0d51044
--- /dev/null
+++ b/assets/vomses/geant4-voms.cern.ch
@@ -0,0 +1 @@
+"geant4" "voms.cern.ch" "15007" "/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch" "geant4"
diff --git a/assets/vomses/gerda.mpg.de-vomsIGI-NA.unina.it b/assets/vomses/gerda.mpg.de-vomsIGI-NA.unina.it
new file mode 100644
index 0000000..783e451
--- /dev/null
+++ b/assets/vomses/gerda.mpg.de-vomsIGI-NA.unina.it
@@ -0,0 +1 @@
+"gerda.mpg.de" "vomsIGI-NA.unina.it" "15002" "/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it" "gerda.mpg.de"
diff --git a/assets/vomses/gerda.mpg.de-vomsmania.cnaf.infn.it b/assets/vomses/gerda.mpg.de-vomsmania.cnaf.infn.it
new file mode 100644
index 0000000..07a56c6
--- /dev/null
+++ b/assets/vomses/gerda.mpg.de-vomsmania.cnaf.infn.it
@@ -0,0 +1 @@
+"gerda.mpg.de" "vomsmania.cnaf.infn.it" "15002" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it" "gerda.mpg.de"
diff --git a/assets/vomses/glast.org-voms-02.pd.infn.it b/assets/vomses/glast.org-voms-02.pd.infn.it
new file mode 100644
index 0000000..9510ad3
--- /dev/null
+++ b/assets/vomses/glast.org-voms-02.pd.infn.it
@@ -0,0 +1 @@
+"glast.org" "voms-02.pd.infn.it" "15018" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it" "glast.org"
diff --git a/assets/vomses/glast.org-voms2.cnaf.infn.it b/assets/vomses/glast.org-voms2.cnaf.infn.it
new file mode 100644
index 0000000..fe3063e
--- /dev/null
+++ b/assets/vomses/glast.org-voms2.cnaf.infn.it
@@ -0,0 +1 @@
+"glast.org" "voms2.cnaf.infn.it" "15018" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it" "glast.org"
diff --git a/assets/vomses/icarus-exp.org-vomsIGI-NA.unina.it b/assets/vomses/icarus-exp.org-vomsIGI-NA.unina.it
new file mode 100644
index 0000000..8ae8f64
--- /dev/null
+++ b/assets/vomses/icarus-exp.org-vomsIGI-NA.unina.it
@@ -0,0 +1 @@
+"icarus-exp.org" "vomsIGI-NA.unina.it" "15000" "/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it" "icarus-exp.org"
diff --git a/assets/vomses/icarus-exp.org-vomsmania.cnaf.infn.it b/assets/vomses/icarus-exp.org-vomsmania.cnaf.infn.it
new file mode 100644
index 0000000..1c664c4
--- /dev/null
+++ b/assets/vomses/icarus-exp.org-vomsmania.cnaf.infn.it
@@ -0,0 +1 @@
+"icarus-exp.org" "vomsmania.cnaf.infn.it" "15000" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it" "icarus-exp.org"
diff --git a/assets/vomses/infngrid-voms.cnaf.infn.it b/assets/vomses/infngrid-voms.cnaf.infn.it
new file mode 100644
index 0000000..0979acd
--- /dev/null
+++ b/assets/vomses/infngrid-voms.cnaf.infn.it
@@ -0,0 +1 @@
+"infngrid" "voms.cnaf.infn.it" "15000" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "infngrid"
diff --git a/assets/vomses/juno-lcgvoms02.jinr.ru b/assets/vomses/juno-lcgvoms02.jinr.ru
new file mode 100644
index 0000000..02f8080
--- /dev/null
+++ b/assets/vomses/juno-lcgvoms02.jinr.ru
@@ -0,0 +1 @@
+"juno" "lcgvoms02.jinr.ru" "15008" "/C=RU/O=RDIG/OU=hosts/OU=jinr.ru/CN=lcgvoms02.jinr.ru" "juno" "24"
diff --git a/assets/vomses/juno-voms.ihep.ac.cn b/assets/vomses/juno-voms.ihep.ac.cn
new file mode 100644
index 0000000..688f6ee
--- /dev/null
+++ b/assets/vomses/juno-voms.ihep.ac.cn
@@ -0,0 +1 @@
+"juno" "voms.ihep.ac.cn" "15008" "/C=CN/O=HEP/OU=CC/O=IHEP/CN=voms.ihep.ac.cn" "juno" "24"
diff --git a/assets/vomses/km3net.org-voms02.scope.unina.it b/assets/vomses/km3net.org-voms02.scope.unina.it
new file mode 100644
index 0000000..cde8e54
--- /dev/null
+++ b/assets/vomses/km3net.org-voms02.scope.unina.it
@@ -0,0 +1 @@
+"km3net.org" "voms02.scope.unina.it" "15005" "/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=voms02.scope.unina.it" "km3net.org"
diff --git a/assets/vomses/lhcb-lcg-voms2.cern.ch b/assets/vomses/lhcb-lcg-voms2.cern.ch
new file mode 100644
index 0000000..68c7507
--- /dev/null
+++ b/assets/vomses/lhcb-lcg-voms2.cern.ch
@@ -0,0 +1 @@
+"lhcb" "lcg-voms2.cern.ch" "15003" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "lhcb" "24"
diff --git a/assets/vomses/lhcb-voms2.cern.ch b/assets/vomses/lhcb-voms2.cern.ch
new file mode 100644
index 0000000..abcf8e7
--- /dev/null
+++ b/assets/vomses/lhcb-voms2.cern.ch
@@ -0,0 +1 @@
+"lhcb" "voms2.cern.ch" "15003" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "lhcb" "24"
diff --git a/assets/vomses/magic-voms01.pic.es b/assets/vomses/magic-voms01.pic.es
new file mode 100644
index 0000000..3efae81
--- /dev/null
+++ b/assets/vomses/magic-voms01.pic.es
@@ -0,0 +1 @@
+"magic" "voms01.pic.es" "15003" "/DC=es/DC=irisgrid/O=pic/CN=voms01.pic.es" "magic"
diff --git a/assets/vomses/muoncoll.infn.it-voms-02.pd.infn.it b/assets/vomses/muoncoll.infn.it-voms-02.pd.infn.it
new file mode 100644
index 0000000..ccefabc
--- /dev/null
+++ b/assets/vomses/muoncoll.infn.it-voms-02.pd.infn.it
@@ -0,0 +1 @@
+"muoncoll.infn.it" "voms-02.pd.infn.it" "15022" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it" "muoncoll.infn.it" "24"
diff --git a/assets/vomses/muoncoll.infn.it-voms2.cnaf.infn.it b/assets/vomses/muoncoll.infn.it-voms2.cnaf.infn.it
new file mode 100644
index 0000000..6eb7624
--- /dev/null
+++ b/assets/vomses/muoncoll.infn.it-voms2.cnaf.infn.it
@@ -0,0 +1 @@
+"muoncoll.infn.it" "voms2.cnaf.infn.it" "15022" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it" "muoncoll.infn.it" "24"
diff --git a/assets/vomses/na62.vo.gridpp.ac.uk-voms.gridpp.ac.uk b/assets/vomses/na62.vo.gridpp.ac.uk-voms.gridpp.ac.uk
new file mode 100644
index 0000000..21eb7e1
--- /dev/null
+++ b/assets/vomses/na62.vo.gridpp.ac.uk-voms.gridpp.ac.uk
@@ -0,0 +1 @@
+"na62.vo.gridpp.ac.uk" "voms.gridpp.ac.uk" "15501" "/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk" "na62.vo.gridpp.ac.uk"
diff --git a/assets/vomses/na62.vo.gridpp.ac.uk-voms02.gridpp.ac.uk b/assets/vomses/na62.vo.gridpp.ac.uk-voms02.gridpp.ac.uk
new file mode 100644
index 0000000..4206eec
--- /dev/null
+++ b/assets/vomses/na62.vo.gridpp.ac.uk-voms02.gridpp.ac.uk
@@ -0,0 +1 @@
+"na62.vo.gridpp.ac.uk" "voms02.gridpp.ac.uk" "15501" "/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=voms02.gridpp.ac.uk" "na62.vo.gridpp.ac.uk"
diff --git a/assets/vomses/na62.vo.gridpp.ac.uk-voms03.gridpp.ac.uk b/assets/vomses/na62.vo.gridpp.ac.uk-voms03.gridpp.ac.uk
new file mode 100644
index 0000000..09823cb
--- /dev/null
+++ b/assets/vomses/na62.vo.gridpp.ac.uk-voms03.gridpp.ac.uk
@@ -0,0 +1 @@
+"na62.vo.gridpp.ac.uk" "voms03.gridpp.ac.uk" "15501" "/C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk" "na62.vo.gridpp.ac.uk"
diff --git a/assets/vomses/ops-lcg-voms2.cern.ch b/assets/vomses/ops-lcg-voms2.cern.ch
new file mode 100644
index 0000000..fff4f26
--- /dev/null
+++ b/assets/vomses/ops-lcg-voms2.cern.ch
@@ -0,0 +1 @@
+"ops" "lcg-voms2.cern.ch" "15009" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "ops" "24"
diff --git a/assets/vomses/ops-voms2.cern.ch b/assets/vomses/ops-voms2.cern.ch
new file mode 100644
index 0000000..8774608
--- /dev/null
+++ b/assets/vomses/ops-voms2.cern.ch
@@ -0,0 +1 @@
+"ops" "voms2.cern.ch" "15009" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "ops" "24"
diff --git a/assets/vomses/pamela-voms-01.pd.infn.it b/assets/vomses/pamela-voms-01.pd.infn.it
new file mode 100644
index 0000000..d8afd18
--- /dev/null
+++ b/assets/vomses/pamela-voms-01.pd.infn.it
@@ -0,0 +1 @@
+"pamela" "voms-01.pd.infn.it" "15013" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it" "pamela"
diff --git a/assets/vomses/pamela-voms.cnaf.infn.it b/assets/vomses/pamela-voms.cnaf.infn.it
new file mode 100644
index 0000000..41274f4
--- /dev/null
+++ b/assets/vomses/pamela-voms.cnaf.infn.it
@@ -0,0 +1 @@
+"pamela" "voms.cnaf.infn.it" "15013" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "pamela"
diff --git a/assets/vomses/rdfa-voms.cnaf.infn.it b/assets/vomses/rdfa-voms.cnaf.infn.it
new file mode 100644
index 0000000..6c7d591
--- /dev/null
+++ b/assets/vomses/rdfa-voms.cnaf.infn.it
@@ -0,0 +1 @@
+"rdfa" "voms.cnaf.infn.it" "15014" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "rdfa"
diff --git a/assets/vomses/theophys-voms-01.pd.infn.it b/assets/vomses/theophys-voms-01.pd.infn.it
new file mode 100644
index 0000000..64a04a3
--- /dev/null
+++ b/assets/vomses/theophys-voms-01.pd.infn.it
@@ -0,0 +1 @@
+"theophys" "voms-01.pd.infn.it" "15006" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it" "theophys"
diff --git a/assets/vomses/theophys-voms.cnaf.infn.it b/assets/vomses/theophys-voms.cnaf.infn.it
new file mode 100644
index 0000000..8061375
--- /dev/null
+++ b/assets/vomses/theophys-voms.cnaf.infn.it
@@ -0,0 +1 @@
+"theophys" "voms.cnaf.infn.it" "15006" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "theophys"
diff --git a/assets/vomses/virgo-voms-01.pd.infn.it b/assets/vomses/virgo-voms-01.pd.infn.it
new file mode 100644
index 0000000..305023f
--- /dev/null
+++ b/assets/vomses/virgo-voms-01.pd.infn.it
@@ -0,0 +1 @@
+"virgo" "voms-01.pd.infn.it" "15009" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it" "virgo"
diff --git a/assets/vomses/virgo-voms.cnaf.infn.it b/assets/vomses/virgo-voms.cnaf.infn.it
new file mode 100644
index 0000000..4f3cb39
--- /dev/null
+++ b/assets/vomses/virgo-voms.cnaf.infn.it
@@ -0,0 +1 @@
+"virgo" "voms.cnaf.infn.it" "15009" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "virgo"
diff --git a/assets/vomses/vo.compass.cern.ch-lcg-voms2.cern.ch b/assets/vomses/vo.compass.cern.ch-lcg-voms2.cern.ch
new file mode 100644
index 0000000..8719c7d
--- /dev/null
+++ b/assets/vomses/vo.compass.cern.ch-lcg-voms2.cern.ch
@@ -0,0 +1 @@
+"vo.compass.cern.ch" "lcg-voms2.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "vo.compass.cern.ch" "24"
diff --git a/assets/vomses/vo.compass.cern.ch-voms2.cern.ch b/assets/vomses/vo.compass.cern.ch-voms2.cern.ch
new file mode 100644
index 0000000..447115c
--- /dev/null
+++ b/assets/vomses/vo.compass.cern.ch-voms2.cern.ch
@@ -0,0 +1 @@
+"vo.compass.cern.ch" "voms2.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "vo.compass.cern.ch" "24"
diff --git a/assets/vomses/vo.cta.in2p3.fr-cclcgvomsli01.in2p3.fr b/assets/vomses/vo.cta.in2p3.fr-cclcgvomsli01.in2p3.fr
new file mode 100644
index 0000000..867fd07
--- /dev/null
+++ b/assets/vomses/vo.cta.in2p3.fr-cclcgvomsli01.in2p3.fr
@@ -0,0 +1 @@
+"vo.cta.in2p3.fr" "cclcgvomsli01.in2p3.fr" "15008" "/O=GRID-FR/C=FR/O=CNRS/OU=CC-IN2P3/CN=cclcgvomsli01.in2p3.fr" "vo.cta.in2p3.fr"
diff --git a/assets/vomses/vo.darkside.org-vomsIGI-NA.unina.it b/assets/vomses/vo.darkside.org-vomsIGI-NA.unina.it
new file mode 100644
index 0000000..33e93a9
--- /dev/null
+++ b/assets/vomses/vo.darkside.org-vomsIGI-NA.unina.it
@@ -0,0 +1 @@
+"vo.darkside.org" "vomsIGI-NA.unina.it" "15008" "/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it" "vo.darkside.org"
diff --git a/assets/vomses/vo.darkside.org-vomsmania.cnaf.infn.it b/assets/vomses/vo.darkside.org-vomsmania.cnaf.infn.it
new file mode 100644
index 0000000..6204427
--- /dev/null
+++ b/assets/vomses/vo.darkside.org-vomsmania.cnaf.infn.it
@@ -0,0 +1 @@
+"vo.darkside.org" "vomsmania.cnaf.infn.it" "15008" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it" "vo.darkside.org"
diff --git a/assets/vomses/vo.padme.org-voms-02.pd.infn.it b/assets/vomses/vo.padme.org-voms-02.pd.infn.it
new file mode 100644
index 0000000..3356fde
--- /dev/null
+++ b/assets/vomses/vo.padme.org-voms-02.pd.infn.it
@@ -0,0 +1 @@
+"vo.padme.org" "voms-02.pd.infn.it" "15020" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it" "vo.padme.org"
diff --git a/assets/vomses/vo.padme.org-voms2.cnaf.infn.it b/assets/vomses/vo.padme.org-voms2.cnaf.infn.it
new file mode 100644
index 0000000..e67ed26
--- /dev/null
+++ b/assets/vomses/vo.padme.org-voms2.cnaf.infn.it
@@ -0,0 +1 @@
+"vo.padme.org" "voms2.cnaf.infn.it" "15020" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it" "vo.padme.org"
diff --git a/assets/vomses/voms.ihep.ac.cn b/assets/vomses/voms.ihep.ac.cn
new file mode 100644
index 0000000..6e89dc7
--- /dev/null
+++ b/assets/vomses/voms.ihep.ac.cn
@@ -0,0 +1 @@
+"juno" "voms.ihep.ac.cn" "15008" "/C=CN/O=HEP/OU=CC/O=IHEP/CN=voms.ihep.ac.cn" "juno"
diff --git a/assets/vomses/voms2.hellasgrid.gr b/assets/vomses/voms2.hellasgrid.gr
new file mode 100644
index 0000000..a87f46c
--- /dev/null
+++ b/assets/vomses/voms2.hellasgrid.gr
@@ -0,0 +1 @@
+"dteam" "voms2.hellasgrid.gr" "15004" "/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr" "dteam"
diff --git a/assets/vomses/xenon.biggrid.nl-voms.grid.sara.nl b/assets/vomses/xenon.biggrid.nl-voms.grid.sara.nl
new file mode 100644
index 0000000..059e5df
--- /dev/null
+++ b/assets/vomses/xenon.biggrid.nl-voms.grid.sara.nl
@@ -0,0 +1 @@
+"xenon.biggrid.nl" "voms.grid.sara.nl" "30008" "/O=dutchgrid/O=hosts/OU=sara.nl/CN=voms.grid.sara.nl" "xenon.biggrid.nl"
diff --git a/docker-compose.yml b/docker-compose.yml
index a054e6f..39fa8fc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,15 +15,16 @@ services:
   fts-server:
     image: gitlab-registry.cern.ch/fts/fts3:latest
     hostname: fts3-cnaf.cloud.cnaf.infn.it
-#    hostname: fts3.local.io
     volumes:
       - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
       - ./assets/certs:/certs
+      - ./assets/log/fts3:/var/log/fts3
       - ./assets/vomsdir:/etc/grid-security/vomsdir
       - ./assets/vomses:/etc/vomses
       - ./assets/fts3:/etc/fts3
       - ./assets/scripts:/scripts
+      - ./assets/supervisor/conf.d:/etc/supervisor/conf.d
     ports:
       - "2170:2170"
     links:
@@ -32,25 +33,26 @@ services:
       - trust
       - ftsdb
     entrypoint:  
-      - /scripts/docker-entrypoint.sh
+      - /scripts/startup-fts-server.sh
+
   fts-rest:
     image: gitlab-registry.cern.ch/fts/fts-rest:latest
     hostname: fts3-cnaf.cloud.cnaf.infn.it
-#    hostname: fts3-rest.local.io
     volumes:
-#      - cabundle:/etc/pki
+      - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
       - ./assets/certs:/certs
+      - ./assets/log/fts3:/var/log/fts3
       - ./assets/vomsdir:/etc/grid-security/vomsdir
       - ./assets/vomses:/etc/vomses
       - ./assets/fts3:/etc/fts3
-#      - ./assets/fts3-rest/:/etc/httpd/conf.d/
+      - ./assets/fts3-rest/httpd/conf.d:/etc/httpd/conf.d
       - ./assets/scripts:/scripts
+      - ./assets/fts3-rest:/fts3-rest
     ports:
       - "8446:8446"
     links:
       - ftsdb:ftsdb
-      - fts-server
     depends_on:
       - trust
       - ftsdb
@@ -61,27 +63,28 @@ services:
   fts-mon:
     image: gitlab-registry.cern.ch/fts/fts-monitoring:latest
     hostname: fts3-cnaf.cloud.cnaf.infn.it
-#    hostname: fts3-mon.local.io
     volumes:
-#      - cabundle:/etc/pki
+      - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
       - ./assets/certs:/certs
+      - ./assets/log/fts3:/var/log/fts3
       - ./assets/vomsdir:/etc/grid-security/vomsdir
       - ./assets/vomses:/etc/vomses
       - ./assets/fts3:/etc/fts3
-#      - ./assets/fts3-mon/:/etc/httpd/conf.d/
+      - ./assets/fts3-mon/httpd/conf.d:/etc/httpd/conf.d
       - ./assets/scripts:/scripts
+      - ./assets/fts3-mon:/fts3-mon
     ports:
       - "8449:8449"
     links:
       - ftsdb:ftsdb
-      - fts-server:fts-server
     depends_on:
       - trust
       - ftsdb
       - fts-server
     entrypoint:
-      - /scripts/startup-fts-rest-mon.sh
+      - /scripts/startup-fts-mon.sh
+
   ftsdb:
     image: mysql:5
     hostname: ftsdb
diff --git a/new.docker-compose.yml b/new.docker-compose.yml
new file mode 100644
index 0000000..50c36b9
--- /dev/null
+++ b/new.docker-compose.yml
@@ -0,0 +1,108 @@
+version: "2.1"
+volumes:   
+  trustanchors:
+  cabundle:
+  db_data:
+
+services:
+  trust:
+    image: indigoiam/trustanchors
+    environment:
+      - FORCE_TRUST_ANCHORS_UPDATE=1
+    volumes:
+      - trustanchors:/etc/grid-security/certificates
+      - cabundle:/etc/pki
+
+  fts-server:
+    image: gitlab-registry.cern.ch/fts/fts3:${FTS_SERVER_VERSION}
+    hostname: ${FTS_HOSTNAME} 
+    volumes:
+      - cabundle:/etc/pki
+      - trustanchors:/etc/grid-security/certificates
+      - ./assets/certs:/certs
+      - ./assets/log/fts3:/var/log/fts3
+      - ./assets/vomsdir:/etc/grid-security/vomsdir
+      - ./assets/vomses:/etc/vomses
+      - ./assets/fts3:/etc/fts3
+      - ./assets/scripts:/scripts
+      - ./assets/supervisor/conf.d:/etc/supervisor/conf.d
+    ports:
+      - "2170:2170"
+    links:
+      - ftsdb:ftsdb
+    depends_on:
+      - trust
+      - ftsdb
+    entrypoint:  
+      - /scripts/startup-fts-server.sh
+
+  fts-rest:
+    image: gitlab-registry.cern.ch/fts/fts-rest:${FTS_REST_VERSION}
+    hostname: ${FTS_HOSTNAME}
+    volumes:
+      - cabundle:/etc/pki
+      - trustanchors:/etc/grid-security/certificates
+      - ./assets/certs:/certs
+      - ./assets/log/fts3:/var/log/fts3
+      - ./assets/vomsdir:/etc/grid-security/vomsdir
+      - ./assets/vomses:/etc/vomses
+      - ./assets/fts3:/etc/fts3
+      - ./assets/fts3-rest/httpd/conf.d:/etc/httpd/conf.d
+      - ./assets/scripts:/scripts
+      - ./assets/fts3-rest:/fts3-rest
+    ports:
+      - "8446:8446"
+    links:
+      - ftsdb:ftsdb
+    depends_on:
+      - trust
+      - ftsdb
+      - fts-server
+    entrypoint:
+      - /scripts/startup-fts-rest.sh
+
+  fts-mon:
+    image: gitlab-registry.cern.ch/fts/fts-monitoring:${FTS_MONITORING_VERSION}
+    hostname: ${FTS_HOSTNAME}
+    volumes:
+      - cabundle:/etc/pki
+      - trustanchors:/etc/grid-security/certificates
+      - ./assets/certs:/certs
+      - ./assets/log/fts3:/var/log/fts3
+      - ./assets/vomsdir:/etc/grid-security/vomsdir
+      - ./assets/vomses:/etc/vomses
+      - ./assets/fts3:/etc/fts3
+      - ./assets/fts3-mon/httpd/conf.d:/etc/httpd/conf.d
+      - ./assets/scripts:/scripts
+      - ./assets/fts3-mon:/fts3-mon
+    ports:
+      - "8449:8449"
+    links:
+      - ftsdb:ftsdb
+    depends_on:
+      - trust
+      - ftsdb
+      - fts-server
+    entrypoint:
+      - /scripts/startup-fts-mon.sh
+
+  ftsdb:
+    image: ${FTS_MYSQL_IMAGE}
+    hostname: ftsdb
+    environment:
+      - MYSQL_USER=${FTS_DB_USER}
+      - MYSQL_PASSWORD=${FTS_DB_PASSWD}
+      - MYSQL_ROOT_PASSWORD=${FTS_DB_ROOT_PASSWD}
+      - MYSQL_DATABASE=${FTS_DATABASE}
+    ports:
+      - "3306:3306"
+    volumes:
+      - ./assets/scripts:/scripts
+      - db_data:/var/lib/mysql
+#    entrypoint:
+#      - /scripts/initialize-mysql.sh
+    healthcheck:
+      test: ["CMD", "/scripts/initialize-mysql.sh"]
+      timeout: 3600s
+      retries: 1 
+  
diff --git a/no.docker-compose.yml b/no.docker-compose.yml
deleted file mode 100644
index f1bf9f4..0000000
--- a/no.docker-compose.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-version: "2"
-services:
-  fts:
-    build: .
-#    hostname: fts
-    hostname: fts3-cnaf.cloud.cnaf.infn.it
-    volumes:
-#      - /etc/fts3:/etc/fts3
-      - /etc/grid-security:/etc/grid-security
-      - /etc/grid-security/certificates:/etc/grid-security/certificates
-#      - /var/log/fts3:/var/log/fts3
-    ports:
-      - "8446:8446"
-      - "8449:8449"
-    links:
-      - ftsdb:ftsdb
-    depends_on:
-      - ftsdb
-  ftsdb:
-    image: mysql:5
-    hostname: ftsdb
-    environment:
-      - MYSQL_USER=fts
-      - MYSQL_PASSWORD=fts
-      - MYSQL_ROOT_PASSWORD=fts
-      - MYSQL_DATABASE=fts
-    ports:
-      - "3306:3306"
diff --git a/old.Dockerfile b/old.Dockerfile
new file mode 100644
index 0000000..3836086
--- /dev/null
+++ b/old.Dockerfile
@@ -0,0 +1,54 @@
+FROM centos:7
+
+# Install FTS
+RUN yum install -y epel-release.noarch
+#RUN curl https://fts-repo.web.cern.ch/fts-repo/fts3-prod-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo
+#RUN curl https://dmc-repo.web.cern.ch/dmc-repo/dmc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo
+RUN curl http://fts-repo.web.cern.ch/fts-repo/fts3-rc-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo
+RUN curl http://dmc-repo.web.cern.ch/dmc-repo/dmc-rc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo
+
+RUN yum clean all && yum upgrade -y
+RUN yum install -y gfal2-plugin-* --skip-broken
+RUN yum install -y fts-server fts-client fts-rest fts-monitoring fts-mysql fts-msg fts-infosys
+RUN yum install -y mysql MySQL-python fts-rest-oauth2 multitail
+RUN yum install -y fts-server-selinux fts-rest-selinux fts-monitoring-selinux
+RUN yum clean all
+
+# Setup FTS security
+COPY assets/fts/certs/hostcert_fts.pem /etc/grid-security/hostcert.pem
+COPY assets/fts/certs/hostcert_fts.key.pem /etc/grid-security/hostkey.pem
+RUN chmod 400 /etc/grid-security/hostkey.pem
+COPY assets/fts/Sectigo/SectigoRSA* /etc/grid-security/certificates/
+COPY assets/fts/Sectigo/USERTrustRSA-AAACA-xSign.crt /etc/grid-security/certificates/
+#COPY assets/fts/Sectigo/SHA-2\ Root\ USERTrust\ RSA\ Certification\ Authority.crt /etc/grid-security/certificates/
+
+
+# Database configuration for FTS server
+COPY assets/fts/fts3config /etc/fts3/fts3config
+COPY assets/fts/mysql/fts-schema-6.0.0.sql /usr/share/fts-mysql/fts-schema-6.0.0.sql 
+
+# Configuration for FTSREST and FTSMON
+COPY assets/fts/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf
+RUN echo "" > /etc/httpd/conf.d/ssl.conf &&\
+    echo "" > /etc/httpd/conf.d/autoindex.conf &&\
+    echo "" > /etc/httpd/conf.d/userdir.conf &&\
+    echo "" > /etc/httpd/conf.d/welcome.conf &&\
+    echo "" > /etc/httpd/conf.d/zgridsite.conf &&\
+    echo "ServerName fts3-cnaf.cloud.cnaf.infn.it:80" >> /etc/httpd/conf/httpd.conf 
+
+# Entrypoint waiting script for MySQL
+COPY assets/fts/wait-for-it.sh /usr/local/bin/wait-for-it.sh
+RUN chmod +x /usr/local/bin/wait-for-it.sh
+
+# Shortcut for logfiles
+COPY assets/fts/logshow /usr/local/bin/logshow
+RUN chmod +x /usr/local/bin/logshow
+RUN touch /var/log/fts3/fts3server.log
+RUN chown -R fts3:fts3 /var/log/fts3/fts3server.log
+RUN touch /var/log/fts3rest/fts3rest.log
+RUN chown -R fts3:fts3 /var/log/fts3rest
+
+# Startup
+EXPOSE 8446 8449
+ADD assets/fts/docker-entrypoint.sh /
+ENTRYPOINT ["/docker-entrypoint.sh"]
-- 
GitLab


From 69fa1e5a785b364e4b8ed9361f27af4cf1cdf8ba Mon Sep 17 00:00:00 2001
From: root <root@omii005-vm01.cnaf.infn.it>
Date: Mon, 8 Mar 2021 10:26:55 +0100
Subject: [PATCH 2/5]  - Added environmet variables

---
 .env                                          | 14 ++++
 assets/1                                      | 16 -----
 assets/ENV                                    | 12 ----
 assets/fts3/fts3config                        |  9 ++-
 assets/fts3/fts3rest.ini                      |  6 +-
 assets/scripts/etc/hosts                      |  2 +-
 assets/scripts/startup-fts-mon.sh             |  2 +-
 assets/scripts/startup-fts-rest.sh            |  2 +-
 assets/scripts/startup-fts-server.sh          |  2 +-
 docker-compose.yml                            | 66 +++++++++++++------
 initialize_mysql.sh                           |  7 ++
 ...cker-compose.yml => old.docker-compose.yml | 36 +++++-----
 12 files changed, 104 insertions(+), 70 deletions(-)
 create mode 100644 .env
 delete mode 100644 assets/1
 delete mode 100644 assets/ENV
 create mode 100755 initialize_mysql.sh
 rename new.docker-compose.yml => old.docker-compose.yml (78%)

diff --git a/.env b/.env
new file mode 100644
index 0000000..c3aa750
--- /dev/null
+++ b/.env
@@ -0,0 +1,14 @@
+FTS_HOSTNAME=fts3-cnaf.cloud.cnaf.infn.it
+FTS_SITE_NAME=FTS3-CNAF
+FTS_IP=131.154.97.15
+FTS_SERVER_VERSION=latest
+FTS_REST_VERSION=latest
+FTS_MONITORING_VERSION=latest
+FTS_MYSQL_IMAGE=mysql:5
+FTS_MYSQL_HOST=ftsdb
+FTS_DATABASE=fts
+FTS_DB_USER=fts
+FTS_DB_PASSWD=fts
+FTS_DB_ROOT_PASSWD=fts
+
+
diff --git a/assets/1 b/assets/1
deleted file mode 100644
index ab321f2..0000000
--- a/assets/1
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-set -ex
-
-# wait for MySQL readiness
-/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600
-
-# put host certificate and key to their place
-cp /certs/hostcert.pem /etc/grid-security/hostcert.pem
-cp /certs/hostkey.pem /etc/grid-security/hostkey.pem
-cp /scripts/hosts /etc/hosts
-
-# put fts3 rest httpd config file to it's place
-#cp /fts3-rest/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf
-
-/usr/sbin/apachectl -DFOREGROUND # FTS REST frontend
-
diff --git a/assets/ENV b/assets/ENV
deleted file mode 100644
index feae99c..0000000
--- a/assets/ENV
+++ /dev/null
@@ -1,12 +0,0 @@
-FTS_HOSTNAME="fts3-cnaf.cloud.cnaf.infn.it"
-FTS_SERVER_VERSION=v3.10.0
-FTS_REST_VERSION=v3.10.1
-FTS_MONITORING_VERSION=v3.10.0
-FTS_MYSQL_IMAGE=mysql:5
-FTS_MYSQL_HOST=ftsdb
-FTS_DATABASE=fts
-FTS_DB_USER=fts
-FTS_DB_PASSWD=fts
-FTS_DB_ROOT_PASSWD=fts
-
-
diff --git a/assets/fts3/fts3config b/assets/fts3/fts3config
index 046a71f..0d0e45a 100644
--- a/assets/fts3/fts3config
+++ b/assets/fts3/fts3config
@@ -5,6 +5,7 @@ Group=root
 
 Alias=fts
 SiteName=FTS3-CNAF
+#SiteName=${FTS_SITE_NAME}
 MonitoringMessaging=true
 Profiling=0
 
@@ -13,9 +14,13 @@ AuthorizedVO=*
 DbType=mysql
 DbUserName=fts
 DbPassword=fts
-#DbConnectString=ftsdb/fts
+#DbConnectString=vm-131-154-97-13.cloud.cnaf.infn.it:3306/fts
+DbConnectString=ftsdb/fts
+
+#DbUserName=${FTS_DB_USER}
+#DbPassword=${FTS_DB_PASSWD}
+#DbConnectString=ftsdb/${FTS_DATABASE}
 # DbConnectString=<host>:<port>/<database>
-DbConnectString=vm-131-154-97-13.cloud.cnaf.infn.it:3306/fts
 
 #DbThreadsNum=25
 #Infosys=false
diff --git a/assets/fts3/fts3rest.ini b/assets/fts3/fts3rest.ini
index e839cc9..c2bef31 100644
--- a/assets/fts3/fts3rest.ini
+++ b/assets/fts3/fts3rest.ini
@@ -31,8 +31,10 @@ fts3.config = /etc/fts3/fts3config
 # SQLAlchemy database URL
 # If fts3.config is specified, the database connection string will be picked
 # up from there
-sqlalchemy.url = mysql://fts:fts@vm-131-154-97-13.cloud.cnaf.infn.it/fts
-#sqlalchemy.url = mysql://fts:fts@ftsdb/fts
+#sqlalchemy.url = mysql://user:passwd@host/db
+#sqlalchemy.url = mysql://${FTS_DB_USER}:${FTS_DB_PASSWD}@${FTS_MYSQL_HOST}/${FTS_DATABASE}
+#sqlalchemy.url = mysql://fts:fts@vm-131-154-97-13.cloud.cnaf.infn.it/fts
+sqlalchemy.url = mysql://fts:fts@ftsdb/fts
 
 # SQLAlchemy pool size.
 sqlalchemy.pool_size=64
diff --git a/assets/scripts/etc/hosts b/assets/scripts/etc/hosts
index e0e9ba4..2974f85 100644
--- a/assets/scripts/etc/hosts
+++ b/assets/scripts/etc/hosts
@@ -4,4 +4,4 @@ fe00::0 ip6-localnet
 ff00::0 ip6-mcastprefix
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
-131.154.97.15   fts3-cnaf.cloud.cnaf.infn.it fts3-cnaf
+${FTS_IP}  ${FTS_HOSTNAME} ${FTS_SITE_NAME}
diff --git a/assets/scripts/startup-fts-mon.sh b/assets/scripts/startup-fts-mon.sh
index 70bc2e3..dc49b13 100755
--- a/assets/scripts/startup-fts-mon.sh
+++ b/assets/scripts/startup-fts-mon.sh
@@ -2,7 +2,7 @@
 set -ex
 
 # wait for MySQL readiness
-/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600
+/scripts/wait-for-it.sh -h ${FTS_MYSQL_HOST} -p 3306 -t 3600
 
 # put host certificate and keys in place
 cp /certs/hostcert.pem /etc/grid-security/hostcert.pem
diff --git a/assets/scripts/startup-fts-rest.sh b/assets/scripts/startup-fts-rest.sh
index 1e53024..1bf1080 100755
--- a/assets/scripts/startup-fts-rest.sh
+++ b/assets/scripts/startup-fts-rest.sh
@@ -2,7 +2,7 @@
 set -ex
 
 # wait for MySQL readiness
-/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600
+/scripts/wait-for-it.sh -h ${FTS_MYSQL_HOST} -p 3306 -t 3600
 
 # put host certificate and key to their place
 cp /certs/hostcert.pem /etc/grid-security/hostcert.pem
diff --git a/assets/scripts/startup-fts-server.sh b/assets/scripts/startup-fts-server.sh
index f70dcb2..6d74467 100755
--- a/assets/scripts/startup-fts-server.sh
+++ b/assets/scripts/startup-fts-server.sh
@@ -2,7 +2,7 @@
 set -ex
 
 # wait for MySQL readiness
-/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600
+/scripts/wait-for-it.sh -h ${FTS_MYSQL_HOST} -p 3306 -t 3600
 
 cp /certs/hostcert.pem /etc/grid-security/hostcert.pem
 cp /certs/hostkey.pem /etc/grid-security/hostkey.pem
diff --git a/docker-compose.yml b/docker-compose.yml
index 39fa8fc..bb85143 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,8 @@
-version: "2.1"
+version: "3.5"
 volumes:   
   trustanchors:
   cabundle:
+  db_data:
 
 services:
   trust:
@@ -13,8 +14,17 @@ services:
       - cabundle:/etc/pki
 
   fts-server:
-    image: gitlab-registry.cern.ch/fts/fts3:latest
-    hostname: fts3-cnaf.cloud.cnaf.infn.it
+    image: gitlab-registry.cern.ch/fts/fts3:${FTS_SERVER_VERSION}
+    hostname: ${FTS_HOSTNAME}
+    environment:
+      - FTS_HOSTNAME=${FTS_HOSTNAME}
+      - FTS_SITE_NAME=${FTS_SITE_NAME}
+      - FTS_IP=${FTS_IP}
+      - FTS_MYSQL_HOST=${FTS_MYSQL_HOST}
+      - FTS_DATABASE=${FTS_DATABASE}
+      - FTS_DB_USER=${FTS_DB_USER}
+      - FTS_DB_PASSWD=${FTS_DB_PASSWD}
+      - FTS_DB_ROOT_PASSWD=${FTS_DB_ROOT_PASSWD}
     volumes:
       - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
@@ -36,8 +46,17 @@ services:
       - /scripts/startup-fts-server.sh
 
   fts-rest:
-    image: gitlab-registry.cern.ch/fts/fts-rest:latest
-    hostname: fts3-cnaf.cloud.cnaf.infn.it
+    image: gitlab-registry.cern.ch/fts/fts-rest:${FTS_REST_VERSION}
+    hostname: ${FTS_HOSTNAME}
+    environment:
+      - FTS_HOSTNAME=${FTS_HOSTNAME}
+      - FTS_SITE_NAME=${FTS_SITE_NAME}
+      - FTS_IP=${FTS_IP}
+      - FTS_MYSQL_HOST=${FTS_MYSQL_HOST}
+      - FTS_DATABASE=${FTS_DATABASE}
+      - FTS_DB_USER=${FTS_DB_USER}
+      - FTS_DB_PASSWD=${FTS_DB_PASSWD}
+      - FTS_DB_ROOT_PASSWD=${FTS_DB_ROOT_PASSWD}
     volumes:
       - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
@@ -61,8 +80,17 @@ services:
       - /scripts/startup-fts-rest.sh
 
   fts-mon:
-    image: gitlab-registry.cern.ch/fts/fts-monitoring:latest
-    hostname: fts3-cnaf.cloud.cnaf.infn.it
+    image: gitlab-registry.cern.ch/fts/fts-monitoring:${FTS_MONITORING_VERSION}
+    hostname: ${FTS_HOSTNAME}
+    environment:
+      - FTS_HOSTNAME=${FTS_HOSTNAME}
+      - FTS_SITE_NAME=${FTS_SITE_NAME}
+      - FTS_IP=${FTS_IP}
+      - FTS_MYSQL_HOST=${FTS_MYSQL_HOST}
+      - FTS_DATABASE=${FTS_DATABASE}
+      - FTS_DB_USER=${FTS_DB_USER}
+      - FTS_DB_PASSWD=${FTS_DB_PASSWD}
+      - FTS_DB_ROOT_PASSWD=${FTS_DB_ROOT_PASSWD}
     volumes:
       - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
@@ -85,22 +113,22 @@ services:
     entrypoint:
       - /scripts/startup-fts-mon.sh
 
+#  fts-cli:
+      #image:
+#      build: .
+#      hostname: fts3-cnaf.cloud.cnaf.infn.it
+
   ftsdb:
-    image: mysql:5
+    image: ${FTS_MYSQL_IMAGE}
     hostname: ftsdb
     environment:
-      - MYSQL_USER=fts
-      - MYSQL_PASSWORD=fts
-      - MYSQL_ROOT_PASSWORD=fts
-      - MYSQL_DATABASE=fts
+      - MYSQL_USER=${FTS_DB_USER}
+      - MYSQL_PASSWORD=${FTS_DB_PASSWD}
+      - MYSQL_ROOT_PASSWORD=${FTS_DB_ROOT_PASSWD}
+      - MYSQL_DATABASE=${FTS_DATABASE}
     ports:
       - "3306:3306"
     volumes:
       - ./assets/scripts:/scripts
-#    entrypoint:
-#      - /scripts/initialize-mysql.sh
-    healthcheck:
-      test: ["CMD", "/scripts/initialize-mysql.sh"]
-      timeout: 3600s
-      retries: 1 
-  
+      - db_data:/var/lib/mysql
+
diff --git a/initialize_mysql.sh b/initialize_mysql.sh
new file mode 100755
index 0000000..124a241
--- /dev/null
+++ b/initialize_mysql.sh
@@ -0,0 +1,7 @@
+#/bin/bash
+
+docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -pfts fts < /scripts/fts-schema-6.0.0.sql"
+
+docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -pfts -h ftsdb -Bse \"GRANT ALL ON fts.* TO 'fts'@'%' IDENTIFIED BY 'fts';FLUSH PRIVILEGES;GRANT SUPER ON *.* to 'fts'@'%' IDENTIFIED BY 'fts';FLUSH PRIVILEGES;\" "
+
+
diff --git a/new.docker-compose.yml b/old.docker-compose.yml
similarity index 78%
rename from new.docker-compose.yml
rename to old.docker-compose.yml
index 50c36b9..2e89a0f 100644
--- a/new.docker-compose.yml
+++ b/old.docker-compose.yml
@@ -5,6 +5,7 @@ volumes:
   db_data:
 
 services:
+
   trust:
     image: indigoiam/trustanchors
     environment:
@@ -14,8 +15,8 @@ services:
       - cabundle:/etc/pki
 
   fts-server:
-    image: gitlab-registry.cern.ch/fts/fts3:${FTS_SERVER_VERSION}
-    hostname: ${FTS_HOSTNAME} 
+    image: gitlab-registry.cern.ch/fts/fts3:latest
+    hostname: fts3-cnaf.cloud.cnaf.infn.it
     volumes:
       - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
@@ -37,8 +38,8 @@ services:
       - /scripts/startup-fts-server.sh
 
   fts-rest:
-    image: gitlab-registry.cern.ch/fts/fts-rest:${FTS_REST_VERSION}
-    hostname: ${FTS_HOSTNAME}
+    image: gitlab-registry.cern.ch/fts/fts-rest:latest
+    hostname: fts3-cnaf.cloud.cnaf.infn.it
     volumes:
       - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
@@ -62,8 +63,8 @@ services:
       - /scripts/startup-fts-rest.sh
 
   fts-mon:
-    image: gitlab-registry.cern.ch/fts/fts-monitoring:${FTS_MONITORING_VERSION}
-    hostname: ${FTS_HOSTNAME}
+    image: gitlab-registry.cern.ch/fts/fts-monitoring:latest
+    hostname: fts3-cnaf.cloud.cnaf.infn.it
     volumes:
       - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
@@ -86,14 +87,19 @@ services:
     entrypoint:
       - /scripts/startup-fts-mon.sh
 
+#  fts-cli:
+    #image:
+#    build: .
+#    hostname: fts3-cnaf.cloud.cnaf.infn.it
+
   ftsdb:
-    image: ${FTS_MYSQL_IMAGE}
+    image: mysql:5
     hostname: ftsdb
     environment:
-      - MYSQL_USER=${FTS_DB_USER}
-      - MYSQL_PASSWORD=${FTS_DB_PASSWD}
-      - MYSQL_ROOT_PASSWORD=${FTS_DB_ROOT_PASSWD}
-      - MYSQL_DATABASE=${FTS_DATABASE}
+      - MYSQL_USER=fts
+      - MYSQL_PASSWORD=fts
+      - MYSQL_ROOT_PASSWORD=fts
+      - MYSQL_DATABASE=fts
     ports:
       - "3306:3306"
     volumes:
@@ -101,8 +107,8 @@ services:
       - db_data:/var/lib/mysql
 #    entrypoint:
 #      - /scripts/initialize-mysql.sh
-    healthcheck:
-      test: ["CMD", "/scripts/initialize-mysql.sh"]
-      timeout: 3600s
-      retries: 1 
+#    healthcheck:
+#      test: ["CMD", "/scripts/initialize-mysql.sh"]
+#      timeout: 3600s
+#      retries: 1 
   
-- 
GitLab


From 7f8ff18c5d4c39945fd03bb9c32b51368592d2d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcelo=20Vila=C3=A7a=20Pinheiro=20Soares?=
 <marcelo.soares@cnaf.infn.it>
Date: Tue, 9 Mar 2021 17:11:57 +0100
Subject: [PATCH 3/5] Update README.md

---
 README.md           | 91 ++++++++++++++++++++++++++++++++++++++++++++-
 docker-compose.yml  |  1 +
 initialize_mysql.sh |  8 +++-
 3 files changed, 97 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 5cc0926..14d3df6 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,92 @@
 # FTS3-CNAF
 
-Project to launch an FTS3 instance with Docker and K8S at CNAF
\ No newline at end of file
+Project to launch an FTS3 instance with Docker and K8S at CNAF
+
+This module lanches 5 separated containers, FTS3 server, FTS3 Rest API, FTS3 Monitoring, MySQL database and a generic WLCG client container with WLCG client tools (voms, oidc-agent, davix, gfal, FTS3 rest client)
+
+# First Actions
+
+Before start, some actions need to be taken.
+
+This package comes with some preset files and configurations that need to be replaced/changed accordingly followinf the steps:
+
+1. Replace `hostcert.pem` and `hostkey.pem` found at `./assets/certs`
+
+```
+ $ cp <your_hostcert.pem> ./assets/certs/hostcert.pem && cp <your_hostkey.pem> ./assets/certs/hostkey.pem 
+```
+
+2. Change FTS3 configuration file found at `./assets/fts3/fts3config` with your server and database information:
+
+```
+  6 Alias=<Change_Me>
+  7 SiteName=<Change_Me>
+  8 
+  9 MonitoringMessaging=true
+ 10 Profiling=0
+ 11 
+ 12 AuthorizedVO=*
+ 13 
+ 14 DbType=mysql
+ 15 DbUserName=<Change_Me>
+ 16 DbPassword=<Change_Me>
+ 17 
+ 18 DbConnectString=ftsdb/fts    <Change_Me>
+
+```
+3. Change FTS3 Rest API initialization file found at `./assets/fts3/fts3rest.ini` with your database information:
+
+```
+ 37 sqlalchemy.url = mysql://fts:fts@ftsdb/fts     # change this with sqlalchemy sintax like mysql://user:passwd@host/db
+```
+
+4. Change environment file found at `./assets/.env` with the proper configurations for your docker compose launch.
+
+```
+  1 FTS_HOSTNAME=                 #change me 
+  2 FTS_SITE_NAME=                #change me
+  3 FTS_IP=                       #change me
+  4 FTS_SERVER_VERSION=           #change me for stable production version (v3.10.0) or (latest) for test
+  5 FTS_REST_VERSION=             #change me for stable production version (v3.10.1) or (latest) for test
+  6 FTS_MONITORING_VERSION=       #change me for stable production version (v3.10.0) or (latest) for test
+  7 FTS_MYSQL_IMAGE=mysql:5       #maybe don't change me unless reconmended by FTS documentation
+  8 FTS_MYSQL_HOST=ftsdb          #change me if you have an external db or leave it to use contenerized db on package
+  9 FTS_DATABASE=fts              #you can keep this as the database name or change it 
+ 10 FTS_DB_USER=                  #change me
+ 11 FTS_DB_PASSWD=                #change me
+ 12 FTS_DB_ROOT_PASSWD=           #change me
+
+```
+
+5. Observation on VOMS 
+
+Notice that this package already delivery "most common" WLCG VO's configuration files, please check if your VO configuration files are present at `./assets/vomsdir` and `./assets/vomses`
+
+# Initialize MySQL database
+
+On first time launching, mysql image should be empty, hence needs to be initialized, so it is recomended to run `docker-compose` in detached mode and only `ftsdb` container
+
+```
+$ docker-compose --env-file .env up -d ftsdb
+```
+
+Than initializing the database by running the script:
+
+```
+$ ./initialize_mysql.sh
+```
+
+This script will create the database and grant privileges for FTS3 user as defined in `./assets/.env`.
+
+This script can also be used to clean the database if necessary.
+
+
+# Launching FTS3 containers
+
+Once MySQL database is initialized, to start up FTS containers simply run the command:
+
+```
+$ docker-compose --env-file .env up -d
+```
+
+After first time, even if mysql is killed or exit for some reason, it is not needed to re-initialize nor start it detached from the rest of the container.
diff --git a/docker-compose.yml b/docker-compose.yml
index bb85143..40a46cd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -122,6 +122,7 @@ services:
     image: ${FTS_MYSQL_IMAGE}
     hostname: ftsdb
     environment:
+      - MYSQL_HOST=${FTS_MYSQL_HOST}
       - MYSQL_USER=${FTS_DB_USER}
       - MYSQL_PASSWORD=${FTS_DB_PASSWD}
       - MYSQL_ROOT_PASSWORD=${FTS_DB_ROOT_PASSWD}
diff --git a/initialize_mysql.sh b/initialize_mysql.sh
index 124a241..ad88ccd 100755
--- a/initialize_mysql.sh
+++ b/initialize_mysql.sh
@@ -1,7 +1,11 @@
 #/bin/bash
 
-docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -pfts fts < /scripts/fts-schema-6.0.0.sql"
+set +e
 
-docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -pfts -h ftsdb -Bse \"GRANT ALL ON fts.* TO 'fts'@'%' IDENTIFIED BY 'fts';FLUSH PRIVILEGES;GRANT SUPER ON *.* to 'fts'@'%' IDENTIFIED BY 'fts';FLUSH PRIVILEGES;\" "
+export $(cat .env | xargs)
+
+docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} ${FTS_DATABASE} < /scripts/fts-schema-6.0.0.sql"
+
+docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} -h ${FTS_MYSQL_HOST} -Bse \"GRANT ALL ON ${FTS_DATABASE}.* TO '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES; GRANT SUPER ON *.* to '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES;\" "
 
 
-- 
GitLab


From 4db8072d6591423ae8bfffb1234e9ab5893ca5af Mon Sep 17 00:00:00 2001
From: root <root@omii005-vm01.cnaf.infn.it>
Date: Wed, 10 Mar 2021 16:38:31 +0100
Subject: [PATCH 4/5]  - Added fts3-cli container and test1.p12 file

---
 .env                   |   4 +++-
 assets/certs/test1.p12 | Bin 0 -> 2533 bytes
 docker-compose.yml     |  28 ++++++++++++++++++++++++----
 3 files changed, 27 insertions(+), 5 deletions(-)
 create mode 100644 assets/certs/test1.p12

diff --git a/.env b/.env
index c3aa750..84c5189 100644
--- a/.env
+++ b/.env
@@ -10,5 +10,7 @@ FTS_DATABASE=fts
 FTS_DB_USER=fts
 FTS_DB_PASSWD=fts
 FTS_DB_ROOT_PASSWD=fts
-
+FTS_CLI_VERSION=latest
+USER=test
+USER_UID=501
 
diff --git a/assets/certs/test1.p12 b/assets/certs/test1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ade5129f4a96d0486460873138c267f14f713473
GIT binary patch
literal 2533
zcmY+^c{me}9|!Pl#%zv^5t+)!721qcuH4CeGeUADbdVek8>W?s962`kH6y}&^%X)Q
zRO;)#%atQX?xB9Z&-45JzQ5lepXc*D@Avb(|9qi|(61mM8=43$;eg7Ku8?+kfDm9V
z5t<GrLQ{_7L^Kg>_)o==O9Wpyij+Y>z|m9qrvajo9I$^ca05BeykO4L1tr=j?n}}j
z5GNpt2nOIa0x7wL{@s>YURk)zedTKP<}(d6U(B_$s#aP|e42f5nhM(<BaJd+xX<F@
z&>j|GUQL+1>r7Uz+|ntqN7BbTAtHyAV7v%9F!1)<*;I?$FV?kC_#UR8%KEq<Zz}69
z2K%DI_68(bB_5HQvvE*ORH%7C`zrKSwie~Aynwyv^=f-F?Cm4kNxP=sI+u|v`ziB5
zU?so2<sf6JR0Ch!iw;*WE(3#7<{7(8*V?vT1%MrxZXgoyU8<V%T9@{mmYKP#x^=v?
zjV`>?cgGnmV9>)&?_97PHOD`$ZK-&8GTJE}(h(MQUpi3A*OgHkX-(U;`KcfuXI~l@
zeY<}`T4D;d-2{9qzNOjsB1o+xlE)<3y=_hbzr(vhZQ2k~%F~;vHd~rk%jTO`x=-6v
zJ#MFBC2m5>vC%-r@UZ#>u8%V>T*Gjs%f<<tRb*OVPPk=DCAuW5<?_R;yQhsQ0%z09
z9=^v~BQp}qsCoC#5mwQ+<x?K4GrpF)e;6xrnlbwj3z5zRt+V_zKP`MQujP>N#c?UE
z)?BSLuP{BC05CN%nO~VvCfMtRuq_1Vi)&JH1T=L06v9^0E{;T{`r<85T{Vueee=hx
zrQcZ2v0^*knc%_zikb(r*(z}a^9<l9AS*crE170E5jO=_lm@j+>SP9G1Yzl%A8#2s
zn)7;N!d=*Jq<nLCz>WqN0ckR4U~=Q#gkupe8>;U3XK#mxj{+Ue_ey5vte5~!fkvQv
zryKp{qx@*FNcfWOiJmL1xGkfI8Vdf+qIxW^k2yz|=m!@&C;Fd?KJ^o#b#|Qs!By>d
zKh6pDM=P}75T-%>Kj_&$_n;DVk#d=Cu9x=tZw^797v2dXzw>NNQammB*vE`NLw=7{
zTsMzxBH+hZZZ2&rIASbGTz0B)E&?0BJghduP!StRQl6@r#+fE5AFMA_I!2Ny?Z|G#
za7RLsOFct`E6#-{GSlmMO%<1<*8GRj8qlZ^R=l_6IQvCelTNy@VRMzJd4J{F=I+4n
zNdJ&yNQX(uthqoE*u8kGs;5Tifn>g6w@5P|d_=k+{W>(d_)8%Ay4pZSf|LE$K}1cC
zV;<_(%>V<=9GG#|z2%(&#Jpe*4y|v>s0d1N3ZOE6dP%irPWDFGrhcen--$&xmHwzK
zG2+sS7$dP8JJm3kKX=XY8{dgqeWDk%$5-udt)1l?yzLV}@TO08J^f{l)g~$21Xs4M
zpWH@c<4iS`{27!~YKlD_;8U4QpQrAo<Oog%-O!<Zw6Lo1ivmQrv^NXu7mI!q!JW4#
zzZW(*F+tVev4N2t|A>oH^!C(3Fh=#d$tTeF2ntJV_{RCN`)DG&_Wyv9OJr996WJAy
zV!5M};^6uZA21;3$eEQRU>5&R6}G=sfy6bQIb}DK@wX~qBDgc}{gmCWFR6?39&gL=
zgC;{;Gqvfq*-g*^^B-p&kx_?Bm?Z9p@Wk+7k(G)024`x9R2<5bYj(Ow-~K@K0^kRL
zE2U~_7)4!e2bN0Z-&gOqT2HK1*Sq!V2_M#`x*2idH}J1<ErHVSo7OA4i((%OsIT{$
zTLm!6>4Q-|!<4e#r9Oi>aEN=;t+4&crdwNO8k*_CI<jpYc%pM%`u13+rwQtrKL8iZ
zrUdIA7=fMcL2yltVjNmoghJ@KJb;-)O@@AFm`!C8TpHorpqf7J3(<T)I{S>abL~<b
zS<8boMBpw+z)qcO0Ubjbt%ii|M_Q6HCmKZyLq315sn*o{b8l_25*0!34HwuZ>+itR
z-j~(~-`3YtQ5~yV<rQS<ex+4ftuzP?S+s0kQB9d>M?EH68No976O#A(o&*U=OK!5e
zY~rguhs?v=g(Jasn+jdi&T#eqof1L7vPyhgx}gk><>KFp>P+eL2@TEu>oLFUdx8sW
z7!jbO;sEno<u0wB6n!;mS#2|krH*|A7#tqVVtq_ge#2REw@z9XG@ta8_&yHr@^+sV
z^k$3ilNVnzQ98I8EP;2vI#6(OC`ki;mrwF(?}Hz7jl&3OzT92vOa8<m>xq81h#gh<
zwz7$vJ+_+6$XsZ7Ef>SUcW^FE%Jd0|tXxFKkVelzz}TI*-7FPf=T4ErVad6oTJEpI
zCUi0BhAW!~H#+=CrtOSVn0w^RNdIlBd|tTG7NciQBQ5ut@Y}gYx+Sj}?j!o$szSzP
zFNmbWM`Jb~05+2ZNehc5UvzcwpA0Z-7a^o@2<mma$iATv1Jnk5)O}(3UFTx2ZCrj+
zRZgBz(lzmFd{kYbUoVF{?yI}e?WE@6y#$)PE4HRGAI;7T9Z}Jre#SrmC#Py#71E1D
z{VHqECybUIfG#(d%gIaN>DCCccg#Q>p+@G*`(ys!0>w&WT!Sv}*=^qWbs)X09!=w=
z4>2MBtpiDN7Mg~_Vr#=5Z<t|gm!v!NKywi!7JE>bQNb_uSUS-&w6Bt@M3Mfn`FS_y
zNw<By`)aGNmyX>yZ3`X8s?0JkJYFQz7M)KxOgj%<QVzDn&w50Ph9W%twb09~ki$lG
z=x<Zd!>IY*wS|nedPGpDaTQa?zNP$~rT2b+_oW#4Pjq4!PJ?Luu+Hhx7$3}O+jIV^
zSpPV?i$;Qy*wYye^_Wi{7Wue~4ahG@IC<R8qNM;A9sqy2Gf2QvtpTrUk*7?b)JX*K
z!~oRZ?v=cbC3uv(8NP?SEIeIG8L|C5#*1PyJFoIa*%#>TQhb==y6T^6S$AVqX|Ox}
z9UIvZ8f7Rc3QII=@7jK;41>|@6xmf;E}y?*__N)u=iSpY))QMSeqxCwGc>mWgnN)3
zGU11b7caF&ievX7pL{!ID&|<zkLn%j7@2|G5oiMEplaQaqMeu6plvdXV@Us#qaxG{
zBCoIkPmXW<GFz{ovYNqQCE$OBU20qLk!n1>c%9TMcjuE?EBpNy;?B*UUmSsRVDr51
zk%zDHO+65GBZgPLM~M~7WW2&Ht0lOZ{@KCrP*4TZIi!_aN37a=dn~zKAMcARE&L-P
z0d-^R*^934`<OFmiT~;d6~qXE5y+8TUCZLdK-se!J&AL_gdfjtQ_vW+I2y{qewLRF
qbb=iKMhGg}*i+hHkB=6u-uj)i8?fHDMFn%7m}oQ}1zO<$R`OrU%Bv~>

literal 0
HcmV?d00001

diff --git a/docker-compose.yml b/docker-compose.yml
index 40a46cd..d2ca2a4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -113,10 +113,30 @@ services:
     entrypoint:
       - /scripts/startup-fts-mon.sh
 
-#  fts-cli:
-      #image:
-#      build: .
-#      hostname: fts3-cnaf.cloud.cnaf.infn.it
+  fts-cli:
+    image: marcelovilaca/fts3-cnaf:${FTS_CLI_VERSION}
+    hostname: ${FTS_HOSTNAME}
+    environment:
+      - FTS_HOSTNAME=${FTS_HOSTNAME}
+      - FTS_SITE_NAME=${FTS_SITE_NAME}
+      - FTS_IP=${FTS_IP}
+      - FTS_MYSQL_HOST=${FTS_MYSQL_HOST}
+      - FTS_DATABASE=${FTS_DATABASE}
+      - FTS_DB_USER=${FTS_DB_USER}
+      - FTS_DB_PASSWD=${FTS_DB_PASSWD}
+      - FTS_DB_ROOT_PASSWD=${FTS_DB_ROOT_PASSWD}
+      - USER=${USER}
+      - USER_UID=${USER_UID}
+    volumes:
+      - cabundle:/etc/pki
+      - trustanchors:/etc/grid-security/certificates
+      - ./assets/certs:/home/${USER}/.globus
+      - ./assets/log/fts3:/var/log/fts3
+      - ./assets/vomsdir:/etc/grid-security/vomsdir
+      - ./assets/vomses:/etc/vomses
+      - ./assets/fts3:/etc/fts3
+      - ./assets/scripts:/scripts
+    entrypoint: /tini -- sleep infinity
 
   ftsdb:
     image: ${FTS_MYSQL_IMAGE}
-- 
GitLab


From 54ed4f8055859009f03b44ec495a06c660968348 Mon Sep 17 00:00:00 2001
From: msoares <marcelo.soares@cnaf.infn.it>
Date: Tue, 16 Mar 2021 16:08:33 +0000
Subject: [PATCH 5/5] - Added
 x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm - Added test scripts
 for crating and copying files

---
 .env                                          |   8 +-
 .gitignore                                    |  18 +-
 Dockerfile                                    |  16 --
 README.md                                     |   4 +-
 assets/fts3/fts3config                        |   2 +-
 assets/scripts/etc/hosts                      |   2 +-
 ...s-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm | Bin 0 -> 27712 bytes
 assets/supervisor/conf.d/supervisord.conf     |  13 +-
 .../wlcg/wlcg-voms.cloud.cnaf.infn.it.lsc     |   5 +-
 docker-compose.yml                            |  16 +-
 initialize_mysql.sh                           |   4 +-
 old.Dockerfile                                |  54 ------
 test/cleanup.sh                               |   6 +
 test/command_example.md                       |  16 ++
 test/random_files_creator.sh                  | 177 ++++++++++++++++++
 15 files changed, 243 insertions(+), 98 deletions(-)
 delete mode 100644 Dockerfile
 create mode 100644 assets/scripts/x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm
 delete mode 100644 old.Dockerfile
 create mode 100755 test/cleanup.sh
 create mode 100644 test/command_example.md
 create mode 100755 test/random_files_creator.sh

diff --git a/.env b/.env
index 84c5189..b841bb9 100644
--- a/.env
+++ b/.env
@@ -1,9 +1,9 @@
 FTS_HOSTNAME=fts3-cnaf.cloud.cnaf.infn.it
 FTS_SITE_NAME=FTS3-CNAF
 FTS_IP=131.154.97.15
-FTS_SERVER_VERSION=latest
-FTS_REST_VERSION=latest
-FTS_MONITORING_VERSION=latest
+FTS_SERVER_VERSION=v3.10.0
+FTS_REST_VERSION=v3.10.1
+FTS_MONITORING_VERSION=v3.10.0
 FTS_MYSQL_IMAGE=mysql:5
 FTS_MYSQL_HOST=ftsdb
 FTS_DATABASE=fts
@@ -11,6 +11,6 @@ FTS_DB_USER=fts
 FTS_DB_PASSWD=fts
 FTS_DB_ROOT_PASSWD=fts
 FTS_CLI_VERSION=latest
-USER=test
+USER=msoares
 USER_UID=501
 
diff --git a/.gitignore b/.gitignore
index 6ec20cf..57543c8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,9 @@
-./assets/log/fts3/fts3bringonline.log
-./assets/log/fts3/fts3server.log
-./assets/log/fts3/fts_bringonline_stderr.log
-./assets/log/fts3/fts_bringonline_stdout.log
-./assets/log/fts3/fts_server_stderr.log
-./assets/log/fts3/fts_server_stdout.log
-./assets/log/fts3/msg.log
-./assets/log/fts3/*
-./assets/log/fts3/transfers/*
+assets/log/fts3/fts3bringonline.log
+assets/log/fts3/fts3server.log
+assets/log/fts3/fts_bringonline_stderr.log
+assets/log/fts3/fts_bringonline_stdout.log
+assets/log/fts3/fts_server_stderr.log
+assets/log/fts3/fts_server_stdout.log
+assets/log/fts3/msg.log
+assets/log/fts3/*
+assets/log/fts3/transfers/*
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index c563b1b..0000000
--- a/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-FROM centos:7
-
-# Install Gfal2-tool:
-RUN yum install -y gfal2-util gfal2-all
-
-Install SRM Client:
-RUN yum install -y emi-storm-srm-client-mp
-
-# Install FTS3 REST CLI:
-RUN yum update-y && yum install -y python-pip
-RUN pip install "git+https://gitlab.cern.ch/fts/fts-rest.git"
-
-
-
-
-
diff --git a/README.md b/README.md
index 14d3df6..cc49fd0 100644
--- a/README.md
+++ b/README.md
@@ -67,7 +67,7 @@ Notice that this package already delivery "most common" WLCG VO's configuration
 On first time launching, mysql image should be empty, hence needs to be initialized, so it is recomended to run `docker-compose` in detached mode and only `ftsdb` container
 
 ```
-$ docker-compose --env-file .env up -d ftsdb
+$ docker-compose up -d ftsdb
 ```
 
 Than initializing the database by running the script:
@@ -86,7 +86,7 @@ This script can also be used to clean the database if necessary.
 Once MySQL database is initialized, to start up FTS containers simply run the command:
 
 ```
-$ docker-compose --env-file .env up -d
+$ docker-compose up -d
 ```
 
 After first time, even if mysql is killed or exit for some reason, it is not needed to re-initialize nor start it detached from the rest of the container.
diff --git a/assets/fts3/fts3config b/assets/fts3/fts3config
index 0d0e45a..6bd27c1 100644
--- a/assets/fts3/fts3config
+++ b/assets/fts3/fts3config
@@ -15,7 +15,7 @@ DbType=mysql
 DbUserName=fts
 DbPassword=fts
 #DbConnectString=vm-131-154-97-13.cloud.cnaf.infn.it:3306/fts
-DbConnectString=ftsdb/fts
+DbConnectString=ftsdb:3306/fts
 
 #DbUserName=${FTS_DB_USER}
 #DbPassword=${FTS_DB_PASSWD}
diff --git a/assets/scripts/etc/hosts b/assets/scripts/etc/hosts
index 2974f85..c1b7ef4 100644
--- a/assets/scripts/etc/hosts
+++ b/assets/scripts/etc/hosts
@@ -4,4 +4,4 @@ fe00::0 ip6-localnet
 ff00::0 ip6-mcastprefix
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
-${FTS_IP}  ${FTS_HOSTNAME} ${FTS_SITE_NAME}
+131.154.97.15 fts3-cnaf.cloud.cnaf.infn.it fts3-cnaf
diff --git a/assets/scripts/x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm b/assets/scripts/x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm
new file mode 100644
index 0000000000000000000000000000000000000000..bc35d73d5595250963ae75be83f8b356d799a9d3
GIT binary patch
literal 27712
zcmb@s1yogE6E}Pb=@Ln)OP6#b-Q7q?UEl(jhD$d{N`r)ilv09}ARtl_(%m7bl%$k2
z@45bY@_pWCt>;_cVa=KS+k0mA>^ZZ~o^uzwZ}%2ZK){9MBfu@f0k?vAxHv$a;T$kH
z+!N}~VdV&eI(u+%a|&^CbMSE5Sy^#H9fc4I|KUOc-TU|6gvw2%yFPRf2ssI8O8|su
zhX9-am>B0T4BSCTGyvfO4Ya@7AV3#o6TqkdRze5>_$R;teI&KNWKeeg!pIH)2kfEj
z100Y?4gfe(3=$<O2niX4b`RO)A#@gmg-MXF`^~PU4Y!ht0|S&EKvO7xe=cV@$i*^3
z#ddh)6{h$SgVL9JyQ2Val5!r~S;9umUooUajv}U67zRScI~1A8**NaBNjQQ}aDJkM
zR1k^TLGhJ!UieoLyt|)7Pvg}4+IRi~^GF0ZRKz+AX%R*5`azi!R+6iZr_=H2GoE)7
z)!r2CB-R%hl`Rs6S2XXF$?@liZFG(E-h6IaQ+#90r^}nf6X&>c+W4bwyNeI|nZIX#
zG1rz`F}CadZ9e$L&Jaf=^#(hoLKf3D9EvyY*wQv=@bQNO=lbI|m3p%{<aO(`+=pA|
z?XDZe2@EnJb8AiK^7b~NHs9!%vZu+*!p%B4Uu8+FSA2TAEoEiJ%V!A@7Jzb#aPtX?
za0^>oar4_)+XzAUtogVF1^K!8czA7WM1WA*jsBNdvWTHyQ_T_Vw>Dd)8cWQnUhqst
z<37S1e(pDMx^q7?$(qJ4rfa&H`*4QW;B%-0)AJUmFh~|{pD1g{T&Wz6!!7R)N;2xv
z68hxz_rxWJC+QSh9-*S@Fh@+P-lgcne4MgI6W7t-bfbP4aBnk(E$xsUhs4`Qu!7eO
z;{IuR_CK!Ql(d^1uP1#oKHkdt^~}YM{Q*kX4!S+Q#Kn2_sQJ!&9l^@2tZ{uaC1MW`
zohh9TBcZHq&uCKA6s;2FpFh2749tr7x|i8m@u0k}jtxq-rr9LIZ7Whey}yjp2aH6`
zqr+m_W2I0UaL<(KiI@FS9X*Ib=x!!Z2~IJBDd>)+VlKZj6S?8<?SGBz7u%>D`{f42
z>`D)~{mJ*++gn8L6a3SD5C?(qfG&_EKtMj@9w5d6vIYnPAjI{z{0H^}2>A|g0UUvW
zz4G_{fWVA*7_lEP0phyDyLVXU4(|aR*dL(qJB-*b2>s|g{0rcS@z;0w5a5XM(mQ-~
zhb!;!=^d`U!@uwFr#pNGaD+ddclZk62z$eK`1%h2xWhMh7_rZR^&?#QBaiS4fe~>4
z^nvDI7$E=<5+ZiMs|*!k8{kNkcNj4@0@K}LEPx~AS?(}4z=3!p@!w&@`v`#%>p<8;
zypIs_2)_{+|F3amK;{od%nP)UN$)TbzyTkSnE;OPml)uHJ~AQ~5c&u?guKNaCIdKP
z{0qRzfhItRag;}Q_~Bpp-m^Q*0&u|oz4rh|*cS#kpntCg;DGO_h|LP<-$Ud90*n5I
zG5GE<A|C;LEE|9$^rh~w^Bq<MIA9OU2jB>QmF{r(9aaW7U>_^#4jbN$zqrFjcjNhY
z*aYARdtG<f6yON`(K~GR7sf_B2jJPFS^^yK51SU?2>-0_aN`|@-r>9aLPe|tA>V#C
z?s$hg@305Jf%&l)0ghOY=N;a>!(IRf{J}oH!`^?5<0AY<$Rpwa=;PYmVc$E9uuBaB
zJxIO7h<GE(g8th%3i@-7g8p%i%KkZC!8R`LU_-?DYYBlvt-*heVDMijFi0Bw*BK0U
zgju>n+<pHDd)Pt2|8XKtzzN`>8*y;4hgo{U9Ic`5Je*c`9#)**FgS2_TO(Evy5Lj=
z#zB8>(ykCIz#1<n_g`4w8SV<Tg4w{J)*w3%4_CM-7uVm*0!|lqTaY8n+0zH)BP?hx
z$PeOzTf&^V9IdTfoNZvX{|<q<IFx`iQ~-h6^FwzLe~9`2@)7W}58<mdH`Lk+ICN~R
zp?pF-P(eNc8z{umN|@J*pIgM5Ps9>H+<XE&ydsuDd_uy4JiPoi5MhY5pddt;mmkUp
zva+$X7T~rN5`gmaSc~uqK=`eBE%~^Gtpu!vxCMCtDJVZbpACdp7#M*F^Yd~GK&-4F
z!h$y3R=^BUkd>eal-rWWieCV*WW&b~g^EA~1gu54MT7<Ufhm9iejdOQH!m-*r4TTW
zFdvT<Fcm+ywG}T9KmT8A`scg5i;D;7|9Sh5kM7@#EKaz)6{owa69_mv{(b>TfJhWw
zE12G&I!*acnZ^lsVPRzv<hO)*u>SW1{LeH0m0>KvBjpg}XZ>p(h*Iu8KvMrd(4UQr
z1#IR&gs_Qdb0IPZZU_21_k_FuX}kJ**tt0K0*Pj61uTtI@E?o&N0*|SvW%=bFDDQG
z-&g*B5At#f{FhNa&i|(SFJsmaFPIO)7w&)Y#o7_k$NL}q{^sDn`Cw~hWe!JZ@%)R{
zKXoh0%9`_Wa{sgA_HY+xjz6*Z*SVbj@9@AqtgYDD|9iizp`o;lvN;bY-#<_C&zgUn
zH#7wN_?IyJKSVf1{%+^5XUE|Vb@PP6J>Vc9fq}=uBJ1Mh>JEhiZ#M;)BUA(81ckHy
zZ4A*P2eU<p|GiHO;_K)F`6CQhf_Oo-+@UrwA7I$S(V9h3L*HCUT36}crIq1^es|dm
zB<(+6KsY)1Ie0+)oPvn&7=R=0AOTL^KY#~_1mc~<+y3;ULi^JMc>7bM4}T})W?m`d
zT4gC?-^_Mn1x_hrkVZR#WZYp8XRwTml>^k#322E~TK?6RvVuc7J)Ip9uUiQ)2l(#m
z3G_cG2>fwZ-r5%84pxBJL)@)hz+zA*n?Fq{Pb;|fKa2}-@&T*(pNu1x{XZ%2{I3d#
z`2G(w@c(%d|C7T1=+a-0{C}7M$eI6b4Zsol|3!fVtnB3K2z3I!v%$_#Z?LAcr-vQl
zJie<2?zYmObD!A>Vg&(?6=ygzm<1>r;4mkcBgCDR6T|_Qa{)WMcz_`u9#AJ&51@zu
zyF($?VD&o<0Kr`WMJOB$XxKvC!5(%%((<UwAe5!8tzpi#Ko=Bj<>KxRwekSu-8^CL
zfBb@Dae!q!ZNb16gu)ThuC9*0U~d<92f!ImXKS#x9n=}>1=!TrQqz={18Nt*U0?uV
z+Tb5zu26R;psazpID?%auC9m~Va{M{Swsbb5Y_dDd05%~d%**&#MRRs3YO)P1zv1`
zm=**fB`XcK1g3C={#7Y~0i!xf@@j&2%K<FIJYWz<Fx=DC)y3W8PyGHx01<3kz;Ab$
z)m^a#mQ_>!o4V}Z3oe+m2h`mLVg>zs>GfBE<_`66he5p{jtCV6n9m<0h&8#`fK_xg
zH8_B>&I$22tif<A*T32IaB*?`W9ZM+5D$dH-;Q%mAkGLwUJ!SfizgfmcY-)Nf`J0f
z0b+}ggSxxBxWhUBabn(`pnqO<z>$hLR{u`OKpUuE5myM}2GqC!{rfLD|Bexo|G1F;
zmTw%0X#Q(y@mCk{a{tc-35e@&$N66^Kv0mM3&f$x3+Au|bGX7>p<oUJ#QHc4Tpw}B
znJZ}O=qW20nd@rm>&VKB17bE%A1kP<2aqms0Kh$fIB>YSyLbTE>Eg}-_i%RsV#2}U
z3UP-xiNoQp9G0FoHo%WoaF`!doFAA5$YU3GYYyOS<$(W5Eg<>9U=AliV9?3K(-|s$
z_xwRtt}qvnj~|HluC4_RFl#%A2gjdUm&4ZiPucwE`{Yk>5V1vEh<GE*t0{m5`8j~%
z3#_Iq1BUuQtvo#-mX6Rz;J+%WM_^!U{K<MAFpI8{?i1EWU~6Azh!e~TSidijXwD8m
zlCXFpHYeN;0?ds_J~$wT_%Z;FJ1#Xu%?-R11UdP59|3z2sO**Ho&vHwrsCY(0{nas
z9%~zJUJ+q_8zD=6Zf;9UAwfQ<un<&02qFNn;RfnkKo1BR%+(br?6v+>SU_3=*y9mc
zT31$C8SDY|@%Sh2LI1X{JI7os?Sc6JZ%g}kk8Sw5t$<>j&(hMy(h_PZU?l+M<F&E`
z%4(>9pe2tb504O!jSw%-KY9Eo+<$I}?{PeU5F8PI0^o-Y9DuL@LbUG#gbvU>fY1QK
z1PC7>Jb<tPLIH>rAY?5-8Q=(ARDk}bgRnse5W)^Z7Xu(%fc`HVfI4DN{rUao_V$V!
z;mfs<pP@0}%jzXg0Wyddi4f?dZ;X1ha;5tu!xTh@yM$`Vd+v!HQrP9o0n>F$ZbNUK
zP=3hisbpJ)ZU8-Z{r;^ZnU*;xES2l0xb1gS^m}F0>m-qJ9QbE;))|CH&6$HDgHv+q
zzLP^An+^gY+Ef}z#nK#*P-E=i4|CDDE3(bRTAv99RHT0l{@#R+XyTXY?R@)sW0R}e
z*Fm0`ldpFMCY4&%ZKOs&7e?9>{TkH2D#Q}o{QH52Ynbq}r0mz<OxVj~22fs3F+@#i
zaq2(%O5*v<?y%=weeKJq3>8m&SqBPJx$Q+hw<EQ64PSc8<1C}?BwzUJIet~HyE0Zh
zH|rMX<Z+kaU0*^usp1=9?qxz!{JLPzV^20y)k<*9eoyvd^Lnu^2=&yg6M5lD5ZN=5
zRZ>IBq1hp_abXIiE<(Ww)=#Jl>qwa$(aGHp)^ol+a|yLqkbaW=CbS5{#O8_pN8vI_
zEt4y{u=Yv6AK_?G!|JGJZjk{^CR7R&)tcB%n<OnYc&72|S$H=53oXybTGAQ|Uix(C
z(E2W6l@qF0$$cKyb7A>pA5rm$R6#}PtAwm}$AkzLId8r^ao$OHb;c(5IjzZaTo?s`
zC1V>GO*On!<M-27RsIi<r{zZI_!Ayn$Gksk%FLk4ImME`MEgX}FMcdi#)A#}-AUCN
zU!qWX7<lft?nV`z(97%%*(}FwJ9@^ORPk2Ml)YA6kG%DDq2M}1^#DiN6YFc}taP(q
zc4uu=KWS)Mh3dc<Z$vnMwrre1HgfZbX~3&U<PPm181IWPdDfAX)29t->&r3A+S$E~
zRDlx&s<<SdxXFBcGi^yK#REy-ZzwlZaObbQQAl5^@{&YCr@w@vuz<e5`{pJ2>%&*<
z{EKkIZN2%bYJu$V540~zQgUTj3g9^jh8})J7Rs-yRYiu`^z&0$UfI4v84DzpD5m2<
z->7)Kl5}ae_+Y-kQx>^aub^$!tmU1bexymPm%t@|UjK;DSX>O|naOZ!&EOaAqFEJ{
zB5@S<=eZX**!pk9YtVb>F#GQLp9s9DD|y?P35O9bUeABHSRy-h5)SGf+%2qoh&*EO
zn-?8<I<wS<Ah7FOJzZGYsg5Ei&iW-oP2jPoa$(GbjDb?SaR1?h)%Gy&oL`~C%*nlO
z@cn!8@)|`Yv0tYBo)Tf;7tFlR9$6z#;f#==Jw3Ktj2;wBgr|gD3%H5q`Bz0FQB?lI
zKa3gAxBpS)leqU&@uw`Py(K2?7rY+JE18xO&n1`6x`!kctORGu4W&)AP4vo`LGN1S
zf7iW?ooj{3dyh1Oxtw*oiNXrvDzp_KKKZ_$(9;~u?xHOj;yiyuwD*PtFK}vlQKj5u
z$zmB@2Gim+6TZK3%gbgrMwf~Cv|=%-lx9#|3NE6o&UJtM$?9(V2<q(&-<}+chmpsM
zRMk8Dp|mvDD<^)}`=1^eU*^ZxV1U934$BxLB6mFACJW%~SG(vpBgZfZuu$fuh41s>
ztw`pR60Cl{sNtP<i03C_PqDiq%E4F9uliwBpXI8cP^J5@aLuJZqw($U+N0GeW+pL{
z18z5X;^&$Db=7hy!XXVuh8dg|ih#zLq($4}QLc-LwI@R`#+}20x8bwF1lpU6)XhY^
zZa!+{hc4AIXGq2O0s|P4P-R}(cLhyZ=ofqpQ}eHGiqCsTiro()cV=0!6}bRqAoDr!
zecHPJIOe&bTr;PmyHk40s(J{=Drs$xI*<G0Tw!|QsCCZ7C&kuvjN*$Zi01I41Xplj
zLJFSzhoyGn=Q1y*yl*9LEIU~`TeH8Teuozbk{K1|KMbo@IjT284f#1V6k78bD;4Rn
zv;UHw3@Y14%BTDyqJCH%GW8JQJc%VpN47`bPqoaH_BUu`{yK{RsAjX|7txF}c9pa`
z7ECfHP(u1)!Im7H$G!Ekb>F_pYuo)ub^omD^4`+I$@HDv=M#$ws}iJO_JWusoELNZ
zYeTJlYo+>o7sbaX^~3#z&zV`W;#`s9PuR24&!|E3l+REy?VApOlK1+`+b((7==`0|
zTP>U-DuUBCd%JxY&&T!88OPq%@!SVaF?QMG53UUDvC-O>9F5wIiyqBWT6*v?E+w6E
zwjUnvx9{=Fe|bDfF&K^e=?Ak4L*Rx|-~%s8tjI?J2~Wf|{RY-)R135*b>c@1jme#+
zhFYqnE=$cUL)RE^G)vyYqAQOr>kgIqJ<oKKp=zli<5DRaD#&7kw4|GowP_j2lX6U9
zG2=GzpWd$tE-xz?=~_(x-c1*zzgo=}@4TUAnZY7nE-`p4^uy&FBhg&gn9NOlv5zjH
z%8z^RlT;Zc4g2Wo^m4<gt!#6ATX%b_MT}Ih4}9al#vksPu$uP9i6?OvvI|CT_y#)a
z%(9gxJe6eKJkcSlK_xg6KiY}p-}AMUWYzn)iBaKdu=@7B%j<h*bPn6IB{$im#UM0%
z6poDC=KBfM7Fz}>m`A!Rv5#`yBx;~*k~N!|y4+%}jYOutC$9!=+l##Wj;02KL#jWF
zVbsg@rVE6pPz=Yjv+$`zKJJ^AyET4<%Gbd%fwlPK1J^xpsC4mh#zb|@PrZEau||P%
z(U;M3Exyzu&L%U(g8WA1Su&(c)%2F5KFa-H*+nEH*D9}i-l!|1+}zWHo6D!^viU&w
zx_>&#*`Hp}QG5tGuFAc3n3?R`HJGhjVHEuBbzHynSnb(b&w|Cx#+Sk04e0xn6l^^Y
zaVbk!^Z1c**cV)60)m{ouTC2<)$+d6W1503&N~dU_+IQr)XbyP5{E+6430LaxSTA=
zeu;L_qkW2$B4B7~7maKu6psJd>#Wd#dTknB8q<mfpHMPhx$4PQnR7D_%NP?zX}#4E
z{w<I$9W198Oz7#^Bw!~=A3DmoB!v7n@S9$ss4(<MyWEL7nsHOjucS{|mS+32@$G^;
z-G+rx>DATauk7EC3Vg~kJDa02@xJJOcXSA<5Ba$M#VYkYBDI$)DQ#J*$YC!#2}@{n
ze(oo@GCOHk@dre*efrEb@FvNKieE~q7R9{5{D`JdJM98&`R%d0nvl0T|J#Y+m9n)Y
z%m$%F)3AXCk{vcSIefNiQ*YFs>sWc7fEM4B4=he%>I<K?vgg$(4hta>gH@Hi4``4i
z=|had+vz7Ul3#P7PP%Sxg~(0K8`IdsQB8a~LaB8m`kH=@s5!le(rx4c_hJb+TJr5K
z%{{ZkJ~wbzOfe?SnkQ4&GOol)pOYl!x4OFj7=^qxKHx{^@J8J_pN^2fs<ZtR9$U)#
zF$$rSAJU1fk)>6fT9C8e<xF51B;fIK0CGtbf03Do<4!PlsQ_xUclmNs>foG7mgI@B
zNEgzOyX?F>6&v1ohO5+uGfD2t2Kbja?~)j~H;O~6_}JIRTSEcIq#>1`giv3)2$uvE
zomZQvu|!knbTQ07(-d(KMn%s=3(vs2#>@6O!g*Y%x+O)Tnv67YfnVY(c9A>zifxcm
zy97^=rr`2$I^!{1pNC9=TO~M2#>(M0j#sN8_Y+bNToZf#w>{e{)Z-s0YpV-tLwGfs
zrfv&Zj3_41Z(@a~J89%7lT{a4IF5N@#=6!eyI87S#hPl%@ZPz$9E-n5&89q;srl}~
zLZ^YkFt2?wW#!)a=s7mK5bOT-S@dP>`|Y#wWBZ<b#+$P87;k^BUBk-0*Yw!!D_8=(
z4p?6K8}{h|>M8NvLp1js%+!%nbdakYL|pDs+Sl?&W!vY=dS>ww=9ZO_;ZkIYl`&7{
zpuF;x?}g&UUKa>R!2EaW!1H9z0?v#sk#1jXW_I%S9-_v>0^YG;W$2xvF5_{ae|s;y
zp)1cMIegFg(;CluIyO~+!sDVZ%32L3BF1OUx-NY^9Z<t!X@@!m%KN8>{in0b?T=@F
zx3~Iz*VEk(tr9%TJ+!BoN7=*Jp7G-BPl%OUc%fK}&owO|-4<l_CCU)ro*RFKuN=3H
zjCUZh0?Gb9Ud{n&m_fG%+if+0EZXB3KLsH%{m4#rjB;;0O(k?;L-7=m?ZsJG)bMJ4
z&BAPj5p8mIlbILs2WYE#8Ds19#{=E2io!8_bNapA@oX0S7kn$=AQNw?_sfaXPun(0
zX`XZWa8Sj2bzk~FB;W3ODnN58z{{QB8uML6d<GvZ+4Uk#fpvYfB*>z;7cRExs5d~n
zqHja(m-@PzV@wR&k*a)YSw}>fs4(yRQSvt&0+u~iuzF1`9$LixUn(TuW1?0)Au~76
zH^%Ej#{_oKd<_<52x~ameINm`^)wXk8$HW-o4Kp)>Q5L|S~l!H2N>sm*(zXOk!=Kv
z`_V*{MPO?b_@SGOmcA)y3csl4rZ*t@mbj}Ra}?##K+?iXKY+e1i_bswLB1&z@?`qM
z>N5GJJ4Vn~I-evbDTRx3hh^anCWxmjQpYLsOMkmvl~RuhSnqWAP}?f66-(2$DStbC
z8h!F}3(KtN>+~uI$w17`Biv?=vS#G{YElSFPW=Y=!wphuh!|%Lwt*!)9tHMb@#{>6
zV&V7<w*?~?L)DwK;{nT^-B2~cM;%G)=wW<P8z<O-s^q6sVDZ@Wyk;||&Ak`z3!`^5
zd8NJ1?Dl023|~6Plb<Q}2r|FadY@wjr+o{}9F(OEq+25kbe#?>VKX@RUAXJFz`QB=
z_+t@{O7G*w^uUJj(~>pkJzLbVCstPh_doeg*CDMC1`Y{~<8$zRXu74KxSGN>>16ZV
zOeyJ&%YGGZT=$mfo#j9Snq8!gj~PYNH>R?DCYz~eaitG}(_V%vbBPuE@~FuY?@kXH
z-4vs6_0L9hUjJ^bQ~%cTTV4W7XP)gdo6W`B?>W7!8YRQ#ldVsYF$gIO3IiC|fBBZ;
zlH>3rM{aBCVbwpBfBb=&ef#xii_P6AX~=!J7J4~r`n8j;uWiopk=1W8E^`gsV=n{a
zR@mgMUUfoxa}s-X7?ZUuRM#d4hC52`7IXc(CjTpk6>G_=0m1ZE?l6Y)nTQJ`B;Def
z3_f`AMrEaE4^P8tRqm@P)3^7`n+A35em8orx(X9*vnM&4al80S4c<=#{_dwrF~27>
zpTghFx-fw*r>7LpQFHRL88wOWg!nMRoN()j3rUTynSBV=K5rc-p-aF7spzhRZ>~=c
z?gJzry0<A;^@2ya;lBmoQe6JKH=<Q1BJ2v2I*|=xXDSNZQT7&Z_=7*3#U-R3KE$<4
z(_2~ztAe=&KK9#WUoanNlK<TP<I=64WzeK=BfAWvm+pF<#Z_v};4%M$;RQqNCu1+e
zUx&5bv&FqZ!galbi;5{4f_nx`YWpTGM}FZt9kpdJTQQ<j?c|Ahf27@Pw*9VyY4BS!
ze?-(Mzrh;sqmPTwuwaJHM)An`B_VzDGrz-)^V>7Lq8y28nW7Kg>7*hf^wO;f9Q1SE
zc3s0pgao}NLgN&^o=Woj&s!_%#z!JM<1MvW$EX^BZ-ft37{9UQ$QX1##pYE6*{;vt
zyM22<as;SaL}{6FMB+#@BR`emoxCyGA0dk^ObwNkXUUB6(9=1)j4V#S<mDB6&H^<K
z`&<~pY44TMvV<fpoxOWuU_Sd+NxQ=@?##1hV}aW5<MjNsr?g`%@TDQ|X4TcTl0{xD
znj+z87VbbH07>wn;UG88;62Qc+R(-N2q$9l++*#VFI{`6_DPhrv;lWs<FG@;uXU@C
zhe&Aoqk#H!S?hAeka~Gkq$<%Pu_&@>I<(rz@~O9{_q*xX+i8B49wYzSt2&AIi+!`n
zkSPCtXXA`CULZt;bhK~WLnLrMmRLI?xJn_+ceRyF6xFbrhRc$~Ysk5tJvcS&)^NrT
zT<fQO4$Y{9;|dyG4s0;U$~nKh#{rSl!gn|J@Z~1d-%WRIX5Z;F+1#EtF+5ik{#1_6
zmcIM)lI(kH+r^{t5<)5TBxYSli}|NG{qIFI;wbQ_oPND0XrvU<bG*XeQtqSE@jKef
z$Zz*%yjJ1jvb60EoOtTV*s<1s24PSC=1PM*`JJN+hon4|uRl&od{P?;dpUrDRc#Nd
zo)+8I_3ODv25oA{ZamX9z9Y9N^M_-|nVgth%8U1&&U3w>V~+i>)ICO`59<6Uu3^94
zR`B;o&P~Ee!pqY!(bSf^&D*#H-&=DZ6cO5B3&63R3~2goh1h~#5q4T+;#S8FAA@sq
zU<36-<(A92iiI#A5woTQdgJy&@5u++@ulHgn4A@Er2!w?U+<AKVS(Sde>@#%IrT+T
z@*V$pBva-q{DIKH0_`pCcg43uo|>c|{7lenlacK<PS0Y;t9!eCXLL&ta5d(4vF{WX
z0AIc767c--(nRZhHr)K<#E56_zK_fo6vz8@UFIYkN26=@d4FrSTfMipqUdyq9P*V)
zZ|T(!w$lf3L9$wEMIp<&NEp#b7dWdaDUr`cgJ$^~jnT`9#b+QL-j48x_zL}9?4{~1
z2C`|<3N+C%T=LlQ6!|L6HX6J-wyi&K*Tpq73@^j_Iiv}pbQ%xLey{~UHTkhNox<Xy
z-?BeAHZmC0N9u+5`(zT*(jTiO!tYl|E|G|Z9i~!LV5WL8eL4=OW+7^rl~vpOVuQoe
z{ctKo_%h_l*S50f2df^3J+7O5#2jA^;qT_9wo;j(`njgy(8s*3Jc5x+`uOaLDa_~&
zPQ4XuHLs;e6j({3`=0y5%*_Ly{fzK~#a(25<M{ez0KX}ZOIfk9)@@8Q|NFWWh%u?I
zvcUh6kMrS~f;`JU*aoarl-ijjht4W!3~>R`kHV`I1M0e3@TG8UzOr2iRy+yEqmZ^F
zbbs}zJE=6M{vt7^FY2?Webti97rr-dnC5ke<=X{s67pV3MAlgIXB<2N^O`-CpC;(%
zjBVM@{c7!RBYUOjq)+yncDme=NvhO%MD@m)P~#a(BwuZGOKyAMHv@6|srznoo3Hlw
zFe<tQ(X%P2G#DwUv^=#q#!@&M9M{P&1S(7YY0tpum|wYKINN+xpwAB4eo)B}vrl|p
zd^`O5_ER8!Mrwm)rI!EVX!>f7W=Uoq4MuAC4)$b!uHLoB$4ynr2zNmb9(|8|T62pO
zljr45g(XvL871G*1|^+-W#o)2l(-&LWs4{@d=$rgsN-gCoZ6qPG*A;Up-Vd&F$&wt
z%dZZpdxL95+$C(zJT)XT^Em!;{M}Ul{q*Rvj+t~-i-fHxlMh&VvtvU~?gd`zwQgxT
zr3ZCK4ZwPw%jYf13%f}{l%PH~+@au)L~PulQDZEXNNh4m&u!PaH$Uz;6YuFlK%3$d
z4oqVnPxs=?RYF#MNb5Yx(liBJj+=&$7GHVAKWCiS>NJ%V(EZ#bes1%f6iF~jpEPxs
z)t&hqn&X4nvD``9?$hYLQ#VZ?%AVdRVxLBI;?ntRgB9gV+c6#5{8J74!LVJ0$HqwP
zN>l^OzwxLD6F?a#)4CWl5#o-RZUOflReFhob!}@^im7I*4!c4RljI&gsfd027}6_<
zvJKaQfh1*#Uo(XeQgau4HZ$ipbZb#!5D0dS`0AR;vM~OBQ$#hW?B^Qsh<mu)@!==t
zSS)5w7s-tvPbyN*XbG!QQPx#Ltddm>vuzt~6YW5;3?6AR{a8@r%lDs34qg=s(#iEl
zEi%pI{)pGvZupU~9{#R__vYDRW1zJf66uD7+ttK$#I-@)tfuGcxtoqF8gt*!_vu5q
zLq6t{59}8V?>`zymj8UTcexVPN%|u~Wvuk6wSI)edTurPF4>}yZ|=Bk6%LdxkI3iM
zEyw+bhi{V2o@GxeBnx_kE3ECaViSJqD@s&e(nWKRTXGwvmNe8K9#U|QM5dO5c_H=5
z+Z^%S3u+Q-cozE!$G)btb?))#Fj7!*KIg?A>Cx+;p!!A!JG@4zc;77av*ZOXdkN~E
z)b6jWM^R%&WQmdd9z7BLZtqn?6m4aWzEVmB8gYH>XYMs+uk)N5NA)B;dA1jW`z4A|
z{{h!$XW~3RClayUz3&u?52k&`pH{~`d}T{RI+4%~4ojLWFlsF!3pIl6lrMh_uV7s$
z`L3-kiZS7T{!}>KBet0KGE26^XMHRAwc=ZeUvI?-g()wW!uwFV4w6&7G@@Ul@4B)S
zhhaX`7cb0rx_YwU_N6L&_(X7${HgGovhg$B@n0|-Er-tUynfxu40X}fxMNYXz6=VX
zY>uA|%592qcXtbTn?9>ZuREz$<W72-BYB-ozT2X}o0ETyTB0sBN}|(q<oO&gXOQkV
zh)Rnr?c~BxX3#!NBa49Vb}856HWOW@_A8A~{qO#<HKr#yIyb__T42i-)S9*4$6Hj)
z4P!*3=h51YFGV(<)!&qgJTdwyvnfwQ6_Pw}3`=LQ>hw#XL{f=mPRSt~QXk`>dz^XY
zF@gWO(sq_rC(gasj-|G&CnZ{`4;r2QwZd_=PiZZ05Dhmp?A@0@7klx?VNZ0$`(Cm<
zBion(RpB*|K(@eoXYZS>$zYfp+Ac<F>5@;!wZ$UgHb^ErDJ-RUC_En*e-NpH?KJi+
zXtj)a>-**e9>e^<!PRaSFKlUlM+k2xqjUN+zU0a5#gj7+tc<Y9{1h(v&X5pERjuXp
z`#ipI*}V}T8$Eg)ungre!<$5ckd!e(tD8{lxgfG8VKxq;<}LH{tdzLD>X80PE~=&(
zw*lJ0^@PJ;(rA(Dzt0Y07{V7p>jMuxzLtG>yckY8uUQ}<WykDXrM+`AKqfVM0P;>h
zTV0XR#xT|@gt?<ub<%ZVeGyw16mtuE-pah<X;$H*P83=D(HDzTb?Mikj`c~%R?+@Z
zQ`Tb3L;L+(6A3=Gp9;>e_uhSOO?+KL-KF*5sHFP}6uDz*ASdy4e0a<3#E8};Z`eX!
zyACHUwa}Tpk)elY9bLET`<u8)Cc%ye9_tt&4YiE{Zd`9uvZWO1cf707O0p){+>dVG
z!4C%%stFI1>k@jf@-8<)x!*7aT1GX#NXyiB&mZ#QQ%@v3$4A0w|GE;B>M}(?n9S_z
z97o|E3XfzpKi=t#mvZ<uY7MgY9}(6Wj8}8OXK-}fx|d%8p)$?#aS3z55Z&>#<J~ov
z@@_d8N;Ql>#5$OHvQbYnpp5!B){(HFYcMI(i_C&pF=LV;{t$;VMD8`SA{UaX-n~NZ
zRpmCx5u;%cQ8ML=M!Bn3WgY`_qjhjYR*~(byeZD`XEPA$Jtgm5pTYMn(;W9m`0LZz
z3`@eTaMMU`Q9}AZ%3Wt`9-qu^ue8I7C-q)q`<hw8s6$Z3dnSUEMMUZ1Vy`bhJL)wb
zFs|gUxwyb-&4*|ielqsT)CfLW48W2q|1!Zp%<YcJMwbO)5y9Yp`mnQ7utiAUtGL?d
zcjPCvi*G`4vG~Ee%{Bq^g(@Z$lgjj%dDV$Omsd)UveG9)-$OrmE5-Nc`wr2n8&{Cb
zR4iUm;IDZNk!-evfF7cUru|<3Jy?cJ7%BX&<t7uY0gU{ve~5cN?Dh?c!Z`81G*mc$
z1r&h7fTeIEas1+R)45`e8^+s_rw-XL+2aoS{fp#?hNFG{f+??tOm6I`zcmB;nai&z
zFDKrIR9po4TTY4Gh>{}g4f?C^NjQE2M1i&^1s~5l_Z?Oo@A)vc#Df_ub9_YUGtWA;
zEJ8Q+(p~kc+Yc>k=<Q<dQ}a>pBi)n=#r<3<(O>W*=IOOWmJx*#J!EmSy1J&F_%@V9
zWrF%#lYR6>bdmw1`77%e_2t!dZETjtnComWwaZFEy3{F>oeFKGKexiv<O-l^9oPH;
z>ZS*a;<nz7tWS_jpO+Z3fs=+r=FrkAvri0Zh7A=|BzlOYX>%P(mHpkYUq)WJVFbD{
zOf&ai8?A3FD5m9GR1_y}UfWsbZS5jClO-f2J!O9G>+#_j?551Y_TILS9**lMq4P#;
zyY=PqbB%Z!&uXpT1q-Nq&SAWANRk*I!s&QNO1d6_LyT0+1ItrHP`CTen=c4X42*mx
z^vW)$r5mEV7cSHqnT8(3Ne~V547QDwa}|33$l!9Dc+l=Nen_*}(wNKF=lGivH&99X
zp51^$>p9ABy-GVdJ;Ph1o#0D9LZa^F=6tDWuh&Kq%hSZBHSCp0#pj=0TkY3{rv`_n
zEpbdMyd56V)b?c-rQ}7Q6sd8B{cw4;sJT?3iii6mO0rbiaW)~5DmzhrbbZ(rZ9nqn
z=d@vc+m%uQ;mt}sH-$|F4g<?#mA3ZOnypFP3~N4Dq!ginUT8<ZLTF8+ezcLWlQep2
zrTdG(sqY4{lP#KWYTG7NeLL7peFuW$j}ro)yvlkc9Yl8J87cM1XvcX;;q=91sNFQ7
znam?@LX$@Oq75fuF6w9X6SvbrsmvoJS1D`7onMM66VSg?a7tJFOa+bZJ6rEZerJZI
zH}r}OG!~4uhenHk6%WN)PV>}>kZIO@Zqz^ewmlO@TKrQBqx$wKu0YK<QZFXlA<vKF
zjZWIHZ|_U1^PHZ%?j_4ju{l_vPMBU$klQ+zYG|w<tQzx=Q89H0;Sx1lvdA{9?5Jvq
zLTWt_j1pTe7rN=utT*kOB_L<f6{s^H@J01G*qF9LG5$GT8l)>k*y;1Rl%zm&YvsHk
z4z1VK0gcecbhF@$;hISz6dv`R?^hjek(V=3(g0ZO)i;aQh?E{Q!qum5tczE*c~CIU
zKrbviJJVA7rZ&CGyGRbv-AHDr3Yl81lot;ACA-Du@Yk^Y2;g#J`c)SxsY6q>Bnh-z
z`l{pd3jtj&T8eU5wcE@glQfr9LxXiM>ApC6<G-z@uJXJ{?6!q?tngF$ii~cG3{PHb
z^K2OjUk}Yoqh`1ab`vf|5hkWGn@CkyGMjP}2KdnU(h~Wl!cxl*#+HL8qcR53t&6C2
zI41S_ZW#;+RnSFPZn$3U;|FVKT`*usM=T1hy?c8k8bLg}oeot7Go9yTe?2F);pS1*
z_d?0KzkwNWJe7!-6OT%0to|@axjG7}PTnu%ZHr%{FPvNdhM$zl0yQcSo49xPiY$Gm
zD~tgv#?fj`GP=&WU>}sK=vjo#rl@;e$Qk;KK0-6?2(xa#ep3G`6o)#9JdZVQr?{Xt
zZX+mUYM!sa)ivJVDJ7Em>Z6d28V_lQxmO*td*KZw5~g^G_pPQz@b!LC%ze3z5LfwA
zgNV`8=wRdWe7@M&t)fRCrsy)Lh1sayw~%{Y8M?k9FdJPg+tZ)S5Zf(2=E+ddDe?5S
z<P+LIr7g4vDc^J2e5prY4XS~byr^3}59X=4=E_cFYCk7@J)QW9MTi@3#`H^JVl(Y)
z*>NcD+>6gbTw(DzJEbF?qWB+H!)-C&$DLA}wBU)g3?Q5AWUJ$}B+FPlf9;2?6Rh2M
z%u&&`SqpmNJZ~I8VHeI4%*%0cqe)0=-TS^=jpFuosJGk&DdEm*h@9p4OGT7qBwZ#$
z^usR_uD3$<&$6M4OP+_kgcNBtJ34X1pNxWuHHo-z_7Yw$&@jg7&E+Spu2`ewk3M}m
zo|AC(q4%mKOuaHU4ePCk#R;x(pOcEIevhY8T3?vuN{v*l)VTP={LcoBbUgSs8+5jy
zA$I?JRW7cD>&1pqgwp6&4f;K^=<o2icHRz(WUyu8KTMsGa^!DbNF2vAc>5sxa#@w|
zW+bd&rF)B9<q@oC-tpVMvYfrEi$La%($Om%?cM|Y#57C8kIE~hptY+Wj{(ZHvS*$@
zSwo^Pq6miWjk3&amE$sEPKYneGst7)8W7F&e;)q29}$r;5hfdE+z8X6+TZ0d{HUc$
zKFz!2+_Q>Np&L3(`-Z?UoVHCOg~oS(hhLC(<ha~<&nr4dC~k%lm8k?DH+m`kOE3%T
zh=SS1L18dYE{TydW02|NGjbZ@iqFA56Kh9jVgazR1@fao600;?{9RH1*q8aBQk`3k
zDzRmX<`Q!$>AZywa=B8_56FFp=l=cE9V=zrdjlbb4qt-bg$j%?J#Gz0)s`&KqY~<I
zUc6~eIA^tYc!KR<sbhE8P;eLsUcamn_bIz?N9c#8pVeW8o~#&mG+=g%SGkWzR6dC{
zNB%lS|2ll@OWK#``W;2Dg>8}QOR85A+FV};GF*r9Xf)mb1h-L@_RVyB*!}&`$VkQ{
zw8V*MMmNiUC+uL7L)guCyQXi!NRsQt{Hu*lXC!GyU-pX^TK3+}>3rcn&>0Q-=^<V0
zw1=%(;<|ChTvkiGzt_JtZev-@D}46}ZE-|XeeO(6OxjB|w%}1RXoL2noG^dhvY=p7
zm20ZyI8L&O-5BS7&V-a`;aZ%FRN3v8KYzyLn%G>Q=;B0&{KaW-E>`96y!h{0v@mpa
z7Inc{EFWW{n6%$dedLFfm)duv_=Ko%yh@R2d$K01_lzpbm7Lo?AJ26lFH#fFq4Dq#
zpcZ{5ZW1QfCkX|81||6BA-AnZl=NkvcN(%^B$3g$5Kt>*vS7uK9dvw5nU9NJr&)eH
zBch`Yd!AK$Ox@F^BGT4p=x<$HGd&km7+8cN9jTp8dp7Q8Pb<pr==|gSs0rWarrs|$
zSD8a*B-gJxDKHm#b|EZQ8+irlwldJ4aU-)CltbdPyh!>DLQ8y#|FIw&b>QLwg=O%4
zws&o9j#Ly^n7o=5w~OVDbkA82dUQ?Iosqgqkom9Vd2h~=vef4%w}Q3kS35M_h?3U5
za<}Sag6Fa~#P-S=hPpAvt5eS*t(Yn}k%@XlL`f$iGvAEEosVvx@>aXh#Jk`K2t20b
zzv<D@{59Ai$Y!H|$#M-*AFHXK>PC7I!CMps-SYZX<m#@xSd{Q%NlB%}SUU0DG-X0j
zgF0iZF1Fi%rV2XU!`uQ2r8Y(%VKqY<f)6kHY65BVz0=7sf|`6I19x%v?zg@yaN$!H
zg?_?95xva2VAz#Vv>y9L_gFv&$-N1+=6=qxsN2a;^<x*bbUZI9OH-?JiltZVb8pOl
zk#F=+uRezTe%SM(HE{<c3T^D9_klwB@ccOJl2vYPCBvb&!gXP;*F2IioymY)ufhDD
zZ)}W8Y7uTemSSIzmWeTU_7H}A#6(QRyw-G#P5{kyz-~a}`Lf7ux;;G^-lzT_ya_^V
z6_#z-1aGG_M{@Nhc<DSg9$<XFxk(81a~TW9yXMxtjoOYg)RIP~WgI=C)`-e^YD{R?
z{{~wV;y=)DG;zOSPVNGm;heO4)KM1KJ^foQMPFb+E1h2%K7Pc}W>WRV(_L?LvA+52
zN0kq3eS;gNFd9F2rnEJoaV8Q!BmH@z;^oE==($sDG^TsYgPZ7-VK_U#m>{h9B6`02
z*8JInouhKqE2#u8<UJ;++xL8_GW^V7@sm;XtI`Zw@~eUs)g#rA;jf9N78dq>)pB_<
zNlyO1I-h)uqeWj9ln+y6a<{YU-5yV2RH1Y+UTQJ#xCtY4_7zt7#p7|olDXcP=*~yB
zN;Fo=@Sa)n{EW-F<5h8AnQ6tFGcQE}WDU~q-D4RSqmOS@wej%YY~HIpif-Rm8tG9c
zKmBSixLjA^Ei_r`R0EcC%8Ipuk;{Lkt()_g7?JF9)o%u|Q>Q1z!vm`Ob4h44o)u3y
zPBwEt(f2gU(hdFL|86kj!vO>*1#PfyUt({u3Td9<Gk2SxJ!NN@Kz-<JFS#GSF4R(%
zGuFlDcIzad@|2M<hro%yv^-v(-O;^dL`^yrb-9^71<#+<6s=eN0h)mHX%+E%f%34W
zV@Am2ukD#r=~S(`GR!z#ZNmGwGZ{NM`RZ7QxC+X!?1k#`bTP)Xn;%yb$M$NzLk1t#
z3_MWxFdl9ROlvT-pg(WJvqJ*8M7vh&Ow-VJAJQiaQ{&t=VVloN;0MDOB<DGz_pT$A
z#B#{(d4>2Oxg{-A=9HF8B=QYK%q1Uf$SQ{vtP+Y|W#AlFTOIl_1mED-NRL~E%?dp>
z!v4rX!#L9Labff6!8&oYqF4{bTugMNHtE>X^Mnu)LH=U~o`?b02jrE;LvF*vE^k+$
z>0a7RGPm0AL`$nT?4zY`4SGZJ{eD)%C!)mIPK9ck2r13J6gEs!Fyns_@nL+Dl_|KW
zcW!1>^^#US_tf(~1r8(U&azf;iSpR(iF#b>5ol_WTee~}vhq9TVe&glCR^X<JdI+*
z3JoGSECX(HiiN?njL+l+(e|;ID?zl-iVj)P3!4t}TB&Ao<Y@l@UEw^Be$J@PIu_Iu
zfgz+X_SLt^lZgd$(Y_p|0}+pKX)qngO+CX*yEj|L#A0(gOpeRDuC|tF0~M>4{dv10
z8dfKkJWkMC?srqg6Y*w<I_l<rpqGyPZQdabho@2LN?%}O8m2#&vCZl?K|(GwCI(@M
z*GlPVZKa6l6^evQmJ?i_b=gpG#yhkbj*)$n*tuP1=J&a80&`YrX14Gxc^;9AtISq`
zK6ka!d8RvM$WX&Z>6ZXj5K=B{YeLe{IwW`+HuanaHxGT^CaYWdSE~7mOW&=(Q##mr
z|7<6YgLnq3>H*l^gNTohcOM=(gvBW<$&mS!3WIb#q$8+Z*?ZOGxzV#!j5?a`i1-Yz
z&^)omJ<Fw<7e9L{wA;}8e2Vl?`+_MZCNR^HTbveMDwIC-V129<I7o-y==U?MBL}oz
zqn;9L9!l8%dUu>M;mp{@<+lu8m${jH)E5!+Gzhs%C*c`nPx>vT@}++Ow+XIK|7=sB
z*;o_LWI?2IQqTkXvn1yu$$`0_hAw20MH|p3*$VdDPKhj0q4=E{w{K}5I~x}#Tzz6G
zdSYH%n|J~(W}kARkkfRM?B8~B|1C<P_m*SVSuaiWnD}+|$ItYyE2?>gOvdH>9iri6
zIA1-@Gy<fRuH;m|;Pvn$`_*09%iWS}ub4VYUl9nQ!mqtTF{1pju0`<10}M~!zjzt>
z)*>@dD0(i%_tn&X#Br04rg6)0Ja<!kFNwhP@tT*8<ENG9c~gAi0`dKvfro;eOkM2r
z$t6?61QoSwJ3FC$B~wk0(kQdyV?lk>iebVb41$FQkD^(8eqK=XI$r8`;1@dy^vd!^
zh`lkg=F}vq4exha?dPe248v4?8<vLhghd5=JMa>|@=0_NO^7=6elAw6kl=g0c;u|u
zOsT-qm4xn7)K$8DPEAUA`H<T{5B^>wr!kL<)MK!Uska?Xn@8G#w8pJNQ^%L_-ZUpN
zFW)j_rLYXmf_>D}3SMOodcT2tpoS;UWY7z5grz|@B5AUWH=_8DswW7R@{&o18s?gV
zG0lJDpR2Q(mg*=CTA6N<>)?9UuR>f~PP(>R*ao)}9A1#&zh?26fBrq{(70PTq^(8q
z+w$?a#&)CwEV@ef(>pv7-T5~BGmV2At8Y{fnxYOK%)1&~{^D)G)SvmO%ix|wpAcV$
z{VnBrv2`r=k7LH!)3gP%N82CxECN8prb-@Kgj03iCSCC)9J?xR_k`uHO=wuNyLLV@
zc&K#0cr(KmAs0@~a4f&N=5QFG8PcV1H}v43-1tlAiT|5LcjL&VM>gHh(htZ&h(+Am
z`Sx!!RN%kTx`NrX;;NRz#b<QVy_6431zi>6-e1);L@59EdqqJgXRC6U-NvZv7*WWq
zlv}b3K`nh#3l<!bDmUhuQ(et9Qhx3$)lHU`xyQewFzi`dLI$!)kaA|pDoT>V`0|V1
zb(Em74!xyt_D#)p4n;mOSG{7R8Mptt*xiY-nJ*@{79;(OQZd>h_CXlP(o8OLXdyN{
zJ2r+)OAoz{gz09MJv0f2`G9|?{KfqHZK+0ElZ8kj_G?cgL66;fx$0j+wvAl(d(V^N
za0Au643Acr3Jqd~LncqsbSTH}3*TFs<H^o;sd~3-=aO=ow9;9q3@-mxeX*`C5;#;~
zVii&qO0JOYsrp`|^ugZg$81Z&bB&tXz)#tzb(!gs=P0pn4JpC{2dIo1tf31Z``wh@
z2CP&nQV@ixbgD#vew3428;bg`y<b1R`5NqEHp}EAK3Tc<V9wxv)H~AJzP{)&TCEnl
z-ne4fH>Hx@@A1R5+LrMSNW^{){4jj}Wx>(`pZ-k}UP2&G(W<;KyVO+c`nu2O)b&jY
z`WJ&XW)q_m`sr0fjq%5&Twn5(eY=}^(x=DgEN#N%OKN`>#I12EO;jW;#-<OlfoHq&
z)cq36F*#&$`Y|kl|I?M8TYQx0L?={1HH>SpcVf+uyg*^LQ?Re0`Yg7S#MhA}Fv!}u
z-z))cC|VuZxkVkcr5Ug%7Et%p19K^n<K6<xQqx#`((lgDtB8eQb1w6?tb^!!3HOzw
zgVx+JjWy{7=6MsCIFzWP<XS;tzH2%0(J<%gOdyTL+jXZzS#!MiB@fGOdWqDh;3TjY
zkbBh4)4jw2-SS161aeDI*}bQqB2ha1B(mT28+WCV5@*hqTJ2EN+k3unz9xo&kvB3e
zI2t<O{H(s{$k5ID8G0SB0v)8Zkr{U9_h_TSWUs#Io@9!|Bx{1VFBP9!THrMk#m;P7
z{&JtD>;JBM(2Z%b=rj5Sg}OCQr{p`c4nwhNihBjV)=CNcBwJ8n;4XFJUPtcaZRsh^
zl|=Z;_S?$RVts;5&dZd~Q4m)PPK=*(^Dkd$PwuUtO{O?WFyMQ<zU|B~+s+Jr=5=w?
zt|S-m?VbJ)2Lm`}jMoL($J(Wc&g~z_=J6<gKMEVs1qx_+K}PlyH^)7EAmdBil%E6w
zzodl}Q=Is-V9EDMdD<B`w&^VI%M3a5r05-q@yd4**SjY)%$>bCz<ouZNA+%n06&bK
z@g*@m6O2Gy9@iGGVJ0LH9{)23!pB7zLv27HgNMVbP4X$yW$M@%Cnvq^i_zrx)QZ!p
z0rA&5Ji3=>3%0PW{6zM#^HXxdqFxxc<Vz>|9zp`wk@QdnGb6|L9YxS$K_%%h)N`7~
z@2CYN7}Jo49jOmPW#95QXT~_nn%XmVf|f8;h<X#_1tvmiKVP1b>b@E&8x9OqiS|TI
zW@Vpsf+Q&Zv}Bg2GoWFD;w;+LQMzwG){|jYbEg<&G@eYw)vp6nr{Bgh;TgjdrD0p1
z<hiZVF%PTVdDss^EI2~W50eHI>v*wGf5>m9tv}rV#>ur$yk=+U6-iF|$>~w($;}D-
zc3ze7v+9Gv**J*~<*yd^Wd&GC{d%V1b}Ir`n`LTC=|LDwAbuy+qA6<Z*#cI<enwbK
zMR8Q}_IQvuN_B#5Un`O7oUFk@g7=1rZ>kx+QAng_a8F;Es{_b3HAP&x@oj-lt75G#
z95b1icU50H66@wsP_AN4?s+V9H*yQp{>RG)y`+xsw4$tMf;%uE1B!C->>l?VXBHh=
zu;(RPE4jjLChH2g+_{>+Khz0*KJ&7A?D_`^c-!mA+B$|d*0&EK{UR)}hInrruDXj0
z=T|tqgX^xI6i*k`;w7~lNN;QowHYgqG0xxUzj{z*f<+m3@qmv2ib<}0OF2-T-yAg(
z_MP5L{(}_`E^hTsL{wxix`=o);Z8)zCmE|b{?9t#v9az1wFgu-V`cSa3ORjR;!R&R
zpc9jOx|vR0y4lNTq;I&YviSHP{fM83pK`cj(J}hw=MgBedrS{8Ho>!03!lFJNh<J!
znnZR~Fgfqx=vLV)Cf67&$@j0GWw?^TU-;a=$h-}lKr?iD^`iXEE4A4i25*17gfGai
zy0zSesjeSRi}cSr#-?2lQ99W9nV-qdp<{Qq=JVt~=0CAg`#MegIfC3=ul#%Gm!|Gp
zO=kLsq0x#X$v&no>*TtkuGo{dTJtBKdUlLwdK`7)XP^KUlfDFd3E8P;O#RmO`}%m{
zywCc1Gq3B%R63mS{Stkmdp(nBQ1`@ETOISPkOmzjf1e3j#5WW5&t839YIEu-X3<2(
zt|p!D+g{6t2CUQa?Fnrte7KKvee?Cis7dvVltNs0ik3Swpb{;IO|zw1g*D`7qEI*m
zJj;s?p5&E=yY!R1J&kofC+JM3Q$6f>y!&~G`fr;FXP>s{2YnquZH;eP)`B?*B0QA1
zab}O>)z33gCvWmo)$ncjPt?>JW7P1ZFv(4IY+<6llCO@%Z~aJ<UJNdm<?Ixu8@61$
zkl4H_lXbXdC3&FUn<pZmF}Ol%ElYsCaDH-d$exxXCv^K${&k}NviQf8x8bmc1hxR?
z&kG!D<aD|WHXGrj+=7-Uo7Ll?Z4Kl8y80@+OSu(_+K>1dW^$0w7r3?C`uq=<6>V-H
z+OQvn)dj^b^z2M-A5Y$#)S=;6zT^5vU;NvD$)Wn^D;rtu&FGZTAN}mI%#`G5ejoV9
z-^4RxwefmpgOlp5BJp;Lx20HCd2u^Wd|ElL4unt&9BIB_dsU=FJ<Jk6C6mb*n9x~x
z=Up;GJFD`<AW)d7fW)We1Ep6fCQn<GcYoZ+<aaUmmWV<xg2{SM1!*^y(vcOFA#a1G
zPEzIg68i@5+`@OUN0G<O80q%}ThDB-p<Z?rrL+Btt8DRCp7+e^(!yk(b<CdD!AGNt
zD6$@E!5!!piB1a$2fh?+c|&XiGf_S)HD2g7eM^Q`(`Z539!KODu)v$UMKf{m8*==f
zvFxAxp8&cbMc+;SdSv&aO&5{QGCm7o!DwsO_G>^UdcM!{pNA(${98>9*yIS~b6kEG
zcnz(l%Q$G$7?Xlgc0T=OBU)}F7>M)~Yu$+l)CgWZ?|`vs+q5fd?lS#YoXeZ|f@6*z
zpv-(^6?ee;`Ee{Bis^&jktfmmts>(GZ<WIqr~)9SZ&72~-*d11$jed{meWIYq|CF!
zDivNsoh;EHUbHGg--~^5FZv1!CWn`Fb`qh0E9U>H5zz_wS7Wc+bJMeE?19M^h=Q?2
z4_KtSdsU2J-45F(-4`O$)(dy#&`a`HGg1cl<>R-^0%v)se@ESLC>jw(U`1!zsFdmm
zt?$;8Tzwp<kbUkVNVyk*_kBsIfdb(%rm}FG92fxZxd@jzizeQWH|sS?v<tZ-x;<B+
z;>GsFl;ZM%Fe<d0(bkQ!runFFH2+K7w>906Eu<D1B)kSsXWthQ<c5GPf>zLKZ9Vb3
zcsAxWMu+Ss4|!f4)CESG4VGx^d@Y&;h<sg3Ck&62->?rdQmRMLX2tk<0S9NtdOKA2
z**n9qWDa`rb03M@2^fMbD27tu>jsB+8%fF;MkWhKr`k@5kNlSim&gD_%Y}T(rPyyo
zr|gG|FL1<K{n}ZTiL6z7XF7f-J|A5_G@{0=<i;jMD=w(F6-oF(GuD~reR@LfxG;;q
zqKk13oJGvT&)pUKwCJ%il4LOU!R3gYZcrl4h_DX9THLO8Ey07ZE|>wq^x&hz+sl(}
z={6d4_nD;s^GdFFsxyy3sz9}+qgd%FUuPVPq^yRM?Hu<WQhEM&Zc9yyanjgZY%wh{
zX%@Z7T8W`Bm%m1NauDAi42D)i=-utGiV)!~JH=p=_N5yqo`E^eWW^w@;8+QVe>T3d
z>##USyIjoidW}47OH#F<E=FzO;yV>Zo-n!U1?}ld;-IBCy2HrbKR256WG?0})fHYl
z{^sOp<6$A}xz*EP5#&LBn_NWlzHW1R$rr!?(@VVtZK&<NI?j2b&c@<R@DL220_AHM
zko@l$gy_oggZxnCo6ix7$0^HqqXRzqTvkf_-UzPK3CpML_+v$w;-qJc$1J^PaH^g9
zFkro!hf<L)9y(wijKajUKLpfzwIgR`+F@cPO)2AK2JPa%>?!7~Ud1Vj5ZP?8nZ(dx
z0b{1tcNmp;fdakPd!%=mh^i$*7%a@$)E)@;9gK)60TXlCQkjl*n-(I%y&=<;wAv;c
zIw4E!V83rQN-PnR<|Al4#U{&xJ}CPd{S){r5SFu|B1Grp3IGHN?7fE%9mg*nWQCPJ
zV?Wpt;#0|qm`P`VTYNz#Ndq2W^s`QGqoPX+b(~}XFfU0EGiOcdSO}9`MN7ayi^+(W
zzD)#@>p$dMSe7MuL(DEB>y*@VR439Drvt}V>6wApr&nDNcVN0yUUPZ+3p@f%rf1yC
z>5tfySf-D=p`v2wl$L?F$zQjbv9ZlQBsJ+vc;K-?m+gXQNL=gwJwz^_eeA=|QPs!6
z8wbm`QF%BrAOvMob;Qv<zMw~!k4$l|L(qf1-X(1q0j0m}{Hf5H6{&qag4*@c87GcV
zfMsf4o+jA62|m4~^V7WHeiNtb!P$HgqtScx8kxisEjKV@o~|1?2$Pq~<Eea~-~t&P
z0VFmL+b*b<cmZ`BcguF<wiDJwbdQs#?8NWi8cWUy_LbRoJ!%y%#z?HOU77VA;;Nb^
zJ#J{T<I%Bm5RZ9Dby7IFlfnG&cp#}hlje9T%$$8v6ajiPtg$f`2P2*^Z*&5Io__dI
zQAs6_t8s2(9RfQ{NZ6mCJwd=p!ERLu#4v-&sJ#3INw1Gl%?rrFf61l|bqor|?*-O-
zg!uVPFg0<*N*=i?pK&RxRrq0GnSQN<%pr}=I(VMU%!B}DJK`Ru%Y14&MaE*&@c%26
zvIu?sku(sWK;3^JCkmMU<kpkho}4Hk1tsxbjrNI$e?5g#PYBxf&hI5Xe&=i>@_mk)
zC)vxj;qVT}V-)H;#Q<TH(8#DAvE>UjKk>fIBVV9QLL6ALnyN7lNk$F+j*-l?B*Iv{
zBxLXTbSXXPBL1jK3>Qii&jTdICuJuCXNQRUv39xB1YOz8un;fElMG&UUsEyMy@yFC
z^4a}LyWv!x9~mTt@hcQz(CP$J^Vk9CK4ye$P;z4gD}o<&(N&Wjj0AYGiEB`_^H7R-
za}nmY)e_y*HAh=@y0b+rHx;Hcr}$1Ru&1^o#@+UXI?fDldZi$15Jm}V{q`OdX1vs~
zm--Pzh}=Fwn5RP$;lxr77hk@5e%O5r1aG2&Sc`z<5AlACTBPl2ovG1Q@hR?~iqZIm
zEhlR*dm%`gZ8m&vCmep2sDkdFuP7+UfGL9uuzsZ-rrFM*)cc`<v5y0b@H$`B9NBGk
zm7ss!y~Icx9GMrAF|sQ;qz6Un_UhyC080TPe+C5M^eeM`7;F!4AR)Ya9Arzxw&SNE
z;&6Wc7<+(ue2N>NjP&?!90(?@Z4u3Fu!h~IG!CQI37|<7Fm;x&WB_xc0FliZ#&WLk
zbFfVk5m|U2SR6_54?)Pil(e6CHd1}dRLRM7;$ZJ8%C!J{8)Io^A8>r5Cov|XnDJMm
z@42GHT`~69MuM~z;>d%}S)9YbMwHh|@qB@9pr#};ht6JD8K8Kx5|T~V>pzp`bl|`Q
zR7dh>@jtL<okQT-zLbwJuv%lQ`oKfL2^1CLGY>!nV*b%)=s2EM2y;}K2_vBFC=#Ka
zZQ|y2ezCG>SI4V7(7*ZE%;+Dfo^x}jIuovcmH@;0?V(k6^p-{E&$1FVCa|uxt$b1y
z**=H8@mEx8Hpv1PqKjJ6AXoS+MUG;Bf6&>@A045Zs@KTnzfP;hB$-%Pk<n|*rftg0
zA8j1zR3$wa^;+TNwmbOVvKEz6D@$`et{CUGn+t`8h1N^UQQtE<a)YCixoeX-r$Ksu
zwJr*Gcdmu9R|8`$ZWG(5!E^qMv#P67v3`Ks;Q}I)(<prM5&)$@{rIpKh0twwVGwg?
z1=kwP=mIP=g+4g8Y3ZvG@EjWx%RA8#+o3%<-g2&N33QfzJ(MgYpDeox$O*6qHA%T;
zd{?a~*_P%{Wjf=@F}aJl#>`F8CaW5+T$n*vY?<A!DagdM&7^i5c8?{#5I(hH=+9(|
z!ZIVOn*@Q!4!tx7c!MLWdEPnweBh-lJ{#Po7q2mG@%^J&$XqY1qj4KN$Lxx8ThBNf
zmm>1Z+#!j^V!$|w`WiBjR#gKRRCFxj74BfXQOzK;?Z*s6uvx4&K)tb%F~6`UNzVWO
zKA-%}Gt@#L?wdv&S;P?MEW6Sc*LBUfB}SoGUdF?+R~+N4$OwzYjK_i1_FdKHWGLfB
zZJK3}nc#OA_fTEjPyhLkZMwaAEy&)&;`pYSe=>VLclF%^tbv6JLr0S-M`zHRl?NBu
zNO&&F>&LatXe8}?H;dLbSXG)$DxLT?-`6U7KvE{BPV8jL>sbp*GRoWt)s>IuCImFa
z>+K9txuFO4RZ|Bxg!Xs%HL2IZ|B>=vWufs!?&(QpM!~7w#fX#{xzq3NrsR`rcCfvG
zSO};qwC^mvQ<;l$`v~8(-ojR*Su51Wi_XsiCw@S_PrlGKrQn%pIc;T0mPkx}l(tka
z%Zi+=0}%$03CW88j920;9C)zB70<w_jSL=cU1e?n1}Fi?cmJ;1Z>2u2UIfi*>~1BD
zeW<-$@TI@K3%2^WxR$DAYRv^Q82(Qxc+-i(`DNOpw@P479MYri?8BLxpDw_22$Y(D
z6@Zm*1TTY;(9^KebBtdBktZh(Em4r}Xw;`{sa%rHCOMgDTYv7FTuwc2WQ{ZF9t{+k
z03FU#bvZnG)=9!J<JZ0#8T~-Pp)1u$kTbr;S*IEih3EUC0}TR4&JnUH!XGWvPnXIT
zBoc=ywN@ASV|%Zop|?GI6^IV#WNaZ)8n~b$CbYJbt{ik<Q0*J|f%dU9>8JUbnVOHd
zlOhuzd(gFFZ!&C{3{g3{R1dTI0S41nfjv@ePm#k9EH8>WmF5SUc<y3EYPq~Nx%b||
zj}uAqMC;FdkzTulDCdXOCA`Gqjx%CDU6NLA4qxU%T<<CGp$Hab)vgt)`=19_LST(t
zm7^MxzG9Lw)?GgCf(&_K3ot4@9sm24RXf_%>FF^yf{B0!;Kz+m6W2L;klAE#Ewu<M
z(m{<raQ9hL9t`%W+e<wXq@G`Dv-z8|8f7{`={m@Ox}vt4yR_5FKr*F3Zi~eiBf){d
zRV%%;7f%=_Rn?7zUn5%)G_Ej&4RJQ;i~Ib5m_WoQ-i$-bDA)X!6=yOb{17=Kvg7wB
zZs`@pMo#{L5G2skGWUfAc$mS4-_1&v4$?J1@#q2F)fNSQm>lFzm0j+nY*fzB$GOeC
zN)PV3{*ymiq#!npT}U5B{O%4uXoRUIu;oj}rRg8691kKl*w@-8=rd_55oD;z-jjxd
z{|~BFE3l_0gjL_V_R>|+!Cd4lr%6((;*S{dFS@xq`iaVhb(1he#A2AotS}_$vU!qH
z7VWiA<yIjH;6F+u<Kc|&Oi1#JF8zob3u`Em&`^+Vu9}>iPHtV5qT^?t3$mn&cP2_!
zQ}f|d^c;z`%{T_vamReT1#|Ec^rV-ug&LmqI)n@b*b2+htDq?LoY6oJtJW)QfA0o@
zw<>|YI2g~IbvC|RC<Ku6Oz5VsM#Bui_fF1XE*fSam+U@Nq}joUte1#Sf2D9(WTfvX
z30yZao+J4m^d6NV@T)VcUL9}?vfC_35jO8Jzs-ZZv!ZxNW`*4e0e6MJUQ-u$tA<(i
zL0&x{-PQrprDbE;czoTJhT;$2;Pz{m4rXh4yLRt=L5}?=YN#N=`T(c7-d*iWk=PE@
zCIwFL@xWtxvbQKsAC2uL8hz=Zn}gfDImi|f1v0r<lJAtwA32Yk#{P1vEKw1dj6ylS
zC8VFM=!g@Kdg~pfy9&bSz64iqQW<MJ)XBQ%@8C9I9o>(7o;<SkenZk?c@%)M20(Lm
z!oJrTkbHgnduCC*J?B=-AtzGiNleE(;~d*SsI80$r7YYc!192UcJ_{HiLPB5h|7tV
zLdMV*VHK106h%34){|sNym+$MY;Z}46-NQSS8tt3RM&q!<ZKz7Yk}^jGC{bx*({Rc
z-p>_IepVt?SI-mDI)Sg0_tR!?GJe4FEqDJ;n6X~v+ult8*&?h4t0)${?!dexM7kU9
zYLJE2fK-8MTyF3h>rD3Tf2k)FQZEYp3i6qTOqnA16+|zJ&9x1WR^h7*swHO@7o}A&
za*S6enEa&HxMOARwV;SHvJ&KsQ~ltmbB#7b#(GkTkm$m+XurfN0udIkj@-D5o<p9*
z^l2W&G^dsFNd>2ZVL`l;iIW@rREQD9vG&i#(Xy|Gxc*{M&8)OXVb{<1ZUID(TiWqB
zn?k;^T48}uUJO>5JBD+ZW&Y*QkOmYzk=1TzVl9v!<7Pq00!LmJ2GAsp;E)U?@H$Ro
zsVK&^eR=;eYLom&c*5cw26|pKjRL^+Ls%e%N4nWksgLM@NcHDH^IfVca4e{;^w6?6
zJj$O<XFQEspQ|?rm?8Uy&bdtH-huW16MqxvYBSjFf#Z(!4lA_;a-f^E>2bJ!uz5Z7
zMw{AAC4xU<OjOw?a^g~?m{@Eo@3;1g+08vtlYnOfFR&Jk$K<<dNtZHWAgp>Vf9ln-
z`r<JbIVHQ}aB(VUCPPxXl?>2xZdt`2+V1L;WGqaO*&A<p;BN=a6KzSsF^(0UA}~~C
zNp?~Fz;7kX<Paa-KNnzM);=%nf82$$P8u5BP<=Jx&#~D4j9#%pYeOgrK6|>%_<wT!
z9^`fZ*mW-Xsj^|H<7l^Bm6Q-B5}=Y=8^aWEmv)<>Gy99SF1c*av~%rHE5NfoF|`9r
zWT|914^z?fRg(kT{kQ4*Whl^~md{+=O8KAt?-u~Ug?z$Fo0}YB&@Du=JbQz(KrNL)
zR&94{gM=D+)Lm+~k0pbJp!c8&x*C%IGs5)uj#W|nN=d=|C+MnXJLipLA0je54}C!T
zOAjZg*q^_laT!*55efx*g)_{{#*yyal0%C=38S1#krb-M(I&(MPkA8GtH^K4r#VUe
z*<~Quur=V=<Oi}c|0ZEBuQJj)PfBT5%4;JK7(%_iem977S;qv(wYug=$<C{{9g;A1
zmKGsY*d*>MG&huV8-I^z72mYurrN1Ie7zUmV5%455Ahz8>!$gLgSHRTCSopBWy!`7
zLt!l8@IK1>2kdagH$AM6ys&P&vkG5zMCb@^25%v>HMQcwLai~Lbb+-!?zL55A2+3|
zmugAwToMFTZP@*Tldp5%>^Ut_-!4`l`asNnx$%0L1f<hvE1?<qd+YQWCG}B_70XHK
zKw=e;K{_kpsz($+Z+hJBeiHEvB2YiT-$|`~qgjm--aP_DS>oH;W6TUgO5HR%VIiQ3
z1vx#t5{S3i-hilwfhzxvO<ZUP?GdrwoSsR~x;Vt~@r7>BF1i2SVYfAg`!sg1c#~*`
z;`|_xRf4$>z<1sODDmOX5g!qKtHK#}GZm#Hjy&QXmm56`HyKZThdpny7LQ%IfmONe
z)VOK0lQWoVrn2{oz~g1ta?H}$BqyvoJYT#LkSyhO?f2)k;JY))iEn&!Faph3G9BSp
z&S;k_4cZZA<`TRQT<f<W06JrEu~Qg)PnPcrxlOdj_Da6J@APSAi*2ro`hd22K?^K<
z?lLBRhs?&lpYqP&9sISVWm94C337LqIt|9(@TOSAcmEKKpj_A_ISzibv~q)Ao{QH^
zk>@iBlSr+h4o%YhQRZ~Oz+j|OKO^W1z7Nq+!gzFmJgZC_Vy;79x3A|hmjx1B<$omp
z-ccDMCJ-+cIZf|{UNX?J!XxWZHJTQrb}@O0uesf-1ab3_47?haaRzGB--qLDJv5xo
zVY&7jkio4wUG?kAJ0tgqNoQ?k=%D>Z-wb{M3;2`Yne|e2vuCp;<n9O35&{B1msV2E
zIv}1S?`voR87a&9rQ=iNnb;KiCHo2Py2Xj=)tklq+hJEM|MYumi$zTh(C>|ba*tU!
zu=+)siWt|+zHh;U?{*8UwyAcuR~Qs|R}R4D4uL&EGq|pk$)M$bypFj4ku?*YOsZ&+
zGjwyjD|4Una0mynS^kqnJkg{bXoe`cMcw;iYcsKJY4(k1!8)>#;EQ>%hP;FZ%j<XQ
z)PWSUe%`F&an07xvrgCRg)f{EBanV3q#@xi&x1X|y1nl^PQ1nm$7eQqx=r(pRLsy`
zV6n%Jvp|6vnk1lz0l6)(uKwPwlNMab@P%4<6Qcp&hWaXY!WFwc`$F><*TI_5@S#m-
zQP3$o*BOD1b4Gx4B+Ss8a>iT$-dc#__rEU3m@?GXJnTm^RTQ!87Mx!CEmBFvpZBFt
zV!(f;Za57n8a^$sE=`^2%%Q|!5u*-g1sr#uNDZyP!}2*-5<K{$c6Y@;C_?@73Lp{R
z_b)y$DsrIze3yJnk<sj-wq+pD=D1~nTU%)6_W81tl_Pt|DAb&WKM$W)i;{vbhCgVU
zbn|uEW}=6^3_Fe0O~yJFXch}&t9G|X*ACekYK!FQm-I#xw<=kYlv>A#o^(v_r(f;L
z&X@pX)A5X-hw%AO^7Du;GCC{^-1&mG9q_o8K}M!R+k3XSkSs2Lc#x_tjoH}G2hG92
zR>c*tE1L{LxMCuPfHtVZ9~~NyVwrEn-tnXkc1|1P8w+@c-wl*3bFw*bz=q=#pEq5&
zc*nZ^^526d{fi~QB$RC6Uk?SF{piPso{I_4idudXpw=?;*)U4)<3)rMu=(EEWH}vh
z&hO_ClBEK|(_6&`kEEg;+ak}N1QGFhH)bPW0E3i1XMpybrjhy%GSV?^C=SyT_LGmA
zyInnalwLTZ_AAc>4WCq}Bv?Z()q_+tnXNMYVnX;vQ<|a-w>WoUm~Fs(G{<=PstTb-
zb`t&yMTU7L*zz1E;Ad!T0|?z5!t<yi3~@JuUsdsUdF&|DchpIX=lZ&N?kaWQiUc|m
z2~^=9u8(A~MU;JiFT=-XnRDM0#OO#fhYbP3i~r0Svc99v6tTWLtLHSEe(KO&IEU<@
zT%#haqrf?Psp_0h#j2wR@AgNxwKT`GyiMGCeecaU_DVzrUIYCi{FKKyKmM;92R8vu
zlz&sKB7tI4x3a7Agk=KaC=I;Q4*AYENmxabWc^RMduNzykVw^>^|4;h|ERW^sEY)e
zl7hE>E@axM8;7kgjvwg8QFi_7N;2Er%~F0>XsvE5gpJjJrumCgr)W86r5j_A++ed>
zv`l&g@yhlQwp!t0*d-|P2NCws<9Wey203sLXksWwBE^};IGzrxA>(q2-~S`V5jVjN
zFpgFu5lX_r;c-f_k%+{_B<mm%#kE8S@4msQ7Lv;?)zflUaF?WxeAl<lF+~eCoUDJS
z|0tIt2d~=1d1>ZQ+l)R0<QxM@46nL&EE7~R%k`0E6W@SMxSd)0ZPq7^zG^bZZ>>J(
z*dt9i`^rlP!?&Xb!@3_#Djp6#mL5eHhMeU4_AKG+k~nSRDIS>r%^$>LR;w?ix(ewU
ztgnl8AJ?#Lu)<0X*}8+UU8F&&wc&|L(T5HbFijBQ6h(ea1rG^lZ!ME^OMd9|UIV7T
zfWk!M$u#PBd3y^N{e=l8$SEJRpAxuDuS6qr;M|4bi&RQ4eG_~u$6KEq>p~Capr2qe
z$Ri__Y}!pp|4$3RmE;naF2-Lh>4q0OwVaY=%G;Zzy;vIQfwCK=9|NLR=nTO}s6C`^
zBl*~N$Ft|N7I%Y=-Qx)_C#mNxEqMNYzHpx9?)-}+RkqaHoF(8hA=ScS8~Z5mG@Jy5
z9Tf7<d>*d>&zCU4hw;Aay8Aw8AkkZ|mgba!M>Uf;({L4;23+IfudaCf0^6?s23i=A
zg02l_XEAsU+bt&}!OW;~U~Ga=7yo5-Yt@2S1Cp?)a@GJ|`!;0ZDt^nM@{#N?(5@9;
z0Fy(h1rYK0ZPeR<N_Kht4bAn35EqYe>mtRJm5yw%b1L=|B%(k6y*2+V;yg>>n$?52
zj$b8K9yJV8NVjEDp0e!{igF!5IDcXji_nS0;A3Hk-`45+O0~|+@OfAP%X9<@@Fjo5
z=L65|JCp&AkCy98U`{_%Mz1g<q@n~c2w($)Z{!juCmdXSoJ1_2nVKtBNaG<Ge14MH
z2mjoV39f6wI78okF-%ysR$j(!=;WQ(I_0rZqv{P!l9p6*U7-9_isr@wJ8VHsZD&eZ
z{9yaA)Up^D)lvkOL^it!x0dyma@zUnY0rBTvvHwwiI(QmwM2FyYKofm-#!O+LhdZE
zi~~%d&V4m#0wzLGWAs4B*qmNRCdoxD?jVbZaS~rW%@$w6BF!a&SqJX^k3Un_+*%9|
zt|&zGQH!J`{QGOHJ$rZ$+UynF#j5<fB^F0GQU3SLuHTum)B*quZbHdGfn1;g$KW<`
z3BVd~O_G+gJ?-L0mg&Espj?@SvXO!!(UPPKfDcu6q^W5#hiI|SHQ;izYcU>d!m2Cc
zKiWn}3n&PQ0lu^V(e%{z71ml5i6Z4EC6Tf9c#GPyq7w^IH)~7$0J9|7&^vV+zevrt
zL<d@cSaqTA1ZXm60l>bYV;Q}HyzRD_gW7=xcBzzCBr!J!n%)Y(oKLJdAG1?+KXxN%
z4!~u0<6SsAI=N+rnRG)TaWP$??sW>M_Ilrhb4D<>Ta+P(11qEDARM2ODWPvnw!UPj
zoqrOlQ1ZYw%i2^Ey1O}lcroPx!$BzCy@!oPFUTX~LsRj*=WvmHWuuy7`u*2FGSE3G
zR@bQX-`-%e^r)JjZCtQ~tdDr_{6PQHqYXQ-!dVONsGx5M<CcY2HiKNb>8#-z7zSNt
zQbo(r9l9Qe3Yy!fAQHv{k(Oc`e`^(hoFH+%$#(Xay=G`J`eDFOcE9zJc(A0Th?l<Q
z4~0E)*Cl~#%CXg4>|whcMQFqX1t0t(SGNuk5IH8q;s#oyhJYHU>)ZdxR`lUI7_Ab2
zYSJ`nhRG$<nBH-oFAIz*Z+tsE2`8k|271j&V6aQ&>~1DLD>#2fbez_G+fFC&7b*tR
z0fbS>@)kt&7lsbttCCozO-xZ%x{&cAoW*bUN6se*2OyEzOsFcQBnL-=O;MaPQTHl`
z&sKV*3Nq*5<w7LC<A79~k)16FUphv4$Tkj>#)l-s-nr5b9{wBAu~rmahYF>7Qx`Y_
zi7V1~880Cj1RsKu0gar`Jkgb|kD}H&{`oJ!gQejxfD(#yBkDUyk^AWh-YMQ=9u43v
zM|(R*3-J>vhgb~h6-aPy=FXYNa7UhwG=H;9rUK+Z<&-gMeY#~%qotd~o>KVKG+JUy
z{?C<gAW-z>R|EAhhvzS?7{70(9{7IfMpa{%s&|w6?$}q&a1a390N<Q+mZDt5M*gP_
zNI&084|Ud-xgs`0!mQF@O^asCp!H?9Hu-nbkG*6;49Zb~M(&rlT{HE8wQW7oXz9S7
z{rZQAdMzJ6ji+hE%Z5pwATeZ&4oEaKAI>j`A5-E3=AZ!PR3BnXTD7l=(O4=uSQ8N&
z6lDlJhsPw#+V&{OSw;TP0oozEy+WTuY4^Vp$DnXj?x1>ayBNjLPh$KYJa9cSh(`5P
zy_r>~75r3lc3t?KRxqJo=u2C9C!TUVOjbF|eoU;?Kt~u^Q=Tf=H7Nn7Xem4<2-HIw
z<{|fpR~EMxuzH(Q03(uA`bUvuR%6d;T2HTAcO3ktT4NW%M^miNz-J&!56+I)d@7|w
zUfz`iGS;TjA}$B0%;|R~EixSJJKuc?zwpqVa^lm&<Rvm?zj9|LgV9mQH0B?XB5SB3
zAbc-)Q3u;y(5PsXxh~+BLQa<r0_yO_(lQy4gh)%wioUL&Pd{-Ye}+b7J1;kq@gG5t
zKdTkYs+DOxTwOS?iy)0g^lt=i(uo7JFnrJRr_9SG&0h-ca~pwd!w*i^|8Xeh&88%x
zHRB?R|9ea~Qh)#eZ#dQj_XMrCzqH;8o+CaJZrrQffiifOn+j4{%t`mz00GOb0o3>d
T3!$Ayw&~v-0ssI2018=J#c;~?

literal 0
HcmV?d00001

diff --git a/assets/supervisor/conf.d/supervisord.conf b/assets/supervisor/conf.d/supervisord.conf
index fee6f06..893ee7b 100644
--- a/assets/supervisor/conf.d/supervisord.conf
+++ b/assets/supervisor/conf.d/supervisord.conf
@@ -6,31 +6,34 @@ user=root
 command=/usr/sbin/fts_bringonline -t 25
 autostart=true
 autorestart=true
-startretries=10
+startretries=0
 stdout_logfile=/var/log/fts3/fts_bringonline_stdout.log
 stderr_logfile=/var/log/fts3/fts_bringonline_stderr.log
 priority=50
+exitcodes=0
 
 [program:fts-server]
 command=/usr/sbin/fts_server -t 25
 autostart=true
 autorestart=true
-startretries=10
+startretries=0
 stdout_logfile=/var/log/fts3/fts_server_stdout.log
 stderr_logfile=/var/log/fts3/fts_server_stderr.log
 priority=50
+exitcodes=0
 
 [program:fts-msg-bulk]
 command=/usr/sbin/fts_msg_bulk
 autostart=true
 autorestart=true
-startretries=10
+startretries=0
 priority=50
+exitcodes=0
 
 [program:cron]
 command=/usr/sbin/crond -n
 autostart=true
 autorestart=true
-startretries=10
+startretries=0
 priority=50
-
+exitcodes=0
diff --git a/assets/vomsdir/wlcg/wlcg-voms.cloud.cnaf.infn.it.lsc b/assets/vomsdir/wlcg/wlcg-voms.cloud.cnaf.infn.it.lsc
index b6f643f..2d12227 100644
--- a/assets/vomsdir/wlcg/wlcg-voms.cloud.cnaf.infn.it.lsc
+++ b/assets/vomsdir/wlcg/wlcg-voms.cloud.cnaf.infn.it.lsc
@@ -1,2 +1,3 @@
-/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=wlcg-voms.cloud.cnaf.infn.it
-/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
+/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=cnaf/CN=wlcg-voms.cloud.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
+
diff --git a/docker-compose.yml b/docker-compose.yml
index d2ca2a4..208a4e7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,6 +14,8 @@ services:
       - cabundle:/etc/pki
 
   fts-server:
+    env_file:
+      - .env
     image: gitlab-registry.cern.ch/fts/fts3:${FTS_SERVER_VERSION}
     hostname: ${FTS_HOSTNAME}
     environment:
@@ -35,8 +37,9 @@ services:
       - ./assets/fts3:/etc/fts3
       - ./assets/scripts:/scripts
       - ./assets/supervisor/conf.d:/etc/supervisor/conf.d
-    ports:
-      - "2170:2170"
+#    Only used for CERN specific BDII publishing (uncomment if this is the case)
+#    ports:
+#      - 2170:2170   
     links:
       - ftsdb:ftsdb
     depends_on:
@@ -44,8 +47,11 @@ services:
       - ftsdb
     entrypoint:  
       - /scripts/startup-fts-server.sh
+      - if ! rpm -qa | grep x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64; then yum localinstall -y /scripts/x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm; fi
 
   fts-rest:
+    env_file:
+      - .env
     image: gitlab-registry.cern.ch/fts/fts-rest:${FTS_REST_VERSION}
     hostname: ${FTS_HOSTNAME}
     environment:
@@ -80,6 +86,8 @@ services:
       - /scripts/startup-fts-rest.sh
 
   fts-mon:
+    env_file:
+      - .env
     image: gitlab-registry.cern.ch/fts/fts-monitoring:${FTS_MONITORING_VERSION}
     hostname: ${FTS_HOSTNAME}
     environment:
@@ -114,6 +122,8 @@ services:
       - /scripts/startup-fts-mon.sh
 
   fts-cli:
+    env_file:
+      - .env
     image: marcelovilaca/fts3-cnaf:${FTS_CLI_VERSION}
     hostname: ${FTS_HOSTNAME}
     environment:
@@ -139,6 +149,8 @@ services:
     entrypoint: /tini -- sleep infinity
 
   ftsdb:
+    env_file:
+      - .env
     image: ${FTS_MYSQL_IMAGE}
     hostname: ftsdb
     environment:
diff --git a/initialize_mysql.sh b/initialize_mysql.sh
index ad88ccd..a01fe25 100755
--- a/initialize_mysql.sh
+++ b/initialize_mysql.sh
@@ -4,8 +4,8 @@ set +e
 
 export $(cat .env | xargs)
 
-docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} ${FTS_DATABASE} < /scripts/fts-schema-6.0.0.sql"
+docker exec fts3cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} ${FTS_DATABASE} < /scripts/fts-schema-6.0.0.sql"
 
-docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} -h ${FTS_MYSQL_HOST} -Bse \"GRANT ALL ON ${FTS_DATABASE}.* TO '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES; GRANT SUPER ON *.* to '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES;\" "
+docker exec fts3cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} -h ${FTS_MYSQL_HOST} -Bse \"GRANT ALL ON ${FTS_DATABASE}.* TO '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES; GRANT SUPER ON *.* to '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES;\" "
 
 
diff --git a/old.Dockerfile b/old.Dockerfile
deleted file mode 100644
index 3836086..0000000
--- a/old.Dockerfile
+++ /dev/null
@@ -1,54 +0,0 @@
-FROM centos:7
-
-# Install FTS
-RUN yum install -y epel-release.noarch
-#RUN curl https://fts-repo.web.cern.ch/fts-repo/fts3-prod-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo
-#RUN curl https://dmc-repo.web.cern.ch/dmc-repo/dmc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo
-RUN curl http://fts-repo.web.cern.ch/fts-repo/fts3-rc-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo
-RUN curl http://dmc-repo.web.cern.ch/dmc-repo/dmc-rc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo
-
-RUN yum clean all && yum upgrade -y
-RUN yum install -y gfal2-plugin-* --skip-broken
-RUN yum install -y fts-server fts-client fts-rest fts-monitoring fts-mysql fts-msg fts-infosys
-RUN yum install -y mysql MySQL-python fts-rest-oauth2 multitail
-RUN yum install -y fts-server-selinux fts-rest-selinux fts-monitoring-selinux
-RUN yum clean all
-
-# Setup FTS security
-COPY assets/fts/certs/hostcert_fts.pem /etc/grid-security/hostcert.pem
-COPY assets/fts/certs/hostcert_fts.key.pem /etc/grid-security/hostkey.pem
-RUN chmod 400 /etc/grid-security/hostkey.pem
-COPY assets/fts/Sectigo/SectigoRSA* /etc/grid-security/certificates/
-COPY assets/fts/Sectigo/USERTrustRSA-AAACA-xSign.crt /etc/grid-security/certificates/
-#COPY assets/fts/Sectigo/SHA-2\ Root\ USERTrust\ RSA\ Certification\ Authority.crt /etc/grid-security/certificates/
-
-
-# Database configuration for FTS server
-COPY assets/fts/fts3config /etc/fts3/fts3config
-COPY assets/fts/mysql/fts-schema-6.0.0.sql /usr/share/fts-mysql/fts-schema-6.0.0.sql 
-
-# Configuration for FTSREST and FTSMON
-COPY assets/fts/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf
-RUN echo "" > /etc/httpd/conf.d/ssl.conf &&\
-    echo "" > /etc/httpd/conf.d/autoindex.conf &&\
-    echo "" > /etc/httpd/conf.d/userdir.conf &&\
-    echo "" > /etc/httpd/conf.d/welcome.conf &&\
-    echo "" > /etc/httpd/conf.d/zgridsite.conf &&\
-    echo "ServerName fts3-cnaf.cloud.cnaf.infn.it:80" >> /etc/httpd/conf/httpd.conf 
-
-# Entrypoint waiting script for MySQL
-COPY assets/fts/wait-for-it.sh /usr/local/bin/wait-for-it.sh
-RUN chmod +x /usr/local/bin/wait-for-it.sh
-
-# Shortcut for logfiles
-COPY assets/fts/logshow /usr/local/bin/logshow
-RUN chmod +x /usr/local/bin/logshow
-RUN touch /var/log/fts3/fts3server.log
-RUN chown -R fts3:fts3 /var/log/fts3/fts3server.log
-RUN touch /var/log/fts3rest/fts3rest.log
-RUN chown -R fts3:fts3 /var/log/fts3rest
-
-# Startup
-EXPOSE 8446 8449
-ADD assets/fts/docker-entrypoint.sh /
-ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/test/cleanup.sh b/test/cleanup.sh
new file mode 100755
index 0000000..d2221c6
--- /dev/null
+++ b/test/cleanup.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+gfal-rm --from-file remove.me
+rm BULK.json
+rm remove.me
+
diff --git a/test/command_example.md b/test/command_example.md
new file mode 100644
index 0000000..a0c2ffe
--- /dev/null
+++ b/test/command_example.md
@@ -0,0 +1,16 @@
+# For creating and adding files to source SE, creating BULK.json file:
+
+./random_files_creator.sh --Files=20 --Name='Test_files_' --Path=$PWD/files/ --Source='davs://xfer.cr.cnaf.infn.it:8443/wlcg/msoares' --Destination='davs://amnesiac.cloud.cnaf.infn.it:8443/wlcg/msoares/dest'
+
+
+# for submitting the FTS transfer:
+
+fts-rest-transfer-submit -v -o -s https://fts3-cnaf.cloud.cnaf.infn.it:8446 -f BULK.json
+
+or
+
+fts-transfer-submit -v -o -s https://fts3-cnaf.cloud.cnaf.infn.it:8446 -f BULK.json
+
+# for cleannign the mess:
+
+./cleanup.sh
diff --git a/test/random_files_creator.sh b/test/random_files_creator.sh
new file mode 100755
index 0000000..6ca21f3
--- /dev/null
+++ b/test/random_files_creator.sh
@@ -0,0 +1,177 @@
+#!/bin/bash
+
+
+helpmessage="\n\nScript usage:\n\n
+\t\t ./random_file_creator.sh <--option=value> \n\n
+e.g.\t  ./random_file_creator.sh --Files=12 --Name='Pippo_files_' \n
+e.g.\t  ./random_file_creator.sh --Path=/path/to/directory/i/want/ \n
+\n
+Options:
+\n\n
+  -f=\t  --Files=\t\t:Insert number of files needed --Files=20 (default = 10)\n
+  -n=\t  --Name=\t\t:Insert fale name that means something to you  --Name='Pippo_files_'\n
+  -s=\t  --Source=\t\t:Insert Source storage element to put files
+  -d=\t  --Destination\t\t:Insert Destination storage element to copy files to
+  -p=\t  --Path=\t\t:Insert the path that you wish to use --Path=<path_to_dir>\n
+  -h\t   --help\t\t\t:Shows this help\n\n
+\n\n
+\t\t* If no values inserted it will use defaults values:\n
+\t\t\t Number of Files => 10\n
+\t\t\t File Names      => random_content_<random value>_00x.init\n
+\t\t\t Path            => /tmp/<username>/tmp.<random value>/ \n
+\n\n\n
+
+"
+
+#Default values
+numberOfFiles=10
+filesName="random_content_"
+sourceSEdir="https://xfer.cr.cnaf.infn.it:8443/webdav"
+destinationSEdir="https://amnesiac.cloud.cnaf.infn.it/webdav"
+#if [ $DIRAC ]
+#then
+#  diracDir=$DIRAC
+#else
+#  diracDir=$PWD
+#fi
+
+# Parsing arguments
+if [ $# -gt 0 ]
+then
+  for i in "$@"
+    do
+      case $i in
+
+        -h|--help|-?)
+        echo -e $helpmessage
+        exit 0
+        ;;
+
+        -f=*|--Files=*)
+        numberOfFiles="${i#*=}"
+        shift # past argument=value
+        ;;
+
+        -n=*|--Name=*)
+        filesName="${i#*=}"
+        shift # past argument=value
+        ;;
+
+        -s=*|--Source=*)
+        sourceSEdir="${i#*=}"
+        shift # past argument=value
+        ;;
+
+        -d=*|--Destination=*)
+        destinationSEdir="${i#*=}"
+        shift # past argument=value
+        ;;
+
+        -p=*|--Path=*)
+        temporaryPath="${i#*=}"
+        if [ ! -d "$temporaryPath" ]
+          then
+          mkdir -p $temporaryPath
+        fi
+        shift # past argument=value
+        ;;
+
+        *)
+        echo -e $helpmessage
+        exit 0
+            # unknown option
+        ;;
+      esac
+    done
+fi
+
+set +e
+currentDir=$PWD
+
+# Default temporary path
+if [ -z "$temporaryPath" ]
+  then
+  temporaryPath=$(mktemp -d)
+fi
+
+# Move to a tmp directory
+cd $temporaryPath
+if [ $? -ne 0 ]
+  then
+  echo $(tput setaf 1)"ERROR: cannot change to directory: " $temporaryPath$(tput sgr 0)
+    exit $?
+fi
+
+echo ""
+echo "Random files created in: "
+echo $(tput setaf 2)$temporaryPath$(tput sgr 0)
+echo ""
+# Start Removal file
+touch $currentDir/remove.me
+
+# Start bulk submission json file:
+touch $currentDir/BULK.json
+cat <<EOF >> $currentDir/BULK.json
+{
+  "files": [
+EOF
+
+# array of fileNames
+fileNames=()
+for n in $(eval echo "{1..$numberOfFiles}")
+do
+  fileNames+=($(date +"20%y%m%d")_$(date +"%H%M%S")_$( printf %03d "$n" ))
+done
+
+for n in $(eval echo "{1..$numberOfFiles}")
+do
+  randomx=$(( (RANDOM % 3) +1 )) # a random value between 1 and 4
+  echo ""
+  echo $(tput setaf 2)$temporaryPath"/"$filesName${fileNames[$n-1]}".init"$(tput sgr 0)
+  dd if=/dev/urandom of=$filesName${fileNames[$n-1]}.init bs=100M count=$randomx
+
+  # Gfal-copy file to source SE
+  sourceFile=$filesName${fileNames[$n-1]}.init
+  gfal-copy $temporaryPath/$sourceFile $sourceSEdir/$sourceFile -f -p
+
+  # Create entry in json file for bulk submission
+  cat <<EOF >> $currentDir/BULK.json
+  {
+    "sources": [
+        "$sourceSEdir/$sourceFile"
+      ],
+      "destinations": [
+        "$destinationSEdir/$sourceFile"
+      ],
+      "selection_strategy": "orderly",
+      "metadata": "file-metadata",
+      "activity": "Production",
+      "filesize": 1024
+    }
+EOF
+
+if [ $n -ne $numberOfFiles ]
+  then
+  cat <<EOF >> $currentDir/BULK.json
+  , 
+EOF
+fi
+
+rm $temporaryPath/$sourceFile
+
+#create a reference file for removal from the source and destination
+
+cat <<EOF >> $currentDir/remove.me
+$sourceSEdir/$sourceFile
+$destinationSEdir/$sourceFile
+EOF
+
+done
+
+cat <<EOF >> $currentDir/BULK.json
+   ]
+  }
+EOF
+
+
+
-- 
GitLab