diff --git a/cts/README b/cts/README
index 400cc5e450..2d3cf3fca4 100644
--- a/cts/README
+++ b/cts/README
@@ -1,609 +1,609 @@
 BASIC REQUIREMENTS BEFORE STARTING:
 
 Three machines:  one test exerciser and two test cluster machines.
 
 	The two test cluster machines need to be on the same subnet
 		and they should have journalling filesystems for
 		all of their filesystems other than /boot
 	You also need two free IP addresses on that subnet to test
 		mutual IP address takeover
 
 	The test exerciser machine doesn't need to be on the same subnet
 	as the test cluster machines.  Minimal demands are made on the 
 	exerciser machine - it just has to stay up during the tests ;-).
 	However, it does need to have a current copy of the cts test
 	scripts.  It is worth noting that these scripts are coordinated
 	with particular versions of linux-ha, so that in general you
 	have to have the same version of test scripts as the rest of 
 	linux-ha.
 	
 
 Install heartbeat, heartbeat-pils, and heartbeat-stonith on all three
 machines.  Set up the configuration on the cluster machines *and make
 a copy of it on the test exerciser machine*.  These are the necessary 
 files:
 	/etc/ha.d/ha.cf
 	/etc/ha.d/haresources
 	/etc/ha.d/authkeys
 
 NOTE: Do not run heartbeat on the test exerciser machine.  After
 installing all three packages, run the following to make sure that 
 heartbeat isn't automatically started every time the test exerciser
 machine boots:
 	rm /etc/rc.d/rc3.d/*heartbeat
 	rm /etc/rc.d/rc5.d/*heartbeat
 
 NOTE: Wherever machine names are mentioned in these configuration files,
 they must match the machines' `uname -n` name.  This may or may not match
 the machines' FQDN (fully qualified domain name) - it depends on how
 you (and your OS) have named the machines.  It helps a lot in tracking
 problems if the three machines' clocks are closely synchronized.  xntpd
 does this, but you can do it by hand if you want.
 
 Make sure the 'at' daemon is enabled on the test cluster machines (this
 is normally the 'atd' service started by /etc/init.d/atd).  This doesn't
 mean just start it, it means enable it to start on every boot into your
 default init state (probably either 3 or 5).  Enabling it for both state
 3 and 5 is a good minimum.  We don't need this in production - just for these
 tests.  This typically means you need a symlink for /etc/rc.d/rc3.d/S*atd
 to /etc/init.d/atd, and one in /etc/rc.d/rc5.d/S*atd.
 
 Make sure all your filesystems are journalling filesystems (/boot can be
 ext2 if you want).  This means filesystems like jfs, ext3, or reiserfs.
 
 Here's what you need to do to run CTS:
 
 Configure the two cluster machines with their logging of heartbeat
 messages redirected via syslog to the exerciser machine.  The exerciser 
 doesn't have to be the same OS as the others but it needs to be one that 
 supports a lot of the other things (like ssh and remote syslog logging).
 
 You may want to configure the cluster machines to boot into run level 3,
 that is without Xdm logins - particularly if they're behind a KVM switch.
 Some distros refuse to boot correctly without knowing what kind of mouse
 is present, and the kvm switch will likely make it impossible to figure
 out without manual intervention.  And since some of the tests cause the
 machine to reboot without manual intervention this would be a problem.
 
 Configure syslog on the cluster machines accordingly.
 	(see the Mini-MOWTOs at the end for more details)
 
 The exerciser needs to be able to ssh over to the cluster nodes as root
 without a password challenge.  Configure ssh accordingly.
 	(see the Mini-HOWTOs at the end for more details)
 
 The exerciser needs to have the IP addresses of the test machines available
 to it - either by DNS or by /etc/hosts.  It uses this to validate configuration
 information.
 
 The StonithdTest uses 'ssh' as its default plugin. To run this test, the cluster
 nodes need to be able to ssh over to each other without a password challenge.
 Configure ssh accordingly.
     (see the Mini-HOWTOs at the end for more details)
 
 The "heartbeat" service (init script) needs to be enabled to
 automatically start in the default run level on the cluster machines. 
 This typically means you need a symlink for /etc/rc.d/rc3.d/S*heartbeat
 to /etc/init.d/heartbeat, and one in /etc/rc.d/rc5.d/S*heartbeat.
 If you don't do this, then things will look fine until you run the STONITH
 test - and it will always fail...
 
 The test software is called cts and is in the (surprise!) cts directory.
 It's in the tarball, and (for later versions) is installed in
 /usr/lib/heartbeat/cts.
 
 The cts system consists of the following files:
 CM_fs.py        - ignore this - it's for failsafe
 CM_hb.py        - interacts with heartbeat
 CTS.py          - the core common code for testing
 CTSaudits.py    - performs audits at the end of each test
 CTSlab.py       - defines the "lab" (test) environment
 CTStests.py     - contains the definitions of the tests
 
 You probably should look at the CTSlab.py file, but you should no longer
 need to modify it.
 
 
 OK.  Now assuming you did all this and the stuff described below, what you
 need to do is run CTSlab.py.  If you run any other file, it won't test 
 your cluster ;-)
 
 Depending on permissions, etc., this may be either done as:
 	./CTSlab.py number-of-tests-to-run
 or as
 	python ./CTSlab.py number-of-tests-to-run
 
 The test output goes to standard error, so you'll probably want to catch stderr
 with the usual 2>&1 construct like this:
 	./CTSlab.py > outputfile 2>&1 &
 followed by a
 	tail -f outputfile
 
 Options for CTSlab:
 
 	--suppressmonitoring
 		Don't "monitor" resources as part of the audits
 
 	--directory dirname
 		Directory to find config info in.  Defaults to
 			/etc/ha.d
 	--logfile
 		Directory to find logging information in defaults to
 			/var/log/ha-log-local7
 	--stonith (yes|no)
 		Enable/disable STONITH tests
 	--standby (yes|no)
 		Enable/disable standby tests
 	-v2
 		Test release 2.x (includes 1.99.x)
 		(see the Mini-HOWTOs at the end for more details)
 	
 ==============
 Mini-HOWTOs:
 ==============
 
 --------------------------------------------------------------------------------
 How to redirect linux-HA logging the way CTS wants it using syslog
 --------------------------------------------------------------------------------
 
 NOTE:   There have been reports of messages being lost with vanilla syslog.
 	At least one of the developers recommends using syslog-ng or indeed
 	anything else to avoid these problems.
 
 1)	Redirect each machine to go (at least) to syslog local7:
 
 	Change /etc/ha.d/ha.cf on each test machine to say this:
 
 logfacility local7
 
 	(you can also log to a dedicated local file with logfile if you want)
 
 2)	Change /etc/syslog.conf to redirect local7 on each of your cluster
 	machines to redirect to your exerciser machine by adding this line
 	somewhere near the top of /etc/syslog.conf
 
 local7.*                                @exerciser-machine 
 
 3)	Change syslog on the exerciser machine to accept remote
 	logging requests. You do this by making sure it gets invoked with
 	the "-r" option. On SuSE Linux you need to change /etc/rc.config
 	to put have this line for SYSLOGD_PARAMS:
 
 SYSLOGD_PARAMS="-r"
 
 	If you're on a recent version of SuSE/UL, this parameter has
 	moved into /etc/sysconfig/syslog.  You'll have to restart syslog
 	after putting these parameters into effect.
 
 4)	Change syslog on the exerciser machine to redirect messages
 	from local7 into /var/log/ha-log-local7 by adding this line to
 	/etc/syslog.conf 
 
 local7.*			-/var/log/ha-log-local7
 
 	and then (on SuSE) run this command:
 
 /etc/rc.d/syslog restart
 
 	Use the corresponding function for your distro.
 
 --------------------------------------------------------------------------------
 How to make OpenSSH allow you to login as root across the network without
 a password.
 --------------------------------------------------------------------------------
 
 All our scripts run ssh -l root, so you don't have to do any of your testing
 logged in as root on the test machine
 
 1)	Grab your key from the exerciser machine:
 
 	take the single line out of ~/.ssh/identity.pub
 	and put it into root's authorized_keys file.
 	[This has changed to: copying the line from ~/.ssh/id_dsa.pub into
 		root's authorized_keys file ]
 
 	NOTE: If you don't have an id_dsa.pub file, create it by running:
 
 		ssh-keygen -t dsa
 
 2)	Run this command on each of the cluster machines as root:
 
 ssh -v -l myid ererciser-machine cat /home/myid/.ssh/identity.pub \
 	>> ~root/.ssh/authorized_keys
 
 [For most people, this has changed to:
   ssh -v -l myid exerciser-machine cat /home/myid/.ssh/id_dsa.pub \
 	>> ~root/.ssh/authorized_keys
 ]
 
 	You will probably have to provide your password, and possibly say
 	"yes" to some questions about accepting the identity of the
 	test machines
 
 3)	You must also do the corresponding update for the exerciser 
 	machine itself as root:
 
 	cat /home/myid/.ssh/identity.pub >> ~root/.ssh/authorized_keys
 
 	To test this, try this command from the exerciser machine for each
 	of your cluster machines, and for the exerciser machine itself.
 
 ssh -l root cluster-machine
 
 If this works without prompting for a password, you're in business...
 If not, you need to look at the ssh/openssh documentation and the output from
 the -v options above...
 
 --------------------------------------------------------------------------------
 How to redirect linux-HA logging the way CTS wants it using syslog-ng
 --------------------------------------------------------------------------------
 
 why syslog-ng:
         Syslog-ng can use tcp and guarantee availability of logs. It is
 important we get every log message or our test may fail with loss of some 
 important messages.
 
 The following instructions apply to RedHat systems:
 
 1)      Redirect each machine to go (at least) to syslog local7:
 
         Change /etc/ha.d/ha.cf on each test machine to say this:
 
 logfacility local7
 
 
 2)      On all machines: download syslog-ng rpm and install it.
         Or you can download its source at 
 		http://www.balabit.com/products/syslog_ng/
         and compile and install it.
 	
 
 3)      On all machines: stop syslog and disable it on reboot (SEE NOTE BELOW
 	FIRST)
         
 /etc/init.d/syslog stop
 chkconfig --level 2345 syslog off
 
 
 4)      On exerciser machine, add the source and destination for remote log in
 	the file /etc/syslog-ng/syslog-ng.conf. You can change the port number
 	to other number, but it must be the same with the port number in cluster
 	machines (see 5)
 
 options { long_hostnames(off); sync(0); perm(0640); stats(3600); time_reap(300); };
 source s_tcp { tcp(port(15789) max-connections(512)); }; 
 destination     d_ha  { file("/var/log/ha-log-local7"); };
 log { source(s_tcp); destination(d_ha); };
 
 
 5)      On cluster machines, send log out to a remote machine by adding the
 	following lines to /etc/syslog-ng/syslog-ng.conf after the definition
 	of f_boot.  Note the port number must be the same with 4).
 	Change exerciser-machine to the exerciser machine's IP or name
 
 source s_tcp { tcp(port(15789) max-connections(512)); };
 filter f_ha  { facility(local7); };
 filter f_ha_tcp  { facility(local7); };
 destination ha_local { file("/var/log/cluster.log" perm(0644)); };
 destination ha_tcp { tcp(exerciser-machine port(15789));};
 log { source(src); filter(f_ha_tcp); destination(ha_tcp); };
 log { source(src); source(s_tcp); filter(f_ha); destination(ha_local); };
         
 
 6)      Start syslog-ng and enable it upon reboot in all machines (SEE NOTE
 	BELOW FIRST)
 
 /etc/init.d/syslog-ng start
 chkconfig --level 2345 syslog-ng on
 
 NOTE:	Instead of disabling syslog and enabling syslog-ng, it is possible
 	with newer versions of syslog to simply tell it to use the syslog-ng
 	daemon instead of its own.  If you prefer this method, then step 3 
 	becomes:
 
 /etc/init.d/syslog stop
 
 	and step 6 becomes:
 
 echo SYSLOG_DAEMON="syslog-ng" >> /etc/sysconfig/syslog
 echo SYSLOG_NG_CREATE_CONFIG="no" >> /etc/sysconfig/syslog
 /etc/init.d/syslog start
 
 --------------------------------------------------------------------------------
 How to redirect linux-HA logging CTS wants with evlog
 --------------------------------------------------------------------------------
 
 Related background introduction
 
 evlog is a new logging system. It's open source, and its source/binary is 
 licensed under GPL/LGPL.  its web site is as below.
 http://evlog.sourceforge.net/
 
 evlog is compliance with draft POSIX Standard 1003.25. It can provide more 
 advanced logging capacities (please refer to its web site for more details). 
 Among its several important features, when comparing with syslog, the remote 
 logging with tcp protocol is preferred here.
 
 Why? Because when testing linux-ha as described above, you may have to need 
 remote logging support. Of course you can use syslog to get it via suitable
 setting as the steps described above. But, syslog itself only supports remote
 logging with udp protocol. As you know, sometimes udp protocol is not reliable 
 enough, especially under heavy workload, may lose some udp packages, cause 
 cts' log to become mess and difficult to analyze. Evlog is a good way to 
 resolve this issue.
 
 Briefly, we can locally forward syslog message to evlog, then continue 
 forwarding the log message to remote machine with evlog's tcp remote logging
 capacity. This don't require to rewrite related applications, such as heartbeat.
 It's a big advantage for us. Since by default evlog isn't configured to 
 support tcp remote logging, so need to configure it. The following is the brief 
 steps. Some of them are abstracted from evlog documents.
 
 1) Get the evlog, build binary if needed.
 -----------------------------------------
 
   You can download evlog binary or source from evlog project page:
 	http://sourceforge.net/projects/evlog                                              
   Some linux distributions, such as SLES, include evlog, but normally it 
 doesn't contain remote tcp logging module named as tcp_rmtlog_be. So you may
 need to get additional package from there.  
 
   If luck you can get the suitable binary packages for your system from there.
 As for rpm package, you need two packages as below. 
 	evlog		 -- Standard package, including most functions
 	tcp_rmtlog_be    -- Module to support remote tcp logging
   
   If you have to build binary for yourself, the simple steps is as below.
 Here suppose you begin from evlog-1.5.3 tarball.
 a. Log in as root
 b. Download evlog-1.5.3.tar.gz
 c. Untar the tarball
      tar -xzvf evlog-1.5.3.tar.gz
 d. cd to evlog-1.5.3
 e. To run configuration scripts. 
       ./autogen.sh
       ./configure
 f. Build and install.
     Normal way.
       make
       make install
       make startall
      
     Or                                                                                                     
     Build rpm do the following:
       make rpm
       make rpm-tcp
       make rpm-udp
     Then you can see the evlog and tcp_rmtlog_be in top build directory.
     you can install them with rpm command.
 
 When install is successful, you will see messages like these...
 /etc/rc.d/init.d/evlog start
 Starting enterprise event logger:                          [  OK  ]
 sleep 1
 /etc/init.d/evlogrmt start
 Starting remote event logger:                              [  OK  ]
 sleep 1
 /etc/rc.d/init.d/evlnotify start
 Starting enterprise event log notification:                [  OK  ]
 sleep 1
 /etc/rc.d/init.d/evlaction start
 Starting notification action daemon:                       [  OK  ]
 
 2) Configure remote event consolidator, which normally run CTS test scripts.
 ----------------------------------------------------------------------------
 
 This procedure configures the evlogrmtd daemon to accept events from other two
 hosts running heartbeat testing hosts on the network. So that events from 
 multiple hosts can be consolidated into a single log file.
 
 a. Log in as root
 b. Edit /etc/evlog.d/evlhosts to add an entry for each of two testing host that
    run heartbeat.  Each entry must specify host name, either simple name or 
    fqdn, and also a unique identifier for each host.  This identifier can be up 
    to 2 bytes, but cannot be equal to 0 (it will be ignored).
 
    For example, the following are all valid entries:
 
     (identifier)  (hostname)
        1          hatest1
        2          hatest2
 
 c. There is also a configuration file, /etc/evlog.d/evlogrmtd.conf which 
    contains the following as default:
 
      Password=password
      TCPPort=12000
 
    "Password" is used only by TCP clients to authenticate remote hosts when
    attempting to connect.  
 
    "TCPPort" must match the TCP port used by other two test machines for 
    sending events to the event consolidator.
 
 d. Restart the evlogrmtd daemon...
 
        /etc/init.d/evlogrmt restart
                                                                                                            
    If evlogrmtd cannot resolve any of the hosts listed in evlhosts, or there 
    are no entries in /etc/evlog.d/evlhosts, then the evlogmrtd will exit.
 
 3) Configure the two test machine on which heartbeat will run.
 -------------------------------------------------------------
 
 This procedure installs and configures an event tcp logging plugin for 
 forwarding events to a remote event consolidator. 
 
 The local logging software must be installed.
 
 a. Log in as root.
 
 b. If have installed tcp_rmtlog_be, then skip to next step. Or execute the
    following command (shown for i386 rpm):
        rpm -i tcp_rmtlog_be-1.5.3-1.i386.rpm
 
 c. cd to /etc/evlog.d/plugins, then edit tcp_rmtlog_be.conf.
    you need to specify the following items.
 
    IP address, or hostname  - for the event consolidator.
    Port number - should match the port number used by the event consolidator.
    Disable=no - to send events using TCP
    Password - must match password expected by the event consolidator when the 
         TCP connection is attempted.
    BufferLenInKbytes - Specifies the size of the memory buffer for events being
         transmitted via TCP.  This reduces the chances of losing events during 
 	temporary loss of connection.  Default size=128.  Recommended range = 32
 	 to 1024.
 
    A sample tcp_rmtlog_be.conf may like as below.
 
 Remote Host=172.30.1.180
 Password=password
 Port=12000
 BufferLenInKbytes=128
 Disable=no
 
 d. Restart the evlogd daemon to load the plugin...
       /etc/init.d/evlog restart
 
 4) Configure syslog on the pair of HA machines.
 -----------------------------------------------
 
 For forwarding syslog messages to the evlog on the same machine. Issue this
  command, which is from evlog package.
 	/sbin/slog_fwd
 
  This will forward syslog messages immediately, and after every subsequent
  reboot.  To disable syslog forwarding:
 	/sbin/slog_fwd -r
 
 5) Test your configure work.  
 ----------------------------
 
 For example, on you one of the pair of HA machines, issue this command:
 	logger -p local7.info "logging hello from hatest1" 
 
 Then go to remote event consolidator, which run CTS test scripts. issue this
 command, which is from evlog package.
 	evlview -m | grep hatest1
 you should see its result.
 	Apr  7 13:32:04 hadev1 logging hello from hatest1
 
 Notes, by default event log message of evlog is store in file
 	/var/evlog/eventlog
 It's a file containing binary structure messages, so you should use evlview 
 to read them.
 
 Enjoy evlog ;). The end.
 
 --------------------------------------------------------------------------------
 How to configure release 2.x (including 1.99.x) for cts testing
 --------------------------------------------------------------------------------
 To test release 2.x (including 1.99.x) you need to do the following additional
 work.
 
 1. Please build the source code with --enable-crm option and install it.
 
 2. Configure ha.cf, and make it same on the test exerciser and all test 
 cluster machines.  Please add the following lines to ha.cf:
 	auto_failback legacy
 	crm yes
 Also, if the following line is in ha.cf, please remove it as it does not
 apply to 2.x:
 	respawn hacluster /usr/lib/heartbeat/ipfail 
 
 3. Remove all lines from haresources and save it as an empty file until
 bug 613 (http://www.osdl.org/developer_bugzilla/show_bug.cgi?id=613) is
 resolved.
 
 4. Now we can start cts test on the exerciser node:
 		./CTSlab.py -v2 number-of-tests-to-run
 	or as
 		python ./CTSlab.py -v2 number-of-tests-to-run
 
 5. To automatically generate and install a sample CIB:
       add the -r and -c options to the above command
 
 --------------------------------------------------------------------------------
 How to configure OpenSSH for StonithdTest
 --------------------------------------------------------------------------------
 
 This configure enables cluster machines to ssh over to each other without a
 password challenge.
 
 1)	On each of the cluster machines, grab your key:
 
 	take the single line out of ~/.ssh/identity.pub
 	and put it into root's authorized_keys file.
 	[This has changed to: copying the line from ~/.ssh/id_dsa.pub into
 		root's authorized_keys file ]
 
 	NOTE: If you don't have an id_dsa.pub file, create it by running:
 
 		ssh-keygen -t dsa
 
 2)	Run this command on each of the cluster machines as root:
 
 ssh -v -l myid cluster_machine_1 cat /home/myid/.ssh/identity.pub \
 	>> ~root/.ssh/authorized_keys
 
 ssh -v -l myid cluster_machine_2 cat /home/myid/.ssh/identity.pub \
 	>> ~root/.ssh/authorized_keys
 
 ......
 
 ssh -v -l myid cluster_machine_n cat /home/myid/.ssh/identity.pub \
 	>> ~root/.ssh/authorized_keys
 
 [For most people, this has changed to:
   ssh -v -l myid cluster_machine cat /home/myid/.ssh/id_dsa.pub \
 	>> ~root/.ssh/authorized_keys
 ]
 
 	You will probably have to provide your password, and possibly say
 	"yes" to some questions about accepting the identity of the
 	test machines
 
 To test this, try this command from any machine for each
 of other cluster machines, and for the machine itself.
 
     ssh -l root cluster-machine
 
 This should work without prompting for a password,
 If not, you need to look at the ssh/openssh documentation and the output from
 the -v options above...
 
 ----------------------------------------------------------------------------------
-How to set up host based authentication (http://wiki.linux-ha.org/HostBasedAuthentication)
+How to set up host based authentication
 ----------------------------------------------------------------------------------
 Client Machine 
 1) set 
 	HostbasedAuthentication yes
 in /etc/ssh/ssh_config 
 
 Server Machine
 1) in server, in /etc/ssh/sshd_config, set 
 	HostbasedAuthentication yes
 	IgnoreUserKnownHosts yes
    and restart sshd 
 
 2) put client's machine name to /etc/ssh/shosts.equiv (assume the client is posic021) 
 	posic021
 	posic021.domain.name
 
 3) put the client machine's host key to /etc/ssh/ssh_known_hosts, 
    add the client machine's name/full domain name/ip before that, e.g 
 	posic021,posic021.domain.name,141.142.xxx.xxx, ssh-rsa  .....
 
 4) For HostBasedAuthentication to work with root, In the server machine, 
    you need have the file /root/.shosts 
 	posic021.domain.name root
    You also need to set 
 	IgnoreRhosts no
    in /etc/ssh/sshd_config and then restart sshd. 
 
 
 
 
 
 
diff --git a/xml/crm-1.0.dtd b/xml/crm-1.0.dtd
index ac6e35b5bd..259718251c 100644
--- a/xml/crm-1.0.dtd
+++ b/xml/crm-1.0.dtd
@@ -1,865 +1,865 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!--
 GLOBAL TODOs:
 
 Versionize DTD so we can validate against a specific version
 
 Background
  The CIB is described quite well in section 5 of the crm.txt (checked into CVS in the crm directory) so it is not repeated here.
  Suffice to say that it stores the configuration and runtime data required for cluster-wide resource management in XML format.
 
 CIB: Information Structure
  The CIB is divided into two main sections: The "static" configuration part and the "dynamic" status.
 
  The configuration contains - surprisingly - the configuration of the cluster, namely node attributes, resource instance configuration, and the constraints which describe the dependencies between all these.
  To identify the most recent configuration available in the cluster, this section is time-stamped with the unique timestamp of the last update.
 
  The status part is dynamically generated / updated by the CRM system and represents the current status of the cluster; which nodes are up, down or crashed, which resources are running where etc.
 
  Every information carrying object has an "id" tag, which is basically the UUID of it, should we ever need to access it directly.
  Unless otherwise stated, the id field is a short name consisting simple ascii characters [a-zA-Z0-9_\-]
  The exception is for resources because the LRM can support only id's of up to 64 characters.
 
 Other Notes
  The description field in all elements is opaque to the CRM and is for administrative comments.
 
 TODO
  * Figure out a sane way to version the DTD
  * Do we need to know about ping nodes...?
  * The integer comparison type really should be number
 -->
 <!ELEMENT cib (configuration, status)>
 <!ATTLIST cib
           cib-last-written CDATA        #IMPLIED
 
           admin_epoch  CDATA        #REQUIRED
           epoch        CDATA        #REQUIRED
           num_updates  CDATA        #REQUIRED
           num_peers    CDATA        #IMPLIED        
 
           cib_feature_revision  CDATA   #IMPLIED
           crm_feature_set       CDATA   #IMPLIED
           remote_access_port    CDATA   #IMPLIED        
 
           dc_uuid        CDATA             #IMPLIED
           ccm_transition CDATA             #IMPLIED
           have_quorum    (true|yes|1|false|no|0)  'false'
           ignore_dtd     (true|yes|1|false|no|0)  #IMPLIED
 
           validate-with  CDATA    #IMPLIED        
           generated      CDATA    #IMPLIED        
           crm-debug-origin CDATA    #IMPLIED>
 
 <!--
 The CIB's version is a tuple of admin_epoch, epoch and num_updates (in that order).
 
 This is used when applying updates from the master CIB instance.
 
 Additionally, num_peers and have_quorum are used during the election process to determin who has the latest configuration.
  * num_updates is incremented every time the CIB changes.
  * epoch is incremented after every DC election.
  * admin_epoch is exclusivly for the admin to change.
  * num_peers is the number of CIB instances that we can talk to
  * have_quorum is derived from the ConsensusClusterMembership layer
  * dc_uuid stored the UUID of the current DesignatedController
  * ccm_transition stores the membership instance from the ConsensusClusterMembership layer.
  * cib_feature_revision is the feature set that this configuration requires
 -->
 <!ELEMENT configuration (crm_config, nodes, resources, constraints)>
 
 <!--
 crm_config
 
 Used to specify cluster-wide options.
 
 The use of multiple cluster_property_set sections and time-based rule expressions allows the the cluster to behave differently (for example) during buisness hours than it does overnight.
 -->
 <!ELEMENT crm_config (cluster_property_set)*>
 
 <!--
 Current crm_config options:
 
  * transition_idle_timeout (interval, default=60s):
    If no activity is recorded in this time, the transition is deemed failed as are all sent actions that have not yet been confirmed complete.
    If any operation initiated has an explicit higher timeout, the higher value applies.
 
  * symmetric_cluster (boolean, default=TRUE):
    If true, resources are permitted to run anywhere by default.
    Otherwise, explicit constraints must be created to specify where they can run.
 
  * stonith_enabled (boolean, default=FALSE):
    If true, failed nodes will be fenced.
 
  * no_quorum_policy (enum, default=stop)
    * ignore - Pretend we have quorum
    * freeze - Do not start any resources not currently in our partition.
      Resources in our partition may be moved to another node within the partition
      Fencing is disabled
    * stop - Stop all running resources in our partition
      Fencing is disabled
 
  * default_resource_stickiness
    Do we prefer to run on the existing node or be moved to a "better" one?
    * 0 : resources will be placed optimally in the system.
      This may mean they are moved when a "better" or less loaded node becomes available.
      This option is almost equivalent to auto_failback on except that the resource may be moved to other nodes than the one it was previously active on.
    * value > 0 : resources will prefer to remain in their current location but may be moved if a more suitable node is available.
      Higher values indicate a stronger preference for resources to stay where they are.
    * value < 0 : resources prefer to move away from their current location.
      Higher absolute values indicate a stronger preference for resources to be moved.
    * INFINITY : resources will always remain in their current locations until forced off because the node is no longer eligible to run the resource (node shutdown, node standby or configuration change).
      This option is almost equivalent to auto_failback off except that the resource may be moved to other nodes than the one it was previously active on.
    * -INFINITY : resources will always move away from their current location.
 
  * is_managed_default (boolean, default=TRUE)
    Unless the resource's definition says otherwise,
    * TRUE : resources will be started, stopped, monitored and moved as necessary/required
    * FALSE : resources will not started if stopped, stopped if started nor have any recurring actions scheduled.
 
  * stop_orphan_resources (boolean, default=TRUE (as of release 2.0.6))
    If a resource is found for which we have no definition for;
    * TRUE : Stop the resource
    * FALSE : Ignore the resource
    This mostly effects the CRM's behavior when a resource is deleted by an admin without it first being stopped.
 
  * stop_orphan_actions (boolean, default=TRUE)
    If a recurring action is found for which we have no definition for;
    * TRUE : Stop the action
    * FALSE : Ignore the action
    This mostly effects the CRM's behavior when the interval for a recurring action is changed.
 -->
 <!ELEMENT cluster_property_set (rule*, attributes)>
 <!ATTLIST cluster_property_set
           id                CDATA        #REQUIRED
           score             CDATA        #IMPLIED>
 
 <!ELEMENT nodes       (node*)>
 
 <!--
  * id    : the node's UUID.
  * uname : the result of uname -n
  * type  : should either be "normal" or "member" for nodes you with to run resources 
    "normal" is preferred as of version 2.0.4
 
 Each node can also have additional "instance" attributes.
 These attributes are completely arbitrary and can be used later in constraints.
 In this way it is possible to define groups of nodes to which a constraint can apply.
 
 It is also theoretically possible to have a process on each node which updates these values automatically.
 This would make it possible to have an attribute that represents "connected to SAN subsystem" or perhaps "system_load (low|medium|high)".
 
 Ideally it would be possible to have the CRMd on each node gather some of this information and automatically populate things like architecture and OS/kernel version.
 -->
 <!ELEMENT node (instance_attributes*)>
 <!ATTLIST node
           id            CDATA         #REQUIRED
           uname         CDATA         #REQUIRED
           description   CDATA         #IMPLIED
           type          (normal|member|ping) #REQUIRED>
 
 <!ELEMENT resources   (primitive|group|clone|master_slave)*>
 
 <!--
  * class
    Specifies the location and standard the resource script conforms to
    * ocf
      Most OCF RAs started out life as v1 Heartbeat resource agents.
      These have all been ported to meet the OCF specifications.
      As an added advantage, in accordance with the OCF spec, they also describe the parameters they take and what their defaults are.
      It is also easier to configure them as each part of the configuration is passed as its own parameter.
      In accordance with the OCF spec, each parameter is passed to the RA with an OCF_RESKEY_ prefix.
      So ip=192.168.1.1 in the CIB would be passed as OCF_RESKEY_ip=192.168.1.1.
      Located under /usr/lib/ocf/resource.d/heartbeat/.
    * lsb
      Most Linux init scripts conform to the LSB specification.
      The class allows you to use those that do as resource agents controlled by Heartbeat.
      Located in /etc/init.d/.
    * heartbeat
      This class gives you access to the v1 Heartbeat resource agents and allows you to reuse any custom agents you may have written.
      Located at /etc/heartbeat/resource.d/ or /etc/ha.d/resource.d.
 
  * type : The name of the ResourceAgent you wish to use.
 
  * provider
    The OCF spec allows multiple vendors to supply the same ResourceAgent.
    To use the OCF resource agents supplied with Heartbeat, you should specify heartbeat here
 
  * is_managed : Is the ClusterResourceManager in control of this resource.
    * true : (default) the resource will be started, stopped, monitored and moved as necessary/required
    * false : the resource will not started if stopped, stopped if started nor have any recurring actions scheduled.
      The resource may still be referenced in colocation constraints and ordering constraints (though obviously if no actions are performed on it then it will prevent the action on the other resource too)
 
  * restart_type
    Used when the other side of an ordering dependency is restarted/moved.
    * ignore : the default.
      Don't do anything extra.
    * restart
      Use this for example to have a restart of your database also trigger a restart of your web-server.
    * multiple_active
      Used when a resource is detected as being active on more than one machine.
      The default value, stop_start, will stop all instances and start only 1
    * block : don't do anything, wait for the administrator
    * stop_only : stop all the active instances
    * stop_start : start the resource on one node after having stopped all the active instances
 
  * resource_stickiness
    See the description of the default_resource_stickiness cluster attribute.
    resource_stickiness allows you to override the cluster's default for the individual resource.
 
 NOTE: primitive resources may contain at most one "operations" object.
       The CRM will complain about your configuration if this criteria is not met.
       Please use crm_verify to ensure your configuration is valid.
       The DTD is written this way to be order in-sensitive.
 -->
 <!ELEMENT primitive (operations|meta_attributes|instance_attributes)*>
 <!ATTLIST primitive
           id                CDATA        #REQUIRED
           description       CDATA        #IMPLIED
           class             (ocf|lsb|heartbeat|stonith) #REQUIRED
           type              CDATA        #REQUIRED
           provider          CDATA        #IMPLIED
 
           is_managed            CDATA                            #IMPLIED
           restart_type          (ignore|restart)                 'ignore'
           multiple_active       (stop_start|stop_only|block)     'stop_start'
           resource_stickiness   CDATA                             #IMPLIED>
 <!--
 This allows us to specify how long an action can take
 
  * name : the name of the operation.
    Supported operations are start, stop, & monitor
 
  * start_delay : delay the operation after starting the resource
    By default this value is in milliseconds, however you can also specify a value in seconds like so timeout="5s". Used for the monitor operation.
 
  * timeout : the maximum period of time before considering the action failed.
    By default this value is in milliseconds, however you can also specify a value in seconds like so timeout="5s".
 
  * interval : This currently only applies to monitor operations and specifies how often the LRM should check the resource is active.
    The same notation for timeout applies.
 
  * prereq : What conditions need to be met before this action can be run
    * nothing : This action can be performed at any time
    * quorum : This action requires the partition to have quorum
    * fencing : This action requires the partition to have quorum and any fencing operations to have completed before it can be executed
 
  * on_fail : The action to take if this action ever fails.
    * nothing : Pretend the action didnt actually fail
    * block : Take no further action on the resource - wait for the administrator to resolve the issue
    * restart : Stop the resource and re-allocate it elsewhere
    * stop : Stop the resource and DO NOT re-allocate it elsewhere
    * fence : Currently this means fence the node on which the resource is running.
      Any other resources currently active on the machine will be migrated away before fencing occurs.
 
 Only one entry per supported action+interval is currently permitted.
 Parameters specific to each operation can be passed using the instance_attributes section.
 -->
 <!ELEMENT operations (op*)>
 <!ELEMENT op (meta_attributes|instance_attributes)*>
 <!ATTLIST op
           id            CDATA         #REQUIRED
           name          CDATA         #REQUIRED
           description   CDATA         #IMPLIED
           interval      CDATA         #IMPLIED
           timeout       CDATA         #IMPLIED
           start_delay   CDATA         '0'
           disabled      (true|yes|1|false|no|0)        'false'
           role          (Master|Slave|Started|Stopped) 'Started'
           prereq        (nothing|quorum|fencing)       #IMPLIED
           on_fail       (ignore|block|stop|restart|fence)     #IMPLIED>
 <!--
 Use this to emulate v1 type Heartbeat groups.
 Defining a resource group is a quick way to make sure that the resources:
  * are all started on the same node, and
  * are started and stopped in the correct (sequential) order
 though either or both of these properties can be disabled.
 
 NOTE: Do not create empty groups.  
       They are temporarily supported because the GUI requires it but will be removed as soon as possible.
       The DTD is written this way to be order in-sensitive.
 -->
 <!ELEMENT group (meta_attributes|instance_attributes|primitive)*>
 <!ATTLIST group
           id            CDATA               #REQUIRED
           description   CDATA               #IMPLIED
 
           is_managed            CDATA                         #IMPLIED
           restart_type          (ignore|restart)              'ignore'
           multiple_active       (stop_start|stop_only|block)  'stop_start'
           resource_stickiness   CDATA			      #IMPLIED
 
           ordered               (true|yes|1|false|no|0)       'true'
           collocated            (true|yes|1|false|no|0)       'true'>
 <!--
 Clones are intended as a mechanism for easily starting a number of resources (such as a web-server) with the same configuration.
 As an added benefit, the number that should be started is an instance parameter and when combined with time-based constraints, allows the administrator to run more instances during peak times and save on resources during idle periods.
 
  * ordered
    Start (or stop) each clone only after the operation on the previous clone completed.
 
  * interleaved
    If a colocation constraint is created between two clone resources and interleaved is true, then clone N from one resource will be assigned the same location as clone N from the other resource.
    If the number of runnable clones differs, then the leftovers can be located anywhere.
 Using a cloned group is a much better way of achieving the same result.
 
  * notify
    If true, inform peers before and after any clone is stopped or started.
    If an action failed, you will (currently) not recieve a post-notification.
    Instead you can next expect to see a pre-notification for a stop.
    If a stop fails, and you have fencing you will get a post-notification for the stop after the fencing operation has completed.
    In order to use the notification service ALL decendants of the clone MUST support the notify action.
    Currently this action is not permitted to fail, though depending on your configuration, can block almost indefinitly.
    Behaviour in response to a failed action or notificaiton is likely to be improved in future releases.
 
-   See http://linux-ha.org/v2/Concepts/Clones for more information on notify actions
+   See http://www.clusterlabs.org/doc/en-US/Pacemaker/1.0/html/Pacemaker_Explained/s-resource-clone.html for more information on notify actions
 
 
 NOTE: Clones must contain exactly one primitive or one group resource. 
       The CRM will complain about your configuration if this criteria is not met.
       Please use crm_verify to ensure your configuration is valid.
       The DTD is written this way to be order in-sensitive.
 -->
 
 <!ELEMENT clone (meta_attributes|instance_attributes|primitive|group)*>
 <!ATTLIST clone
           id            CDATA               #REQUIRED
           description   CDATA               #IMPLIED
 
           is_managed            CDATA                         #IMPLIED
           restart_type          (ignore|restart)              'ignore'
           multiple_active       (stop_start|stop_only|block)  'stop_start'
           resource_stickiness   CDATA                         #IMPLIED
 
           notify                (true|yes|1|false|no|0)       'false'
           globally_unique       (true|yes|1|false|no|0)       'true'
           ordered               (true|yes|1|false|no|0)       'false'
           interleave            (true|yes|1|false|no|0)       'false'>
 <!--
 Master/Slave resources are a superset of Clones in that instances can also be in one of two states.
 The meaning of the states is specific to the resource.
 
 NOTE: master_slave must contain exactly one primitive resource OR one group resource.
       It may not contain both, nor may it contain neither.
       The CRM will complain about your configuration if this criteria is not met.
       Please use crm_verify to ensure your configuration is valid.
       The DTD is written this way to be order in-sensitive.
 -->
 <!ELEMENT master_slave (meta_attributes|instance_attributes|primitive|group)*>
 <!ATTLIST master_slave
           id            CDATA       #REQUIRED
           description   CDATA       #IMPLIED
 
           is_managed            CDATA                         #IMPLIED
           restart_type          (ignore|restart)              'ignore'
           multiple_active       (stop_start|stop_only|block)  'stop_start'
           resource_stickiness   CDATA                         #IMPLIED
 
           notify                (true|yes|1|false|no|0)       'false'
           globally_unique       (true|yes|1|false|no|0)       'true'
           ordered               (true|yes|1|false|no|0)       'false'
           interleave            (true|yes|1|false|no|0)       'false'>
 
 <!--
 Most resource options are configured as instance attributes.
 Some of the built-in options can be configured directly on the resource or as an instance attribute.
 The advantage of using instance attributes is the added flexibility that can be achieved through conditional ?<rule/>s (see below).
 
 You can have multiple sets of 'instance attributes', they are first sorted by score and then processed.
 The first to have its ?<rule/> satisfied and define an attribute wins.
 Subsequent values for the attribute will be ignored.
 
 Note that:
  * instance_attributes sets with id equal to cib-bootstrap-options are treated as if they have a score of INFINITY.
  * instance_attributes sets with no score implicitly have a score of zero.
  * instance_attributes sets with no rule implicitly have a rule that evaluates to true.
 
 The addition of conditional <rule/>s to the instance_attributes object allows for an infinite variety of configurations.
 Just some of the possibilities are:
  * Specify different resource parameters
    * depending on the node it is allocated to (a resource may need to use eth1 on host1 but eth0 on host2)
    * depending on the time of day (run 10 web-servers at night an 100 during the day)
  * Allow nodes to have different attributes depending on the time-of-day
    * Set resource_stickiness to avoid failback during business hours but allow resources to be moved to a more preferred node on the weekend
    * Switch a node between a "front-end" processing group during the day to a "back-end" group at night.
 
 Common instance attributes for all resource types:
  * priority (integer, default=0):
    dictates the order in which resources will be processed.
    If there is an insufficient number of nodes to run all resources, the lower priority resources will be stopped to make sure the higher priority resources remain active.
 
  * is_managed: See previous description.
 
  * resource_stickiness: See previous description.
 
  * target_role: (Started|Stopped|Master|Slave|default, default=#default)
    * #default : Let the cluster decide what to do with the resource
    * Started : Ignore any specified value of is_managed or is_managed_default and attempt to start the resource
    * Stopped : Ignore any specified value of is_managed or is_managed_default and attempt to stop the resource
    * Master : Ignore any specified value of is_managed, is_managed_default or promotion preferences and attempt to put all instances of a cloned resource into Master mode.
    * Slave : Ignore any specified value of is_managed, is_managed_default or promotion preferences and attempt to put all instances of a cloned resource into Slave mode.
 
 Common instance attributes for clones:
  * clone_max (integer, default=1):
    the number of clones to be run
 
 * clone_node_max (integer, default=1):
   the maximum number of clones to be run on a single node
 
 Common instance attributes for nodes:
  * standby (boolean, default=FALSE)
    if TRUE, indicates that resources can not be run on the node
 -->
 <!ELEMENT instance_attributes (rule*, attributes)>
 <!ATTLIST instance_attributes
           id                CDATA        #REQUIRED
           score             CDATA        #IMPLIED>
 
 <!ELEMENT meta_attributes (rule*, attributes)>
 <!ATTLIST meta_attributes
           id                CDATA        #REQUIRED
           score             CDATA        #IMPLIED>
 
 <!--
 Every constraint entry also has a 'lifetime' attribute, which expresses when this constraint is applicable.
 For example, a constraint may only be valid during certain times of the day, or days of the week.
 Eventually, we would like to be able to support constraints that only last until events such as the next reboot or the next transition.
 -->
 <!ELEMENT constraints (rsc_order|rsc_colocation|rsc_location)*>
 
 <!--
 rsc_ordering constraints express dependencies between the actions on two resources.
  * from : A resource id
  * action : What action does this constraint apply to.
  * type : Should the action on from occur before or after action on to
  * to : A resource id
  * symmetrical : If TRUE, create the reverse constraint for the other action also.
 
 Read as:
      action from type to_action to
 eg. 
      start rsc1 after promote rsc2
 
 -->
 <!ELEMENT rsc_order (lifetime?)>
 <!ATTLIST rsc_order
           id        CDATA #REQUIRED
           from      CDATA #REQUIRED
           to        CDATA #REQUIRED
           action    CDATA		'start'
           to_action CDATA		'start'
           type      (before|after)	'after'
           score     CDATA		'INFINITY'
           symmetrical (true|yes|1|false|no|0)	'true'>
 
 <!--
 
 Specify where a resource should run relative to another resource
 
 Make rsc 'from' run on the same machine as rsc 'to'
 
 If rsc 'to' cannot run anywhere and 'score' is INFINITY, 
   then rsc 'from' wont be allowed to run anywhere either
 If rsc 'from' cannot run anywhere, then 'to' wont be affected
 
 -->
 <!ELEMENT rsc_colocation (lifetime?)>
 <!ATTLIST rsc_colocation
           id             CDATA #REQUIRED
           from           CDATA #REQUIRED
           from_role      CDATA #IMPLIED
           to             CDATA #REQUIRED
           to_role        CDATA #IMPLIED
           symmetrical    (true|yes|1|false|no|0)	'false'
           node_attribute CDATA #IMPLIED
           score          CDATA #REQUIRED>
 
 <!--
 Specify which nodes are eligible for running a given resource.
 
 During processing, all rsc_location for a given rsc are evaluated.
 
 All nodes start out with their base weight (which defaults to zero).
 This can then be modified (up or down) using any number of rsc_location constraints.
 
 Then the highest non-zero available node is determined to place the resource.
 If multiple nodes have the same weighting, the node with the fewest running resources is chosen.
 
 The rsc field is, surprisingly, a resource id.
 -->
 <!ELEMENT rsc_location (lifetime?,rule*)>
 <!ATTLIST rsc_location
           id          CDATA #REQUIRED
           description CDATA #IMPLIED
           rsc         CDATA #REQUIRED
           node        CDATA #IMPLIED
           score       CDATA #IMPLIED>
 <!ELEMENT lifetime (rule+)>
 <!ATTLIST lifetime id  CDATA     #REQUIRED>
 
 <!--
  * boolean_op
    determines how the results of multiple expressions are combined.
 
  * role
    limits this rule to applying to Multi State resources with the named role.
    Roles include Started, Stopped, Slave, Master though only the last two are considered useful.
    NOTE: A rule with role="Master" can not determin the initial location of a clone instance.
    It will only affect which of the active instances will be promoted.
 
  * score
    adjusts the preference for running on the matched nodes.
    NOTE: Nodes that end up with a negative score will never run the resource.
    Two special values of "score" exist: INFINITY and -INFINITY.
    Processing of these special values is as follows:
 
       INFINITY +/- -INFINITY : -INFINITY
       INFINITY +/-  int      :  INFINITY
      -INFINITY +/-  int      : -INFINITY
   
  * score_attribute 
    an alternative to the score attribute that provides extra flexibility.
   Each node matched by the rule has its score adjusted differently, according to its value for the named node attribute.
   Thus in the example below, if score_attribute="installed_ram" and nodeA would have its preference to run "the resource" increased by 1024 whereas nodeB would have its preference increased only by half as much.
 
     <nodes>
       <node id="uuid1" uname="nodeA" type="normal">
         <instance_attributes id="uuid1:custom_attrs">
           <attributes>
             <nvpair id="uuid1:installed_ram" name="installed_ram" value="1024"/>
             <nvpair id="uuid1:my_other_attr" name="my_other_attr" value="bob"/>
           </attributes>
         </instance_attributes>
       </node>
       <node id="uuid2" uname="nodeB" type="normal">
         <instance_attributes id="uuid2:custom_attrs">
           <attributes>
             <nvpair id="uuid2:installed_ram" name="installed_ram" value="512"/>
           </attributes>
         </instance_attributes>
       </node>
     </nodes>
 -->
 <!ELEMENT rule (expression|date_expression|rule)*>
 <!ATTLIST rule
           id                  CDATA          #REQUIRED
           role                CDATA          #IMPLIED
           score               CDATA          #IMPLIED
           score_attribute     CDATA          #IMPLIED
           boolean_op          (or|and)      'and'>
 
 <!--
 Returns TRUE or FALSE depending on the properties of the object being tested.
 
  * type determines how the values being tested.
    * integer Values are converted to floats before being compared.
    * version The "version" type is intended to solve the problem of comparing 1.2 and 1.10
    * string Uses strcmp
 
 Two built-in attributes are node id #id and node uname #uname so that:
       attribute=#id value=8C05CA5C-C9E3-11D8-BEE6-000A95B71D78 operation=eq, and
       attribute=#uname value=test1 operation=eq
 would both be valid tests.
 
 An extra built-in attribute called #is_dc will be set to true or false depending on whether the node is operating as the DC for the cluster.
 Valid tests using this test would be of the form:
 
         attribute=#is_dc operation=eq value=true,  and
         attribute=#is_dc operation=eq value=false, and
         attribute=#is_dc operation=ne value=false
                         (for those liking double negatives :))
 -->
 <!ELEMENT expression EMPTY>
 <!ATTLIST expression
           id         CDATA                    #REQUIRED
           attribute  CDATA                    #REQUIRED
           operation  (lt|gt|lte|gte|eq|ne|defined|not_defined) #REQUIRED
           value      CDATA                    #IMPLIED
           type       (number|string|version) 'string'>
 
 <!--
  * start : A date-time conforming to the ISO8601 specification.
  * end : A date-time conforming to the ISO8601 specification.
    A value for end may, for any usage, be omitted and instead inferred using start and duration.
  * operation
    * gt : Compares the current date-time with start date.
      Checks now > start.
    * lt : Compares the current date-time with end date.
      Checks end > now
    * in_range : Compares the current date-time with start and end.
      Checks now > start and end > now.
      If either start or end is omitted, then that part of the comparision is not performed.
    * date_spec : Performs a cron-like comparision between the contents of date_spec and now.
      If values for start and/or end are included, now must also be within that range.
      Or in other words, the date_spec operation can also be made to perform an extra in_range check.
 
 NOTE: Because the comparisions (except for date_spec) include the time, the eq, neq, gte and lte operators have not been implemented.
 -->
 <!ELEMENT date_expression (date_spec?,duration?)>
 <!ATTLIST date_expression
         id         CDATA  #REQUIRED
         operation  (in_range|date_spec|gt|lt) 'in_range'
         start      CDATA  #IMPLIED
         end        CDATA  #IMPLIED>
 
 <!--
 date_spec is used for (surprisingly  ) date_spec operations.
 
 Fields that are not supplied are ignored.
 
 Fields can contain a single number or a single range.
 Eg.
 monthdays="1" (Matches the first day of every month) and hours="09-17" (Matches hours between 9am and 5pm inclusive) are both valid values.
 weekdays="1,2" and weekdays="1-2,5-6" are NOT valid ranges.
 This may change in a future release.
 
  * seconds : Value range 0-59
  * minutes : Value range 0-59
  * hours : Value range 0-23
  * monthdays : Value range 0-31 (depending on current month and year)
  * weekdays : Value range 1-7 (1=Monday, 7=Sunday)
  * yeardays : Value range 1-366 (depending on current year)
  * months : Value range 1-12
  * weeks : Value range 1-53 (depending on weekyear)
  * weekyears : Value range 0...
   (NOTE: weekyears may differ from Gregorian years.
   Eg. 2005-001 Ordinal == 2005-01-01 Gregorian == 2004-W53-6 Weekly )
  * years : Value range 0...
  * moon : Value range 0..7 - 0 is new, 4 is full moon.
    Because we can(tm)
 -->
 
 <!ELEMENT date_spec EMPTY>
 <!ATTLIST date_spec
         id         CDATA  #REQUIRED
         hours      CDATA  #IMPLIED
         monthdays  CDATA  #IMPLIED
         weekdays   CDATA  #IMPLIED
         yeardays   CDATA  #IMPLIED
         months     CDATA  #IMPLIED
         weeks      CDATA  #IMPLIED
         weekyears  CDATA  #IMPLIED
         years      CDATA  #IMPLIED
         moon       CDATA  #IMPLIED>
 
 <!--
 duration is optionally used for calculating a value for end.
 Any field not supplied is assumed to be zero and ignored.
 Negative values might work.
 Eg. months=11 should be equivalent to writing years=1, months=-1 but is not encouraged.
 -->
 <!ELEMENT duration EMPTY>
 <!ATTLIST duration
         id         CDATA  #REQUIRED
         hours      CDATA  #IMPLIED
         monthdays  CDATA  #IMPLIED
         weekdays   CDATA  #IMPLIED
         yeardays   CDATA  #IMPLIED
         months     CDATA  #IMPLIED
         weeks      CDATA  #IMPLIED
         years      CDATA  #IMPLIED>
 <!--
 Example 1: True if now is any time in the year 2005.
 
 <rule id="rule1">
   <date_expression id="date_expr1" start="2005-001" operation="in_range">
     <duration years="1"/>
   </date_expression>
 </rule>
 Example 2: Equivalent expression.
 
 <rule id="rule2">
   <date_expression id="date_expr2" operation="date_spec">
     <date_spec years="2005"/>
   </date_expression>
 </rule>
 Example 3: 9am-5pm, Mon-Friday
 
 <rule id="rule3">
   <date_expression id="date_expr3" operation="date_spec">
     <date_spec hours="9-16" days="1-5"/>
   </date_expression>
 </rule>
 Example 4: 9am-5pm, Mon-Friday, or all day saturday
 
 <rule id="rule4" boolean_op="or">
   <date_expression id="date_expr4-1" operation="date_spec">
     <date_spec hours="9-16" days="1-5"/>
   </date_expression>
   <date_expression id="date_expr4-2" operation="date_spec">
     <date_spec days="6"/>
   </date_expression>
 </rule>
 Example 5: 9am-5pm or 9pm-12pm, Mon-Friday
 
 <rule id="rule5" boolean_op="and">
   <rule id="rule5-nested1" boolean_op="or">
     <date_expression id="date_expr5-1" operation="date_spec">
       <date_spec hours="9-16"/>
     </date_expression>
     <date_expression id="date_expr5-2" operation="date_spec">
       <date_spec hours="21-23"/>
     </date_expression>
   </rule>
   <date_expression id="date_expr5-3" operation="date_spec">
     <date_spec days="1-5"/>
   </date_expression>
 </rule>
 Example 6: Mondays in March 2005
 
 <rule id="rule6" boolean_op="and">
   <date_expression id="date_expr6" operation="date_spec" start="2005-03-01" end="2005-04-01">
     <date_spec weekdays="1"/>
   </date_expression>
 </rule>
 NOTE: Because no time is specified, 00:00:00 is implied.
 This means that the range includes all of 2005-03-01 but none of 2005-04-01.
 You may wish to write end="2005-03-31T23:59:59" to avoid confusion.
 
 Example 7: Friday the 13th if it is a full moon
 
 <rule id="rule7" boolean_op="and">
   <date_expression id="date_expr7" operation="date_spec">
     <date_spec weekdays="5" monthdays="13" moon="4"/>
   </date_expression>
 </rule>
 -->
 
 <!--
 You don't have to give a value.
 There's a difference between a key not being present and a key not having a value.
 -->
 <!ELEMENT nvpair EMPTY>
 <!ATTLIST nvpair
           id     CDATA  #REQUIRED
           name   CDATA  #REQUIRED
           value  CDATA  #IMPLIED>
 
 <!ELEMENT attributes (nvpair*)>
 
 <!--
 These attributes take effect only if no value has previously been applied as part of the node's definition.
 Additionally, when the node reboots all settings made here are erased.
 
 id must be the UUID of the node.
 -->
 <!ELEMENT transient_attributes (instance_attributes*)>
 <!ATTLIST transient_attributes id CDATA #IMPLIED>
 
 <!--=========== Status - Advanced Use Only ===========-->
 
 <!--
 Details about the status of each node configured.
 
 HERE BE DRAGONS
 
 Never, ever edit this section directly or using cibadmin.
 The consequences of doing so are many and varied but rarely ever good or what you anticipated.
 To discourage this, the status section is no longer even written to disk, and is always discarded at startup.
 
 To avoid duplication of data, state entries only carry references to nodes and resources.
 -->
 <!ELEMENT status (node_state*)>
 
 <!--
 The state of a given node.
 
 This information is updated by the DC based on inputs from sources such as the CCM, status messages from remote LRMs and requests from other nodes.
  * id       -  is the node's UUID.
  * uname    - is the result of uname -n for the node.
  * crmd     - records whether the crmd process is running on the node
  * in_ccm   - records whether the node is part of our membership partition
  * join     - is the node's membership status with the current DC.
  * expected - is the DC's expectation of whether the node is up or not.
  * shutdown - is set to the time at which the node last asked to be shut down
 
 Ideally, there should be a node_state entry for every entry in the <nodes> list.
 
 -->
 <!ELEMENT node_state (transient_attributes|lrm)*>
 <!ATTLIST node_state
         id              CDATA                   #REQUIRED
         uname           CDATA                   #REQUIRED
         ha              (active|dead)           #IMPLIED
         crmd            (online|offline)        'offline'
         join            (pending|member|down)   'down'
         expected        (pending|member|down)   'down'
         in_ccm          (true|yes|1|false|no|0) 'false'
         crm-debug-origin CDATA                  #IMPLIED
         shutdown        CDATA                   #IMPLIED
         clear_shutdown  CDATA                   #IMPLIED>
 
 <!--
 Information from the Local Resource Manager of the node.
 It contains a list of all resource's added (but not necessarily still active) on the node.
 -->
 <!ELEMENT lrm (lrm_resources)>
 <!ATTLIST lrm id CDATA #REQUIRED>
 
 <!ELEMENT lrm_resources (lrm_resource*)>
 <!ELEMENT lrm_resource (lrm_rsc_op*)>
 <!ATTLIST lrm_resource
           id            CDATA #REQUIRED
           class             (lsb|ocf|heartbeat|stonith) #REQUIRED
           type              CDATA        #REQUIRED
           provider          CDATA        #IMPLIED>
 <!--
 lrm_rsc_op (Resource Status)
 
 id: Set to [operation] +"_"+ [operation] +"_"+ [an_interval_in_milliseconds]
 
 operation typically start, stop, or monitor
 
 call_id: Supplied by the LRM, determins the order of in which lrm_rsc_op objects should be processed in order to determin the resource's true state
 
 rc_code is the last return code from the resource
 
 rsc_state is the state of the resource after the action completed and should be used as a guide only.
 
 transition_key contains an identifier and seqence number for the transition.
 
 At startup, the TEngine registers the identifier and starts the sequence at zero.
 It is used to identify the source of resource actions.
 
 transition_magic contains an identifier containing call_id, rc_code, and {{transition_key}}}.
 
 As the name suggests, it is a piece of magic that allows the TE to always identify the action from the stream of xml-diffs it subscribes to from the CIB.
 
 last_run       ::= when did the op run (as age)
 last_rc_change ::= last rc change (as age)
 exec_time      ::= time it took the op to run
 queue_time     ::= time spent in queue
 
 op_status is supplied by the LRM and conforms to this enum:
 
 typedef enum {
         LRM_OP_PENDING = -1,
         LRM_OP_DONE,
         LRM_OP_CANCELLED,
         LRM_OP_TIMEOUT,
         LRM_OP_NOTSUPPORTED,
         LRM_OP_ERROR,
 } op_status_t;
 The parameters section allows us to detect when a resource's definition has changed and the needs to be restarted (so the changes take effect).
 -->
 <!ELEMENT lrm_rsc_op EMPTY>
 <!ATTLIST lrm_rsc_op
           id                    CDATA #REQUIRED
           operation             CDATA #REQUIRED
           op_status             CDATA #REQUIRED
           rc_code               CDATA #REQUIRED
           call_id               CDATA #REQUIRED
           crm_feature_set       CDATA #REQUIRED
           crm-debug-origin      CDATA #IMPLIED
           migrate_from          CDATA #IMPLIED
           transition_key        CDATA #IMPLIED
           op_digest             CDATA #IMPLIED
           op_restart_digest     CDATA #IMPLIED
           op_force_restart      CDATA #IMPLIED
 
           last_run              CDATA #IMPLIED
           last_rc_change        CDATA #IMPLIED
           exec_time             CDATA #IMPLIED
           queue_time            CDATA #IMPLIED
 
           interval              CDATA #REQUIRED
           transition_magic      CDATA #REQUIRED>
diff --git a/xml/crm-transitional.dtd b/xml/crm-transitional.dtd
index 1076e01683..0503ce7617 100644
--- a/xml/crm-transitional.dtd
+++ b/xml/crm-transitional.dtd
@@ -1,885 +1,885 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!--
 GLOBAL TODOs:
 
 Versionize DTD so we can validate against a specific version
 
 Background
  The CIB is described quite well in section 5 of the crm.txt (checked into CVS in the crm directory) so it is not repeated here.
  Suffice to say that it stores the configuration and runtime data required for cluster-wide resource management in XML format.
 
 CIB: Information Structure
  The CIB is divided into two main sections: The "static" configuration part and the "dynamic" status.
 
  The configuration contains - surprisingly - the configuration of the cluster, namely node attributes, resource instance configuration, and the constraints which describe the dependencies between all these.
  To identify the most recent configuration available in the cluster, this section is time-stamped with the unique timestamp of the last update.
 
  The status part is dynamically generated / updated by the CRM system and represents the current status of the cluster; which nodes are up, down or crashed, which resources are running where etc.
 
  Every information carrying object has an "id" tag, which is basically the UUID of it, should we ever need to access it directly.
  Unless otherwise stated, the id field is a short name consisting simple ascii characters [a-zA-Z0-9_\-]
  The exception is for resources because the LRM can support only id's of up to 64 characters.
 
 Other Notes
  The description field in all elements is opaque to the CRM and is for administrative comments.
 
 TODO
  * Figure out a sane way to version the DTD
  * Do we need to know about ping nodes...?
  * The integer comparison type really should be number
 -->
 <!ELEMENT cib (configuration, status)>
 <!ATTLIST cib
           cib-last-written CDATA        #IMPLIED
 
           admin_epoch  CDATA        #IMPLIED
           epoch        CDATA        #REQUIRED
           num_updates  CDATA        #IMPLIED
           num_peers    CDATA        #IMPLIED        
 
           cib_feature_revision  CDATA   #IMPLIED
           crm_feature_set       CDATA   #IMPLIED
           remote_access_port    CDATA   #IMPLIED        
 
           dc-uuid               CDATA   #IMPLIED
           have-quorum           (true|yes|1|false|no|0)  'false'
 	  no-quorum-panic       (true|yes|1|false|no|0)  'false'	
 
           validate-with         CDATA   #IMPLIED        
           remote-tls-port       CDATA   #IMPLIED        
 
           dc_uuid        CDATA             #IMPLIED
           ccm_transition CDATA             #IMPLIED
           have_quorum    (true|yes|1|false|no|0)  'false'
           ignore_dtd     (true|yes|1|false|no|0)  #IMPLIED
 
           generated      CDATA    #IMPLIED        
           crm-debug-origin CDATA    #IMPLIED>
 
 <!--
 The CIB's version is a tuple of admin_epoch, epoch and num_updates (in that order).
 
 This is used when applying updates from the master CIB instance.
 
 Additionally, num_peers and have_quorum are used during the election process to determin who has the latest configuration.
  * num_updates is incremented every time the CIB changes.
  * epoch is incremented after every DC election.
  * admin_epoch is exclusivly for the admin to change.
  * num_peers is the number of CIB instances that we can talk to
  * have_quorum is derived from the ConsensusClusterMembership layer
  * dc_uuid stored the UUID of the current DesignatedController
  * ccm_transition stores the membership instance from the ConsensusClusterMembership layer.
  * cib_feature_revision is the feature set that this configuration requires
 -->
 <!ELEMENT configuration (crm_config, nodes, resources, constraints)>
 
 <!--
 crm_config
 
 Used to specify cluster-wide options.
 
 The use of multiple cluster_property_set sections and time-based rule expressions allows the the cluster to behave differently (for example) during buisness hours than it does overnight.
 -->
 <!ELEMENT crm_config (cluster_property_set)*>
 
 <!--
 Current crm_config options:
 
  * transition_idle_timeout (interval, default=60s):
    If no activity is recorded in this time, the transition is deemed failed as are all sent actions that have not yet been confirmed complete.
    If any operation initiated has an explicit higher timeout, the higher value applies.
 
  * symmetric_cluster (boolean, default=TRUE):
    If true, resources are permitted to run anywhere by default.
    Otherwise, explicit constraints must be created to specify where they can run.
 
  * stonith_enabled (boolean, default=FALSE):
    If true, failed nodes will be fenced.
 
  * no_quorum_policy (enum, default=stop)
    * ignore - Pretend we have quorum
    * freeze - Do not start any resources not currently in our partition.
      Resources in our partition may be moved to another node within the partition
      Fencing is disabled
    * stop - Stop all running resources in our partition
      Fencing is disabled
 
  * default_resource_stickiness
    Do we prefer to run on the existing node or be moved to a "better" one?
    * 0 : resources will be placed optimally in the system.
      This may mean they are moved when a "better" or less loaded node becomes available.
      This option is almost equivalent to auto_failback on except that the resource may be moved to other nodes than the one it was previously active on.
    * value > 0 : resources will prefer to remain in their current location but may be moved if a more suitable node is available.
      Higher values indicate a stronger preference for resources to stay where they are.
    * value < 0 : resources prefer to move away from their current location.
      Higher absolute values indicate a stronger preference for resources to be moved.
    * INFINITY : resources will always remain in their current locations until forced off because the node is no longer eligible to run the resource (node shutdown, node standby or configuration change).
      This option is almost equivalent to auto_failback off except that the resource may be moved to other nodes than the one it was previously active on.
    * -INFINITY : resources will always move away from their current location.
 
  * is_managed_default (boolean, default=TRUE)
    Unless the resource's definition says otherwise,
    * TRUE : resources will be started, stopped, monitored and moved as necessary/required
    * FALSE : resources will not started if stopped, stopped if started nor have any recurring actions scheduled.
 
  * stop_orphan_resources (boolean, default=TRUE (as of release 2.0.6))
    If a resource is found for which we have no definition for;
    * TRUE : Stop the resource
    * FALSE : Ignore the resource
    This mostly effects the CRM's behavior when a resource is deleted by an admin without it first being stopped.
 
  * stop_orphan_actions (boolean, default=TRUE)
    If a recurring action is found for which we have no definition for;
    * TRUE : Stop the action
    * FALSE : Ignore the action
    This mostly effects the CRM's behavior when the interval for a recurring action is changed.
 -->
 <!ELEMENT cluster_property_set (rule*, attributes)>
 <!ATTLIST cluster_property_set
           id                CDATA        #REQUIRED
           score             CDATA        #IMPLIED>
 
 <!ELEMENT nodes       (node*)>
 
 <!--
  * id    : the node's UUID.
  * uname : the result of uname -n
  * type  : should either be "normal" or "member" for nodes you with to run resources 
    "normal" is preferred as of version 2.0.4
 
 Each node can also have additional "instance" attributes.
 These attributes are completely arbitrary and can be used later in constraints.
 In this way it is possible to define groups of nodes to which a constraint can apply.
 
 It is also theoretically possible to have a process on each node which updates these values automatically.
 This would make it possible to have an attribute that represents "connected to SAN subsystem" or perhaps "system_load (low|medium|high)".
 
 Ideally it would be possible to have the CRMd on each node gather some of this information and automatically populate things like architecture and OS/kernel version.
 -->
 <!ELEMENT node (instance_attributes*)>
 <!ATTLIST node
           id            CDATA         #REQUIRED
           uname         CDATA         #REQUIRED
           description   CDATA         #IMPLIED
           type          (normal|member|ping) #REQUIRED>
 
 <!ELEMENT resources   (primitive|group|clone|master_slave)*>
 
 <!--
  * class
    Specifies the location and standard the resource script conforms to
    * ocf
      Most OCF RAs started out life as v1 Heartbeat resource agents.
      These have all been ported to meet the OCF specifications.
      As an added advantage, in accordance with the OCF spec, they also describe the parameters they take and what their defaults are.
      It is also easier to configure them as each part of the configuration is passed as its own parameter.
      In accordance with the OCF spec, each parameter is passed to the RA with an OCF_RESKEY_ prefix.
      So ip=192.168.1.1 in the CIB would be passed as OCF_RESKEY_ip=192.168.1.1.
      Located under /usr/lib/ocf/resource.d/heartbeat/.
    * lsb
      Most Linux init scripts conform to the LSB specification.
      The class allows you to use those that do as resource agents controlled by Heartbeat.
      Located in /etc/init.d/.
    * heartbeat
      This class gives you access to the v1 Heartbeat resource agents and allows you to reuse any custom agents you may have written.
      Located at /etc/heartbeat/resource.d/ or /etc/ha.d/resource.d.
 
  * type : The name of the ResourceAgent you wish to use.
 
  * provider
    The OCF spec allows multiple vendors to supply the same ResourceAgent.
    To use the OCF resource agents supplied with Heartbeat, you should specify heartbeat here
 
  * is_managed : Is the ClusterResourceManager in control of this resource.
    * true : (default) the resource will be started, stopped, monitored and moved as necessary/required
    * false : the resource will not started if stopped, stopped if started nor have any recurring actions scheduled.
      The resource may still be referenced in colocation constraints and ordering constraints (though obviously if no actions are performed on it then it will prevent the action on the other resource too)
 
  * restart_type
    Used when the other side of an ordering dependency is restarted/moved.
    * ignore : the default.
      Don't do anything extra.
    * restart
      Use this for example to have a restart of your database also trigger a restart of your web-server.
    * multiple_active
      Used when a resource is detected as being active on more than one machine.
      The default value, stop_start, will stop all instances and start only 1
    * block : don't do anything, wait for the administrator
    * stop_only : stop all the active instances
    * stop_start : start the resource on one node after having stopped all the active instances
 
  * resource_stickiness
    See the description of the default_resource_stickiness cluster attribute.
    resource_stickiness allows you to override the cluster's default for the individual resource.
 
 NOTE: primitive resources may contain at most one "operations" object.
       The CRM will complain about your configuration if this criteria is not met.
       Please use crm_verify to ensure your configuration is valid.
       The DTD is written this way to be order in-sensitive.
 -->
 <!ELEMENT primitive (operations|meta_attributes|instance_attributes)*>
 <!ATTLIST primitive
           id                CDATA        #REQUIRED
           description       CDATA        #IMPLIED
           class             (ocf|lsb|heartbeat|stonith) #REQUIRED
           type              CDATA        #REQUIRED
           provider          CDATA        #IMPLIED
 
           is_managed            CDATA                            #IMPLIED
           restart_type          (ignore|restart)                 'ignore'
           multiple_active       (stop_start|stop_only|block)     'stop_start'
           resource_stickiness   CDATA                             #IMPLIED>
 <!--
 This allows us to specify how long an action can take
 
  * name : the name of the operation.
    Supported operations are start, stop, & monitor
 
  * start_delay : delay the operation after starting the resource
    By default this value is in milliseconds, however you can also specify a value in seconds like so timeout="5s". Used for the monitor operation.
 
  * timeout : the maximum period of time before considering the action failed.
    By default this value is in milliseconds, however you can also specify a value in seconds like so timeout="5s".
 
  * interval : This currently only applies to monitor operations and specifies how often the LRM should check the resource is active.
    The same notation for timeout applies.
 
  * prereq : What conditions need to be met before this action can be run
    * nothing : This action can be performed at any time
    * quorum : This action requires the partition to have quorum
    * fencing : This action requires the partition to have quorum and any fencing operations to have completed before it can be executed
 
  * on_fail : The action to take if this action ever fails.
    * nothing : Pretend the action didnt actually fail
    * block : Take no further action on the resource - wait for the administrator to resolve the issue
    * restart : Stop the resource and re-allocate it elsewhere
    * stop : Stop the resource and DO NOT re-allocate it elsewhere
    * fence : Currently this means fence the node on which the resource is running.
      Any other resources currently active on the machine will be migrated away before fencing occurs.
 
 Only one entry per supported action+interval is currently permitted.
 Parameters specific to each operation can be passed using the instance_attributes section.
 -->
 <!ELEMENT operations (op*)>
 <!ELEMENT op (meta_attributes|instance_attributes)*>
 <!ATTLIST op
           id            CDATA         #REQUIRED
           name          CDATA         #REQUIRED
           description   CDATA         #IMPLIED
           interval      CDATA         #IMPLIED
           timeout       CDATA         #IMPLIED
           start_delay   CDATA         '0'
           disabled      (true|yes|1|false|no|0)        'false'
           role          (Master|Slave|Started|Stopped) 'Started'
           prereq        (nothing|quorum|fencing)       #IMPLIED
           on_fail       (ignore|block|stop|restart|fence)     #IMPLIED>
 <!--
 Use this to emulate v1 type Heartbeat groups.
 Defining a resource group is a quick way to make sure that the resources:
  * are all started on the same node, and
  * are started and stopped in the correct (sequential) order
 though either or both of these properties can be disabled.
 
 NOTE: Do not create empty groups.  
       They are temporarily supported because the GUI requires it but will be removed as soon as possible.
       The DTD is written this way to be order in-sensitive.
 -->
 <!ELEMENT group (meta_attributes|instance_attributes|primitive)*>
 <!ATTLIST group
           id            CDATA               #REQUIRED
           description   CDATA               #IMPLIED
 
           is_managed            CDATA                         #IMPLIED
           restart_type          (ignore|restart)              'ignore'
           multiple_active       (stop_start|stop_only|block)  'stop_start'
           resource_stickiness   CDATA			      #IMPLIED
 
           ordered               (true|yes|1|false|no|0)       'true'
           collocated            (true|yes|1|false|no|0)       'true'>
 <!--
 Clones are intended as a mechanism for easily starting a number of resources (such as a web-server) with the same configuration.
 As an added benefit, the number that should be started is an instance parameter and when combined with time-based constraints, allows the administrator to run more instances during peak times and save on resources during idle periods.
 
  * ordered
    Start (or stop) each clone only after the operation on the previous clone completed.
 
  * interleaved
    If a colocation constraint is created between two clone resources and interleaved is true, then clone N from one resource will be assigned the same location as clone N from the other resource.
    If the number of runnable clones differs, then the leftovers can be located anywhere.
 Using a cloned group is a much better way of achieving the same result.
 
  * notify
    If true, inform peers before and after any clone is stopped or started.
    If an action failed, you will (currently) not recieve a post-notification.
    Instead you can next expect to see a pre-notification for a stop.
    If a stop fails, and you have fencing you will get a post-notification for the stop after the fencing operation has completed.
    In order to use the notification service ALL decendants of the clone MUST support the notify action.
    Currently this action is not permitted to fail, though depending on your configuration, can block almost indefinitly.
    Behaviour in response to a failed action or notificaiton is likely to be improved in future releases.
 
-   See http://linux-ha.org/v2/Concepts/Clones for more information on notify actions
+   See http://www.clusterlabs.org/doc/en-US/Pacemaker/1.0/html/Pacemaker_Explained/s-resource-clone.html for more information on notify actions
 
 
 NOTE: Clones must contain exactly one primitive or one group resource. 
       The CRM will complain about your configuration if this criteria is not met.
       Please use crm_verify to ensure your configuration is valid.
       The DTD is written this way to be order in-sensitive.
 -->
 
 <!ELEMENT clone (meta_attributes|instance_attributes|primitive|group)*>
 <!ATTLIST clone
           id            CDATA               #REQUIRED
           description   CDATA               #IMPLIED
 
           is_managed            CDATA                         #IMPLIED
           restart_type          (ignore|restart)              'ignore'
           multiple_active       (stop_start|stop_only|block)  'stop_start'
           resource_stickiness   CDATA                         #IMPLIED
 
           notify                (true|yes|1|false|no|0)       'false'
           globally_unique       (true|yes|1|false|no|0)       'true'
           ordered               (true|yes|1|false|no|0)       'false'
           interleave            (true|yes|1|false|no|0)       'false'>
 <!--
 Master/Slave resources are a superset of Clones in that instances can also be in one of two states.
 The meaning of the states is specific to the resource.
 
 NOTE: master_slave must contain exactly one primitive resource OR one group resource.
       It may not contain both, nor may it contain neither.
       The CRM will complain about your configuration if this criteria is not met.
       Please use crm_verify to ensure your configuration is valid.
       The DTD is written this way to be order in-sensitive.
 -->
 <!ELEMENT master_slave (meta_attributes|instance_attributes|primitive|group)*>
 <!ATTLIST master_slave
           id            CDATA       #REQUIRED
           description   CDATA       #IMPLIED
 
           is_managed            CDATA                         #IMPLIED
           restart_type          (ignore|restart)              'ignore'
           multiple_active       (stop_start|stop_only|block)  'stop_start'
           resource_stickiness   CDATA                         #IMPLIED
 
           notify                (true|yes|1|false|no|0)       'false'
           globally_unique       (true|yes|1|false|no|0)       'true'
           ordered               (true|yes|1|false|no|0)       'false'
           interleave            (true|yes|1|false|no|0)       'false'>
 
 <!--
 Most resource options are configured as instance attributes.
 Some of the built-in options can be configured directly on the resource or as an instance attribute.
 The advantage of using instance attributes is the added flexibility that can be achieved through conditional ?<rule/>s (see below).
 
 You can have multiple sets of 'instance attributes', they are first sorted by score and then processed.
 The first to have its ?<rule/> satisfied and define an attribute wins.
 Subsequent values for the attribute will be ignored.
 
 Note that:
  * instance_attributes sets with id equal to cib-bootstrap-options are treated as if they have a score of INFINITY.
  * instance_attributes sets with no score implicitly have a score of zero.
  * instance_attributes sets with no rule implicitly have a rule that evaluates to true.
 
 The addition of conditional <rule/>s to the instance_attributes object allows for an infinite variety of configurations.
 Just some of the possibilities are:
  * Specify different resource parameters
    * depending on the node it is allocated to (a resource may need to use eth1 on host1 but eth0 on host2)
    * depending on the time of day (run 10 web-servers at night an 100 during the day)
  * Allow nodes to have different attributes depending on the time-of-day
    * Set resource_stickiness to avoid failback during business hours but allow resources to be moved to a more preferred node on the weekend
    * Switch a node between a "front-end" processing group during the day to a "back-end" group at night.
 
 Common instance attributes for all resource types:
  * priority (integer, default=0):
    dictates the order in which resources will be processed.
    If there is an insufficient number of nodes to run all resources, the lower priority resources will be stopped to make sure the higher priority resources remain active.
 
  * is_managed: See previous description.
 
  * resource_stickiness: See previous description.
 
  * target_role: (Started|Stopped|Master|Slave|default, default=#default)
    * #default : Let the cluster decide what to do with the resource
    * Started : Ignore any specified value of is_managed or is_managed_default and attempt to start the resource
    * Stopped : Ignore any specified value of is_managed or is_managed_default and attempt to stop the resource
    * Master : Ignore any specified value of is_managed, is_managed_default or promotion preferences and attempt to put all instances of a cloned resource into Master mode.
    * Slave : Ignore any specified value of is_managed, is_managed_default or promotion preferences and attempt to put all instances of a cloned resource into Slave mode.
 
 Common instance attributes for clones:
  * clone_max (integer, default=1):
    the number of clones to be run
 
 * clone_node_max (integer, default=1):
   the maximum number of clones to be run on a single node
 
 Common instance attributes for nodes:
  * standby (boolean, default=FALSE)
    if TRUE, indicates that resources can not be run on the node
 -->
 <!ELEMENT instance_attributes (rule*, attributes)>
 <!ATTLIST instance_attributes
           id                CDATA        #REQUIRED
           score             CDATA        #IMPLIED>
 
 <!ELEMENT meta_attributes (rule*, attributes)>
 <!ATTLIST meta_attributes
           id                CDATA        #REQUIRED
           score             CDATA        #IMPLIED>
 
 <!--
 Every constraint entry also has a 'lifetime' attribute, which expresses when this constraint is applicable.
 For example, a constraint may only be valid during certain times of the day, or days of the week.
 Eventually, we would like to be able to support constraints that only last until events such as the next reboot or the next transition.
 -->
 <!ELEMENT constraints (rsc_order|rsc_colocation|rsc_location)*>
 
 <!--
 rsc_ordering constraints express dependencies between the actions on two resources.
  * from : A resource id
  * action : What action does this constraint apply to.
  * type : Should the action on from occur before or after action on to
  * to : A resource id
  * symmetrical : If TRUE, create the reverse constraint for the other action also.
 
 Read as:
      action from type to_action to
 eg. 
      start rsc1 after promote rsc2
 
 -->
 <!ELEMENT rsc_order (lifetime?)>
 <!ATTLIST rsc_order
           id        CDATA #REQUIRED
           from      CDATA #REQUIRED
           to        CDATA #REQUIRED
           action    CDATA		'start'
           to_action CDATA		'start'
           type      (before|after)	'after'
           score     CDATA		'INFINITY'
           symmetrical (true|yes|1|false|no|0)	'true'>
 
 <!--
 
 Specify where a resource should run relative to another resource
 
 Make rsc 'from' run on the same machine as rsc 'to'
 
 If rsc 'to' cannot run anywhere and 'score' is INFINITY, 
   then rsc 'from' wont be allowed to run anywhere either
 If rsc 'from' cannot run anywhere, then 'to' wont be affected
 
 -->
 <!ELEMENT rsc_colocation (lifetime?)>
 <!ATTLIST rsc_colocation
           id             CDATA #REQUIRED
           from           CDATA #REQUIRED
           from_role      CDATA #IMPLIED
           to             CDATA #REQUIRED
           to_role        CDATA #IMPLIED
           symmetrical    (true|yes|1|false|no|0)	'false'
           node_attribute CDATA #IMPLIED
           score          CDATA #REQUIRED>
 
 <!--
 Specify which nodes are eligible for running a given resource.
 
 During processing, all rsc_location for a given rsc are evaluated.
 
 All nodes start out with their base weight (which defaults to zero).
 This can then be modified (up or down) using any number of rsc_location constraints.
 
 Then the highest non-zero available node is determined to place the resource.
 If multiple nodes have the same weighting, the node with the fewest running resources is chosen.
 
 The rsc field is, surprisingly, a resource id.
 -->
 <!ELEMENT rsc_location (lifetime?,rule*)>
 <!ATTLIST rsc_location
           id          CDATA #REQUIRED
           description CDATA #IMPLIED
           rsc         CDATA #REQUIRED
           node        CDATA #IMPLIED
           score       CDATA #IMPLIED>
 <!ELEMENT lifetime (rule+)>
 <!ATTLIST lifetime id  CDATA     #REQUIRED>
 
 <!--
  * boolean_op
    determines how the results of multiple expressions are combined.
 
  * role
    limits this rule to applying to Multi State resources with the named role.
    Roles include Started, Stopped, Slave, Master though only the last two are considered useful.
    NOTE: A rule with role="Master" can not determin the initial location of a clone instance.
    It will only affect which of the active instances will be promoted.
 
  * score
    adjusts the preference for running on the matched nodes.
    NOTE: Nodes that end up with a negative score will never run the resource.
    Two special values of "score" exist: INFINITY and -INFINITY.
    Processing of these special values is as follows:
 
       INFINITY +/- -INFINITY : -INFINITY
       INFINITY +/-  int      :  INFINITY
      -INFINITY +/-  int      : -INFINITY
   
  * score_attribute 
    an alternative to the score attribute that provides extra flexibility.
   Each node matched by the rule has its score adjusted differently, according to its value for the named node attribute.
   Thus in the example below, if score_attribute="installed_ram" and nodeA would have its preference to run "the resource" increased by 1024 whereas nodeB would have its preference increased only by half as much.
 
     <nodes>
       <node id="uuid1" uname="nodeA" type="normal">
         <instance_attributes id="uuid1:custom_attrs">
           <attributes>
             <nvpair id="uuid1:installed_ram" name="installed_ram" value="1024"/>
             <nvpair id="uuid1:my_other_attr" name="my_other_attr" value="bob"/>
           </attributes>
         </instance_attributes>
       </node>
       <node id="uuid2" uname="nodeB" type="normal">
         <instance_attributes id="uuid2:custom_attrs">
           <attributes>
             <nvpair id="uuid2:installed_ram" name="installed_ram" value="512"/>
           </attributes>
         </instance_attributes>
       </node>
     </nodes>
 -->
 <!ELEMENT rule (expression|date_expression|rule)*>
 <!ATTLIST rule
           id                  CDATA          #REQUIRED
           role                CDATA          #IMPLIED
           score               CDATA          #IMPLIED
           score_attribute     CDATA          #IMPLIED
           boolean_op          (or|and)      'and'>
 
 <!--
 Returns TRUE or FALSE depending on the properties of the object being tested.
 
  * type determines how the values being tested.
    * integer Values are converted to floats before being compared.
    * version The "version" type is intended to solve the problem of comparing 1.2 and 1.10
    * string Uses strcmp
 
 Two built-in attributes are node id #id and node uname #uname so that:
       attribute=#id value=8C05CA5C-C9E3-11D8-BEE6-000A95B71D78 operation=eq, and
       attribute=#uname value=test1 operation=eq
 would both be valid tests.
 
 An extra built-in attribute called #is_dc will be set to true or false depending on whether the node is operating as the DC for the cluster.
 Valid tests using this test would be of the form:
 
         attribute=#is_dc operation=eq value=true,  and
         attribute=#is_dc operation=eq value=false, and
         attribute=#is_dc operation=ne value=false
                         (for those liking double negatives :))
 -->
 <!ELEMENT expression EMPTY>
 <!ATTLIST expression
           id         CDATA                    #REQUIRED
           attribute  CDATA                    #REQUIRED
           operation  (lt|gt|lte|gte|eq|ne|defined|not_defined) #REQUIRED
           value      CDATA                    #IMPLIED
           type       (number|string|version) 'string'>
 
 <!--
  * start : A date-time conforming to the ISO8601 specification.
  * end : A date-time conforming to the ISO8601 specification.
    A value for end may, for any usage, be omitted and instead inferred using start and duration.
  * operation
    * gt : Compares the current date-time with start date.
      Checks now > start.
    * lt : Compares the current date-time with end date.
      Checks end > now
    * in_range : Compares the current date-time with start and end.
      Checks now > start and end > now.
      If either start or end is omitted, then that part of the comparision is not performed.
    * date_spec : Performs a cron-like comparision between the contents of date_spec and now.
      If values for start and/or end are included, now must also be within that range.
      Or in other words, the date_spec operation can also be made to perform an extra in_range check.
 
 NOTE: Because the comparisions (except for date_spec) include the time, the eq, neq, gte and lte operators have not been implemented.
 -->
 <!ELEMENT date_expression (date_spec?,duration?)>
 <!ATTLIST date_expression
         id         CDATA  #REQUIRED
         operation  (in_range|date_spec|gt|lt) 'in_range'
         start      CDATA  #IMPLIED
         end        CDATA  #IMPLIED>
 
 <!--
 date_spec is used for (surprisingly  ) date_spec operations.
 
 Fields that are not supplied are ignored.
 
 Fields can contain a single number or a single range.
 Eg.
 monthdays="1" (Matches the first day of every month) and hours="09-17" (Matches hours between 9am and 5pm inclusive) are both valid values.
 weekdays="1,2" and weekdays="1-2,5-6" are NOT valid ranges.
 This may change in a future release.
 
  * seconds : Value range 0-59
  * minutes : Value range 0-59
  * hours : Value range 0-23
  * monthdays : Value range 0-31 (depending on current month and year)
  * weekdays : Value range 1-7 (1=Monday, 7=Sunday)
  * yeardays : Value range 1-366 (depending on current year)
  * months : Value range 1-12
  * weeks : Value range 1-53 (depending on weekyear)
  * weekyears : Value range 0...
   (NOTE: weekyears may differ from Gregorian years.
   Eg. 2005-001 Ordinal == 2005-01-01 Gregorian == 2004-W53-6 Weekly )
  * years : Value range 0...
  * moon : Value range 0..7 - 0 is new, 4 is full moon.
    Because we can(tm)
 -->
 
 <!ELEMENT date_spec EMPTY>
 <!ATTLIST date_spec
         id         CDATA  #REQUIRED
         hours      CDATA  #IMPLIED
         monthdays  CDATA  #IMPLIED
         weekdays   CDATA  #IMPLIED
         yeardays   CDATA  #IMPLIED
         months     CDATA  #IMPLIED
         weeks      CDATA  #IMPLIED
         weekyears  CDATA  #IMPLIED
         years      CDATA  #IMPLIED
         moon       CDATA  #IMPLIED>
 
 <!--
 duration is optionally used for calculating a value for end.
 Any field not supplied is assumed to be zero and ignored.
 Negative values might work.
 Eg. months=11 should be equivalent to writing years=1, months=-1 but is not encouraged.
 -->
 <!ELEMENT duration EMPTY>
 <!ATTLIST duration
         id         CDATA  #REQUIRED
         hours      CDATA  #IMPLIED
         monthdays  CDATA  #IMPLIED
         weekdays   CDATA  #IMPLIED
         yeardays   CDATA  #IMPLIED
         months     CDATA  #IMPLIED
         weeks      CDATA  #IMPLIED
         years      CDATA  #IMPLIED>
 <!--
 Example 1: True if now is any time in the year 2005.
 
 <rule id="rule1">
   <date_expression id="date_expr1" start="2005-001" operation="in_range">
     <duration years="1"/>
   </date_expression>
 </rule>
 Example 2: Equivalent expression.
 
 <rule id="rule2">
   <date_expression id="date_expr2" operation="date_spec">
     <date_spec years="2005"/>
   </date_expression>
 </rule>
 Example 3: 9am-5pm, Mon-Friday
 
 <rule id="rule3">
   <date_expression id="date_expr3" operation="date_spec">
     <date_spec hours="9-16" days="1-5"/>
   </date_expression>
 </rule>
 Example 4: 9am-5pm, Mon-Friday, or all day saturday
 
 <rule id="rule4" boolean_op="or">
   <date_expression id="date_expr4-1" operation="date_spec">
     <date_spec hours="9-16" days="1-5"/>
   </date_expression>
   <date_expression id="date_expr4-2" operation="date_spec">
     <date_spec days="6"/>
   </date_expression>
 </rule>
 Example 5: 9am-5pm or 9pm-12pm, Mon-Friday
 
 <rule id="rule5" boolean_op="and">
   <rule id="rule5-nested1" boolean_op="or">
     <date_expression id="date_expr5-1" operation="date_spec">
       <date_spec hours="9-16"/>
     </date_expression>
     <date_expression id="date_expr5-2" operation="date_spec">
       <date_spec hours="21-23"/>
     </date_expression>
   </rule>
   <date_expression id="date_expr5-3" operation="date_spec">
     <date_spec days="1-5"/>
   </date_expression>
 </rule>
 Example 6: Mondays in March 2005
 
 <rule id="rule6" boolean_op="and">
   <date_expression id="date_expr6" operation="date_spec" start="2005-03-01" end="2005-04-01">
     <date_spec weekdays="1"/>
   </date_expression>
 </rule>
 NOTE: Because no time is specified, 00:00:00 is implied.
 This means that the range includes all of 2005-03-01 but none of 2005-04-01.
 You may wish to write end="2005-03-31T23:59:59" to avoid confusion.
 
 Example 7: Friday the 13th if it is a full moon
 
 <rule id="rule7" boolean_op="and">
   <date_expression id="date_expr7" operation="date_spec">
     <date_spec weekdays="5" monthdays="13" moon="4"/>
   </date_expression>
 </rule>
 -->
 
 <!--
 You don't have to give a value.
 There's a difference between a key not being present and a key not having a value.
 -->
 <!ELEMENT nvpair EMPTY>
 <!ATTLIST nvpair
           id     CDATA  #REQUIRED
           name   CDATA  #REQUIRED
           value  CDATA  #IMPLIED>
 
 <!ELEMENT attributes (nvpair*)>
 
 <!--
 These attributes take effect only if no value has previously been applied as part of the node's definition.
 Additionally, when the node reboots all settings made here are erased.
 
 id must be the UUID of the node.
 -->
 <!ELEMENT transient_attributes (instance_attributes*)>
 <!ATTLIST transient_attributes id CDATA #IMPLIED>
 
 <!--=========== Status - Advanced Use Only ===========-->
 
 <!--
 Details about the status of each node configured.
 
 HERE BE DRAGONS
 
 Never, ever edit this section directly or using cibadmin.
 The consequences of doing so are many and varied but rarely ever good or what you anticipated.
 To discourage this, the status section is no longer even written to disk, and is always discarded at startup.
 
 To avoid duplication of data, state entries only carry references to nodes and resources.
 -->
 <!ELEMENT status (node_state*)>
 
 <!--
 The state of a given node.
 
 This information is updated by the DC based on inputs from sources such as the CCM, status messages from remote LRMs and requests from other nodes.
  * id       -  is the node's UUID.
  * uname    - is the result of uname -n for the node.
  * crmd     - records whether the crmd process is running on the node
  * in_ccm   - records whether the node is part of our membership partition
  * join     - is the node's membership status with the current DC.
  * expected - is the DC's expectation of whether the node is up or not.
  * shutdown - is set to the time at which the node last asked to be shut down
 
 Ideally, there should be a node_state entry for every entry in the <nodes> list.
 
 -->
 <!ELEMENT node_state (transient_attributes|lrm)*>
 <!ATTLIST node_state
         id              CDATA                   #REQUIRED
         uname           CDATA                   #REQUIRED
         ha              (active|dead)           #IMPLIED
         crmd            (online|offline)        'offline'
         join            (pending|member|down)   'down'
         expected        (pending|member|down)   'down'
         in_ccm          (true|yes|1|false|no|0) 'false'
         crm-debug-origin CDATA                  #IMPLIED
         shutdown        CDATA                   #IMPLIED
         clear_shutdown  CDATA                   #IMPLIED>
 
 <!--
 Information from the Local Resource Manager of the node.
 It contains a list of all resource's added (but not necessarily still active) on the node.
 -->
 <!ELEMENT lrm (lrm_resources)>
 <!ATTLIST lrm id CDATA #REQUIRED>
 
 <!ELEMENT lrm_resources (lrm_resource*)>
 <!ELEMENT lrm_resource (lrm_rsc_op*)>
 <!ATTLIST lrm_resource
           id            CDATA #REQUIRED
           class             (lsb|ocf|heartbeat|stonith) #REQUIRED
           type              CDATA        #REQUIRED
           provider          CDATA        #IMPLIED>
 <!--
 lrm_rsc_op (Resource Status)
 
 id: Set to [operation] +"_"+ [operation] +"_"+ [an_interval_in_milliseconds]
 
 operation typically start, stop, or monitor
 
 call_id: Supplied by the LRM, determins the order of in which lrm_rsc_op objects should be processed in order to determin the resource's true state
 
 rc_code is the last return code from the resource
 
 rsc_state is the state of the resource after the action completed and should be used as a guide only.
 
 transition_key contains an identifier and seqence number for the transition.
 
 At startup, the TEngine registers the identifier and starts the sequence at zero.
 It is used to identify the source of resource actions.
 
 transition_magic contains an identifier containing call_id, rc_code, and {{transition_key}}}.
 
 As the name suggests, it is a piece of magic that allows the TE to always identify the action from the stream of xml-diffs it subscribes to from the CIB.
 
 last_run       ::= when did the op run (as age)
 last_rc_change ::= last rc change (as age)
 exec_time      ::= time it took the op to run
 queue_time     ::= time spent in queue
 
 op_status is supplied by the LRM and conforms to this enum:
 
 typedef enum {
         LRM_OP_PENDING = -1,
         LRM_OP_DONE,
         LRM_OP_CANCELLED,
         LRM_OP_TIMEOUT,
         LRM_OP_NOTSUPPORTED,
         LRM_OP_ERROR,
 } op_status_t;
 The parameters section allows us to detect when a resource's definition has changed and the needs to be restarted (so the changes take effect).
 -->
 <!ELEMENT lrm_rsc_op EMPTY>
 <!ATTLIST lrm_rsc_op
           id                    CDATA #REQUIRED
           operation             CDATA #REQUIRED
           op_status             CDATA #IMPLIED
           rc_code               CDATA #IMPLIED
           call_id               CDATA #IMPLIED
           crm_feature_set       CDATA #REQUIRED
           crm-debug-origin      CDATA #IMPLIED
           migrate_from          CDATA #IMPLIED
           transition_key        CDATA #IMPLIED
           op_digest             CDATA #IMPLIED
           op_restart_digest     CDATA #IMPLIED
           op_force_restart      CDATA #IMPLIED
 
           last_run              CDATA #IMPLIED
           last_rc_change        CDATA #IMPLIED
           exec_time             CDATA #IMPLIED
           queue_time            CDATA #IMPLIED
 
           interval              CDATA #REQUIRED
           transition_magic      CDATA #IMPLIED
 
           op-status             CDATA #IMPLIED
           rc-code               CDATA #IMPLIED
           call-id               CDATA #IMPLIED
           migrate-from          CDATA #IMPLIED
           transition-key        CDATA #IMPLIED
           transition-magic      CDATA #IMPLIED
           op-digest             CDATA #IMPLIED
           op-restart-digest     CDATA #IMPLIED
           op-force-restart      CDATA #IMPLIED
           last-run              CDATA #IMPLIED
           last-rc-change        CDATA #IMPLIED
           exec-time             CDATA #IMPLIED
           queue-time            CDATA #IMPLIED>